Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Search Search
Search for:
Tech Support Guy > > >

Google Link Redirects Virus

(In Progress)
(!)

FlyingSafe's Avatar
FlyingSafe FlyingSafe is offline
Member with 16 posts.
THREAD STARTER
 
Join Date: Nov 2012
08-Nov-2012, 04:18 PM #1
Google Link Redirects Virus
I am using Windows 7
I google "walmart" and click on the link that should go to walmart.com but it instead goes to http://8.26.70.252/see/display.php?q...3568&subid=e10

My hijackthis log:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:08:01 PM, on 11/8/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16450)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files (x86)\Lexmark 7600 Series\lxdwmon.exe
C:\Program Files (x86)\Lexmark 7600 Series\ezprint.exe
C:\Program Files (x86)\Common Files\SupportSoft\bin\bcont.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpy.exe
C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe
C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
C:\Users\Dennis\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\SFT\GuardedID\GIDD.exe
C:\Program Files (x86)\Comcast\Desktop Doctor\bin\sprtcmd.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe
C:\Users\Dennis\Desktop\HijackThis.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\SysWOW64\NOTEPAD.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: FreeOnlineRadioPlayerRecorder Toolbar - {f999a48b-1950-4d81-9971-79018f807b4b} - C:\Program Files (x86)\FreeOnlineRadioPlayerRecorder\prxtbFre0.dll
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\IPS\IPSBHO.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Constant Guard Protection Suite - {B84CDBE7-1B46-494B-A188-01D4C52DEB61} - C:\ProgramData\White Sky, Inc\ID Vault\IEBHO1.12.1012.1\NativeBHO.dll
O2 - BHO: Updater For XFIN_PORTAL - {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} - C:\Program Files (x86)\xfin_portal\auxi\comcastAu.dll (file missing)
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O2 - BHO: FreeOnlineRadioPlayerRecorder - {f999a48b-1950-4d81-9971-79018f807b4b} - C:\Program Files (x86)\FreeOnlineRadioPlayerRecorder\prxtbFre0.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: FreeOnlineRadioPlayerRecorder Toolbar - {f999a48b-1950-4d81-9971-79018f807b4b} - C:\Program Files (x86)\FreeOnlineRadioPlayerRecorder\prxtbFre0.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\coIEPlg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [GIDDesktop] C:\Program Files (x86)\SFT\GuardedID\gidd.exe /s
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [ddoctorv2] "C:\Program Files (x86)\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MaxMySpeed Registry Cleaner] c:\program files (x86)\cyberdefender\registry scanner\Startcdrc.exe
O4 - HKCU\..\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe
O4 - HKCU\..\Run: [Desktop Software] "C:\Program Files (x86)\Common Files\SupportSoft\bin\bcont.exe" /ini "C:\Program Files (x86)\ComcastUI\Desktop Software\uinstaller.ini" /fromrun /starthidden
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
O4 - HKCU\..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
O4 - HKCU\..\Run: [com.apple.