Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

infected with unknown browser redirect virus


  • This topic is locked This topic is locked
49 replies to this topic

#1 Steve_M_T

Steve_M_T

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:09:17 AM

Posted 28 October 2014 - 09:53 PM

I am running Windows XP Home on an old Dell Vostro desktop.  Google Chrome and IE8 are being affected by some sort of browser redirect.  Not always, but with remarkable regularity, clicking on drop-down tabs or links (or anywhere on the page) will direct to an unrequested page that typically advertises computer technical help.

I tried Kaspersky TDSSKiller but this found nothing.  

My virus protection software (Norton Symantec) does not update - claims there is not enough disk space.

If I try to check my Windows Firewall settings I get the following “Due to an unidentified problem, Windows cannot display Windows Firewall settings”

Please help.

Thanks,

Steve

 

DDS (Ver_2012-11-20.01) - NTFS_x86 

Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 10.67.2
Run by Steve at 22:45:25 on 2014-10-28
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.3317.2110 [GMT -4:00]
.
AV: Symantec AntiVirus Corporate Edition *Enabled/Outdated* {FB06448E-52B8-493A-90F3-E43226D3305C}
.
============== Running Processes ================
.
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Diagnostics\node\service.exe
C:\Program Files\Common Files\Diagnostics\node\node.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Online Games Manager\ogmservice.exe
C:\Program Files\Common Files\Diagnostics\node\service.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Common Files\Diagnostics\node\node.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\Trimble\GPS Pathfinder Office\ConMgr.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Trimble\Remote Device Manager\TRDMU.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Microsoft\BingBar\7.1.355.0\SeaPort.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Common Files\Diagnostics\node\node.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.rivarch.com/
uDefault_Page_URL = hxxp://www.msn.com
uProxyServer = 127.0.0.1:5050
BHO: TidyNetwork: {5B37E98B-EACB-36E5-CA43-EF55B3653943} - c:\program files\tidynetwork\petn.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: LocationFinder Class: {BC0E8AD7-13AA-4694-8EDD-0246BC47A35F} - c:\program files\skyhook wireless\loki activex component\versions\3.4.2.20\loki.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\microsoft\bingbar\7.1.355.0\BingExt.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - 
uRun: [AWMON] "c:\program files\lavasoft\ad-aware se plus\Ad-Watch.exe"
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockw~1\SWHELP~1.EXE -Update -1103472 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; msn OptimizedIE8;ENUS)" -"http://www.miniclip.com/games/basketball-slam/en/"
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe  startup
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
StartupFolder: c:\docume~1\steve\startm~1\programs\startup\connec~1.lnk - c:\program files\trimble\gps pathfinder office\ConMgr.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\intuit~1.lnk - c:\program files\common files\intuit\dataprotect\IntuitDataProtect.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~2.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\intuit\quickbooks basic\QBW32.EXE
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: HonorAutoRunSetting = 1
mPolicies-System: dontdisplaylastusername = 0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\program files\microsoft activesync\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\program files\microsoft activesync\INetRepl.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{1CF8B0CB-2FEA-4311-9A20-DAE6D74CC0CC} : DHCPNameServer = 192.168.1.1
Handler: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} - c:\program files\intuit\quickbooks basic\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - 
Notify: igfxcui - igfxdev.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\38.0.2125.111\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2006-9-6 337592]
R1 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2006-9-6 54968]
R1 SMR430;Symantec SMR Utility Service 4.3.0;c:\windows\system32\drivers\SMR430.SYS [2014-10-28 104120]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2006-7-19 192160]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2006-7-19 169632]
R2 Diagnostics;Diagnostics;c:\program files\common files\diagnostics\node\service.exe [2014-10-9 155136]
R2 ogmservice;Online Games Manager;c:\program files\online games manager\ogmservice.exe [2014-3-27 581568]
R2 Proxy;Proxy;c:\program files\common files\diagnostics\node\service.exe [2014-10-9 155136]
R2 QBVSS;QBIDPService;c:\program files\common files\intuit\dataprotect\QBIDPService.exe [2012-3-14 1248256]
R2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2006-9-27 1813232]
R3 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\7.1.355.0\SeaPort.EXE [2012-1-25 240408]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2013-7-8 106656]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20130708.002\naveng.sys [2013-7-8 93272]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20130708.002\navex15.sys [2013-7-8 1611992]
S2 BBSvc;BingBar Service;c:\program files\microsoft\bingbar\7.1.355.0\BBSvc.EXE [2012-1-25 192792]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2004-8-4 14336]
S3 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2006-9-27 116464]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 754856]
.
=============== File Associations ===============
.
.scr: <filetype is not registered>
.reg: <filetype is not registered>
.
=============== Created Last 30 ================
.
2014-10-29 01:54:21 20 ----a-w- c:\windows\system32\drivers\SMR430.dat
2014-10-29 01:53:44 104120 ----a-w- c:\windows\system32\drivers\SMR430.SYS
2014-10-29 01:42:16 -------- d-----w- c:\documents and settings\steve\local settings\application data\NPE
2014-10-29 01:42:16 -------- d-----w- c:\documents and settings\all users\application data\Norton
2014-10-28 23:59:38 114904 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-10-28 23:59:17 54360 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-10-28 23:59:17 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-10-26 12:08:49 -------- d-----w- c:\program files\common files\Cache utility
2014-10-26 12:08:38 -------- d-----w- c:\program files\common files\Display settings
2014-10-26 12:08:27 -------- d-----w- c:\program files\common files\Hoist Search
2014-10-26 12:08:02 -------- d-----w- c:\program files\common files\DealAlly
2014-10-25 20:00:09 -------- d-----w- c:\program files\common files\Diagnostics
2014-10-25 19:59:57 -------- d-----w- c:\program files\TidyNetwork
2014-10-25 19:59:56 -------- d-----w- c:\program files\common files\Common dictionary
.
==================== Find3M  ====================
.
2014-10-01 15:11:10 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-09-28 14:06:23 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-09-28 14:06:23 701104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-08-06 23:12:26 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-08-06 23:12:23 145408 ----a-w- c:\windows\system32\javacpl.cpl
2013-02-12 02:45:06 0 ----a-w- c:\program files\GUM6F.tmp
.
============= FINISH: 22:46:01.07 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,732 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:17 AM

Posted 02 November 2014 - 09:55 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/553769 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 Steve_M_T

Steve_M_T
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:09:17 AM

Posted 03 November 2014 - 05:34 PM

I am still getting redirected in Chrome and still getting popups in both Chrome and IE.  Things are better if I operate in SafeMode (as I am now) and if I make sure that my browser is not using a proxy server.

Since my original post, I have run Malwarebytes a couple of times, managed to update my virus protection software and run a scan, and downloaded and run adwcleaner.

I do not have my original Windows CD.

 

Here is a new DDS log:

 

DDS (Ver_2012-11-20.01) - NTFS_x86 NETWORK
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 10.67.2
Run by Steve at 17:28:30 on 2014-11-03
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.3317.2754 [GMT -5:00]
.
AV: Symantec AntiVirus Corporate Edition *Enabled/Outdated* {FB06448E-52B8-493A-90F3-E43226D3305C}
.
============== Running Processes ================
.
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.rivarch.com/
BHO: TidyNetwork: {5B37E98B-EACB-36E5-CA43-EF55B3653943} - 
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: LocationFinder Class: {BC0E8AD7-13AA-4694-8EDD-0246BC47A35F} - c:\program files\skyhook wireless\loki activex component\versions\3.4.2.20\loki.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
uRun: [AWMON] "c:\program files\lavasoft\ad-aware se plus\Ad-Watch.exe"
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockw~1\SWHELP~1.EXE -Update -1103472 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; msn OptimizedIE8;ENUS)" -"http://www.miniclip.com/games/basketball-slam/en/"
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe  startup
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\docume~1\steve\startm~1\programs\startup\connec~1.lnk - c:\program files\trimble\gps pathfinder office\ConMgr.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\intuit~1.lnk - c:\program files\common files\intuit\dataprotect\IntuitDataProtect.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~2.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\intuit\quickbooks basic\QBW32.EXE
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: HonorAutoRunSetting = 1
mPolicies-System: dontdisplaylastusername = 0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\program files\microsoft activesync\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\program files\microsoft activesync\INetRepl.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{1CF8B0CB-2FEA-4311-9A20-DAE6D74CC0CC} : DHCPNameServer = 192.168.1.1
Handler: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} - c:\program files\intuit\quickbooks basic\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - 
Notify: igfxcui - igfxdev.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\38.0.2125.111\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
S1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2006-9-6 337592]
S1 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2006-9-6 54968]
S2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2006-7-19 192160]
S2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2006-7-19 169632]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 Diagnostics;Diagnostics;c:\program files\common files\diagnostics\node\service.exe [2014-10-9 155136]
S2 ogmservice;Online Games Manager;c:\program files\online games manager\ogmservice.exe [2014-3-27 581568]
S2 Proxy;Proxy;c:\program files\common files\diagnostics\node\service.exe [2014-10-9 155136]
S2 QBVSS;QBIDPService;c:\program files\common files\intuit\dataprotect\QBIDPService.exe [2012-3-14 1248256]
S2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2006-9-27 1813232]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2013-7-8 106656]
S3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20130708.002\naveng.sys [2013-7-8 93272]
S3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20130708.002\navex15.sys [2013-7-8 1611992]
S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2004-8-4 14336]
S3 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2006-9-27 116464]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 754856]
.
=============== File Associations ===============
.
.scr: <filetype is not registered>
.reg: <filetype is not registered>
.
=============== Created Last 30 ================
.
2014-10-29 22:15:09 536576 ----a-w- c:\windows\system32\sqlite3.dll
2014-10-29 22:14:20 -------- d-----w- C:\AdwCleaner
2014-10-29 01:42:16 -------- d-----w- c:\documents and settings\steve\local settings\application data\NPE
2014-10-29 01:42:16 -------- d-----w- c:\documents and settings\all users\application data\Norton
2014-10-28 23:59:38 114904 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-10-28 23:59:17 54360 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-10-28 23:59:17 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-10-26 12:08:49 -------- d-----w- c:\program files\common files\Cache utility
2014-10-26 12:08:38 -------- d-----w- c:\program files\common files\Display settings
2014-10-26 12:08:27 -------- d-----w- c:\program files\common files\Hoist Search
2014-10-26 12:08:02 -------- d-----w- c:\program files\common files\DealAlly
2014-10-25 20:00:09 -------- d-----w- c:\program files\common files\Diagnostics
2014-10-25 19:59:56 -------- d-----w- c:\program files\common files\Common dictionary
.
==================== Find3M  ====================
.
2014-10-01 15:11:10 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-09-28 14:06:23 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-09-28 14:06:23 701104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-08-06 23:12:26 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-08-06 23:12:23 145408 ----a-w- c:\windows\system32\javacpl.cpl
2013-02-12 02:45:06 0 ----a-w- c:\program files\GUM6F.tmp
.
============= FINISH: 17:29:32.84 ===============


#4 Johnny Computer

Johnny Computer

  • Malware Response Team
  • 1,739 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:127.0.0.1
  • Local time:09:17 AM

Posted 04 November 2014 - 01:18 PM

Hello Steve_M_T-

 

My name is Johnny Computer and I will be helping you clean up your system.  I will need some time to analyze your logs and will be back with further instructions A.S.A.P.

 

Thanks :)


avatar591802_2.gif"DO OR DO NOT. THERE IS NO TRY."


#5 Johnny Computer

Johnny Computer

  • Malware Response Team
  • 1,739 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:127.0.0.1
  • Local time:09:17 AM

Posted 05 November 2014 - 05:29 PM

 


Hello and     :welcome:   to BLEEPING COMPUTER

My name is Johnny Computer and I will be helping you with your malware related computer issues today   

Before we move on, please read the following points carefully.

 

§  First, I would like to inform you that most of us here at Bleeping Computer are volunteers. The logs you will be asked to submit can take time to analyze. Please try to match our commitment to you with your patience toward us.
§  Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
§  IMPORTANT-----> Post all logfiles as a reply rather than as an attachment. If you can not post all log files in one reply, feel free to use more posts.
§  Perform everything in the correct order. Sometimes one step requires the previous one.
§  If you have any problems while following my instructions, Stop and ask any questions you may have.
§  Please stay with me until I have notified you that your system is All Clean. Absence of symptoms does not necessarily mean your machine is clean.  
§  If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
§  IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.
DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable 

 

 ================================================================================

 

Please download AdwCleaner by Xplode and save to your Desktop.
§  Double click on AdwCleaner.exe to run the tool.

Vista/Windows 7/8 users right-click and select Run As Administrator
§  Click on the Scan button.
§  AdwCleaner will begin...be patient as the scan may take some time to complete.
§  After the scan has finished, click on the Report button...a logfile (AdwCleaner[R#].txt) will open in Notepad for review (where the largest value of # represents the most recent report).
§  The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
§  Copy and paste the contents of that logfile in your next reply.
§  A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
 
 
 ====================================================================================

 

IN YOUR NEXT REPLY I NEED:

 

1.)  ADWCleaner Log

Thanks   
    :)

 


avatar591802_2.gif"DO OR DO NOT. THERE IS NO TRY."


#6 Steve_M_T

Steve_M_T
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:09:17 AM

Posted 05 November 2014 - 09:41 PM

Thanks Johnny. ADWCleaner log is below. This thing won't let me post here except in SafeMode. # AdwCleaner v3.311 - Report created 05/11/2014 at 21:26:56 # Updated 30/09/2014 by Xplode # Operating System : Microsoft Windows XP Service Pack 3 (32 bits) # Username : Steve - FAMILYPC # Running from : C:\Documents and Settings\Steve\Desktop\AdwCleaner.exe # Option : Scan ***** [ Services ] ***** ***** [ Files / Folders ] ***** File Found : C:\Documents and Settings\Steve\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage File Found : C:\Documents and Settings\Steve\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal ***** [ Scheduled Tasks ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Found : HKCU\Software\AppDataLow\PlaySushi Key Found : HKCU\Software\Conduit Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{201F27D4-3704-41D6-89C1-AA35E39143ED} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3041D03E-FD4B-44E0-B742-2D9B88305F98} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{201F27D4-3704-41D6-89C1-AA35E39143ED} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3041D03E-FD4B-44E0-B742-2D9B88305F98} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Found : HKCU\Software\YahooPartnerToolbar ***** [ Browsers ] ***** -\\ Internet Explorer v8.0.6001.18702 -\\ Google Chrome v38.0.2125.111 [ File : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ] Found [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms} Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms} [ File : C:\Documents and Settings\Amelia\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ] [ File : C:\Documents and Settings\Steve\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ] Found [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms} Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms} ************************* AdwCleaner[R0].txt - [4073 octets] - [29/10/2014 17:14:23] AdwCleaner[R1].txt - [1242 octets] - [29/10/2014 17:26:33] AdwCleaner[R2].txt - [2823 octets] - [05/11/2014 21:26:56] AdwCleaner[S0].txt - [4336 octets] - [29/10/2014 17:16:30] AdwCleaner[S1].txt - [1303 octets] - [29/10/2014 17:28:18] ########## EOF - C:\AdwCleaner\AdwCleaner[R2].txt - [3003 octets] ##########

#7 Johnny Computer

Johnny Computer

  • Malware Response Team
  • 1,739 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:127.0.0.1
  • Local time:09:17 AM

Posted 06 November 2014 - 07:49 AM

Hi Steve M_T_-

 

NOTE: When you are posting logs please make sure that "Word Wrap" under notepads "Edit" menu is turned off before copy and pasting.  Leaving it on can make logs difficult to read. :) 

 

Double click on AdwCleaner.exe to run the tool again. Vista/Windows 7/8 users right-click and select Run As Administrator

§  The tool will start to update the database, please wait a bit.

§  Click on the Scan button.

§  AdwCleaner will begin to scan your computer like it did before.

§  After the scan has finished...

§  This time click on the Clean button.

§  Press OK when asked to close all programs and follow the onscreen prompts.

§  Press OK again to allow AdwCleaner to restart the computer and complete the removal process.

§  After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).

§  Copy and paste the contents of that logfile in your next reply.

§  A copy of that logfile will also be saved in the C:\AdwCleaner folder.

 

 =====================================================================

 

Please download Farbar Recovery Scan Tool and save it to your Desktop.

 
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, that will be the right version.

§  Right-click FRST then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).

§  When the tool opens, click Yes to disclaimer.

§  Press the Scan button.

§  When finished, it will produce a log called FRST.txt in the same directory the tool was run from.

§  Please copy and paste the log in your next reply.

Note 2: The first time the tool is run it generates another log (Addition.txt - also located in the same directory the tool was run from). Please also paste that, along with the FRST.txt into your next reply.

 

 ================================================================

 

IN YOUR NEXT REPLY I NEED YOUR:

 

1.)     Your ADWCleaner log

2.)    Your FRST Log   

Thanks J


Edited by Johnny Computer, 06 November 2014 - 07:50 AM.

avatar591802_2.gif"DO OR DO NOT. THERE IS NO TRY."


#8 Steve_M_T

Steve_M_T
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:09:17 AM

Posted 06 November 2014 - 11:40 AM

Johnny, Sorry about the mess in my posting. Word Wrap was off when copying and pasting, However, I am apparently unable to use the "Post" button - nothing happens. I have to use "More Reply Options," to get anything to post but then all my stuff gets wrapped. I have the three files but am not posting as I can't seem to do it without them becoming a mess. Advice?

#9 Steve_M_T

Steve_M_T
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:09:17 AM

Posted 06 November 2014 - 11:50 AM

trying again....

 

 

# AdwCleaner v3.311 - Report created 05/11/2014 at 22:16:43
# Updated 30/09/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Steve - FAMILYPC
# Running from : C:\Documents and Settings\Steve\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
File Deleted : C:\Documents and Settings\Steve\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Deleted : C:\Documents and Settings\Steve\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{201F27D4-3704-41D6-89C1-AA35E39143ED}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3041D03E-FD4B-44E0-B742-2D9B88305F98}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{201F27D4-3704-41D6-89C1-AA35E39143ED}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3041D03E-FD4B-44E0-B742-2D9B88305F98}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\PlaySushi
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v8.0.6001.18702
 
 
-\\ Google Chrome v38.0.2125.111
 
[ File : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]
 
Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
 
[ File : C:\Documents and Settings\Amelia\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Documents and Settings\Steve\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]
 
Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
 
*************************
 
AdwCleaner[R0].txt - [4073 octets] - [29/10/2014 17:14:23]
AdwCleaner[R1].txt - [1242 octets] - [29/10/2014 17:26:33]
AdwCleaner[R2].txt - [3083 octets] - [05/11/2014 21:26:56]
AdwCleaner[R3].txt - [3143 octets] - [05/11/2014 22:15:09]
AdwCleaner[S0].txt - [4336 octets] - [29/10/2014 17:16:30]
AdwCleaner[S1].txt - [1303 octets] - [29/10/2014 17:28:18]
AdwCleaner[S2].txt - [3100 octets] - [05/11/2014 22:16:43]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [3160 octets] ##########
 
 
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 04-11-2014
Ran by Steve (administrator) on FAMILYPC on 06-11-2014 11:19:21
Running from C:\Documents and Settings\Steve\Desktop
Loaded Profile: Steve (Available profiles: Steve & Claire & Amelia & Administrator)
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
(Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
(Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Symantec Corporation) C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
(Symantec Corporation) C:\Program Files\Symantec AntiVirus\DefWatch.exe
() C:\Program Files\Common Files\Diagnostics\node\service.exe
(Joyent, Inc) C:\Program Files\Common Files\Diagnostics\node\node.exe
(Intuit Inc.) C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
(RealNetworks, Inc.) C:\Program Files\Online Games Manager\ogmservice.exe
() C:\Program Files\Common Files\Diagnostics\node\service.exe
(Intuit) C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(Joyent, Inc) C:\Program Files\Common Files\Diagnostics\node\node.exe
(Intuit Inc.) C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
(Symantec Corporation) C:\Program Files\Symantec AntiVirus\Rtvscan.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\ccApp.exe
(Symantec Corporation) C:\PROGRA~1\SYMANT~1\VPTray.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Lavasoft Sweden) C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exe
(Microsoft Corporation) C:\Program Files\Microsoft ActiveSync\wcescomm.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(Intuit Inc.) C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
(Trimble Navigation Limited) C:\Program Files\Trimble\GPS Pathfinder Office\ConMgr.exe
(Canon Inc.) C:\Program Files\Canon\CAL\CALMAIN.exe
(Trimble Navigation Ltd.) C:\Program Files\Common Files\Trimble\Remote Device Manager\TRDMU.exe
(Microsoft Corporation) C:\PROGRA~1\MICROS~4\rapimgr.exe
(Joyent, Inc) C:\Program Files\Common Files\Diagnostics\node\node.exe
(Joyent, Inc) C:\Program Files\Common Files\Diagnostics\node\node.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Intuit SyncManager] => C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe [2829624 2013-11-08] (Intuit Inc. All rights reserved.)
HKLM\...\Run: [ccApp] => C:\Program Files\Common Files\Symantec Shared\ccApp.exe [52896 2006-07-19] (Symantec Corporation)
HKLM\...\Run: [vptray] => C:\Program Files\Symantec AntiVirus\VPTray.exe [125168 2006-09-27] (Symantec Corporation)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [421888 2014-01-17] (Apple Inc.)
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [Adobe Reader Speed Launcher] => "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
HKLM\...\Run: [iTunesHelper] => "C:\Program Files\iTunes\iTunesHelper.exe"
HKLM\...\Winlogon: [UIHost] C:\WINDOWS\system32\logonui.exe [514560 2008-04-14] (Microsoft Corporation)
Winlogon\Notify\NavLogon: C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] fastprox.dll ATTENTION! ====> ZeroAccess?
HKU\S-1-5-19\...\Policies\Explorer: [NoSetActiveDesktop] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetActiveDesktop] 0
HKU\S-1-5-21-1645522239-1123561945-839522115-1004\...\Run: [AWMON] => C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exe [517632 2005-05-25] (Lavasoft Sweden)
HKU\S-1-5-21-1645522239-1123561945-839522115-1004\...\Run: [H/PC Connection Agent] => C:\Program Files\Microsoft ActiveSync\wcescomm.exe [1289000 2006-11-13] (Microsoft Corporation)
HKU\S-1-5-21-1645522239-1123561945-839522115-1004\...\RunOnce: [Shockwave Updater] => C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1103472.exe [460216 2009-01-16] (Adobe Systems, Inc.)
HKU\S-1-5-21-1645522239-1123561945-839522115-1004\...409d6c4515e9\InprocServer32: [Default-shell32] C:\RECYCLER\S-1-5-21-1645522239-1123561945-839522115-1004\$716e1d4a7e39def7adc60d955f43539c\o. ATTENTION! ====> ZeroAccess?
HKU\S-1-5-18\...\Policies\Explorer: [NoSetActiveDesktop] 0
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Intuit Data Protect.lnk
ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk
ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files\Intuit\QuickBooks Basic\QBW32.EXE (Intuit Inc.)
Startup: C:\Documents and Settings\Amelia\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Documents and Settings\Steve\Application Data\Dropbox\bin\Dropbox.exe (No File)
Startup: C:\Documents and Settings\Steve\Start Menu\Programs\Startup\Connection Manager.lnk
ShortcutTarget: Connection Manager.lnk -> C:\Program Files\Trimble\GPS Pathfinder Office\ConMgr.exe (Trimble Navigation Limited)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} =>  No File
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: 127.0.0.1:5050
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rivarch.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1645522239-1123561945-839522115-1004\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
BHO: TidyNetwork -> {5B37E98B-EACB-36E5-CA43-EF55B3653943} -> C:\Program Files\TidyNetwork\petn.dll No File
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: LocationFinder Class -> {BC0E8AD7-13AA-4694-8EDD-0246BC47A35F} -> C:\Program Files\Skyhook Wireless\Loki ActiveX Component\versions\3.4.2.20\loki.dll (Skyhook Wireless)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Handler: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} - C:\Program Files\Intuit\QuickBooks Basic\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF Plugin: @canon.com/MycameraPlugin -> C:\Program Files\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @nosltd.com/getPlus+®,version=1.6.2.91 -> C:\Program Files\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)
FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @unity3d.com/UnityPlayer -> C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin -> C:\Documents and Settings\Steve\Local Settings\Application Data\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-05]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.rivarch.com/
CHR StartupUrls: Default -> "hxxp://www.rivarch.com/"
CHR Plugin: (Widevine Content Decryption Module) - C:\Documents and Settings\Steve\Local Settings\Application Data\Google\Chrome\User Data\WidevineCDM\1.4.1.376\_platform_specific\win_x86\widevinecdmadapter.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\38.0.2125.111\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\38.0.2125.111\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\38.0.2125.111\pdf.dll ()
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Citrix Online Web Deployment Plugin 1.0.0.104) - C:\Documents and Settings\Steve\Local Settings\Application Data\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (NPCIG.dll) - C:\Program Files\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.450.18) - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Java™ Platform SE 7 U45) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll No File
CHR Plugin: (getPlusPlus for Adobe 16291) - C:\Program Files\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)
CHR Plugin: (Pando Web Plugin) - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
CHR Plugin: (Unity Player) - C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
CHR Plugin: (Windows Presentation Foundation) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Shockwave for Director) - C:\WINDOWS\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
CHR Profile: C:\Documents and Settings\Steve\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Documents and Settings\Steve\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-21]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Documents and Settings\Steve\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-01]
CHR Extension: (YouTube) - C:\Documents and Settings\Steve\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-11-04]
CHR Extension: (Google Search) - C:\Documents and Settings\Steve\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-11-04]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Steve\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-04]
CHR Extension: (Gmail) - C:\Documents and Settings\Steve\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-11-04]
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [57008 2012-12-21] (Apple Inc.) [File not signed]
R2 Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [554352 2007-09-12] (Symantec Corporation)
R2 CCALib8; C:\Program Files\Canon\CAL\CALMAIN.exe [96370 2007-01-31] (Canon Inc.) [File not signed]
R2 ccEvtMgr; C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [192160 2006-07-19] (Symantec Corporation)
R2 ccSetMgr; C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe [169632 2006-07-19] (Symantec Corporation)
R2 DefWatch; C:\Program Files\Symantec AntiVirus\DefWatch.exe [31472 2006-09-27] (Symantec Corporation)
R2 Diagnostics; C:\Program Files\Common Files\Diagnostics\node\service.exe [155136 2014-10-09] () [File not signed] <==== ATTENTION
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-08-06] (Oracle Corporation)
S3 LiveUpdate; C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE [2999664 2007-09-12] (Symantec Corporation)
R2 ogmservice; C:\Program Files\Online Games Manager\ogmservice.exe [581568 2014-03-27] (RealNetworks, Inc.) [File not signed]
R2 Proxy; C:\Program Files\Common Files\Diagnostics\node\service.exe [155136 2014-10-09] () [File not signed] <==== ATTENTION
R2 QBCFMonitorService; C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2013-11-08] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2012-03-14] (Intuit Inc.) [File not signed]
R2 QBVSS; C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2012-03-14] (Intuit Inc.) [File not signed]
S3 SavRoam; C:\Program Files\Symantec AntiVirus\SavRoam.exe [116464 2006-09-27] (symantec)
S3 SNDSrvc; C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe [214720 2006-08-07] (Symantec Corporation)
R2 SPBBCSvc; C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe [1160848 2006-04-11] (Symantec Corporation)
R2 Symantec AntiVirus; C:\Program Files\Symantec AntiVirus\Rtvscan.exe [1813232 2006-09-27] (Symantec Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 BVRPMPR5; C:\WINDOWS\system32\drivers\BVRPMPR5.SYS [49904 2009-06-11] (Avanquest Software) [File not signed]
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
S0 cercsr6; C:\WINDOWS\system32\Drivers\cercsr6.sys [39904 2004-12-13] (Adaptec, Inc.) [File not signed]
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376480 2012-07-31] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [106656 2012-07-31] (Symantec Corporation)
R3 msvad_simple; C:\WINDOWS\System32\drivers\povrtdev.sys [23920 2010-04-29] (MediaMall Technologies, Inc.)
R3 NAVENG; C:\Program Files\Common Files\Symantec Shared\VirusDefs\20130708.002\NAVENG.SYS [93272 2013-04-26] (Symantec Corporation)
R3 NAVEX15; C:\Program Files\Common Files\Symantec Shared\VirusDefs\20130708.002\NAVEX15.SYS [1611992 2013-04-26] (Symantec Corporation)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
S3 RT73; C:\WINDOWS\System32\DRIVERS\rt73.sys [245248 2005-11-23] (Ralink Technology, Corp.)
R1 SAVRT; C:\Program Files\Symantec AntiVirus\savrt.sys [337592 2006-09-06] (Symantec Corporation)
R1 SAVRTPEL; C:\Program Files\Symantec AntiVirus\Savrtpel.sys [54968 2006-09-06] (Symantec Corporation)
R1 SPBBCDrv; C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys [389776 2006-04-11] (Symantec Corporation)
R3 SymEvent; C:\Program Files\Symantec\SYMEVENT.SYS [109744 2006-09-18] (Symantec Corporation)
S3 SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [24768 2006-08-07] (Symantec Corporation)
R1 SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [195776 2006-08-07] (Symantec Corporation)
S4 IntelIde; No ImagePath
S3 PCDSRVC{E9D79540-57D5953E-06020101}_0; \??\c:\program files\dell support center\pcdsrvc.pkms [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)
U3 TlntSvr; No ImagePath
S3 UIUSys; system32\DRIVERS\UIUSYS.SYS [X]
S2 zumbus; system32\DRIVERS\zumbus.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-11-06 11:15 - 2014-11-06 11:19 - 00021871 _____ () C:\Documents and Settings\Steve\Desktop\FRST.txt
2014-11-06 11:15 - 2014-11-06 11:19 - 00000000 ____D () C:\FRST
2014-11-06 11:09 - 2014-11-06 11:09 - 01106432 _____ (Farbar) C:\Documents and Settings\Steve\Desktop\FRST.exe
2014-11-05 21:20 - 2014-11-05 21:20 - 01375089 _____ () C:\Documents and Settings\Steve\Desktop\AdwCleaner.exe
2014-10-30 18:25 - 2014-10-30 18:25 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Temp
2014-10-30 18:25 - 2014-10-30 18:25 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe
2014-10-29 17:34 - 2014-10-29 17:34 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-10-29 17:34 - 2014-10-29 17:34 - 00000000 _____ () C:\WINDOWS\setupact.log
2014-10-29 17:15 - 2010-08-30 07:34 - 00536576 _____ (SQLite Development Team) C:\WINDOWS\system32\sqlite3.dll
2014-10-29 17:14 - 2014-11-05 22:16 - 00000000 ____D () C:\AdwCleaner
2014-10-29 17:08 - 2014-10-29 17:08 - 01375089 _____ () C:\Documents and Settings\Administrator\Desktop\AdwCleaner.exe
2014-10-29 16:52 - 2014-10-29 16:53 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\NPE
2014-10-29 16:52 - 2014-10-29 16:52 - 00035472 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2014-10-29 16:51 - 2014-10-29 16:51 - 00001822 _____ () C:\Documents and Settings\Administrator\Desktop\Google Chrome.lnk
2014-10-29 16:33 - 2014-10-29 17:34 - 00002319 _____ () C:\WINDOWS\setupapi.log
2014-10-28 21:57 - 2014-11-03 18:58 - 00000000 ____D () C:\Documents and Settings\Steve\Desktop\Bleeping Computer
2014-10-28 20:42 - 2014-10-28 20:57 - 00000000 ____D () C:\Documents and Settings\Steve\Local Settings\Application Data\NPE
2014-10-28 20:42 - 2014-10-28 20:42 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Norton
2014-10-28 20:11 - 2014-10-28 20:11 - 00000104 _____ () C:\Documents and Settings\Steve\My Documents\My Computer.lnk
2014-10-28 18:59 - 2014-11-02 11:22 - 00114904 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-10-28 18:59 - 2014-10-28 18:59 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-10-28 18:59 - 2014-10-28 18:59 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-28 18:59 - 2014-10-01 10:11 - 00054360 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-10-27 17:58 - 2014-10-27 17:58 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome
2014-10-26 07:08 - 2014-10-26 07:09 - 00000000 ____D () C:\Program Files\Common Files\Cache utility
2014-10-26 07:08 - 2014-10-26 07:08 - 00000000 ____D () C:\Program Files\Common Files\Hoist Search
2014-10-26 07:08 - 2014-10-26 07:08 - 00000000 ____D () C:\Program Files\Common Files\Display settings
2014-10-26 07:08 - 2014-10-26 07:08 - 00000000 ____D () C:\Program Files\Common Files\DealAlly
2014-10-25 15:10 - 2014-10-29 16:30 - 00001024 _____ () C:\.rnd
2014-10-25 15:01 - 2014-10-25 15:01 - 00000000 ____D () C:\Documents and Settings\Amelia\Local Settings\Application Data\UpdateAdmin
2014-10-25 14:59 - 2014-10-25 14:59 - 00000000 ____D () C:\Program Files\Common Files\Common dictionary
2014-10-25 14:59 - 2014-10-25 14:59 - 00000000 ____D () C:\Documents and Settings\Amelia\Local Settings\Application Data\TNT2
2014-10-07 14:46 - 2014-10-07 14:46 - 00043713 _____ () C:\Documents and Settings\Amelia\Desktop\Horton Jen 10814.xlsx
2014-10-07 14:45 - 2014-10-07 14:45 - 01816684 _____ () C:\Documents and Settings\Amelia\Desktop\WealthPoint 7.31.14 (1).xlsx
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-11-06 11:19 - 2010-11-30 17:26 - 00000000 ____D () C:\Documents and Settings\Steve\Local Settings\temp
2014-11-06 11:15 - 2009-01-19 20:58 - 00000000 ____D () C:\Program Files\Symantec AntiVirus
2014-11-06 11:14 - 2009-01-19 20:24 - 01359506 _____ () C:\WINDOWS\WindowsUpdate.log
2014-11-06 11:13 - 2013-07-14 18:23 - 00000432 _____ () C:\WINDOWS\Tasks\SystemToolsDailyTest.job
2014-11-06 11:12 - 2014-03-27 10:25 - 00000224 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2014-11-06 11:12 - 2014-03-20 19:57 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-06 11:12 - 2009-01-19 14:26 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-11-06 11:11 - 2009-01-19 20:27 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-11-06 11:11 - 2009-01-19 14:26 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2014-11-06 11:10 - 2009-01-19 20:28 - 00000278 ___SH () C:\Documents and Settings\Steve\ntuser.ini
2014-11-05 22:24 - 2014-03-20 19:57 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-05 22:24 - 2009-01-19 20:27 - 00032506 _____ () C:\WINDOWS\SchedLgU.Txt
2014-11-05 22:17 - 2013-10-13 19:53 - 00114696 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2014-11-05 21:28 - 2009-03-16 18:30 - 00000000 ____D () C:\Documents and Settings\Steve\My Documents\Robinson Woods HOA
2014-11-05 21:17 - 2010-01-19 22:07 - 00000178 ___SH () C:\Documents and Settings\Administrator\ntuser.ini
2014-11-05 21:17 - 2004-08-04 05:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2014-11-03 22:20 - 2010-11-30 17:26 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\temp
2014-11-03 19:07 - 2013-07-14 18:23 - 00000564 _____ () C:\WINDOWS\Tasks\PCDoctorBackgroundMonitorTask.job
2014-11-03 19:06 - 2012-04-17 17:33 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-11-03 19:05 - 2012-07-29 16:59 - 00002315 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
2014-11-03 18:56 - 2009-01-19 14:24 - 00591040 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-11-02 09:51 - 2013-09-24 16:51 - 00001324 _____ () C:\WINDOWS\system32\d3d9caps.dat
2014-10-30 18:25 - 2010-06-06 18:56 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Adobe
2014-10-29 17:54 - 2014-05-02 14:00 - 00009360 _____ () C:\WINDOWS\KB2964358-IE8.log
2014-10-29 17:54 - 2014-04-08 20:49 - 00019482 _____ () C:\WINDOWS\KB2936068-IE8.log
2014-10-29 17:34 - 2009-01-19 14:24 - 02389575 _____ () C:\WINDOWS\FaxSetup.log
2014-10-29 17:34 - 2009-01-19 14:24 - 01226617 _____ () C:\WINDOWS\ocgen.log
2014-10-29 17:34 - 2009-01-19 14:24 - 00934414 _____ () C:\WINDOWS\tsoc.log
2014-10-29 17:34 - 2009-01-19 14:24 - 00801785 _____ () C:\WINDOWS\comsetup.log
2014-10-29 17:34 - 2009-01-19 14:24 - 00491907 _____ () C:\WINDOWS\ntdtcsetup.log
2014-10-29 17:34 - 2009-01-19 14:24 - 00372348 _____ () C:\WINDOWS\iis6.log
2014-10-29 17:34 - 2009-01-19 14:24 - 00134688 _____ () C:\WINDOWS\ocmsn.log
2014-10-29 17:34 - 2009-01-19 14:24 - 00122299 _____ () C:\WINDOWS\msgsocm.log
2014-10-29 17:34 - 2009-01-19 14:24 - 00001943 _____ () C:\WINDOWS\imsins.log
2014-10-29 16:51 - 2010-11-15 20:02 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Google
2014-10-29 16:33 - 2011-02-24 18:04 - 00000000 ____D () C:\Documents and Settings\Amelia\Application Data\Sony Online Entertainment
2014-10-28 22:03 - 2013-01-19 14:34 - 00000000 ____D () C:\Documents and Settings\Steve\Desktop\ICF
2014-10-28 22:02 - 2009-01-21 17:36 - 00001277 _____ () C:\Documents and Settings\Steve\Desktop\Words.txt
2014-10-28 20:49 - 2009-01-19 20:28 - 00000000 ____D () C:\Documents and Settings\Steve
2014-10-28 19:51 - 2009-05-30 13:57 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\TEMP
2014-10-28 19:44 - 2014-04-07 19:44 - 00000452 _____ () C:\WINDOWS\Tasks\At3.job
2014-10-28 19:40 - 2014-04-07 19:44 - 00000452 _____ () C:\WINDOWS\Tasks\At2.job
2014-10-28 19:27 - 2009-01-19 22:46 - 00000000 ____D () C:\WINDOWS\Microsoft.NET
2014-10-28 19:26 - 2013-12-05 10:13 - 00000000 ___RD () C:\Documents and Settings\Amelia\My Documents\Dropbox
2014-10-28 19:26 - 2009-01-20 00:01 - 00000278 ___SH () C:\Documents and Settings\Amelia\ntuser.ini
2014-10-28 18:59 - 2012-01-07 16:05 - 00000786 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-28 18:59 - 2010-06-04 19:25 - 00000000 ____D () C:\Documents and Settings\Steve\Application Data\Malwarebytes
2014-10-28 18:59 - 2010-06-04 19:25 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-10-28 16:46 - 2010-11-30 17:26 - 00000000 ____D () C:\Documents and Settings\Amelia\Local Settings\temp
2014-10-28 16:39 - 2013-12-05 10:10 - 00000000 ____D () C:\Documents and Settings\Amelia\Application Data\Dropbox
2014-10-27 17:58 - 2009-12-21 18:46 - 00000000 ____D () C:\Program Files\Google
2014-10-26 14:13 - 2009-01-27 21:11 - 00002483 _____ () C:\Documents and Settings\Amelia\Desktop\Microsoft Word.lnk
2014-10-26 13:54 - 2010-01-21 13:43 - 00000610 _____ () C:\WINDOWS\nsw.log
2014-10-26 13:00 - 2014-04-07 19:44 - 00000452 _____ () C:\WINDOWS\Tasks\At4.job
2014-10-26 09:10 - 2014-04-07 19:44 - 00000452 _____ () C:\WINDOWS\Tasks\At1.job
2014-10-25 20:42 - 2012-04-16 20:41 - 00232840 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1645522239-1123561945-839522115-1004-0.dat
2014-10-25 20:42 - 2012-04-16 15:53 - 00196438 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2014-10-25 18:19 - 2009-01-20 00:01 - 00000000 ____D () C:\Documents and Settings\Amelia
2014-10-25 14:59 - 2009-01-19 14:17 - 00000000 ____D () C:\WINDOWS\Resources
2014-10-20 18:24 - 2010-02-06 17:36 - 00000372 _____ () C:\Documents and Settings\Amelia\My Documents\spider.sav
2014-10-17 10:05 - 2013-08-14 14:10 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-10-17 09:59 - 2009-01-19 21:34 - 100290944 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-10-14 19:20 - 2009-02-13 22:12 - 00000000 ____D () C:\Documents and Settings\Steve\Local Settings\Application Data\CutePDF Writer
2014-10-10 09:04 - 2010-11-28 22:20 - 00000284 _____ () C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2014-10-09 17:41 - 2014-03-27 10:25 - 00000218 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
 
ZeroAccess:
C:\RECYCLER\S-1-5-21-1645522239-1123561945-839522115-1004\$716e1d4a7e39def7adc60d955f43539c
 
Files to move or delete:
====================
C:\Documents and Settings\All Users\hash.dat
C:\Documents and Settings\Amelia\jagex_runescape_preferences.dat
C:\Documents and Settings\Amelia\jagex_runescape_preferences2.dat
C:\Documents and Settings\Claire\jagex_runescape_preferences.dat
C:\Windows\Tasks\At1.job
C:\Windows\Tasks\At2.job
C:\Windows\Tasks\At3.job
C:\Windows\Tasks\At4.job
 
 
Some content of TEMP:
====================
C:\Documents and Settings\Administrator\Local Settings\temp\Quarantine.exe
C:\Documents and Settings\Amelia\Local Settings\temp\ApnToolbarInstaller.exe
C:\Documents and Settings\Amelia\Local Settings\temp\bstrapInstall.exe
C:\Documents and Settings\Amelia\Local Settings\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpripbj8.dll
C:\Documents and Settings\Amelia\Local Settings\temp\G2MInstallerExtractor.exe
C:\Documents and Settings\Amelia\Local Settings\temp\Tsu1BD52B60.dll
C:\Documents and Settings\Amelia\Local Settings\temp\Uninstaller-2064.exe
C:\Documents and Settings\Claire\Local Settings\temp\ApnIC.dll
C:\Documents and Settings\Claire\Local Settings\temp\ApnStub.exe
C:\Documents and Settings\Claire\Local Settings\temp\ApnToolbarInstaller.exe
C:\Documents and Settings\Claire\Local Settings\temp\AskSLib.dll
C:\Documents and Settings\Claire\Local Settings\temp\bfguni.exe
C:\Documents and Settings\Claire\Local Settings\temp\setup.exe
C:\Documents and Settings\Claire\Local Settings\temp\swt-win32-3349.dll
C:\Documents and Settings\Claire\Local Settings\temp\tempmessage.bfg
C:\Documents and Settings\Steve\Local Settings\temp\p1wy0cu3.dll
C:\Documents and Settings\Steve\Local Settings\temp\Quarantine.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
==================== End Of Log ============================
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 04-11-2014
Ran by Steve at 2014-11-06 11:20:09
Running from C:\Documents and Settings\Steve\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Symantec AntiVirus Corporate Edition (Disabled - Up to date) {FB06448E-52B8-493A-90F3-E43226D3305C}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Ad-Aware SE Plus (HKLM\...\Ad-Aware SE Plus) (Version: 1.06 - Lavasoft)
Adobe Download Manager (HKLM\...\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}) (Version: 1.6.2.91 - NOS Microsystems Ltd.)
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Reader X (10.1.11) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.11 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM\...\Adobe Shockwave Player) (Version: 11.6.8.638 - Adobe Systems, Inc.)
Adobe SVG Viewer 3.0 (HKLM\...\Adobe SVG Viewer) (Version:  3.0 - )
Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{E14ADE0E-75F3-4A46-87E5-26692DD626EC}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Autodesk MapGuide® Viewer ActiveX Control Release 6.5 (HKLM\...\{E031338C-839D-4EDD-9537-99B653C39D81}) (Version: 6.5.5.7 - Autodesk, Inc.)
Canon Camera Access Library (HKLM\...\CAL) (Version: 8.4.0.1 - Canon Inc.)
Canon DIGITAL CAMERA Solution Disk Software Guide (HKLM\...\Software Guide) (Version: 1.0.1.2 - Canon Inc.)
CANON iMAGE GATEWAY Task for ZoomBrowser EX (HKLM\...\CANON iMAGE GATEWAY Task) (Version: 1.7.0.4 - Canon Inc.)
Canon Internet Library for ZoomBrowser EX (HKLM\...\Canon Internet Library for ZoomBrowser EX) (Version: 1.6.3.9 - Canon Inc.)
Canon MovieEdit Task for ZoomBrowser EX (HKLM\...\MovieEditTask) (Version: 3.2.0.34 - Canon Inc.)
Canon Personal Printing Guide (HKLM\...\Personal Printing Guide) (Version: 1.0.0.1 - Canon Inc.)
Canon PowerShot SX120 IS Camera User Guide (HKLM\...\CameraUserGuide-PSSX120IS) (Version: 1.0.1.2 - Canon Inc.)
Canon Utilities CameraWindow (HKLM\...\CameraWindowLauncher) (Version: 7.3.0.4 - Canon Inc.)
Canon Utilities CameraWindow DC (HKLM\...\CameraWindowDC) (Version: 7.4.1.10 - Canon Inc.)
Canon Utilities CameraWindow DC 8 (HKLM\...\CameraWindowDC8) (Version: 8.0.0.19 - Canon Inc.)
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX (HKLM\...\CameraWindowDVC6) (Version: 6.5.0.3 - Canon Inc.)
Canon Utilities MyCamera (HKLM\...\MyCamera) (Version: 7.3.0.5 - Canon Inc.)
Canon Utilities MyCamera DC (HKLM\...\MyCameraDC) (Version: 7.2.1.6 - Canon Inc.)
Canon Utilities PhotoStitch (HKLM\...\PhotoStitch) (Version: 3.1.22.46 - Canon Inc.)
Canon Utilities RemoteCapture Task for ZoomBrowser EX (HKLM\...\RemoteCaptureTask) (Version: 1.8.0.1 - Canon Inc.)
Canon Utilities ZoomBrowser EX (HKLM\...\ZoomBrowser EX) (Version: 6.4.0.7 - Canon Inc.)
Canon ZoomBrowser EX Memory Card Utility (HKLM\...\ZoomBrowser EX Memory Card Utility) (Version: 1.2.2.11 - Canon Inc.)
Citrix Online Launcher (HKLM\...\{3318B54A-B5A8-49B1-8016-753DC6CAC63B}) (Version: 1.0.110 - Citrix)
Common dictionary (HKLM\...\Common dictionary) (Version: 1 - Common dictionary)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CutePDF Writer 2.7 (HKLM\...\CutePDF Writer Installation) (Version:  - )
Dell Driver Download Manager (HKCU\...\f031ef6ac137efc5) (Version: 2.0.0.0 - Dell Inc.)
Dell Support Center (HKLM\...\Dell Support Center) (Version: 3.1.5907.39 - Dell Inc.)
Dell Support Center (Version: 3.1.5907.39 - PC-Doctor, Inc.) Hidden
Google Chrome (HKLM\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)
Google Earth Plug-in (HKLM\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.25.5 - Google Inc.) Hidden
GoToMeeting 5.7.0.1172 (HKCU\...\GoToMeeting) (Version: 5.7.0.1172 - CitrixOnline)
GPS Pathfinder Office (HKLM\...\InstallShield_{BC5AB1D1-8BF4-4746-B2E9-B078E210B6E5}) (Version: 5.00.0000 - Trimble)
GPS Pathfinder Office (Version: 5.00.0000 - Trimble) Hidden
High Definition Audio Driver Package - KB888111 (HKLM\...\KB888111WXPSP2) (Version: 20040219.000000 - Microsoft Corporation)
HP FWUpdateEDO2 (HKLM\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Officejet Pro 8600 Basic Device Software (HKLM\...\{8EAB4100-B343-41AE-A880-418746998209}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet Pro 8600 Help (HKLM\...\{46235FF7-2CBE-4A84-BEDA-87348D1F7850}) (Version: 28.0.0 - Hewlett Packard)
HP Officejet Pro 8600 Product Improvement Study (HKLM\...\{79ACC31A-87EA-472A-853E-5AC6A97CE569}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
I.R.I.S. OCR (HKLM\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - )
Intel® PRO Network Connections 12.1.12.0 (HKLM\...\{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}) (Version:  - Intel)
Java 7 Update 67 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
LiveUpdate 3.2 (Symantec Corporation) (HKLM\...\LiveUpdate) (Version: 3.2.0.68 - Symantec Corporation)
Loki ActiveX Control (HKLM\...\Loki ActiveX Control) (Version: 3.4.2.20 - SkyhookWireless)
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft ActiveSync (HKLM\...\{99052DB7-9592-4522-A558-5417BBAD48EE}) (Version: 4.5.5096.0 - Microsoft Corporation)
Microsoft Calculator Plus (HKLM\...\{83073C45-3003-4671-9A86-243AAADD915A}) (Version: 1.0.0 - Microsoft)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Office Access database engine 2007 (English) (HKLM\...\{90120000-00D1-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office XP Professional with FrontPage (HKLM\...\{90280409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.6626.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.9 (HKLM\...\Wudf01009) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft WinUsb 1.0 (HKLM\...\winusb0100) (Version:  - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MSXML4 Parser (HKLM\...\{01501EBA-EC35-4F9F-8889-3BE346E5DA13}) (Version: 1.0.0 - Microsoft Game Studios)
Netflix Movie Viewer (HKLM\...\{BCE72AED-3332-4863-9567-C5DCB9052CA2}) (Version: 1.2.211 - Netflix)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version:  - )
Online Games Manager v1.30 (HKLM\...\Online Games Manager) (Version: 1.30.14 - Real Networks, Inc.)
QuickBooks (Version: 22.0.4015.2206 - Intuit Inc.) Hidden
QuickBooks Pro 2012 (HKLM\...\{22057D8D-7CC8-46FF-AD8C-9BD24F9014F3}) (Version: 22.0.4015.2206 - Intuit Inc.)
QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 5.10.0.5408 - Realtek Semiconductor Corp.)
SAPI Wrapper (Version: 1.0.0.0 - Microsoft Corporation) Hidden
Security Task Manager 1.8d (HKLM\...\Security Task Manager) (Version: 1.8d - Neuber Software)
SketchUp 2013 (HKLM\...\{B75BC01B-4586-43F8-9349-D250DB98F26F}) (Version: 13.0.4812 - Trimble Navigation Limited)
SupportSoft Assisted Service (HKLM\...\{5A3F6A80-7913-475E-8B96-477A952CFA43}) (Version: 15 - SupportSoft)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Symantec AntiVirus (HKLM\...\{33CFCF98-F8D6-4549-B469-6F4295676D83}) (Version: 10.1.5000.5 - Symantec Corporation)
TTS Wrapper (Version: 1.0.0.0 - Microsoft Corporation) Hidden
TurboTax 2008 (HKLM\...\TurboTax 2008) (Version:  - )
TurboTax 2009 (HKLM\...\TurboTax 2009) (Version:  - Intuit, Inc)
Unity Web Player (HKLM\...\UnityWebPlayer) (Version: 2.5.1f5_24931 - Unity Technologies ApS)
VanDyke Software SecureFX 6.1 (HKLM\...\{93BF833E-8EC7-4574-B69D-FD2B186ECE09}) (Version: 6.1.0 - VanDyke Software, Inc.)
WeatherBug Alert (HKLM\...\{7426428E-71D4-452C-BA13-B14E5EB52859}) (Version: 1.3.0.1 - AWS Convergence Technologies)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version:  - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Live ID Sign-in Assistant (HKLM\...\{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-1645522239-1123561945-839522115-1004_Classes\CLSID\{05EC5C13-D255-4592-9CCB-98615172F0D6}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1645522239-1123561945-839522115-1004_Classes\CLSID\{0ADF9C35-0D5E-4B75-88DD-B64868907E17}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1645522239-1123561945-839522115-1004_Classes\CLSID\{123FAF7F-3FB1-4B8F-AD18-0047401D436A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1645522239-1123561945-839522115-1004_Classes\CLSID\{37A2FC00-1795-4679-94A3-A153F1A8BB54}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1645522239-1123561945-839522115-1004_Classes\CLSID\{37A2FC02-1795-4679-94A3-A153F1A8BB54}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1645522239-1123561945-839522115-1004_Classes\CLSID\{4716D3CE-55DB-4D2A-818C-87D912895890}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1645522239-1123561945-839522115-1004_Classes\CLSID\{4844F3F7-2161-4AC4-B219-B3B4311782AA}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1645522239-1123561945-839522115-1004_Classes\CLSID\{49BBAA3C-C574-419E-8378-783C362E9C15}\InprocServer32 -> C:\Program Files\HP\Common\FWUpdateEDO2.dll (Hewlett-Packard Co.)
CustomCLSID: HKU\S-1-5-21-1645522239-1123561945-839522115-1004_Classes\CLSID\{4A56F19E-9F50-4F43-93C8-050E44AA83A9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1645522239-1123561945-839522115-1004_Classes\CLSID\{4CA41277-032D-4a20-B225-371EBA96ABF2}\localserver32 -> C:\Program Files\Intuit\QuickBooks Basic\qbw32.exe (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1645522239-1123561945-839522115-1004_Classes\CLSID\{5428A9ED-6CD8-11D6-9C8A-0001023DCAA2}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1645522239-1123561945-839522115-1004_Classes\CLSID\{547C8F00-5567-4AE3-8BB0-CC3CE2AB9070}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1645522239-1123561945-839522115-1004_Classes\CLSID\{57D590F1-91EB-44CE-8088-AE4AE19D30A1}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1645522239-1123561945-839522115-1004_Classes\CLSID\{596801D8-2C9D-4627-9C67-195CB81B655A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1645522239-1123561945-839522115-1004_Classes\CLSID\{5B7331FA-8910-4748-A8A4-60B445041F28}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1645522239-1123561945-839522115-1004_Classes\CLSID\{5ED8AC89-B2DE-476D-8EEA-E170B2FCB058}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1645522239-1123561945-839522115-1004_Classes\CLSID\{738CD606-129D-45db-86D6-6C9739C750CA}\localserver32 -> C:\Program Files\Intuit\QuickBooks Basic\qbw32.exe (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1645522239-1123561945-839522115-1004_Classes\CLSID\{7694F1CD-A55B-4B7C-8820-A90892EB4E9E}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1645522239-1123561945-839522115-1004_Classes\CLSID\{7DBF8260-30AD-4D1B-876A-8032B87B809F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1645522239-1123561945-839522115-1004_Classes\CLSID\{828E5386-74CF-4019-B356-C857CD028A7D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1645522239-1123561945-839522115-1004_Classes\CLSID\{82CC31B3-53B4-4161-A4E9-6B4F1290A6C8}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1645522239-1123561945-839522115-1004_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files\Citrix\GoToMeeting\1172\G2MOutlookAddin.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-1645522239-1123561945-839522115-1004_Classes\CLSID\{8E590317-1329-11D1-B70B-00805F29CD16}\localserver32 -> C:\Program Files\Intuit\QuickBooks Basic\qbw32.exe (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1645522239-1123561945-839522115-1004_Classes\CLSID\{8FEDE364-AB37-4551-80C9-6D468E222AB2}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1645522239-1123561945-839522115-1004_Classes\CLSID\{9D9B61F2-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1645522239-1123561945-839522115-1004_Classes\CLSID\{9D9B61F3-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1645522239-1123561945-839522115-1004_Classes\CLSID\{9D9B61F4-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1645522239-1123561945-839522115-1004_Classes\CLSID\{9D9B61F5-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1645522239-1123561945-839522115-1004_Classes\CLSID\{9D9B61F6-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1645522239-1123561945-839522115-1004_Classes\CLSID\{9D9B61F7-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1645522239-1123561945-839522115-1004_Classes\CLSID\{A63E42D0-9C63-47B5-ABF2-0C839EC20778}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1645522239-1123561945-839522115-1004_Classes\CLSID\{A63E42D2-9C63-47B5-ABF2-0C839EC20778}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1645522239-1123561945-839522115-1004_Classes\CLSID\{AF5E0A13-CEAB-47CE-991D-77E82CD1BF3F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1645522239-1123561945-839522115-1004_Classes\CLSID\{B10BFAC3-EFF1-40D9-ADA0-BEBE037C24CA}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1645522239-1123561945-839522115-1004_Classes\CLSID\{B66F2BF1-91EB-44CE-8088-AE4AE19D30A1}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1645522239-1123561945-839522115-1004_Classes\CLSID\{D14FD6B3-6A9F-4537-9460-07B836707127}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1645522239-1123561945-839522115-1004_Classes\CLSID\{D4A12AAF-E15E-470B-A6B6-63032186F91F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1645522239-1123561945-839522115-1004_Classes\CLSID\{DCB2B478-EFF6-48F6-B718-13E98876854E}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1645522239-1123561945-839522115-1004_Classes\CLSID\{DFD0AF10-B86C-4AF3-B609-1348D513E565}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1645522239-1123561945-839522115-1004_Classes\CLSID\{E1A173E1-D957-4C3E-A098-43756A3DB454}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1645522239-1123561945-839522115-1004_Classes\CLSID\{E1A173E3-D957-4C3E-A098-43756A3DB454}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1645522239-1123561945-839522115-1004_Classes\CLSID\{EADA914E-5B08-4E85-8440-5A087504DF87}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1645522239-1123561945-839522115-1004_Classes\CLSID\{F2C593CC-74B2-4F71-8556-DD4D426D0409}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1645522239-1123561945-839522115-1004_Classes\CLSID\{FAC93D42-FFC2-11d1-9DEB-0008C7A08EBA}\localserver32 -> C:\Program Files\Intuit\QuickBooks Basic\qbw32.exe (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1645522239-1123561945-839522115-1004_Classes\CLSID\{FB17915F-06D1-4214-A902-CC5EE05186E9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1645522239-1123561945-839522115-1004_Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32 -> C:\RECYCLER\S-1-5-21-1645522239-1123561945-839522115-1004\$716e1d4a7e39def7adc60d955f43539c\o. No Fi (the data entry has 2 more characters).
 
==================== Restore Points  =========================
 
03-08-2014 20:43:51 System Checkpoint
04-08-2014 22:08:07 System Checkpoint
05-08-2014 22:17:41 System Checkpoint
06-08-2014 22:39:25 System Checkpoint
06-08-2014 23:05:58 Removed Java™ 6 Update 13
06-08-2014 23:10:29 Removed Java 7 Update 45
06-08-2014 23:12:17 Installed Java 7 Update 67
08-08-2014 14:19:36 System Checkpoint
09-08-2014 16:47:33 System Checkpoint
10-08-2014 17:43:36 System Checkpoint
11-08-2014 18:17:28 System Checkpoint
12-08-2014 20:17:56 System Checkpoint
15-08-2014 01:07:10 System Checkpoint
16-08-2014 01:26:30 System Checkpoint
16-08-2014 02:19:57 Software Distribution Service 3.0
17-08-2014 16:04:15 Removed HP Update.
17-08-2014 16:04:24 Installed HP Update.
18-08-2014 19:13:02 System Checkpoint
19-08-2014 19:31:17 System Checkpoint
20-08-2014 19:40:52 System Checkpoint
22-08-2014 00:28:16 System Checkpoint
24-08-2014 15:22:01 System Checkpoint
26-08-2014 21:40:31 System Checkpoint
27-08-2014 22:27:20 System Checkpoint
28-08-2014 23:21:16 System Checkpoint
30-08-2014 15:47:29 System Checkpoint
31-08-2014 16:08:24 System Checkpoint
02-09-2014 23:54:35 System Checkpoint
04-09-2014 01:32:18 System Checkpoint
05-09-2014 01:37:18 System Checkpoint
06-09-2014 15:28:39 System Checkpoint
07-09-2014 17:22:42 System Checkpoint
08-09-2014 17:54:53 System Checkpoint
09-09-2014 22:39:53 System Checkpoint
10-09-2014 23:19:42 System Checkpoint
11-09-2014 00:16:41 Software Distribution Service 3.0
13-09-2014 14:49:03 System Checkpoint
14-09-2014 17:04:54 System Checkpoint
18-09-2014 15:28:23 System Checkpoint
20-09-2014 23:44:18 System Checkpoint
21-09-2014 23:52:49 System Checkpoint
23-09-2014 00:15:34 System Checkpoint
24-09-2014 00:42:43 System Checkpoint
28-09-2014 14:43:57 System Checkpoint
01-10-2014 17:48:05 System Checkpoint
02-10-2014 18:03:15 System Checkpoint
04-10-2014 17:18:33 System Checkpoint
05-10-2014 19:12:36 System Checkpoint
07-10-2014 00:07:05 System Checkpoint
08-10-2014 00:36:21 System Checkpoint
09-10-2014 21:42:24 System Checkpoint
11-10-2014 14:11:17 System Checkpoint
14-10-2014 01:59:26 System Checkpoint
17-10-2014 14:58:47 Software Distribution Service 3.0
21-10-2014 00:28:23 System Checkpoint
22-10-2014 19:49:50 System Checkpoint
25-10-2014 16:36:36 System Checkpoint
26-10-2014 16:59:43 System Checkpoint
27-10-2014 23:43:04 System Checkpoint
29-10-2014 01:49:08 Norton_Power_Eraser_20141028214904265
29-10-2014 21:29:25 Removed UpdateAdmin
29-10-2014 21:30:07 Removed Bing Bar
29-10-2014 21:31:50 Removed Bonjour
29-10-2014 22:53:10 Software Distribution Service 3.0
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2004-08-04 05:00 - 2010-11-28 15:55 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINDOWS\Tasks\At1.job => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe
Task: C:\WINDOWS\Tasks\At2.job => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe
Task: C:\WINDOWS\Tasks\At3.job => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe
Task: C:\WINDOWS\Tasks\At4.job => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\PCDoctorBackgroundMonitorTask.job => C:\Program Files\Dell Support Center\uaclauncher.exe
Task: C:\WINDOWS\Tasks\SystemToolsDailyTest.job => Îq8S>Í L  @÷^€Ý¶F~<
 s@ €!Þ
uaclauncher.exeR-silentenumeration -st SystemToolsDailyTest --ignoresecondarysplash --runsilently%C:\Program Files\Dell Support Center
PC-Doctor0Þ
+
 
==================== Loaded Modules (whitelisted) =============
 
2009-02-13 22:11 - 2007-07-12 22:33 - 00087552 _____ () C:\WINDOWS\system32\cpwmon2k.dll
2011-09-27 06:23 - 2011-09-27 06:23 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2011-09-27 06:22 - 2011-09-27 06:22 - 01242472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-10-09 18:50 - 2014-10-09 18:50 - 00155136 _____ () C:\Program Files\Common Files\Diagnostics\node\service.exe
2009-03-14 10:41 - 2009-03-14 10:41 - 00755712 _____ () C:\WINDOWS\assembly\GAC_32\System.Data.SQLite\1.0.56.0__28c9bcd4dddc48a1\System.Data.SQLite.dll
2009-03-14 10:41 - 2009-03-14 10:41 - 00471040 _____ () C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\4.0.114.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll
2010-02-25 21:38 - 2010-02-25 21:38 - 00854016 _____ () C:\WINDOWS\assembly\GAC_32\System.Data.SQLite\1.0.61.0__db937bc2d44ff139\System.Data.SQLite.dll
2010-02-25 21:38 - 2010-02-25 21:38 - 00471040 _____ () C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.104.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll
2014-10-09 18:50 - 2014-10-09 18:50 - 00070656 _____ () C:\Program Files\Common Files\Diagnostics\node\sys.node
2008-03-03 14:38 - 2008-03-03 14:38 - 00019456 _____ () C:\Program Files\Common Files\Trimble\Remote Device Manager\TSyncCvt.dll
2008-03-03 14:38 - 2008-03-03 14:38 - 00331776 _____ () C:\Program Files\Common Files\Trimble\Remote Device Manager\TSCvt001.dll
2010-09-17 13:07 - 2010-09-17 13:07 - 00972800 _____ () C:\Program Files\Common Files\Trimble\Remote Device Manager\TSCvt002.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:000D6A25
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:03D08225
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:04B1A0AC
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:0785072C
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:090FB735
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:0AC32449
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:0D060666
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:0F38F234
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:11411CE5
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:15734396
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:1A15E356
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:1A5207FA
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:1B5B615D
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:206470A5
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:225CD7D5
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:24C072FF
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:260575F1
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:2AC146B9
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:2AE74FF9
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:2CB9631F
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:2D2461E7
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:30A9192A
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:378824DE
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:3AF262FC
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:3B454A5C
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:3DB6F365
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:3E06C78F
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:4018444F
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:415E77AB
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:4673E9EA
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:46CBC45C
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:4DCAC4BC
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:4DDE401B
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:512E1728
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:5133A494
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:52C24010
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:561B1D2B
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:569CEE83
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:5E9B629B
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:61B54B15
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:63C29481
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:697DDE2B
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:6BFA43EB
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:71612023
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:7ADB695A
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:7DC5D762
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:7E4E56EA
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:838FECBF
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:8401B6D5
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:88C5973F
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:89FC8EEB
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:8E5EA40F
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:90D89144
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:922DA2DB
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:94A31742
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:9720EBEF
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:97CA3B9E
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:98DFF516
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:9BAC4211
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:9BB8C675
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:9BFB769D
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:9C3AAD57
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:9E3D44B7
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:9FD757A9
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:A02025CE
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:A0921B2C
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:A4AF8D0D
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:A4E7D25F
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:A76A1B1B
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:AA0017FD
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:AC83EA04
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:AE34D87E
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:BBC9C1EB
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:BE6B5FC3
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:BED8A204
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:BF6A2C54
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:C72A744C
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:C820549A
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:CA400C1B
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:CB16385F
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:D31BE97C
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:D48500F8
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:D5CCCBAA
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:D6D084A5
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:D9656460
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:E2CFA9CD
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:E51234A9
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:E8B61305
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:E9C2F553
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:EB4FEEF5
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:EB86F355
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:EE2B5DE3
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:EE69D7DF
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:F0E908D5
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:F8435088
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:F84B8DB5
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:F89F2593
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:F9689B72
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SMR430 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-1645522239-1123561945-839522115-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
Amelia (S-1-5-21-1645522239-1123561945-839522115-1007 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Amelia
ASPNET (S-1-5-21-1645522239-1123561945-839522115-1008 - Limited - Enabled)
Claire (S-1-5-21-1645522239-1123561945-839522115-1006 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Claire
Guest (S-1-5-21-1645522239-1123561945-839522115-501 - Limited - Enabled)
HelpAssistant (S-1-5-21-1645522239-1123561945-839522115-1000 - Limited - Disabled)
Steve (S-1-5-21-1645522239-1123561945-839522115-1004 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Steve
SUPPORT_388945a0 (S-1-5-21-1645522239-1123561945-839522115-1002 - Limited - Disabled)
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (11/06/2014 11:17:10 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application frst.exe, version 4.11.2014.0, faulting module frst.exe, version 4.11.2014.0, fault address 0x0001f3de.
Processing media-specific event for [frst.exe!ws!]
 
Error: (11/05/2014 10:16:49 PM) (Source: Symantec AntiVirus) (EventID: 45) (User: FAMILYPC)
Description: SYMANTEC TAMPER PROTECTION ALERT
 
Target:  C:\Program Files\Symantec AntiVirus\VPTray.exe
Event Info:  Terminate Process
Action Taken:  Blocked
Actor Process:  C:\Documents and Settings\Steve\Desktop\AdwCleaner.exe (PID 3760)
Time:  Wednesday, November 05, 2014  10:16:49 PM
 
Error: (11/05/2014 10:16:49 PM) (Source: Symantec AntiVirus) (EventID: 45) (User: FAMILYPC)
Description: SYMANTEC TAMPER PROTECTION ALERT
 
Target:  C:\Program Files\Common Files\Symantec Shared\ccApp.exe
Event Info:  Terminate Process
Action Taken:  Blocked
Actor Process:  C:\Documents and Settings\Steve\Desktop\AdwCleaner.exe (PID 3760)
Time:  Wednesday, November 05, 2014  10:16:49 PM
 
Error: (11/05/2014 10:16:44 PM) (Source: Symantec AntiVirus) (EventID: 45) (User: FAMILYPC)
Description: SYMANTEC TAMPER PROTECTION ALERT
 
Target:  C:\Program Files\Symantec AntiVirus\VPTray.exe
Event Info:  Terminate Process
Action Taken:  Blocked
Actor Process:  C:\Documents and Settings\Steve\Desktop\AdwCleaner.exe (PID 3760)
Time:  Wednesday, November 05, 2014  10:16:44 PM
 
Error: (11/05/2014 10:16:43 PM) (Source: Symantec AntiVirus) (EventID: 45) (User: FAMILYPC)
Description: SYMANTEC TAMPER PROTECTION ALERT
 
Target:  C:\Program Files\Common Files\Symantec Shared\ccApp.exe
Event Info:  Terminate Process
Action Taken:  Blocked
Actor Process:  C:\Documents and Settings\Steve\Desktop\AdwCleaner.exe (PID 3760)
Time:  Wednesday, November 05, 2014  10:16:43 PM
 
Error: (11/05/2014 10:16:43 PM) (Source: Symantec AntiVirus) (EventID: 45) (User: FAMILYPC)
Description: SYMANTEC TAMPER PROTECTION ALERT
 
Target:  C:\Program Files\Symantec AntiVirus\VPTray.exe
Event Info:  Terminate Process
Action Taken:  Blocked
Actor Process:  C:\Documents and Settings\Steve\Desktop\AdwCleaner.exe (PID 3760)
Time:  Wednesday, November 05, 2014  10:16:43 PM
 
Error: (11/05/2014 10:16:43 PM) (Source: Symantec AntiVirus) (EventID: 45) (User: FAMILYPC)
Description: SYMANTEC TAMPER PROTECTION ALERT
 
Target:  C:\Program Files\Common Files\Symantec Shared\ccApp.exe
Event Info:  Terminate Process
Action Taken:  Blocked
Actor Process:  C:\Documents and Settings\Steve\Desktop\AdwCleaner.exe (PID 3760)
Time:  Wednesday, November 05, 2014  10:16:43 PM
 
Error: (11/03/2014 07:07:35 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application pcdrcui.exe, version 6.0.5907.39, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (11/02/2014 09:50:16 AM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle
 
Error: (11/02/2014 09:50:16 AM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle
 
 
System errors:
=============
Error: (11/06/2014 11:14:44 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Intuit Update Service service hung on starting.
 
Error: (11/06/2014 11:13:13 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Computer Browser service terminated with the following error: 
%%1060
 
Error: (11/06/2014 11:13:11 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Zune Bus Enumerator Driver service failed to start due to the following error: 
%%2
 
Error: (11/06/2014 11:10:23 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}
 
Error: (11/06/2014 11:08:58 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Computer Browser service terminated with the following error: 
%%1060
 
Error: (11/06/2014 11:08:58 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
eeCtrl
Fips
intelppm
SAVRT
SAVRTPEL
SPBBCDrv
SYMTDI
 
Error: (11/06/2014 11:07:45 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}
 
Error: (11/06/2014 11:07:18 AM) (Source: Dhcp) (EventID: 1002) (User: )
Description: The IP address lease 192.168.1.10 for the Network Card with network address 001AA08D846C has been
denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
 
Error: (11/05/2014 10:20:58 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Computer Browser service terminated with the following error: 
%%1060
 
Error: (11/05/2014 10:20:57 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Zune Bus Enumerator Driver service failed to start due to the following error: 
%%2
 
 
Microsoft Office Sessions:
=========================
Error: (11/06/2014 11:17:10 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: frst.exe4.11.2014.0frst.exe4.11.2014.00001f3de
 
Error: (11/05/2014 10:16:49 PM) (Source: Symantec AntiVirus) (EventID: 45) (User: FAMILYPC)
Description: SYMANTEC TAMPER PROTECTION ALERT
 
Target:  C:\Program Files\Symantec AntiVirus\VPTray.exe
Event Info:  Terminate Process
Action Taken:  Blocked
Actor Process:  C:\Documents and Settings\Steve\Desktop\AdwCleaner.exe (PID 3760)
Time:  Wednesday, November 05, 2014  10:16:49 PM
 
Error: (11/05/2014 10:16:49 PM) (Source: Symantec AntiVirus) (EventID: 45) (User: FAMILYPC)
Description: SYMANTEC TAMPER PROTECTION ALERT
 
Target:  C:\Program Files\Common Files\Symantec Shared\ccApp.exe
Event Info:  Terminate Process
Action Taken:  Blocked
Actor Process:  C:\Documents and Settings\Steve\Desktop\AdwCleaner.exe (PID 3760)
Time:  Wednesday, November 05, 2014  10:16:49 PM
 
Error: (11/05/2014 10:16:44 PM) (Source: Symantec AntiVirus) (EventID: 45) (User: FAMILYPC)
Description: SYMANTEC TAMPER PROTECTION ALERT
 
Target:  C:\Program Files\Symantec AntiVirus\VPTray.exe
Event Info:  Terminate Process
Action Taken:  Blocked
Actor Process:  C:\Documents and Settings\Steve\Desktop\AdwCleaner.exe (PID 3760)
Time:  Wednesday, November 05, 2014  10:16:44 PM
 
Error: (11/05/2014 10:16:43 PM) (Source: Symantec AntiVirus) (EventID: 45) (User: FAMILYPC)
Description: SYMANTEC TAMPER PROTECTION ALERT
 
Target:  C:\Program Files\Common Files\Symantec Shared\ccApp.exe
Event Info:  Terminate Process
Action Taken:  Blocked
Actor Process:  C:\Documents and Settings\Steve\Desktop\AdwCleaner.exe (PID 3760)
Time:  Wednesday, November 05, 2014  10:16:43 PM
 
Error: (11/05/2014 10:16:43 PM) (Source: Symantec AntiVirus) (EventID: 45) (User: FAMILYPC)
Description: SYMANTEC TAMPER PROTECTION ALERT
 
Target:  C:\Program Files\Symantec AntiVirus\VPTray.exe
Event Info:  Terminate Process
Action Taken:  Blocked
Actor Process:  C:\Documents and Settings\Steve\Desktop\AdwCleaner.exe (PID 3760)
Time:  Wednesday, November 05, 2014  10:16:43 PM
 
Error: (11/05/2014 10:16:43 PM) (Source: Symantec AntiVirus) (EventID: 45) (User: FAMILYPC)
Description: SYMANTEC TAMPER PROTECTION ALERT
 
Target:  C:\Program Files\Common Files\Symantec Shared\ccApp.exe
Event Info:  Terminate Process
Action Taken:  Blocked
Actor Process:  C:\Documents and Settings\Steve\Desktop\AdwCleaner.exe (PID 3760)
Time:  Wednesday, November 05, 2014  10:16:43 PM
 
Error: (11/03/2014 07:07:35 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: pcdrcui.exe6.0.5907.39hungapp0.0.0.000000000
 
Error: (11/02/2014 09:50:16 AM) (Source: QuickBooks) (EventID: 4) (User: )
Description: QuickBooksReturning NULL QBWinInstance Handle
 
Error: (11/02/2014 09:50:16 AM) (Source: QuickBooks) (EventID: 4) (User: )
Description: QuickBooksReturning NULL QBWinInstance Handle
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™2 CPU 4300 @ 1.80GHz
Percentage of memory in use: 31%
Total physical RAM: 3317.1 MB
Available physical RAM: 2257.31 MB
Total Pagefile: 4679.45 MB
Available Pagefile: 3958.71 MB
Total Virtual: 2047.88 MB
Available Virtual: 1938.47 MB
 
==================== Drives ================================
 
Drive c: (Hard Disk) (Fixed) (Total:74.45 GB) (Free:11.42 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive e: (TOSHIBA EXT) (Fixed) (Total:698.64 GB) (Free:687.46 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 74.5 GB) (Disk ID: D0F4738C)
Partition 1: (Not Active) - (Size=47 MB) - (Type=DE)
Partition 2: (Active) - (Size=74.5 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or Vista) (Size: 698.6 GB) (Disk ID: 6599CB2B)
Partition 1: (Not Active) - (Size=698.6 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================
 
 


#10 Steve_M_T

Steve_M_T
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:09:17 AM

Posted 06 November 2014 - 11:53 AM

That seemed to work.  Did it from Administrator account and hit "Reset Settings" in Chrome before posting.

NB. The first time I ran FRST it bailed out with an error message saying it had encountered a problem and had to close.  Claimed an error file was produced, but I could not find it later even though I wrote down the filename and searched by entire system.



#11 Johnny Computer

Johnny Computer

  • Malware Response Team
  • 1,739 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:127.0.0.1
  • Local time:09:17 AM

Posted 07 November 2014 - 07:55 AM

Hello Steve_M_T-

 

We are making progress but we still have some work to do.

 

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!

  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

 ===========================================================================

 

IN YOUR NEXT REPLY:

 

1.)  Your TDSS Log

 

Thanks :)


avatar591802_2.gif"DO OR DO NOT. THERE IS NO TRY."


#12 Steve_M_T

Steve_M_T
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:09:17 AM

Posted 07 November 2014 - 01:09 PM

21:32:43.0234 0x0ce8  TDSS rootkit removing tool 3.0.0.40 Jul 10 2014 12:37:58
21:33:01.0156 0x0ce8  ============================================================
21:33:01.0156 0x0ce8  Current date / time: 2014/10/28 21:33:01.0156
21:33:01.0156 0x0ce8  SystemInfo:
21:33:01.0156 0x0ce8  
21:33:01.0156 0x0ce8  OS Version: 5.1.2600 ServicePack: 3.0
21:33:01.0156 0x0ce8  Product type: Workstation
21:33:01.0156 0x0ce8  ComputerName: FAMILYPC
21:33:01.0156 0x0ce8  UserName: Steve
21:33:01.0156 0x0ce8  Windows directory: C:\WINDOWS
21:33:01.0156 0x0ce8  System windows directory: C:\WINDOWS
21:33:01.0156 0x0ce8  Processor architecture: Intel x86
21:33:01.0156 0x0ce8  Number of processors: 2
21:33:01.0156 0x0ce8  Page size: 0x1000
21:33:01.0156 0x0ce8  Boot type: Normal boot
21:33:01.0156 0x0ce8  ============================================================
21:33:03.0062 0x0ce8  KLMD registered as C:\WINDOWS\system32\drivers\22370187.sys
21:33:03.0171 0x0ce8  System UUID: {ACE0CCA1-4DD6-8B1A-4E53-928E435E4A92}
21:33:03.0734 0x0ce8  Drive \Device\Harddisk0\DR0 - Size: 0x12A05F2000 ( 74.51 Gb ), SectorSize: 0x200, Cylinders: 0x25FE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
21:33:03.0734 0x0ce8  Drive \Device\Harddisk1\DR3 - Size: 0xAEA8CDE000 ( 698.64 Gb ), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
21:33:13.0750 0x0ce8  ============================================================
21:33:13.0750 0x0ce8  \Device\Harddisk0\DR0:
21:33:13.0750 0x0ce8  MBR partitions:
21:33:13.0750 0x0ce8  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x17886, BlocksNum 0x94E7137
21:33:13.0750 0x0ce8  \Device\Harddisk1\DR3:
21:33:13.0750 0x0ce8  MBR partitions:
21:33:13.0750 0x0ce8  \Device\Harddisk1\DR3\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x575456F0
21:33:13.0750 0x0ce8  ============================================================
21:33:13.0796 0x0ce8  C: <-> \Device\Harddisk0\DR0\Partition1
21:33:13.0828 0x0ce8  E: <-> \Device\Harddisk1\DR3\Partition1
21:33:13.0828 0x0ce8  ============================================================
21:33:13.0828 0x0ce8  Initialize success
21:33:13.0828 0x0ce8  ============================================================
21:33:24.0687 0x0db8  ============================================================
21:33:24.0687 0x0db8  Scan started
21:33:24.0687 0x0db8  Mode: Manual; 
21:33:24.0687 0x0db8  ============================================================
21:33:24.0687 0x0db8  KSN ping started
21:33:27.0140 0x0db8  KSN ping finished: true
21:33:27.0968 0x0db8  ================ Scan system memory ========================
21:33:30.0250 0x0db8  System memory - ok
21:33:30.0250 0x0db8  ================ Scan services =============================
21:33:30.0312 0x0db8  Abiosdsk - ok
21:33:30.0312 0x0db8  abp480n5 - ok
21:33:30.0343 0x0db8  [ 8FD99680A539792A30E97944FDAECF17, 594F8E0C3695400B0C09A797AF6BDFAC6F750ECD67D0EE803914C572B1DCC43C ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
21:33:30.0375 0x0db8  ACPI - ok
21:33:30.0515 0x0db8  [ 9859C0F6936E723E4892D7141B1327D5, 5E8F6A2FC4DF2E5E92A1D66ECC2810E08B42B64E9CD0DF4AD3F78EA8558B90AF ] ACPIEC          C:\WINDOWS\system32\drivers\ACPIEC.sys
21:33:30.0515 0x0db8  ACPIEC - ok
21:33:30.0593 0x0db8  [ 4ECFCAAE5CB380F58934F0DCF5F64E7F, D82B37E57D93484D7A3CB65470BCD54A578A695F0203A8DD441B1348C1EEA751 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
21:33:30.0609 0x0db8  AdobeFlashPlayerUpdateSvc - ok
21:33:30.0609 0x0db8  adpu160m - ok
21:33:30.0625 0x0db8  [ 8BED39E3C35D6A489438B8141717A557, 1B5796E56B0927360CE0759641B1151828BC0A9E45620D2B2D880491F5CE33D0 ] aec             C:\WINDOWS\system32\drivers\aec.sys
21:33:30.0640 0x0db8  aec - ok
21:33:30.0671 0x0db8  [ 1E44BC1E83D8FD2305F8D452DB109CF9, CF5EC07E0B589FA2A4701C6CFD69E893FC3ABF274AD57AE3C13FFE49063B02C8 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
21:33:30.0671 0x0db8  AFD - ok
21:33:30.0687 0x0db8  Aha154x - ok
21:33:30.0687 0x0db8  aic78u2 - ok
21:33:30.0687 0x0db8  aic78xx - ok
21:33:30.0750 0x0db8  [ A9A3DAA780CA6C9671A19D52456705B4, 67C959144B57AE0BBF1D82DBED197F32CDB06FECD883A80C441A0202FE83FAB4 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
21:33:30.0765 0x0db8  Alerter - ok
21:33:30.0781 0x0db8  [ 8C515081584A38AA007909CD02020B3D, A5E13CA10F702928E0DE84C74D0EA8ACCB117FD76FBABC55220C75C4FFD596DC ] ALG             C:\WINDOWS\System32\alg.exe
21:33:30.0781 0x0db8  ALG - ok
21:33:30.0781 0x0db8  AliIde - ok
21:33:30.0781 0x0db8  amsint - ok
21:33:30.0890 0x0db8  [ 4FE5C6D40664AE07BE5105874357D2ED, 70DD05EE80B77EB2F781E0919885D1BBB1119EA1A8955935AF5AECD05E30F14A ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:33:30.0890 0x0db8  Apple Mobile Device - ok
21:33:30.0906 0x0db8  AppMgmt - ok
21:33:30.0906 0x0db8  asc - ok
21:33:30.0906 0x0db8  asc3350p - ok
21:33:30.0921 0x0db8  asc3550 - ok
21:33:31.0015 0x0db8  [ 776ACEFA0CA9DF0FAA51A5FB2F435705, 72DF7ED6B085BC468994F5B3189506FD726A9A17A9C42ACA1E420D787691361D ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
21:33:31.0031 0x0db8  aspnet_state - ok
21:33:31.0062 0x0db8  [ B153AFFAC761E7F5FCFA822B9C4E97BC, 7E60F572A6B3C6219E3C86225AA37243AFFD74337DB7F108B04778042E5CC959 ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
21:33:31.0062 0x0db8  AsyncMac - ok
21:33:31.0093 0x0db8  [ 9F3A2F5AA6875C72BF062C712CFA2674, B4DF1D2C56A593C6B54DE57395E3B51D288F547842893B32B0F59228A0CF70B9 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
21:33:31.0093 0x0db8  atapi - ok
21:33:31.0093 0x0db8  Atdisk - ok
21:33:31.0109 0x0db8  [ 9916C1225104BA14794209CFA8012159, 5D6F05F715C52A16D05CAE15C3DFE77A139A7F27F7AE710EC9A10F9EE05115A1 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
21:33:31.0109 0x0db8  Atmarpc - ok
21:33:31.0140 0x0db8  [ DEF7A7882BEC100FE0B2CE2549188F9D, 462C95B63D0A1058291A2DC8CBFCB13D7D74CCD1CA43B613A7EB43D49E3276F8 ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
21:33:31.0140 0x0db8  AudioSrv - ok
21:33:31.0171 0x0db8  [ D9F724AA26C010A217C97606B160ED68, 329B5118F2409731D06FDAE85B6ADD64A048292801BCB3546651CEB303111695 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
21:33:31.0171 0x0db8  audstub - ok
21:33:31.0234 0x0db8  [ B5D974C1FD078A68C7536C561B031D39, A8B14474BC346E869DB8C29772CAED833596B9D4BCDDE9A9D4881FD5F78F8F1E ] Automatic LiveUpdate Scheduler C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
21:33:31.0250 0x0db8  Automatic LiveUpdate Scheduler - ok
21:33:31.0312 0x0db8  [ 4BEFF67C1775D353A16A62347E727874, 62363C5E5F4BF049A3E49FADA8CB17269945056ACADB319FDC4F05B74E2553C8 ] BBSvc           C:\Program Files\Microsoft\BingBar\7.1.355.0\BBSvc.exe
21:33:31.0328 0x0db8  BBSvc - ok
21:33:31.0343 0x0db8  [ A6DAAD3EA93DBDBD07FA821BCED133F6, 8F33D4E4B82091D09E62FD5487C88F3DF0DAC31FCBB846183CC4020533A131DE ] BBUpdate        C:\Program Files\Microsoft\BingBar\7.1.355.0\SeaPort.exe
21:33:31.0343 0x0db8  BBUpdate - ok
21:33:31.0375 0x0db8  [ DA1F27D85E0D1525F6621372E7B685E9, 5A81A46A3BDD19DAFC6C87D277267A5D44F3A1B5302F2CC1111D84B7BAD5610D ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
21:33:31.0375 0x0db8  Beep - ok
21:33:31.0406 0x0db8  [ 574738F61FCA2935F5265DC4E5691314, 3C7CCF064397186C3A3863DD2370AB6414A61B330097DCA4F299CA7BBAA3D1B4 ] BITS            C:\WINDOWS\system32\qmgr.dll
21:33:31.0453 0x0db8  BITS - ok
21:33:31.0531 0x0db8  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A, 10F21999FF6B1D410EBF280F7F27DEACA5289739CF12F4293B614B8FC6C88DCC ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
21:33:31.0531 0x0db8  Bonjour Service - ok
21:33:31.0578 0x0db8  [ CFD4E51402DA9838B5A04AE680AF54A0, 5378F42B195B5832B00A05AD64E00473A45FFB86AC25C57241F26EA82B149FE1 ] Browser         C:\WINDOWS\System32\browser.dll
21:33:31.0578 0x0db8  Browser - ok
21:33:31.0609 0x0db8  [ 248DFA5762DDE38DFDDBBD44149E9D7A, D696D5698B7B5B331A6ED39172015349685450D10F63B1E4D4112199198FA5C7 ] BVRPMPR5        C:\WINDOWS\system32\drivers\BVRPMPR5.SYS
21:33:31.0609 0x0db8  BVRPMPR5 - ok
21:33:31.0640 0x0db8  [ 90A673FC8E12A79AFBED2576F6A7AAF9, BDE7858A3457DB979FEDD8577FA6321BF72848E4A7BF9F173C78A6A10CBB3EBE ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
21:33:31.0640 0x0db8  cbidf2k - ok
21:33:31.0703 0x0db8  [ 8EF654045E518AC00E52E7A1E2D3AD70, C267AAB7CA9C6D1DD49043DE13211E25157AADECC8D302712BBBD6EB6F530ED9 ] CCALib8         C:\Program Files\Canon\CAL\CALMAIN.exe
21:33:31.0703 0x0db8  CCALib8 - ok
21:33:31.0765 0x0db8  [ 0BE5AEF125BE881C4F854C554F2B025C, 1770DD70B3F115A0EF460907DEDC1E4B7241C08615A98F194D61A49C3E2BAA54 ] CCDECODE        C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
21:33:31.0765 0x0db8  CCDECODE - ok
21:33:31.0781 0x0db8  [ 0A6786C95A6F8715AA4285E3C27F201F, 0605EC75D67229BAD150C11C529FD6FADF3EF21CC1A67D728B901F4D4459F658 ] ccEvtMgr        C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
21:33:31.0796 0x0db8  ccEvtMgr - ok
21:33:31.0812 0x0db8  [ 3B4898CF051BB04FB76E94361E336A83, 93AEE5E738C457DAF856B54F8CAD3AE07F14D1E661A6D64D6E05735BAAC7A0B4 ] ccSetMgr        C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
21:33:31.0812 0x0db8  ccSetMgr - ok
21:33:31.0812 0x0db8  cd20xrnt - ok
21:33:31.0875 0x0db8  [ C1B486A7658353D33A10CC15211A873B, AA4DD9E7AAE5AAB1146B360B17001F975D2F29A1281CF7B13E7136480410F347 ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
21:33:31.0875 0x0db8  Cdaudio - ok
21:33:31.0921 0x0db8  [ C885B02847F5D2FD45A24E219ED93B32, B26B2F8E3A831E2B65EB0C5195B0645CD50E22615CE79C9B0B391CD563B121DB ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
21:33:31.0937 0x0db8  Cdfs - ok
21:33:31.0968 0x0db8  [ 4B0A100EAF5C49EF3CCA8C641431EACC, 88D9C066FFB863910EE1863CE63D38846ACA2DF72D6B5FDFCE0F3379A6DA5EF9 ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
21:33:31.0968 0x0db8  Cdrom - ok
21:33:31.0984 0x0db8  [ 84853B3FD012251690570E9E7E43343F, 65CACFA643E52A0C0E6B2D901228A8A0AD4993CAFA3C287E65395F4B7C521089 ] cercsr6         C:\WINDOWS\system32\drivers\cercsr6.sys
21:33:31.0984 0x0db8  cercsr6 - ok
21:33:32.0000 0x0db8  Changer - ok
21:33:32.0015 0x0db8  [ 1CFE720EB8D93A7158A4EBC3AB178BDE, 65D2A9D9A88F38D4AF323134C151BA0F4B3CD0F6A134AF86E7AC9D07319F1726 ] CiSvc           C:\WINDOWS\system32\cisvc.exe
21:33:32.0031 0x0db8  CiSvc - ok
21:33:32.0031 0x0db8  [ 34CBE729F38138217F9C80212A2A0C82, A9FD7A758D12E0818A11BEEF1CE772FEFA8373E92EF6C0DA8628CD4572CC9A43 ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
21:33:32.0031 0x0db8  ClipSrv - ok
21:33:32.0078 0x0db8  [ D87ACAED61E417BBA546CED5E7E36D9C, 14AC6034A5BC0FB2A1AFDAD42BEF4DE641556E54AD30D0C46765660A4BE55462 ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:33:32.0234 0x0db8  clr_optimization_v2.0.50727_32 - ok
21:33:32.0281 0x0db8  [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:33:32.0328 0x0db8  clr_optimization_v4.0.30319_32 - ok
21:33:32.0328 0x0db8  CmdIde - ok
21:33:32.0343 0x0db8  COMSysApp - ok
21:33:32.0343 0x0db8  Cpqarray - ok
21:33:32.0375 0x0db8  [ 3D4E199942E29207970E04315D02AD3B, 0825960894CF9C86CC8775BDD2A262948A09CA495AA7FE9F210FAF49E7086383 ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
21:33:32.0375 0x0db8  CryptSvc - ok
21:33:32.0390 0x0db8  dac2w2k - ok
21:33:32.0390 0x0db8  dac960nt - ok
21:33:32.0437 0x0db8  [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
21:33:32.0468 0x0db8  DcomLaunch - ok
21:33:32.0500 0x0db8  [ 1F709C66D8AADFF35530C56EE261C462, FCC4F98CA901898D0211E39734B06CBE9317ACF23B4672739A2A5FBECD917685 ] DefWatch        C:\Program Files\Symantec AntiVirus\DefWatch.exe
21:33:32.0515 0x0db8  DefWatch - ok
21:33:32.0546 0x0db8  [ 5E38D7684A49CACFB752B046357E0589, F192AD4190BCFB6939A5CBC91648FE63168AF79A5E227A111DEAD6A92E42AB8D ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
21:33:32.0546 0x0db8  Dhcp - ok
21:33:32.0625 0x0db8  [ F7364CA670E0C581791E964D76A6606E, D5292179750E23587F549315D806E7B1B7CDA2990071A533569CB2D3EBF78CC0 ] Diagnostics     C:\Program Files\Common Files\Diagnostics\node\service.exe
21:33:32.0625 0x0db8  Diagnostics - ok
21:33:32.0640 0x0db8  [ 044452051F3E02E7963599FC8F4F3E25, 584BDDB074618BE76454CF90E74829CFF588B5B5FAEB793E2F7AAD26352DD689 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
21:33:32.0640 0x0db8  Disk - ok
21:33:32.0640 0x0db8  dmadmin - ok
21:33:32.0703 0x0db8  [ D992FE1274BDE0F84AD826ACAE022A41, C82BD6561A14F2932A761F5883A787B99031250EE5E9B7B5714AA045545C9B99 ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
21:33:32.0781 0x0db8  dmboot - ok
21:33:32.0812 0x0db8  [ 7C824CF7BBDE77D95C08005717A95F6F, A73CB323B7A6410C3D3F258BF204E716ADF8C84C9E4F6562C57AB73DAED8CCDE ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
21:33:32.0828 0x0db8  dmio - ok
21:33:32.0859 0x0db8  [ E9317282A63CA4D188C0DF5E09C6AC5F, D41E002F555FE9015EF620975255F58BB79198CA1FF0E09EC950CB450FF77CF7 ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
21:33:32.0859 0x0db8  dmload - ok
21:33:32.0875 0x0db8  [ 57EDEC2E5F59F0335E92F35184BC8631, 61F6F0DC2D1A6C61D5EF0D5CC4BE0FFC217F1E61FDA3EA9F704709293656600F ] dmserver        C:\WINDOWS\System32\dmserver.dll
21:33:32.0890 0x0db8  dmserver - ok
21:33:32.0906 0x0db8  [ 8A208DFCF89792A484E76C40E5F50B45, 4E40E2EB38C6254E7CAA488200E89EE7DEBBBA773890BC6A84313CC68178D54F ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
21:33:32.0906 0x0db8  DMusic - ok
21:33:32.0937 0x0db8  [ 5F7E24FA9EAB896051FFB87F840730D2, 356EEFDCD54DECAD0170B34B993E4BF80DD039E2B2922D7A8D09B84031E9FC7A ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
21:33:32.0937 0x0db8  Dnscache - ok
21:33:32.0968 0x0db8  [ 0F0F6E687E5E15579EF4DA8DD6945814, 5C32D88119EB1465B2D719BEE2E05888D1A73454B5E33F2D4928DA710F8BFBA3 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
21:33:32.0968 0x0db8  Dot3svc - ok
21:33:33.0015 0x0db8  [ 3E4B043F8BC6BE1D4820CC6C9C500306, 41F5AB9F3D65FEF3AB50562A3B91A3268B887CCF7FE5FC9D49478147700C72F4 ] dot4            C:\WINDOWS\system32\DRIVERS\Dot4.sys
21:33:33.0031 0x0db8  dot4 - ok
21:33:33.0078 0x0db8  [ 77CE63A8A34AE23D9FE4C7896D1DEBE7, FC17B00AEDC57AC436EACD2D576642098479E5CE10A42775D339B66A53460DC7 ] Dot4Print       C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys
21:33:33.0078 0x0db8  Dot4Print - ok
21:33:33.0109 0x0db8  [ 6EC3AF6BB5B30E488A0C559921F012E1, 2BB92048A3FB4AEE6B852B9E2F2B2743A8EB73FEBD62273FDB40EF5C90CD5962 ] dot4usb         C:\WINDOWS\system32\DRIVERS\dot4usb.sys
21:33:33.0109 0x0db8  dot4usb - ok
21:33:33.0125 0x0db8  dpti2o - ok
21:33:33.0125 0x0db8  [ 8F5FCFF8E8848AFAC920905FBD9D33C8, C8C6FB97AB0871C8C88A2201525A5CF10D5131CB6980D32692ED7A8F58399AD5 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
21:33:33.0125 0x0db8  drmkaud - ok
21:33:33.0156 0x0db8  [ 34AAA3B298A852B3663E6E0D94D12945, 908BDC3E67780E7B97A08985A938AB5F461967F74D81135ACEF31FF3F73BBBA2 ] e1express       C:\WINDOWS\system32\DRIVERS\e1e5132.sys
21:33:33.0171 0x0db8  e1express - ok
21:33:33.0187 0x0db8  [ 2187855A7703ADEF0CEF9EE4285182CC, 8233CC11F637866C0074043835A785EA2B616739B6B1181B143A253CF2508CFD ] EapHost         C:\WINDOWS\System32\eapsvc.dll
21:33:33.0187 0x0db8  EapHost - ok
21:33:33.0234 0x0db8  [ 85B8B4032A895A746D46A288A9B30DED, C3A14FC456C42B73F78B63E7A615388CDB391E6D9929093E2C8B0AACE2F12B36 ] eeCtrl          C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
21:33:33.0250 0x0db8  eeCtrl - ok
21:33:33.0281 0x0db8  [ B5A8A04A6E5B4E86B95B1553AA918F5F, 0BC5B87C2CB8056EA09574172D21ED9FD35B52C0F3DA90C9B3A82666FFCF0872 ] EraserUtilRebootDrv C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
21:33:33.0281 0x0db8  EraserUtilRebootDrv - ok
21:33:33.0312 0x0db8  [ BC93B4A066477954555966D77FEC9ECB, 27F5B780175EF46DA102EE33F7F33559C8B40C077EEA4405D579D9507F4B1C23 ] ERSvc           C:\WINDOWS\System32\ersvc.dll
21:33:33.0312 0x0db8  ERSvc - ok
21:33:33.0343 0x0db8  [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] Eventlog        C:\WINDOWS\system32\services.exe
21:33:33.0359 0x0db8  Eventlog - ok
21:33:33.0390 0x0db8  [ D4991D98F2DB73C60D042F1AEF79EFAE, 58AF949EAEBF4FF3E3314DFB66CE4198BF65F0836B68CD27A6ED319742CCCCD2 ] EventSystem     C:\WINDOWS\system32\es.dll
21:33:33.0406 0x0db8  EventSystem - ok
21:33:33.0421 0x0db8  [ 38D332A6D56AF32635675F132548343E, E6909DB836AF679B4F4D62C7396D6C82769CC7ABB8C919C2AABFE934FCE268F6 ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
21:33:33.0437 0x0db8  Fastfat - ok
21:33:33.0484 0x0db8  [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
21:33:33.0484 0x0db8  FastUserSwitchingCompatibility - ok
21:33:33.0515 0x0db8  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81, 8307A532AB4D05CBBCE206DC2759497708BF5AAA880BD00F0E4F281D8578A1F5 ] Fdc             C:\WINDOWS\system32\DRIVERS\fdc.sys
21:33:33.0515 0x0db8  Fdc - ok
21:33:33.0531 0x0db8  [ D45926117EB9FA946A6AF572FBE1CAA3, 4C94EF009D778BE0BDF8F812F026B96F91F641BE30AA2531427A5E63DBD280DA ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
21:33:33.0531 0x0db8  Fips - ok
21:33:33.0531 0x0db8  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0, 69C271AD5BCEBFD8AE5A769BDD7EC51256DA3A8ADAD5D12E5C0D13F4E82D8805 ] Flpydisk        C:\WINDOWS\system32\drivers\Flpydisk.sys
21:33:33.0531 0x0db8  Flpydisk - ok
21:33:33.0546 0x0db8  [ B2CF4B0786F8212CB92ED2B50C6DB6B0, 280F5CF8A90F7BEDE73ADD0DD0F8952088133A7CA9A3D3B7041957E33B36845D ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
21:33:33.0546 0x0db8  FltMgr - ok
21:33:33.0625 0x0db8  [ 8BA7C024070F2B7FDD98ED8A4BA41789, 47585006F86B2C6016EC54250A416794792D1E4024FF229C120BC25B684AF66A ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
21:33:33.0625 0x0db8  FontCache3.0.0.0 - ok
21:33:33.0640 0x0db8  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A, EC635E071201A766845D48973772CBE0958942B4162F3F5F70660D114CC877E0 ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
21:33:33.0640 0x0db8  Fs_Rec - ok
21:33:33.0656 0x0db8  [ 6AC26732762483366C3969C9E4D2259D, FF2C9A23CC17F380093F0BEA955B1925794271C2FEA16B9B7639668E6999BAE3 ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
21:33:33.0671 0x0db8  Ftdisk - ok
21:33:33.0703 0x0db8  [ 185ADA973B5020655CEE342059A86CBB, D3E352DFAF30761505480A4C557D980083F65EC5BD46E2656B2114D47B272A89 ] GEARAspiWDM     C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
21:33:33.0703 0x0db8  GEARAspiWDM - ok
21:33:33.0718 0x0db8  [ 0A02C63C8B144BD8C86B103DEE7C86A2, 7A3235DD3E1995DD72B212FAEB3ECA2A974434DE9BF6D269EA11BA65A80E7E50 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
21:33:33.0718 0x0db8  Gpc - ok
21:33:33.0843 0x0db8  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
21:33:33.0843 0x0db8  gupdate - ok
21:33:33.0859 0x0db8  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
21:33:33.0859 0x0db8  gupdatem - ok
21:33:33.0906 0x0db8  [ 573C7D0A32852B48F3058CFD8026F511, BC384BBA394AFDCDA1A9ABC858C692AA84A1F0A31AF3DDF7F38D120C027927FB ] HDAudBus        C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
21:33:33.0906 0x0db8  HDAudBus - ok
21:33:33.0968 0x0db8  [ 4FCCA060DFE0C51A09DD5C3843888BCD, D82417706B517F2610DDF7C86BE03A72EFA9A2A389DF5C8F8ADEAB8144E2C80A ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
21:33:33.0968 0x0db8  helpsvc - ok
21:33:33.0968 0x0db8  [ DEB04DA35CC871B6D309B77E1443C796, F66A15C9528D661940F1F4CA453B3E95036D68C74C3B8AB53644211DBD3D2F32 ] HidServ         C:\WINDOWS\System32\hidserv.dll
21:33:33.0968 0x0db8  HidServ - ok
21:33:33.0984 0x0db8  [ CCF82C5EC8A7326C3066DE870C06DAF1, 93395FA4C26B2E82DC8B7025ED3BCF583885E5D8C5F60CD6EEAA6335D6A126EC ] hidusb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
21:33:33.0984 0x0db8  hidusb - ok
21:33:34.0015 0x0db8  [ 8878BD685E490239777BFE51320B88E9, C5C3ECF6B049B6736E35B39518A8F830B45C45A88FFE8E3A6B7922AD946597E2 ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
21:33:34.0015 0x0db8  hkmsvc - ok
21:33:34.0031 0x0db8  hpn - ok
21:33:34.0078 0x0db8  [ F80A415EF82CD06FFAF0D971528EAD38, 524D9E9201572929522F6805011783711B7C0F76308B924C89CF75F4B7A1FDF3 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
21:33:34.0093 0x0db8  HTTP - ok
21:33:34.0125 0x0db8  [ 6100A808600F44D999CEBDEF8841C7A3, 61A75118C327812C60622010985A2E80E79B6FD9030A5732390EE5426E4AF6C9 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
21:33:34.0125 0x0db8  HTTPFilter - ok
21:33:34.0140 0x0db8  i2omgmt - ok
21:33:34.0140 0x0db8  i2omp - ok
21:33:34.0156 0x0db8  [ 4A0B06AA8943C1E332520F7440C0AA30, DB2452390CCFE67E0C5FEB4FD42CA24ABE2DDD40D0B22DD5F5B8F70416863918 ] i8042prt        C:\WINDOWS\system32\drivers\i8042prt.sys
21:33:34.0156 0x0db8  i8042prt - ok
21:33:34.0421 0x0db8  [ 28423512370705AEDA6A652FEDB25468, 381530C226AEC214F1CC22EA83C5D5FEF448B68A61EBC98A368D58F490DD2A05 ] ialm            C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
21:33:34.0687 0x0db8  ialm - ok
21:33:34.0750 0x0db8  [ DAF66902F08796F9C694901660E5A64A, F4A4764DED05980426BAB54AAF040BC27A39C80315F5161E8D0B4C7F694BD8E6 ] IDriverT        C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
21:33:34.0750 0x0db8  IDriverT - ok
21:33:34.0875 0x0db8  [ C01AC32DC5C03076CFB852CB5DA5229C, A4D7749220B5BC965D96A267F1E02FE8284A230BA249109207BD4B9EA8DFAC96 ] idsvc           c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:33:34.0921 0x0db8  idsvc - ok
21:33:34.0937 0x0db8  [ 083A052659F5310DD8B6A6CB05EDCF8E, 48D39B03FFB6FAA1529B774443BA12618AE3982D9F65A7B9D18F2269F78B31F4 ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
21:33:34.0937 0x0db8  Imapi - ok
21:33:34.0968 0x0db8  [ 30DEAF54A9755BB8546168CFE8A6B5E1, 3936228CD3125C763ABFCB93E86E4B43838202BCC0913A28E84AC0263B43EE0D ] ImapiService    C:\WINDOWS\system32\imapi.exe
21:33:34.0984 0x0db8  ImapiService - ok
21:33:35.0000 0x0db8  ini910u - ok
21:33:35.0203 0x0db8  [ 17BBBABB21F86B650B2626045A9D016C, 01C1F7711B037844CF325C60A2ABEFBB84DD00B3F048E08D7D056E506334624B ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
21:33:35.0312 0x0db8  IntcAzAudAddService - ok
21:33:35.0328 0x0db8  IntelIde - ok
21:33:35.0359 0x0db8  [ 8C953733D8F36EB2133F5BB58808B66B, 555868F246D73652E998B0B1296476E42FCEDED30D646CC000F31ECE4EBC25E6 ] intelppm        C:\WINDOWS\system32\DRIVERS\intelppm.sys
21:33:35.0359 0x0db8  intelppm - ok
21:33:35.0468 0x0db8  [ 7BDB4E00E1CB174B56E5B2C31DDE68A7, C7FC4B2A3245DCD4E01B8DC9F7AA8D4FBDD5D1B4F5A00B8895B2EC5E9068D91A ] IntuitUpdateService C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
21:33:35.0468 0x0db8  IntuitUpdateService - ok
21:33:35.0500 0x0db8  [ 3BB22519A194418D5FEC05D800A19AD0, F6662F440950596DC1382DD1DB5D7891CCEA30A6062BEA942C18445B5F0D8B16 ] Ip6Fw           C:\WINDOWS\system32\drivers\ip6fw.sys
21:33:35.0500 0x0db8  Ip6Fw - ok
21:33:35.0531 0x0db8  [ 731F22BA402EE4B62748ADAF6363C182, 5C3BEBD008A5BE4DC2F92076FF41A10DDC01E10EC7E6552213CFA11970811848 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
21:33:35.0531 0x0db8  IpFilterDriver - ok
21:33:35.0546 0x0db8  [ B87AB476DCF76E72010632B5550955F5, E6E74D3A86A7917A8BAED44F8E97CCD2EB171E4E4B27E9907F60D1523FAF319A ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
21:33:35.0546 0x0db8  IpInIp - ok
21:33:35.0562 0x0db8  [ CC748EA12C6EFFDE940EE98098BF96BB, AF523E21C25D9A1715EFEA573E4F52AF5D4FC9F28A2D613F5DB629C186C439E0 ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
21:33:35.0562 0x0db8  IpNat - ok
21:33:35.0578 0x0db8  [ 23C74D75E36E7158768DD63D92789A91, 394D296F38E7D8EFD91A6EEC301D9CE6AF910E35EB9819F1A9E3363863AEDFDC ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
21:33:35.0578 0x0db8  IPSec - ok
21:33:35.0593 0x0db8  [ C93C9FF7B04D772627A3646D89F7BF89, 805FA48E7A46D4F10240BF880A2468F53DEA36E83004399228AB70DB7D20544A ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
21:33:35.0593 0x0db8  IRENUM - ok
21:33:35.0609 0x0db8  [ 05A299EC56E52649B1CF2FC52D20F2D7, 2654619DB3E6D6C385B63AB02F87D4241C4F0250CC31383D1B3586917166C2DC ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
21:33:35.0609 0x0db8  isapnp - ok
21:33:35.0687 0x0db8  [ BF918C9473D64BBD53C22C47045883F5, 1980726FBFEEE75E4B360B1A4F438CF1ADD929AC21BD5197F740CB8AD8194BD2 ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
21:33:35.0687 0x0db8  JavaQuickStarterService - ok
21:33:35.0703 0x0db8  [ 463C1EC80CD17420A542B7F36A36F128, E3B11BA26AFEAFB50B0FC168EA07F6049DA6B88BCDDEEE20310602D7FC27A3A7 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
21:33:35.0703 0x0db8  Kbdclass - ok
21:33:35.0703 0x0db8  [ 9EF487A186DEA361AA06913A75B3FA99, B94EBA4EC6D85E11C81AF9927E9EF0AF2E6FE134CFF1FDB0535B7C5A794B4261 ] kbdhid          C:\WINDOWS\system32\DRIVERS\kbdhid.sys
21:33:35.0703 0x0db8  kbdhid - ok
21:33:35.0734 0x0db8  [ 692BCF44383D056AED41B045A323D378, 1A99DEE83FFAF64E73067FC049C0A4CE07D94E4AE31EFA17B38CEFA9E41D67DC ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
21:33:35.0750 0x0db8  kmixer - ok
21:33:35.0796 0x0db8  [ B467646C54CC746128904E1654C750C1, 3BD71BE3663EA23463D236D8A2A2E42DFA10C502BDB4B6E131FAF0FBA748219E ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
21:33:35.0796 0x0db8  KSecDD - ok
21:33:35.0828 0x0db8  [ 3A7C3CBE5D96B8AE96CE81F0B22FB527, 0044F03132596A494448CCE5F3D6ECC12617BB4CF6BAE348F79D4DC40ACD6EE0 ] lanmanserver    C:\WINDOWS\System32\srvsvc.dll
21:33:35.0843 0x0db8  lanmanserver - ok
21:33:35.0921 0x0db8  [ A8888A5327621856C0CEC4E385F69309, B08B63300D824E35E31EEEA2C4C086DFA2C2A964CEDAE512E74D3D88AADAA2C1 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
21:33:35.0921 0x0db8  lanmanworkstation - ok
21:33:35.0937 0x0db8  lbrtfdc - ok
21:33:35.0968 0x0db8  [ E19C8550B4C6C67FABFFD998EACF440A, FDBD948BB901FC683268ED3540C783D26C592809CCE915A2858A0161407A56BE ] LexBceS         C:\WINDOWS\system32\LEXBCES.EXE
21:33:35.0984 0x0db8  LexBceS - ok
21:33:36.0125 0x0db8  [ A97EEB81F05BCE3D7AA6C81F04EF39A4, 5FE994FD8CA68BD9182C058F2A3C97AADF529BD10BE6E14E4825DB1F934D7F77 ] LiveUpdate      C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
21:33:36.0203 0x0db8  LiveUpdate - ok
21:33:36.0218 0x0db8  [ A7DB739AE99A796D91580147E919CC59, EDF4E039BA277B0E6D66FEB0B28096E67D682C09DFC18ECECF062D9DCFB75ACF ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
21:33:36.0218 0x0db8  LmHosts - ok
21:33:36.0265 0x0db8  [ 11F714F85530A2BD134074DC30E99FCA, BDB5FD3B2DF4ADD19B31965B3E789768B59E872B3EA85912B1FFB32B2AF9D5D8 ] MDM             C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
21:33:36.0281 0x0db8  MDM - ok
21:33:36.0312 0x0db8  [ 986B1FF5814366D71E0AC5755C88F2D3, E6AF051174531C24B38E73987755D366ABEC595476C6D17793E8DCCC73F55340 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
21:33:36.0312 0x0db8  Messenger - ok
21:33:36.0343 0x0db8  [ 4AE068242760A1FB6E1A44BF4E16AFA6, 1FB771162B96AAF787AC24867B818DF8511F0780BB094FA9A38C11D8DBFE68BC ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
21:33:36.0343 0x0db8  mnmdd - ok
21:33:36.0375 0x0db8  [ D18F1F0C101D06A1C1ADF26EED16FCDD, BA0837C7780BD8262E143E2935AFA63BE59C3C39EF56CB8608EED0F50AF070D4 ] mnmsrvc         C:\WINDOWS\system32\mnmsrvc.exe
21:33:36.0375 0x0db8  mnmsrvc - ok
21:33:36.0390 0x0db8  [ DFCBAD3CEC1C5F964962AE10E0BCC8E1, B342CC9EC3729AB1AB4B5E2E99F890C1E0CA649162DE91F6768AB857B719E97B ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
21:33:36.0390 0x0db8  Modem - ok
21:33:36.0390 0x0db8  [ 35C9E97194C8CFB8430125F8DBC34D04, 0C0FCE6B0A23FB0ECB92E1663E1C72D2DD5B177D82E04782957690B69530DB39 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
21:33:36.0390 0x0db8  Mouclass - ok
21:33:36.0406 0x0db8  [ B1C303E17FB9D46E87A98E4BA6769685, 161A45488522055D0F0474ABEDA04DDD0B5DAC2411AF9154B15190BBD66E7153 ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
21:33:36.0406 0x0db8  mouhid - ok
21:33:36.0406 0x0db8  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD, 2A5E15ED2C24C6C65EF2F7E1FD93374774076C9D8D451E4422561F4D269C012F ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
21:33:36.0421 0x0db8  MountMgr - ok
21:33:36.0421 0x0db8  mraid35x - ok
21:33:36.0437 0x0db8  [ 11D42BB6206F33FBB3BA0288D3EF81BD, 76ABCFB62C5AC549F58C231F72A99882CDEB74928104B77FE52554765C2B1A22 ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
21:33:36.0437 0x0db8  MRxDAV - ok
21:33:36.0500 0x0db8  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0, DB9B186F7076D7B94F45041AF7B77C1AD2CAB504D683B459C6CB1C22840ED170 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
21:33:36.0515 0x0db8  MRxSmb - ok
21:33:36.0531 0x0db8  [ A137F1470499A205ABBB9AAFB3B6F2B1, FB4951727543030D9E6ED74149C3FAACE2CA9DA8C1B5F616301B30B858C724E8 ] MSDTC           C:\WINDOWS\system32\msdtc.exe
21:33:36.0531 0x0db8  MSDTC - ok
21:33:36.0546 0x0db8  [ C941EA2454BA8350021D774DAF0F1027, C940E978C7B66A713A0FDAB54B5F995DF59D089AFCD96221DD3222948CD49BBD ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
21:33:36.0546 0x0db8  Msfs - ok
21:33:36.0546 0x0db8  MSIServer - ok
21:33:36.0562 0x0db8  [ D1575E71568F4D9E14CA56B7B0453BF1, 4ABE0E24786C0D39FA2B885447E56204CA6942FB175E534DCE675D7BCF0B176A ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
21:33:36.0562 0x0db8  MSKSSRV - ok
21:33:36.0562 0x0db8  [ 325BB26842FC7CCC1FCCE2C457317F3E, C07BE560513B1FB91D756494F0BA4AEEB2E1998DE0E1C21EE83DB1183B0CEE91 ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
21:33:36.0562 0x0db8  MSPCLOCK - ok
21:33:36.0578 0x0db8  [ BAD59648BA099DA4A17680B39730CB3D, 9AD4C7C94C186C8815D0BC75DCAFB962158DA6935A244BA243EDDDEB33F9816C ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
21:33:36.0578 0x0db8  MSPQM - ok
21:33:36.0593 0x0db8  [ AF5F4F3F14A8EA2C26DE30F7A1E17136, AC93A1E4ABB0D038B772E429015567E44CC2EDB66C54DBE23A5F98176FAC1520 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
21:33:36.0593 0x0db8  mssmbios - ok
21:33:36.0625 0x0db8  [ E53736A9E30C45FA9E7B5EAC55056D1D, 38602F280BF69EBA3706AD175AFC1AEB561A8302B4B61E3FECB3C27D7A9BDB41 ] MSTEE           C:\WINDOWS\system32\drivers\MSTEE.sys
21:33:36.0625 0x0db8  MSTEE - ok
21:33:36.0656 0x0db8  [ 00C7B2306F1CA5389A1AC6D1DF9C2E25, 0D6A9C046BDFBB6B36C6A89058946138A880F00F9D8ED826C4A350E39772AD57 ] msvad_simple    C:\WINDOWS\system32\drivers\povrtdev.sys
21:33:36.0656 0x0db8  msvad_simple - ok
21:33:36.0687 0x0db8  [ DE6A75F5C270E756C5508D94B6CF68F5, FCC972DDC36C2C44D836913F10004C2C33B11C54DEFFF0C63E0FDF901D2F9261 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
21:33:36.0687 0x0db8  Mup - ok
21:33:36.0718 0x0db8  [ 5B50F1B2A2ED47D560577B221DA734DB, C16A554B6E1A7F5F98C94DFA88163E0F7426506BF2F51FD351B1A05FC0DB3BC5 ] NABTSFEC        C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
21:33:36.0718 0x0db8  NABTSFEC - ok
21:33:36.0765 0x0db8  [ 0102140028FAD045756796E1C685D695, 5335B8278418CA200E2772124F0602C3E15A5CAF2D5CC59F6785DFAABF339B09 ] napagent        C:\WINDOWS\System32\qagentrt.dll
21:33:36.0781 0x0db8  napagent - ok
21:33:36.0906 0x0db8  [ CE2156DF796D41614AB60E68D107D573, A6455B10C12CCAD713AB23D1BA41FBBADDEB6EA1CD8B9FAF2D3C4CD6F77B622E ] NAVENG          C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20130708.002\naveng.sys
21:33:36.0906 0x0db8  NAVENG - ok
21:33:37.0015 0x0db8  [ 19CEB8F4EC8C800A53D0B67E658E0367, DE4DAD2B02B80887E0188AAA42A848608AB456F9A526934B6315B47F2E85DE76 ] NAVEX15         C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20130708.002\navex15.sys
21:33:37.0046 0x0db8  NAVEX15 - ok
21:33:37.0062 0x0db8  [ 1DF7F42665C94B825322FAE71721130D, FE0DCB728471465B39A42A7511F4133021FBA5DF88F88BCB5FE2FF34CFD713F9 ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
21:33:37.0078 0x0db8  NDIS - ok
21:33:37.0109 0x0db8  [ 7FF1F1FD8609C149AA432F95A8163D97, 18CD1FF5AC1EF8A38D1EC53014F2BADD28D9CDF4ECE2EBC2313D08903776F323 ] NdisIP          C:\WINDOWS\system32\DRIVERS\NdisIP.sys
21:33:37.0125 0x0db8  NdisIP - ok
21:33:37.0140 0x0db8  [ 0109C4F3850DFBAB279542515386AE22, 4F6DB1E499AC853FD36FD603FBB6D3AC9BDCEB298C7FE1FB59A9236CB46729B2 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
21:33:37.0140 0x0db8  NdisTapi - ok
21:33:37.0171 0x0db8  [ F927A4434C5028758A842943EF1A3849, B1AA3AF150C05307461774925901789456B0CCCD03A5E71ADA4AB58455962BEE ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
21:33:37.0171 0x0db8  Ndisuio - ok
21:33:37.0187 0x0db8  [ EDC1531A49C80614B2CFDA43CA8659AB, 494042F790F33721328B4451E79842E21919681CC421A4F9633EC4D383E06097 ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:33:37.0187 0x0db8  NdisWan - ok
21:33:37.0218 0x0db8  [ 2F597BB467E05B1FE3830EABD821B8E0, 141497F5A49D47CCE3C9289644F4BD838DCB238F6D8E847FC006652E21FE02AC ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
21:33:37.0234 0x0db8  NDProxy - ok
21:33:37.0250 0x0db8  [ 5D81CF9A2F1A3A756B66CF684911CDF0, 7989C36607CAEA17AFA2C1C9904145CA0714A54B9F712D9D4C1AB140D0B2CC0C ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
21:33:37.0250 0x0db8  NetBIOS - ok
21:33:37.0265 0x0db8  [ 74B2B2F5BEA5E9A3DC021D685551BD3D, 7932B71F98B4122BE88F576BF6D745A757AE378A48924B7F4358837B75640A82 ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
21:33:37.0281 0x0db8  NetBT - ok
21:33:37.0328 0x0db8  [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDE          C:\WINDOWS\system32\netdde.exe
21:33:37.0343 0x0db8  NetDDE - ok
21:33:37.0343 0x0db8  [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
21:33:37.0343 0x0db8  NetDDEdsdm - ok
21:33:37.0375 0x0db8  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] Netlogon        C:\WINDOWS\system32\lsass.exe
21:33:37.0375 0x0db8  Netlogon - ok
21:33:37.0406 0x0db8  [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE, 4E0A67B3CC897E80D4B342FFE8B7B4CC4F6CA2EF2D34C136027A098B2E1C6166 ] Netman          C:\WINDOWS\System32\netman.dll
21:33:37.0421 0x0db8  Netman - ok
21:33:37.0468 0x0db8  [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
21:33:37.0500 0x0db8  NetTcpPortSharing - ok
21:33:37.0515 0x0db8  [ 943337D786A56729263071623BBB9DE5, B631B47C869FE4ACF46E4AA272435D9A9CA536E3349E3FFBB8602636FEE7AFD4 ] Nla             C:\WINDOWS\System32\mswsock.dll
21:33:37.0531 0x0db8  Nla - ok
21:33:37.0578 0x0db8  [ F44ADDBF29905CB19F52FC9FE6A0EFA1, 49AB6C779E41BF3208ADF637FC35B7AFC447211AE4BE88AAA54F043C30C23B55 ] nosGetPlusHelper C:\Program Files\NOS\bin\getPlus_Helper_3004.dll
21:33:37.0578 0x0db8  nosGetPlusHelper - ok
21:33:37.0593 0x0db8  [ 3182D64AE053D6FB034F44B6DEF8034A, 4ADFC76965BA2A5F488E71789A4E4EA702A74AF42725F72130D1CA919406CF19 ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
21:33:37.0593 0x0db8  Npfs - ok
21:33:37.0640 0x0db8  [ 78A08DD6A8D65E697C18E1DB01C5CDCA, E0E6F3ED05068E32F1D5C2D2B38CDEF4536B8656DB6756C66CF6B40B60C8F3DA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
21:33:37.0656 0x0db8  Ntfs - ok
21:33:37.0734 0x0db8  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] NtLmSsp         C:\WINDOWS\system32\lsass.exe
21:33:37.0734 0x0db8  NtLmSsp - ok
21:33:37.0765 0x0db8  [ 156F64A3345BD23C600655FB4D10BC08, 9611BE411586E068D9297D77102DB3BE48AA67F1BAD6F61A84F83FC3043FA9CD ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
21:33:37.0796 0x0db8  NtmsSvc - ok
21:33:37.0828 0x0db8  [ 73C1E1F395918BC2C6DD67AF7591A3AD, B21133A75253EC15E2DFF66D3B480AB1A7E1A2360476C810E7AA55D0F0EB08D4 ] Null            C:\WINDOWS\system32\drivers\Null.sys
21:33:37.0828 0x0db8  Null - ok
21:33:37.0843 0x0db8  [ B305F3FAD35083837EF46A0BBCE2FC57, 9D0E0E666D652D0FC9EAB97280A5D67AAF61D6B21929DF7CF8ED72A367720464 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
21:33:37.0843 0x0db8  NwlnkFlt - ok
21:33:37.0859 0x0db8  [ C99B3415198D1AAB7227F2C88FD664B9, DD8DA4B5E804F134AB9233859544C025062902DFC3E8FB8A09A67337A4E73F55 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
21:33:37.0859 0x0db8  NwlnkFwd - ok
21:33:37.0921 0x0db8  [ B3E5887095F1DE8737DA3441D29F60E4, 722DCC5F8AE62C7EE87C14AFA447EB630EDDB23C56E921E5FA8C72C12011C676 ] ogmservice      C:\Program Files\Online Games Manager\ogmservice.exe
21:33:37.0937 0x0db8  ogmservice - ok
21:33:37.0968 0x0db8  [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:33:37.0984 0x0db8  ose - ok
21:33:38.0000 0x0db8  [ 5575FAF8F97CE5E713D108C2A58D7C7C, 96D4595D19A78CCBE8B325A08780AC077AE5CC99642ACD72FB47AEAE8D344D3B ] Parport         C:\WINDOWS\system32\drivers\Parport.sys
21:33:38.0000 0x0db8  Parport - ok
21:33:38.0015 0x0db8  [ BEB3BA25197665D82EC7065B724171C6, 7E71C13BA30CD95CEE8A9CC85E6F48A01F30EDEAADEE69D80AE828BF97E5A5CA ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
21:33:38.0015 0x0db8  PartMgr - ok
21:33:38.0046 0x0db8  [ 70E98B3FD8E963A6A46A2E6247E0BEA1, 6771313EC41B3B5BFD398F60706E40BE71617046880CC352DD110B001AFC22A1 ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
21:33:38.0046 0x0db8  ParVdm - ok
21:33:38.0062 0x0db8  [ A219903CCF74233761D92BEF471A07B1, D4E6C360A1D2FCA4D17C991B834D68BF20F5111DD06B1FAB8B22984804CEC269 ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
21:33:38.0062 0x0db8  PCI - ok
21:33:38.0062 0x0db8  PCIDump - ok
21:33:38.0093 0x0db8  [ CCF5F451BB1A5A2A522A76E670000FF0, D63F7E5A39653EC9CCE94B7D84B2D3EBD4F54533BD65701020198724042C9257 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
21:33:38.0093 0x0db8  PCIIde - ok
21:33:38.0109 0x0db8  [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1, 0BA3DB21DC7C641C181E2635B5C9B73965FDCDCD3EBBBE48FCFEC1C8C987F617 ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys
21:33:38.0109 0x0db8  Pcmcia - ok
21:33:38.0125 0x0db8  PDCOMP - ok
21:33:38.0125 0x0db8  PDFRAME - ok
21:33:38.0125 0x0db8  PDRELI - ok
21:33:38.0140 0x0db8  PDRFRAME - ok
21:33:38.0140 0x0db8  perc2 - ok
21:33:38.0140 0x0db8  perc2hib - ok
21:33:38.0171 0x0db8  [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] PlugPlay        C:\WINDOWS\system32\services.exe
21:33:38.0171 0x0db8  PlugPlay - ok
21:33:38.0187 0x0db8  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
21:33:38.0187 0x0db8  PolicyAgent - ok
21:33:38.0203 0x0db8  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99, C5F0C8C66A3AF7E7BB04CEDE4AC5306F8387AB384A2107DC5BE413AAE968EFF1 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
21:33:38.0203 0x0db8  PptpMiniport - ok
21:33:38.0218 0x0db8  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
21:33:38.0218 0x0db8  ProtectedStorage - ok
21:33:38.0234 0x0db8  [ F7364CA670E0C581791E964D76A6606E, D5292179750E23587F549315D806E7B1B7CDA2990071A533569CB2D3EBF78CC0 ] Proxy           C:\Program Files\Common Files\Diagnostics\node\service.exe
21:33:38.0234 0x0db8  Proxy - ok
21:33:38.0250 0x0db8  [ 09298EC810B07E5D582CB3A3F9255424, 35473A1BE25AC289474090EB0806AC6B3035DC33D1F3DF97A14BF1E361AC6AC3 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
21:33:38.0250 0x0db8  PSched - ok
21:33:38.0250 0x0db8  [ 80D317BD1C3DBC5D4FE7B1678C60CADD, DA76804B55D0CAB3DDD01EFC06673764AE4860693375C658B6063FB14AF7F12C ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
21:33:38.0250 0x0db8  Ptilink - ok
21:33:38.0312 0x0db8  [ 25999297E5224CD3047A52D5AEA40A44, 33756ED9C921D96D0D3E2440D52A3C35E2ECCC597EB5EDBB1B999EE3DF7C1990 ] QBCFMonitorService C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
21:33:38.0312 0x0db8  QBCFMonitorService - ok
21:33:38.0375 0x0db8  [ 6BEE1814470DC12FA20C53DFC3C97EBB, 91E8C22E54A090966E9B96395392B2C03A32DB1AF8DB2289E2EA9460F0A76C0F ] QBFCService     C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
21:33:38.0375 0x0db8  QBFCService - ok
21:33:38.0500 0x0db8  [ 1F3EB5363F467AAD7CA467AE26D0E8C4, 9D0B39C0EB09918590190650A711A639F7186B60B2770C0CEE3DFE0DE60CABE9 ] QBVSS           C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
21:33:38.0562 0x0db8  QBVSS - ok
21:33:38.0562 0x0db8  ql1080 - ok
21:33:38.0562 0x0db8  Ql10wnt - ok
21:33:38.0578 0x0db8  ql12160 - ok
21:33:38.0578 0x0db8  ql1240 - ok
21:33:38.0578 0x0db8  ql1280 - ok
21:33:38.0593 0x0db8  [ FE0D99D6F31E4FAD8159F690D68DED9C, 998685622ABE631984B7E4DBF91AB3594B1F574378D75EB9F6265F4650470692 ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
21:33:38.0593 0x0db8  RasAcd - ok
21:33:38.0625 0x0db8  [ AD188BE7BDF94E8DF4CA0A55C00A5073, C7D76CB579FAEBCCC2873499441BACDD6BD6668ACF5ED7F31862656E96E2B20C ] RasAuto         C:\WINDOWS\System32\rasauto.dll
21:33:38.0640 0x0db8  RasAuto - ok
21:33:38.0640 0x0db8  [ 11B4A627BC9614B885C4969BFA5FF8A6, EAE0A412A2B0F68919C32A96B3A08CC1A06585E4998819F5C9051745F63FF5AD ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
21:33:38.0656 0x0db8  Rasl2tp - ok
21:33:38.0687 0x0db8  [ 76A9A3CBEADD68CC57CDA5E1D7448235, 4AFD048C5D2306AB8DE46F3AA60AC0213333DDA3B09A9E91F7585DB6EB978EC8 ] RasMan          C:\WINDOWS\System32\rasmans.dll
21:33:38.0703 0x0db8  RasMan - ok
21:33:38.0703 0x0db8  [ 5BC962F2654137C9909C3D4603587DEE, A5CE5653D0105240F5E86CFAAB89E7917D42D939E2F27A5A7D6979289CA651B8 ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
21:33:38.0703 0x0db8  RasPppoe - ok
21:33:38.0765 0x0db8  [ FDBB1D60066FCFBB7452FD8F9829B242, 10A2DACF944BD000032EBA8C095CB3D879CC55B28C377ADF6E52E508E47444DB ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
21:33:38.0781 0x0db8  Raspti - ok
21:33:38.0781 0x0db8  [ 7AD224AD1A1437FE28D89CF22B17780A, 6645235CA27D671954E3557FA37082881C3D7D47492C71264CD8CB8D108EC801 ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
21:33:38.0796 0x0db8  Rdbss - ok
21:33:38.0812 0x0db8  [ 4912D5B403614CE99C28420F75353332, 975341ECD660209987B5E5171B8315E032439E408CBE8A5986E67AF767F373BB ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
21:33:38.0812 0x0db8  RDPCDD - ok
21:33:38.0859 0x0db8  [ 43AF5212BD8FB5BA6EED9754358BD8F7, AF330F61CECA4AFA359CEABC5EB3227E6B56A9A2DCE50701381D665122D7356D ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
21:33:38.0859 0x0db8  RDPWD - ok
21:33:38.0875 0x0db8  [ 3C37BF86641BDA977C3BF8A840F3B7FA, AB9A6E54DBA3F4561CD4837372BECCE0D73943D02E3288F944333039375AC08C ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
21:33:38.0890 0x0db8  RDSessMgr - ok
21:33:38.0921 0x0db8  [ F828DD7E1419B6653894A8F97A0094C5, E6150E1F598BA4CFEDB8FF075BC0D576518C331B864388F1CAE8812EFF106ECF ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
21:33:38.0921 0x0db8  redbook - ok
21:33:38.0953 0x0db8  [ 7E699FF5F59B5D9DE5390E3C34C67CF5, 3FCF0442D80AB181FED4303E570378736AA1F8718C0B8B70F689A1E45200FFE4 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
21:33:38.0968 0x0db8  RemoteAccess - ok
21:33:38.0984 0x0db8  [ AAED593F84AFA419BBAE8572AF87CF6A, CC0FFC5A69394C8830DC66320DA01A820BBF41AD7E57D0FC343561DC5EF9A360 ] RpcLocator      C:\WINDOWS\system32\locator.exe
21:33:39.0000 0x0db8  RpcLocator - ok
21:33:39.0015 0x0db8  [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] RpcSs           C:\WINDOWS\System32\rpcss.dll
21:33:39.0031 0x0db8  RpcSs - ok
21:33:39.0062 0x0db8  [ 471B3F9741D762ABE75E9DEEA4787E47, D9ADE42965EC22AEB4B2AD21D429C3C8232A60AA9853DEFDA7AED86A13FE8623 ] RSVP            C:\WINDOWS\system32\rsvp.exe
21:33:39.0078 0x0db8  RSVP - ok
21:33:39.0125 0x0db8  [ 7436BFD3A542CF6FF55097200031B293, 4533C557C6672CBC71B72ACBA3FE473DFC53E9DA7FC0735DC994C8B83EA2EF32 ] RT73            C:\WINDOWS\system32\DRIVERS\rt73.sys
21:33:39.0140 0x0db8  RT73 - ok
21:33:39.0156 0x0db8  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] SamSs           C:\WINDOWS\system32\lsass.exe
21:33:39.0156 0x0db8  SamSs - ok
21:33:39.0187 0x0db8  [ 3525FDCFC567E807A337C61AFF366BE8, 1F36EEF2F96E87347F15CA98629132D266469FC5BC6A19BA49D59B5C53B890C1 ] SavRoam         C:\Program Files\Symantec AntiVirus\SavRoam.exe
21:33:39.0187 0x0db8  SavRoam - ok
21:33:39.0218 0x0db8  [ 12B6E269EF8AC8EA36122544C8A1B6D8, 2794137FFAAA164616002D82A2723AA02DA1B5D8D93F866AA19349F5EAAE2512 ] SAVRT           C:\Program Files\Symantec AntiVirus\savrt.sys
21:33:39.0218 0x0db8  SAVRT - ok
21:33:39.0234 0x0db8  [ 97E5B6F3F95465E1F59360B59D8EC64E, F3014D8C528401CF8BAF24391185DB0A8F4AA5D6024D5DAC56A2C369BE098987 ] SAVRTPEL        C:\Program Files\Symantec AntiVirus\Savrtpel.sys
21:33:39.0234 0x0db8  SAVRTPEL - ok
21:33:39.0250 0x0db8  [ 86D007E7A654B9A71D1D7D856B104353, 7B1DE53D637A5FC9619D5D07C48927AFEC89D959207F6F2E2F45DD054EEA04C7 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
21:33:39.0250 0x0db8  SCardSvr - ok
21:33:39.0265 0x0db8  [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA, 0B582F47BD70732BAC48B8B86E5D06CE7F299A20E8177F3F2E6F28217C3FB605 ] Schedule        C:\WINDOWS\system32\schedsvc.dll
21:33:39.0281 0x0db8  Schedule - ok
21:33:39.0312 0x0db8  [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
21:33:39.0312 0x0db8  Secdrv - ok
21:33:39.0343 0x0db8  [ CBE612E2BB6A10E3563336191EDA1250, C331797DC3569F0E715766561DE2562F60B924378842246C35D2B1CF867E9D96 ] seclogon        C:\WINDOWS\System32\seclogon.dll
21:33:39.0343 0x0db8  seclogon - ok
21:33:39.0375 0x0db8  [ 7FDD5D0684ECA8C1F68B4D99D124DCD0, 7105B026F966A992430F86C3698ABE15EC73E4772F1A3E362E29FD5247A5DCA6 ] SENS            C:\WINDOWS\system32\sens.dll
21:33:39.0390 0x0db8  SENS - ok
21:33:39.0390 0x0db8  [ CCA207A8896D4C6A0C9CE29A4AE411A7, 5999B39242283CD803319AADCA171CCCC6E2A40FB2FAFA51B1D29F3FF2DD8D6C ] Serial          C:\WINDOWS\system32\drivers\Serial.sys
21:33:39.0390 0x0db8  Serial - ok
21:33:39.0421 0x0db8  [ 8E6B8C671615D126FDC553D1E2DE5562, CEEC0067514555D5CA489F50E3D7562FCA8DB8E952C3C878604C9277FC77959F ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
21:33:39.0421 0x0db8  Sfloppy - ok
21:33:39.0437 0x0db8  [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
21:33:39.0453 0x0db8  ShellHWDetection - ok
21:33:39.0453 0x0db8  Simbad - ok
21:33:39.0484 0x0db8  [ 866D538EBE33709A5C9F5C62B73B7D14, BC94BEB7C17B4FCAC8B5D0D5006A203BC209E0504EECE149651D8691935696CD ] SLIP            C:\WINDOWS\system32\DRIVERS\SLIP.sys
21:33:39.0500 0x0db8  SLIP - ok
21:33:39.0531 0x0db8  [ 0D411EEA92751C1ECD8453892F41E726, 7D7EF12BAA41C1BC2076DF5A91B69A00E514463AEC8A7DF22A6152FBC79A102E ] SNDSrvc         C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
21:33:39.0546 0x0db8  SNDSrvc - ok
21:33:39.0546 0x0db8  Sparrow - ok
21:33:39.0578 0x0db8  [ 677B10906838D3BFB1C07AC9087E4BF7, 2560E00FCB5496033A5484069DE83D4547F7D3AE326EBCF79FCDAFDB7055A102 ] SPBBCDrv        C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
21:33:39.0593 0x0db8  SPBBCDrv - ok
21:33:39.0640 0x0db8  [ C830007369E18A54AED23B5BB3AFA2BA, EE2010C79C8D1C6C9732B0803E0EAD495F66AFB7851BB49CDE65A7A6147ED4E0 ] SPBBCSvc        C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
21:33:39.0671 0x0db8  SPBBCSvc - ok
21:33:39.0718 0x0db8  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F, DD17733CBB370FCA08F0296704D7CBEACA3C8F76D0ABE4761C3B1FFDF7481D9E ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
21:33:39.0718 0x0db8  splitter - ok
21:33:39.0750 0x0db8  [ 60784F891563FB1B767F70117FC2428F, E0B07F08E60FFBAD36C2E58180F4B2A16DCA47716044CBE0213DF7B74D742F1F ] Spooler         C:\WINDOWS\system32\spoolsv.exe
21:33:39.0750 0x0db8  Spooler - ok
21:33:39.0750 0x0db8  [ 76BB022C2FB6902FD5BDD4F78FC13A5D, 6031CB2344D7277FC703480EB43CF856A0F8F818EA98FF26A2CA532336CD2DFA ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
21:33:39.0765 0x0db8  sr - ok
21:33:39.0765 0x0db8  [ 3805DF0AC4296A34BA4BF93B346CC378, B57A14F1B7B0997E619DDD62B73157AA2399A9852166FB58139CBB358A88F6F3 ] srservice       C:\WINDOWS\system32\srsvc.dll
21:33:39.0781 0x0db8  srservice - ok
21:33:39.0843 0x0db8  [ 47DDFC2F003F7F9F0592C6874962A2E7, 17C643BD4EB09B5666FE41817DC785BE04A6E491CE79E8E5A702CDBD98E1BDD7 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
21:33:39.0859 0x0db8  Srv - ok
21:33:39.0859 0x0db8  [ 0A5679B3714EDAB99E357057EE88FCA6, 01E1A101FFF48402C77E385A78FEF27876E04533B60EB1C18558A737E57E5FA8 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
21:33:39.0859 0x0db8  SSDPSRV - ok
21:33:39.0890 0x0db8  [ A9573045BAA16EAB9B1085205B82F1ED, 6A4D68BCD4968C17451EB1C4AB420FFA844D089845520D222BC4A2BD14583C56 ] StillCam        C:\WINDOWS\system32\DRIVERS\serscan.sys
21:33:39.0890 0x0db8  StillCam - ok
21:33:39.0937 0x0db8  [ 8BAD69CBAC032D4BBACFCE0306174C30, 2AA0DA710FCBFF38FE8DA91EE02E7A4503269347E61F8D3246FCA3384BBA2305 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
21:33:39.0953 0x0db8  stisvc - ok
21:33:40.0000 0x0db8  [ 77813007BA6265C4B6098187E6ED79D2, 93939120E803C46FBFD577C8FC2E6C7E71C0460E01D25CB29579490640AB50C7 ] streamip        C:\WINDOWS\system32\DRIVERS\StreamIP.sys
21:33:40.0000 0x0db8  streamip - ok
21:33:40.0015 0x0db8  [ 3941D127AEF12E93ADDF6FE6EE027E0F, EA1F0E32E1C5E90FA4AAC421DEBBE086512340758D3217A6334E886BCE638B51 ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
21:33:40.0015 0x0db8  swenum - ok
21:33:40.0046 0x0db8  [ 8CE882BCC6CF8A62F2B2323D95CB3D01, B408550A581F3DA222355964AFA4E976AD8471F0AA37573C42C4948AE5A23A3B ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
21:33:40.0046 0x0db8  swmidi - ok
21:33:40.0046 0x0db8  SwPrv - ok
21:33:40.0156 0x0db8  [ 8FDAADF204A4F29214DA1B03342E2735, 3759DD5031D3559DCBC4656254E2E8597E2AB2C52E3BBCD2F5C33E58DF333C0D ] Symantec AntiVirus C:\Program Files\Symantec AntiVirus\Rtvscan.exe
21:33:40.0203 0x0db8  Symantec AntiVirus - ok
21:33:40.0203 0x0db8  symc810 - ok
21:33:40.0218 0x0db8  symc8xx - ok
21:33:40.0234 0x0db8  [ DE6D1102D55926354171AE4E73936725, 649873476882ECC3A9329A58E68A01647FCFF0EBEF6DF7D0123F43CB298B1817 ] SymEvent        C:\Program Files\Symantec\SYMEVENT.SYS
21:33:40.0234 0x0db8  SymEvent - ok
21:33:40.0250 0x0db8  [ 6C0A85982F4E0D672B85A2BFB50A24B5, B278643F1EBE857DC5ECCAA4F2573EE01A7667413282FF8E57222767467C7E15 ] SYMREDRV        C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
21:33:40.0250 0x0db8  SYMREDRV - ok
21:33:40.0265 0x0db8  [ CDDA3BA3F7D5B63FF9F85CB478C11473, C0DCFB3520DBCCBCFF61BF7D1C0D6324CC9B0B47D9CBD40AA8109EBBB557CE57 ] SYMTDI          C:\WINDOWS\System32\Drivers\SYMTDI.SYS
21:33:40.0281 0x0db8  SYMTDI - ok
21:33:40.0281 0x0db8  sym_hi - ok
21:33:40.0281 0x0db8  sym_u3 - ok
21:33:40.0296 0x0db8  [ 8B83F3ED0F1688B4958F77CD6D2BF290, 546D3602183702B4F53E84413CFA2C933D64C8540378E54A8DCD148F3F36A2DA ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
21:33:40.0296 0x0db8  sysaudio - ok
21:33:40.0328 0x0db8  [ C7ABBC59B43274B1109DF6B24D617051, 4384CA0AA6CE9B603CF7DB775A3C721E46715D5B120B94FB57DEADAADE18535B ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
21:33:40.0343 0x0db8  SysmonLog - ok
21:33:40.0359 0x0db8  [ 3CB78C17BB664637787C9A1C98F79C38, F35C31F6B7F366CB949D1044B357C76DEC9170441C5E559802794F62B72FD255 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
21:33:40.0375 0x0db8  TapiSrv - ok
21:33:40.0406 0x0db8  [ 9AEFA14BD6B182D61E3119FA5F436D3D, EA29E49434585409272E7901AF89771FE9D6E911A7DC44AB3C7020CFF8A44552 ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
21:33:40.0421 0x0db8  Tcpip - ok
21:33:40.0437 0x0db8  [ 6471A66807F5E104E4885F5B67349397, F35CBFFB8BB235CCE30EF94A5273333900DD49FD506BF9D55D99A320B8A53A5A ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
21:33:40.0437 0x0db8  TDPIPE - ok
21:33:40.0437 0x0db8  [ C56B6D0402371CF3700EB322EF3AAF61, 7743FA4C734BCE38EFB1CA69BC17364D8421E2CD172F856F7E38E7AE1EE93F2F ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
21:33:40.0453 0x0db8  TDTCP - ok
21:33:40.0468 0x0db8  [ 88155247177638048422893737429D9E, B6D4E8691917946332C2208D01F8C8281978C1AD1E9951C5D99DF0D49AC34B3B ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
21:33:40.0468 0x0db8  TermDD - ok
21:33:40.0484 0x0db8  [ FF3477C03BE7201C294C35F684B3479F, D6246521539BA4ACD022D26983182F5E323D2EF1EA7C54265A248C43A1CE5202 ] TermService     C:\WINDOWS\System32\termsrv.dll
21:33:40.0515 0x0db8  TermService - ok
21:33:40.0531 0x0db8  [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] Themes          C:\WINDOWS\System32\shsvcs.dll
21:33:40.0531 0x0db8  Themes - ok
21:33:40.0531 0x0db8  TosIde - ok
21:33:40.0546 0x0db8  [ 55BCA12F7F523D35CA3CB833C725F54E, 849FB1AE31B143B14B298BBC0D91230693D41DEB95F46516878F53A7F4186C38 ] TrkWks          C:\WINDOWS\system32\trkwks.dll
21:33:40.0562 0x0db8  TrkWks - ok
21:33:40.0578 0x0db8  [ 5787B80C2E3C5E2F56C2A233D91FA2C9, 3774905CF77954DFCECDA5BCC7CDE3D0ED72712BFAAD85ADAE5246306447E46C ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
21:33:40.0578 0x0db8  Udfs - ok
21:33:40.0578 0x0db8  UIUSys - ok
21:33:40.0593 0x0db8  ultra - ok
21:33:40.0625 0x0db8  [ 402DDC88356B1BAC0EE3DD1580C76A31, 32A686595710336A6BFD54C03F552AE39439611662F84EF5D24193AE5665C6F3 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
21:33:40.0656 0x0db8  Update - ok
21:33:40.0687 0x0db8  [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91, 7746916DB48E3F5B243B63C066596AD9037A494BF1AD935946DD04AC85D983DF ] upnphost        C:\WINDOWS\System32\upnphost.dll
21:33:40.0703 0x0db8  upnphost - ok
21:33:40.0718 0x0db8  [ 05365FB38FCA1E98F7A566AAAF5D1815, 16843048CEEC3DAA3B953A12FF1EE339E86783A08F2A56DA7F94AD9F9717D77D ] UPS             C:\WINDOWS\System32\ups.exe
21:33:40.0718 0x0db8  UPS - ok
21:33:40.0796 0x0db8  [ 6E421CCC57059B0186C6259CA3B6DFC9, E348BF23CCD6C14FD10C1689BBDC77E125245331F97BFE60D4C8FD9A8711CB59 ] USBAAPL         C:\WINDOWS\system32\Drivers\usbaapl.sys
21:33:40.0796 0x0db8  USBAAPL - ok
21:33:40.0843 0x0db8  [ 65898A183FBF1D1F7759D5CCB364DCD4, 85E823123FDB4CA5F8255064E22A444627999055EC3419DFD001371893F36AB9 ] usbaudio        C:\WINDOWS\system32\drivers\usbaudio.sys
21:33:40.0843 0x0db8  usbaudio - ok
21:33:40.0875 0x0db8  [ 1B611611C28D2DF25BC057D79C6F13FC, B0D86F63E44B40413BBAE6402CC088046CFAE082D41BBC2ED5A916293356B846 ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
21:33:40.0875 0x0db8  usbccgp - ok
21:33:40.0890 0x0db8  [ 4BAC8DF07F1D8434FC640E677A62204E, 76C1351AF6752224BF59DEEE0F8665FE699F3DFD679F5BCD01C7D9383E6402A4 ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
21:33:40.0890 0x0db8  usbehci - ok
21:33:40.0906 0x0db8  [ 1AB3CDDE553B6E064D2E754EFE20285C, A99C4528C4227B1E96847614745AAFACD3C5F1BDFE435214DBF78740FFB300FE ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
21:33:40.0906 0x0db8  usbhub - ok
21:33:40.0937 0x0db8  [ A717C8721046828520C9EDF31288FC00, 1530BBE832EDBB0974AD89D723A03FF7A0094B368992D73C2C3E62A181DF1E0A ] usbprint        C:\WINDOWS\system32\DRIVERS\usbprint.sys
21:33:40.0937 0x0db8  usbprint - ok
21:33:40.0984 0x0db8  [ F8EDE2B6928970DCE3D5614C27D9E7F6, 6E5EBBC8B70C1D593634DAF0C190DEADFDA18C3CBC8F552A76F156F3869EF05B ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys
21:33:40.0984 0x0db8  usbscan - ok
21:33:41.0000 0x0db8  [ A32426D9B14A089EAA1D922E0C5801A9, ED1DC52EE45F8EAD3AEC4B1F817BB25634141CF48295494C5947DCE6CF7A9817 ] USBSTOR         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
21:33:41.0000 0x0db8  USBSTOR - ok
21:33:41.0000 0x0db8  [ 26496F9DEE2D787FC3E61AD54821FFE6, 8BE7FF647470B9A951CBB478FAF83D657A15CC78037F42348A6B738F21D523DA ] usbuhci         C:\WINDOWS\system32\DRIVERS\usbuhci.sys
21:33:41.0000 0x0db8  usbuhci - ok
21:33:41.0046 0x0db8  [ 813236B1183CFCF289E367BD5DE6E29E, 167FE18A96F330AEEC1A4C419770C15EFEB536D43838285E51E7A62E95DF4674 ] usbvideo        C:\WINDOWS\system32\Drivers\usbvideo.sys
21:33:41.0046 0x0db8  usbvideo - ok
21:33:41.0093 0x0db8  [ B4D7B7AD8A9F7C063C5CC3E2C1A0724E, CFA47A71403419CA7C94333B4F7766DFC97C5DCDBC3AD1B106044B93C979A5C5 ] usb_rndisx      C:\WINDOWS\system32\DRIVERS\usb8023x.sys
21:33:41.0093 0x0db8  usb_rndisx - ok
21:33:41.0093 0x0db8  [ 0D3A8FAFCEACD8B7625CD549757A7DF1, B9CFDEFCD66AA139F3DC2F967B184669532922563AD5A71769BABDC4370D065E ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
21:33:41.0093 0x0db8  VgaSave - ok
21:33:41.0093 0x0db8  ViaIde - ok
21:33:41.0125 0x0db8  [ 4C8FCB5CC53AAB716D810740FE59D025, 010EAC43DBED700B73E4FC908FAAF9F6A0168EBBD5D86751E49BC33AAA18BFA4 ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
21:33:41.0125 0x0db8  VolSnap - ok
21:33:41.0156 0x0db8  [ 7A9DB3A67C333BF0BD42E42B8596854B, D31A9A3B1AAAB373EDD73B674102395212FCB616F829E938B7B2B7BE7D4752C5 ] VSS             C:\WINDOWS\System32\vssvc.exe
21:33:41.0171 0x0db8  VSS - ok
21:33:41.0187 0x0db8  [ 54AF4B1D5459500EF0937F6D33B1914F, FA1876888BCB9C72A92369DBED4FF1A8666784523FB41E618FA0919490FCDDB9 ] W32Time         C:\WINDOWS\system32\w32time.dll
21:33:41.0203 0x0db8  W32Time - ok
21:33:41.0218 0x0db8  [ E20B95BAEDB550F32DD489265C1DA1F6, 5589B2067E6C9FBA290D8C5EADDC198EBAF39C50C3CD7D2BC5CDA7CBFBC445E5 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
21:33:41.0218 0x0db8  Wanarp - ok
21:33:41.0265 0x0db8  [ D918617B46457B9AC28027722E30F647, 407284D3055DC11944D4EE7E4357E7CF9CAF8CA40CA50633AB6FD4A82CB7EEA6 ] Wdf01000        C:\WINDOWS\system32\Drivers\wdf01000.sys
21:33:41.0296 0x0db8  Wdf01000 - ok
21:33:41.0296 0x0db8  WDICA - ok
21:33:41.0343 0x0db8  [ 6768ACF64B18196494413695F0C3A00F, 3A8F8586F1D997D19A8478345338D2AECD785AEABDB61531DD3F92003D3230A5 ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
21:33:41.0343 0x0db8  wdmaud - ok
21:33:41.0375 0x0db8  [ 77A354E28153AD2D5E120A5A8687BC06, 8B2D37A4443501C0A8E70BC2079BE27F0A36FD07B561E6F68B40A72EABBC2DFE ] WebClient       C:\WINDOWS\System32\webclnt.dll
21:33:41.0375 0x0db8  WebClient - ok
21:33:41.0421 0x0db8  [ 2D0E4ED081963804CCC196A0929275B5, E1D75C7D7233D81DFDE13160B0C80138DF8B35230D04FB79B367A52FACF69BF8 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
21:33:41.0437 0x0db8  winmgmt - ok
21:33:41.0468 0x0db8  [ FD600B032E741EB6AAB509FC630F7C42, 2AF671D0648A5C2D2C4A7D0FDE803F07CC079CF1FA4E237DB912A8C77D9EC1F6 ] WinUSB          C:\WINDOWS\system32\DRIVERS\WinUSB.sys
21:33:41.0484 0x0db8  WinUSB - ok
21:33:41.0578 0x0db8  [ 5144AE67D60EC653F97DDF3FEED29E77, F6238767284B2356A9F502E2ACCFAAC283FA13CBF238E98B5115A55179526B10 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
21:33:41.0640 0x0db8  wlidsvc - ok
21:33:41.0718 0x0db8  [ C51B4A5C05A5475708E3C81C7765B71D, F776D2680BD3407307B7072626F78460361FC5BC38623C9E16F394D300AB25DE ] WmdmPmSN        C:\WINDOWS\system32\MsPMSNSv.dll
21:33:41.0734 0x0db8  WmdmPmSN - ok
21:33:41.0750 0x0db8  [ E0673F1106E62A68D2257E376079F821, 12992F18C9653050B10DC61D12988067933FCFDF02123D3A7EF5DE607A785DDC ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
21:33:41.0750 0x0db8  WmiApSrv - ok
21:33:41.0859 0x0db8  [ F74E3D9A7FA9556C3BBB14D4E5E63D3B, C71FAAC752F6D58BF8556661252DBF8C5DDD090CAE002A2C7E09C9A014526066 ] WMPNetworkSvc   C:\Program Files\Windows Media Player\WMPNetwk.exe
21:33:41.0890 0x0db8  WMPNetworkSvc - ok
21:33:42.0000 0x0db8  [ 15673BD0B86150CB8E27766059C72A9B, 56C23289A8BFF4945EE532CF6D62D3EC81B827CA15A359F30A327789F9FE9CAF ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
21:33:42.0031 0x0db8  WPFFontCache_v0400 - ok
21:33:42.0062 0x0db8  [ 6ABE6E225ADB5A751622A9CC3BC19CE8, 4061C5D0F051DFF1730E2A3BFC1CCA97B29602FC50F10F6B44D93B0D28F42024 ] WS2IFSL         C:\WINDOWS\System32\drivers\ws2ifsl.sys
21:33:42.0062 0x0db8  WS2IFSL - ok
21:33:42.0093 0x0db8  [ C98B39829C2BBD34E454150633C62C78, 71B60EA3AD0E2637917D528C6A9E7ECF2949E3E5E91036AA5BBADA95BD725511 ] WSTCODEC        C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
21:33:42.0093 0x0db8  WSTCODEC - ok
21:33:42.0125 0x0db8  [ 35321FB577CDC98CE3EB3A3EB9E4610A, C9A6F5CF282D8FCB3CDFCC4B306013480E78E1B664E1A60A4E27B161F9FFD4CD ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
21:33:42.0125 0x0db8  wuauserv - ok
21:33:42.0171 0x0db8  [ EAA6324F51214D2F6718977EC9CE0DEF, B9DE1521395E09233FE519873702979C3EAF65FEC4B94B12A46CECB16C488543 ] WudfPf          C:\WINDOWS\system32\DRIVERS\WudfPf.sys
21:33:42.0171 0x0db8  WudfPf - ok
21:33:42.0203 0x0db8  [ F91FF1E51FCA30B3C3981DB7D5924252, D7052B58F22638CA8B59C6FD7408D6D6DD1C33910912CACC05C133472CE0DDCE ] WudfRd          C:\WINDOWS\system32\DRIVERS\wudfrd.sys
21:33:42.0218 0x0db8  WudfRd - ok
21:33:42.0250 0x0db8  [ DDEE3682FE97037C45F4D7AB467CB8B6, D5A8F07AF4EDD9D7E17FEC6222D187E2981C177A479511E407756E0E5CB8D387 ] WudfSvc         C:\WINDOWS\System32\WUDFSvc.dll
21:33:42.0250 0x0db8  WudfSvc - ok
21:33:42.0296 0x0db8  [ 81DC3F549F44B1C1FFF022DEC9ECF30B, 3D14BFEA539F9CEB16555BD56C5E3C7C8F6692FC62C2789F8AAEA1C042E63940 ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
21:33:42.0328 0x0db8  WZCSVC - ok
21:33:42.0343 0x0db8  [ 295D21F14C335B53CB8154E5B1F892B9, 9418477C2E3EA93E93D931A4EDD4500DA568FAD6040204B5201D1080203B0BBC ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
21:33:42.0343 0x0db8  xmlprov - ok
21:33:42.0343 0x0db8  zumbus - ok
21:33:42.0359 0x0db8  ================ Scan global ===============================
21:33:42.0390 0x0db8  [ 42F1F4C0AFB08410E5F02D4B13EBB623, 924C30587C51C0D1E1F47991969AF492A644552E15F2480EA991DCB74A3E68D5 ] C:\WINDOWS\system32\basesrv.dll
21:33:42.0437 0x0db8  [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll
21:33:42.0468 0x0db8  [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll
21:33:42.0484 0x0db8  [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] C:\WINDOWS\system32\services.exe
21:33:42.0484 0x0db8  [ Global ] - ok
21:33:42.0484 0x0db8  ================ Scan MBR ==================================
21:33:42.0500 0x0db8  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
21:33:42.0671 0x0db8  \Device\Harddisk0\DR0 - ok
21:33:42.0718 0x0db8  [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk1\DR3
21:33:42.0734 0x0db8  \Device\Harddisk1\DR3 - ok
21:33:42.0734 0x0db8  ================ Scan VBR ==================================
21:33:42.0734 0x0db8  [ CC3768D0EF0B7ABD6E7E3F9B573BC996 ] \Device\Harddisk0\DR0\Partition1
21:33:42.0734 0x0db8  \Device\Harddisk0\DR0\Partition1 - ok
21:33:42.0750 0x0db8  [ DD0F417A8C1BB5AB3853AD94933FC641 ] \Device\Harddisk1\DR3\Partition1
21:33:42.0750 0x0db8  \Device\Harddisk1\DR3\Partition1 - ok
21:33:42.0750 0x0db8  ================ Scan generic autorun ======================
21:33:42.0750 0x0db8  Norton Ghost 12.0 - ok
21:33:42.0796 0x0db8  [ C591E7DB162689C9A73A3BC9E5050F8E, 3CC7ED1313883D392EAFE890D8071A2AC77A6AC4A9F30E84F8ED9E21942D342C ] C:\WINDOWS\system32\igfxpers.exe
21:33:42.0796 0x0db8  Persistence - ok
21:33:42.0984 0x0db8  [ 2EF436D85A2CDEA3EAD111AC92313B23, 28CAA880C8D9F232DA7A986EE1FED779A8C4A57753A17B25C0F72F6F9AB5C21E ] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe
21:33:43.0093 0x0db8  Intuit SyncManager - ok
21:33:43.0171 0x0db8  Adobe Reader Speed Launcher - ok
21:33:43.0187 0x0db8  [ 1918A1D8E67A6452720797919FA520C9, 635E0501F5925F23BC053669CE22F95260FAC7BB0585962AD14F0B87D1481FD5 ] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
21:33:43.0187 0x0db8  ccApp - ok
21:33:43.0218 0x0db8  [ A1307C939E5216317E363D06A5473C7D, BF0B3B66CF45538FD80D3236CAD129B21201249A4121B01EAB8318A26C2FF981 ] C:\PROGRA~1\SYMANT~1\VPTray.exe
21:33:43.0234 0x0db8  vptray - ok
21:33:43.0312 0x0db8  [ 61E4289E91E88C90478D7F4BEB10DCF7, 1D0F4034E0111CF5758F470C15A22A0A28EB8269CB5BF07222C9C0FB07A15C55 ] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
21:33:43.0312 0x0db8  APSDaemon - ok
21:33:43.0328 0x0db8  iTunesHelper - ok
21:33:43.0390 0x0db8  [ 08E7173D1B74095335052459200CB1EA, 5B6EB8A65B5F451BF6115EB7CD1355E5870E6D764F22D767D13216BF17C5668F ] C:\Program Files\QuickTime\qttask.exe
21:33:43.0406 0x0db8  QuickTime Task - ok
21:33:43.0515 0x0db8  [ 34D296AFC913E302953C70463EF09A48, BC413307CBC56C039EE8A05B51A56E14EF59678FBB33815AEB320078056C8CE7 ] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
21:33:43.0515 0x0db8  HP Software Update - ok
21:33:43.0578 0x0db8  [ 107AF2DE3AF10D6D09C1B36FE9EF9156, 254D546C763CACA0D4FA6502E97284DD01CDC865AEB6C71706D4FDAB5FEDA2F0 ] C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exe
21:33:43.0609 0x0db8  AWMON - ok
21:33:43.0718 0x0db8  [ 5515EB5E3A8B073F66CFC697EB0D4B55, 308B2996AC15268D4D2B5AECD91E6B5BBEBB9A659AC0188C781B8E3E414923CD ] C:\Program Files\Microsoft ActiveSync\wcescomm.exe
21:33:43.0828 0x0db8  H/PC Connection Agent - ok
21:33:43.0859 0x0db8  [ 5F1D5F88303D4A4DBC8E5F97BA967CC3, 5FB24FC7916A6E6B3BE7D84CB1684215B266CD1495575C2E5672B8447932E5B1 ] C:\WINDOWS\system32\ctfmon.exe
21:33:43.0859 0x0db8  ctfmon.exe - ok
21:33:43.0890 0x0db8  swg - ok
21:33:43.0953 0x0db8  [ 5EEF47A4155886A6789D468BE4E4B761, D2AF362D34FA56BDE5397EF471CF0DC2D7D37D98FE7528E4F353EF00D6DAC4E2 ] C:\Program Files\AWS\WeatherBug Alert\WeatherBugAlert.exe
21:33:43.0968 0x0db8  WeatherBugAlert - ok
21:33:43.0984 0x0db8  [ 5F1D5F88303D4A4DBC8E5F97BA967CC3, 5FB24FC7916A6E6B3BE7D84CB1684215B266CD1495575C2E5672B8447932E5B1 ] C:\WINDOWS\system32\ctfmon.exe
21:33:43.0984 0x0db8  ctfmon.exe - ok
21:33:44.0031 0x0db8  [ 5515EB5E3A8B073F66CFC697EB0D4B55, 308B2996AC15268D4D2B5AECD91E6B5BBEBB9A659AC0188C781B8E3E414923CD ] C:\Program Files\Microsoft ActiveSync\wcescomm.exe
21:33:44.0062 0x0db8  H/PC Connection Agent - ok
21:33:44.0078 0x0db8  Pando Media Booster - ok
21:33:44.0109 0x0db8  FlashPlayerUpdate - ok
21:33:44.0125 0x0db8  [ 08E7173D1B74095335052459200CB1EA, 5B6EB8A65B5F451BF6115EB7CD1355E5870E6D764F22D767D13216BF17C5668F ] C:\Program Files\QuickTime\qttask.exe
21:33:44.0140 0x0db8  QuickTime Task - ok
21:33:44.0140 0x0db8  [ 5F1D5F88303D4A4DBC8E5F97BA967CC3, 5FB24FC7916A6E6B3BE7D84CB1684215B266CD1495575C2E5672B8447932E5B1 ] C:\WINDOWS\system32\ctfmon.exe
21:33:44.0140 0x0db8  ctfmon.exe - ok
21:33:44.0265 0x0db8  [ 395BCC9122E705F6586217E32CD01CC9, 0A2E3BF0E626A65B9FF1BEFB35FFBC9CCAA3C75DB395D175AAE2DD014A8E8A34 ] C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
21:33:44.0343 0x0db8  HP Officejet Pro 8600 (NET) - ok
21:33:44.0437 0x0db8  [ BE8E0779649D22951A4124B0DC68CA78, 73B4C86B7C2F7D6A0DA35015BCFD5A823862F2987F9DD74D79F614FE9013840C ] C:\Documents and Settings\Amelia\Local Settings\Application Data\UpdateAdmin\UpdateAdmin.exe
21:33:44.0453 0x0db8  UpdateAdmin - ok
21:33:44.0531 0x0db8  [ 42170B17D82FF8059BA28C7B7AE8F097, 82E2DD884D75767E09884798925355FF9ACBFE0014A0CAED1EE97159D1FD164A ] C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_15_0_0_167_ActiveX.exe
21:33:44.0562 0x0db8  FlashPlayerUpdate - ok
21:33:44.0578 0x0db8  [ 5F1D5F88303D4A4DBC8E5F97BA967CC3, 5FB24FC7916A6E6B3BE7D84CB1684215B266CD1495575C2E5672B8447932E5B1 ] C:\WINDOWS\system32\ctfmon.exe
21:33:44.0578 0x0db8  ctfmon.exe - ok
21:33:44.0578 0x0db8  Waiting for KSN requests completion. In queue: 255
21:33:45.0640 0x0db8  AV detected via SS1: Symantec AntiVirus Corporate Edition, 10.1.5.5000, enabled, outofdate
21:33:48.0140 0x0db8  ============================================================
21:33:48.0140 0x0db8  Scan finished
21:33:48.0140 0x0db8  ============================================================
21:33:48.0156 0x0ae8  Detected object count: 0
21:33:48.0156 0x0ae8  Actual detected object count: 0
21:34:35.0906 0x08b8  Deinitialize success


#13 Johnny Computer

Johnny Computer

  • Malware Response Team
  • 1,739 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:127.0.0.1
  • Local time:09:17 AM

Posted 08 November 2014 - 05:39 PM

Hi Steve_M_T-
 

Please copy and paste the contents of the code box below into a notepad file and save it as Fixlist.txt to the same location where your FRST executable is stored.
 
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1645522239-1123561945-839522115-1004\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
BHO: TidyNetwork -> {5B37E98B-EACB-36E5-CA43-EF55B3653943} -> C:\Program Files\TidyNetwork\petn.dll No File
FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll No File    
2014-10-26 07:08 - 2014-10-26 07:08 - 00000000 ____D () C:\Program Files\Common Files\Hoist Search
2014-10-26 07:08 - 2014-10-26 07:08 - 00000000 ____D () C:\Program Files\Common Files\DealAlly
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:000D6A25
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:03D08225
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:04B1A0AC
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:0785072C
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:090FB735
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:0AC32449
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:0D060666
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:0F38F234
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:11411CE5
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:15734396
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:1A15E356
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:1A5207FA
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:1B5B615D
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:206470A5
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:225CD7D5
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:24C072FF
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:260575F1
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:2AC146B9
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:2AE74FF9
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:2CB9631F
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:2D2461E7
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:30A9192A
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:378824DE
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:3AF262FC
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:3B454A5C
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:3DB6F365
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:3E06C78F
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:4018444F
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:415E77AB
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:4673E9EA
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:46CBC45C
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:4DCAC4BC
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:4DDE401B
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:512E1728
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:5133A494
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:52C24010
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:561B1D2B
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:569CEE83
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:5E9B629B
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:61B54B15
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:63C29481
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:697DDE2B
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:6BFA43EB
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:71612023
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:7ADB695A
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:7DC5D762
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:7E4E56EA
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:838FECBF
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:8401B6D5
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:88C5973F
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:89FC8EEB
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:8E5EA40F
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:90D89144
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:922DA2DB
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:94A31742
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:9720EBEF
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:97CA3B9E
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:98DFF516
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:9BAC4211
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:9BB8C675
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:9BFB769D
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:9C3AAD57
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:9E3D44B7
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:9FD757A9
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:A02025CE
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:A0921B2C
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:A4AF8D0D
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:A4E7D25F
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:A76A1B1B
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:AA0017FD
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:AC83EA04
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:AE34D87E
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:BBC9C1EB
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:BE6B5FC3
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:BED8A204
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:BF6A2C54
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:C72A744C
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:C820549A
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:CA400C1B
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:CB16385F
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:D31BE97C
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:D48500F8
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:D5CCCBAA
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:D6D084A5
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:D9656460
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:E2CFA9CD
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:E51234A9
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:E8B61305
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:E9C2F553
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:EB4FEEF5
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:EB86F355
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:EE2B5DE3
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:EE69D7DF
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:F0E908D5
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:F8435088
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:F84B8DB5
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:F89F2593
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:F9689B72
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] fastprox.dll ATTENTION! ====> ZeroAccess?
HKU\S-1-5-21-1645522239-1123561945-839522115-1004\...409d6c4515e9\InprocServer32: [Default-shell32] C:\RECYCLER\S-1-5-21-1645522239-1123561945-839522115-1004\$716e1d4a7e39def7adc60d955f43539c\o. ATTENTION! ====> ZeroAccess?
C:\RECYCLER\S-1-5-21-1645522239-1123561945-839522115-1004\$716e1d4a7e39def7adc60d955f43539c

Run FRST/FRST64 and press the Fix button just once and wait.


If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.


When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
 
 =============================================================
 
IN YOUR NEXT REPLY I NEED:
 
1.)   Your Fixlist log
 
Thanks     :)

 

Edited by Johnny Computer, 08 November 2014 - 05:46 PM.

avatar591802_2.gif"DO OR DO NOT. THERE IS NO TRY."


#14 Steve_M_T

Steve_M_T
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:09:17 AM

Posted 08 November 2014 - 07:33 PM

Hi Johnny C.

Thanks.  Hope this worked properly. The first time I started FRST and pressed "fix" I got a Windows error message saying it had to close due to an unspecified problem.  However, the FRST window did not close, but nothing happened.  I closed the window and restarted the application, clicked "fix", and it responded within seconds that the fix had been completed and the following Fixlog generated:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 08-11-2014 01
Ran by Steve at 2014-11-08 19:25:38 Run:2
Running from C:\Documents and Settings\Steve\Desktop
Loaded Profile: Steve (Available profiles: Steve & Claire & Amelia & Administrator)
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <=======
ATTENTION
 
HKU\S-1-5-21-1645522239-1123561945-839522115-1004\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
 
BHO: TidyNetwork -> {5B37E98B-EACB-36E5-CA43-EF55B3653943} -> C:\Program Files\TidyNetwork\petn.dll No File
 
FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll No File    
 
2014-10-26 07:08 - 2014-10-26 07:08 - 00000000 ____D () C:\Program Files\Common Files\Hoist Search
 
2014-10-26 07:08 - 2014-10-26 07:08 - 00000000 ____D () C:\Program Files\Common Files\DealAlly
 
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:000D6A25
 
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:03D08225
 
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:04B1A0AC
 
AlternateDataStreams: C:\Documents and Settings\All Users\Application
Data\TEMP:0785072C
 
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:090FB735
 
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:0AC32449
 
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:0D060666
 
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:0F38F234
 
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:11411CE5
 
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:15734396
 
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:1A15E356
 
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:1A5207FA
 
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:1B5B615D
 
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:206470A5
 
AlternateDataStreams: C:\Documents and Settings\All Users\Application
Data\TEMP:225CD7D5
 
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:24C072FF
 
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:260575F1
 
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:2AC146B9
 
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:2AE74FF9
 
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:2CB9631F
 
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:2D2461E7
 
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:30A9192A
 
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:378824DE
 
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:3AF262FC
 
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:3B454A5C
 
AlternateDataStreams: C:\Documents and Settings\All Users\Application
Data\TEMP:3DB6F365
 
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:3E06C78F
 
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:4018444F
 
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:415E77AB
 
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:4673E9EA
 
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:46CBC45C
 
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:4DCAC4BC
 
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:4DDE401B
 
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:512E1728
 
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:5133A494
 
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:52C24010
 
AlternateDataStreams: C:\Documents and Settings\All Users\Application
Data\TEMP:561B1D2B
 
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:569CEE83
 
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:5E9B629B
 
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:61B54B15
 
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:63C29481
 
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:697DDE2B
 
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:6BFA43EB
 
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:71612023
 
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:7ADB695A
 
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:7DC5D762
 
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:7E4E56EA
 
AlternateDataStreams: C:\Documents and Settings\All Users\Application
Data\TEMP:838FECBF
 
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:8401B6D5
 
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:88C5973F
 
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:89FC8EEB
 
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:8E5EA40F
 
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:90D89144
 
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:922DA2DB
 
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:94A31742
 
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:9720EBEF
 
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:97CA3B9E
 
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:98DFF516
 
AlternateDataStreams: C:\Documents and Settings\All Users\Application
Data\TEMP:9BAC4211
 
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:9BB8C675
 
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:9BFB769D
 
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:9C3AAD57
 
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:9E3D44B7
 
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:9FD757A9
 
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:A02025CE
 
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:A0921B2C
 
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:A4AF8D0D
 
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:A4E7D25F
 
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:A76A1B1B
 
AlternateDataStreams: C:\Documents and Settings\All Users\Application
Data\TEMP:AA0017FD
 
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:AC83EA04
 
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:AE34D87E
 
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:BBC9C1EB
 
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:BE6B5FC3
 
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:BED8A204
 
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:BF6A2C54
 
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:C72A744C
 
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:C820549A
 
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:CA400C1B
 
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:CB16385F
 
AlternateDataStreams: C:\Documents and Settings\All Users\Application
Data\TEMP:D31BE97C
 
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:D48500F8
 
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:D5CCCBAA
 
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:D6D084A5
 
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:D9656460
 
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:E2CFA9CD
 
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:E51234A9
 
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:E8B61305
 
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:E9C2F553
 
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:EB4FEEF5
 
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:EB86F355
 
AlternateDataStreams: C:\Documents and Settings\All Users\Application
Data\TEMP:EE2B5DE3
 
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:EE69D7DF
 
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:F0E908D5
 
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:F8435088
 
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:F84B8DB5
 
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:F89F2593
 
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:F9689B72
 
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] fastprox.dll ATTENTION! ====> ZeroAccess?
 
HKU\S-1-5-21-1645522239-1123561945-839522115-1004\...409d6c4515e9\InprocServer32: [Default-shell32] C:\RECYCLER\S-1-5-21-1645522239-1123561945-839522115-1004\$716e1d4a7e39def7adc60d955f43539c\o. ATTENTION! ====>
ZeroAccess?
 
C:\RECYCLER\S-1-5-21-1645522239-1123561945-839522115-1004\$716e1d4a7e39def7adc60d955f43539c
 
*****************
 
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key Deleted successfully.
ATTENTION => Error: No automatic fix found for this entry.
"HKU\S-1-5-21-1645522239-1123561945-839522115-1004\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5B37E98B-EACB-36E5-CA43-EF55B3653943}" => Key deleted successfully.
"HKCR\CLSID\{5B37E98B-EACB-36E5-CA43-EF55B3653943}" => Key deleted successfully.
"HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin" => Key Deleted successfully.
C:\Program Files\Common Files\Hoist Search => Moved successfully.
C:\Program Files\Common Files\DealAlly => Moved successfully.
C:\Documents and Settings\All Users\Application Data\TEMP => ":000D6A25" ADS removed successfully.
C:\Documents and Settings\All Users\Application Data\TEMP => ":03D08225" ADS removed successfully.
C:\Documents and Settings\All Users\Application Data\TEMP => ":04B1A0AC" ADS removed successfully.
"AlternateDataStreams: C:\Documents and Settings\All Users\Application" => "AlternateDataStreams: C:\Documents and Settings\All Users\Application" ADS not found.
Data\TEMP:0785072C => Error: No automatic fix found for this entry.
C:\Documents and Settings\All Users\Application Data\TEMP => ":090FB735" ADS removed successfully.
C:\Documents and Settings\All Users\Application Data\TEMP => ":0AC32449" ADS removed successfully.
C:\Documents and Settings\All Users\Application Data\TEMP => ":0D060666" ADS removed successfully.
C:\Documents and Settings\All Users\Application Data\TEMP => ":0F38F234" ADS removed successfully.
C:\Documents and Settings\All Users\Application Data\TEMP => ":11411CE5" ADS removed successfully.
C:\Documents and Settings\All Users\Application Data\TEMP => ":15734396" ADS removed successfully.
C:\Documents and Settings\All Users\Application Data\TEMP => ":1A15E356" ADS removed successfully.
C:\Documents and Settings\All Users\Application Data\TEMP => ":1A5207FA" ADS removed successfully.
C:\Documents and Settings\All Users\Application Data\TEMP => ":1B5B615D" ADS removed successfully.
C:\Documents and Settings\All Users\Application Data\TEMP => ":206470A5" ADS removed successfully.
"AlternateDataStreams: C:\Documents and Settings\All Users\Application" => "AlternateDataStreams: C:\Documents and Settings\All Users\Application" ADS not found.
Data\TEMP:225CD7D5 => Error: No automatic fix found for this entry.
C:\Documents and Settings\All Users\Application Data\TEMP => ":24C072FF" ADS removed successfully.
C:\Documents and Settings\All Users\Application Data\TEMP => ":260575F1" ADS removed successfully.
C:\Documents and Settings\All Users\Application Data\TEMP => ":2AC146B9" ADS removed successfully.
C:\Documents and Settings\All Users\Application Data\TEMP => ":2AE74FF9" ADS removed successfully.
C:\Documents and Settings\All Users\Application Data\TEMP => ":2CB9631F" ADS removed successfully.
C:\Documents and Settings\All Users\Application Data\TEMP => ":2D2461E7" ADS removed successfully.
C:\Documents and Settings\All Users\Application Data\TEMP => ":30A9192A" ADS removed successfully.
C:\Documents and Settings\All Users\Application Data\TEMP => ":378824DE" ADS removed successfully.
C:\Documents and Settings\All Users\Application Data\TEMP => ":3AF262FC" ADS removed successfully.
C:\Documents and Settings\All Users\Application Data\TEMP => ":3B454A5C" ADS removed successfully.
"AlternateDataStreams: C:\Documents and Settings\All Users\Application" => "AlternateDataStreams: C:\Documents and Settings\All Users\Application" ADS not found.
Data\TEMP:3DB6F365 => Error: No automatic fix found for this entry.
C:\Documents and Settings\All Users\Application Data\TEMP => ":3E06C78F" ADS removed successfully.
C:\Documents and Settings\All Users\Application Data\TEMP => ":4018444F" ADS removed successfully.
C:\Documents and Settings\All Users\Application Data\TEMP => ":415E77AB" ADS removed successfully.
C:\Documents and Settings\All Users\Application Data\TEMP => ":4673E9EA" ADS removed successfully.
C:\Documents and Settings\All Users\Application Data\TEMP => ":46CBC45C" ADS removed successfully.
C:\Documents and Settings\All Users\Application Data\TEMP => ":4DCAC4BC" ADS removed successfully.
C:\Documents and Settings\All Users\Application Data\TEMP => ":4DDE401B" ADS removed successfully.
C:\Documents and Settings\All Users\Application Data\TEMP => ":512E1728" ADS removed successfully.
C:\Documents and Settings\All Users\Application Data\TEMP => ":5133A494" ADS removed successfully.
C:\Documents and Settings\All Users\Application Data\TEMP => ":52C24010" ADS removed successfully.
"AlternateDataStreams: C:\Documents and Settings\All Users\Application" => "AlternateDataStreams: C:\Documents and Settings\All Users\Application" ADS not found.
Data\TEMP:561B1D2B => Error: No automatic fix found for this entry.
C:\Documents and Settings\All Users\Application Data\TEMP => ":569CEE83" ADS removed successfully.
C:\Documents and Settings\All Users\Application Data\TEMP => ":5E9B629B" ADS removed successfully.
C:\Documents and Settings\All Users\Application Data\TEMP => ":61B54B15" ADS removed successfully.
C:\Documents and Settings\All Users\Application Data\TEMP => ":63C29481" ADS removed successfully.
C:\Documents and Settings\All Users\Application Data\TEMP => ":697DDE2B" ADS removed successfully.
C:\Documents and Settings\All Users\Application Data\TEMP => ":6BFA43EB" ADS removed successfully.
C:\Documents and Settings\All Users\Application Data\TEMP => ":71612023" ADS removed successfully.
C:\Documents and Settings\All Users\Application Data\TEMP => ":7ADB695A" ADS removed successfully.
C:\Documents and Settings\All Users\Application Data\TEMP => ":7DC5D762" ADS removed successfully.
C:\Documents and Settings\All Users\Application Data\TEMP => ":7E4E56EA" ADS removed successfully.
"AlternateDataStreams: C:\Documents and Settings\All Users\Application" => "AlternateDataStreams: C:\Documents and Settings\All Users\Application" ADS not found.
Data\TEMP:838FECBF => Error: No automatic fix found for this entry.
C:\Documents and Settings\All Users\Application Data\TEMP => ":8401B6D5" ADS removed successfully.
C:\Documents and Settings\All Users\Application Data\TEMP => ":88C5973F" ADS removed successfully.
C:\Documents and Settings\All Users\Application Data\TEMP => ":89FC8EEB" ADS removed successfully.
C:\Documents and Settings\All Users\Application Data\TEMP => ":8E5EA40F" ADS removed successfully.
C:\Documents and Settings\All Users\Application Data\TEMP => ":90D89144" ADS removed successfully.
C:\Documents and Settings\All Users\Application Data\TEMP => ":922DA2DB" ADS removed successfully.
C:\Documents and Settings\All Users\Application Data\TEMP => ":94A31742" ADS removed successfully.
C:\Documents and Settings\All Users\Application Data\TEMP => ":9720EBEF" ADS removed successfully.
C:\Documents and Settings\All Users\Application Data\TEMP => ":97CA3B9E" ADS removed successfully.
C:\Documents and Settings\All Users\Application Data\TEMP => ":98DFF516" ADS removed successfully.
"AlternateDataStreams: C:\Documents and Settings\All Users\Application" => "AlternateDataStreams: C:\Documents and Settings\All Users\Application" ADS not found.
Data\TEMP:9BAC4211 => Error: No automatic fix found for this entry.
C:\Documents and Settings\All Users\Application Data\TEMP => ":9BB8C675" ADS removed successfully.
C:\Documents and Settings\All Users\Application Data\TEMP => ":9BFB769D" ADS removed successfully.
C:\Documents and Settings\All Users\Application Data\TEMP => ":9C3AAD57" ADS removed successfully.
C:\Documents and Settings\All Users\Application Data\TEMP => ":9E3D44B7" ADS removed successfully.
C:\Documents and Settings\All Users\Application Data\TEMP => ":9FD757A9" ADS removed successfully.
C:\Documents and Settings\All Users\Application Data\TEMP => ":A02025CE" ADS removed successfully.
C:\Documents and Settings\All Users\Application Data\TEMP => ":A0921B2C" ADS removed successfully.
C:\Documents and Settings\All Users\Application Data\TEMP => ":A4AF8D0D" ADS removed successfully.
C:\Documents and Settings\All Users\Application Data\TEMP => ":A4E7D25F" ADS removed successfully.
C:\Documents and Settings\All Users\Application Data\TEMP => ":A76A1B1B" ADS removed successfully.
"AlternateDataStreams: C:\Documents and Settings\All Users\Application" => "AlternateDataStreams: C:\Documents and Settings\All Users\Application" ADS not found.
Data\TEMP:AA0017FD => Error: No automatic fix found for this entry.
C:\Documents and Settings\All Users\Application Data\TEMP => ":AC83EA04" ADS removed successfully.
C:\Documents and Settings\All Users\Application Data\TEMP => ":AE34D87E" ADS removed successfully.
C:\Documents and Settings\All Users\Application Data\TEMP => ":BBC9C1EB" ADS removed successfully.
C:\Documents and Settings\All Users\Application Data\TEMP => ":BE6B5FC3" ADS removed successfully.
C:\Documents and Settings\All Users\Application Data\TEMP => ":BED8A204" ADS removed successfully.
C:\Documents and Settings\All Users\Application Data\TEMP => ":BF6A2C54" ADS removed successfully.
C:\Documents and Settings\All Users\Application Data\TEMP => ":C72A744C" ADS removed successfully.
C:\Documents and Settings\All Users\Application Data\TEMP => ":C820549A" ADS removed successfully.
C:\Documents and Settings\All Users\Application Data\TEMP => ":CA400C1B" ADS removed successfully.
C:\Documents and Settings\All Users\Application Data\TEMP => ":CB16385F" ADS removed successfully.
"AlternateDataStreams: C:\Documents and Settings\All Users\Application" => "AlternateDataStreams: C:\Documents and Settings\All Users\Application" ADS not found.
Data\TEMP:D31BE97C => Error: No automatic fix found for this entry.
C:\Documents and Settings\All Users\Application Data\TEMP => ":D48500F8" ADS removed successfully.
C:\Documents and Settings\All Users\Application Data\TEMP => ":D5CCCBAA" ADS removed successfully.
C:\Documents and Settings\All Users\Application Data\TEMP => ":D6D084A5" ADS removed successfully.
C:\Documents and Settings\All Users\Application Data\TEMP => ":D9656460" ADS removed successfully.
C:\Documents and Settings\All Users\Application Data\TEMP => ":E2CFA9CD" ADS removed successfully.
C:\Documents and Settings\All Users\Application Data\TEMP => ":E51234A9" ADS removed successfully.
C:\Documents and Settings\All Users\Application Data\TEMP => ":E8B61305" ADS removed successfully.
C:\Documents and Settings\All Users\Application Data\TEMP => ":E9C2F553" ADS removed successfully.
C:\Documents and Settings\All Users\Application Data\TEMP => ":EB4FEEF5" ADS removed successfully.
C:\Documents and Settings\All Users\Application Data\TEMP => ":EB86F355" ADS removed successfully.
"AlternateDataStreams: C:\Documents and Settings\All Users\Application" => "AlternateDataStreams: C:\Documents and Settings\All Users\Application" ADS not found.
Data\TEMP:EE2B5DE3 => Error: No automatic fix found for this entry.
C:\Documents and Settings\All Users\Application Data\TEMP => ":EE69D7DF" ADS removed successfully.
C:\Documents and Settings\All Users\Application Data\TEMP => ":F0E908D5" ADS removed successfully.
C:\Documents and Settings\All Users\Application Data\TEMP => ":F8435088" ADS removed successfully.
C:\Documents and Settings\All Users\Application Data\TEMP => ":F84B8DB5" ADS removed successfully.
C:\Documents and Settings\All Users\Application Data\TEMP => ":F89F2593" ADS removed successfully.
C:\Documents and Settings\All Users\Application Data\TEMP => ":F9689B72" ADS removed successfully.
HKLM\Software\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InprocServer32\\Default => Value was restored successfully.
"HKU\S-1-5-21-1645522239-1123561945-839522115-1004\Software\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}" => Key deleted successfully.
ZeroAccess? => Error: No automatic fix found for this entry.
C:\RECYCLER\S-1-5-21-1645522239-1123561945-839522115-1004\$716e1d4a7e39def7adc60d955f43539c => Moved successfully.
 
==== End of Fixlog ====


#15 Johnny Computer

Johnny Computer

  • Malware Response Team
  • 1,739 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:127.0.0.1
  • Local time:09:17 AM

Posted 09 November 2014 - 03:55 PM

Hello Steve_M_T-
 
Please re run FRST, just the scan not the fix, and post the contents of the FRST scan log in your next reply.
 
 -------------------------------------------------------
 
IN YOUR NEXT REPLY I NEED:
 
1.)   Your FRST log
2.)   How is your computer running now.  Are you experiencing some, all, or none of the issues you originally posted about?
 
Thanks  :)


avatar591802_2.gif"DO OR DO NOT. THERE IS NO TRY."





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users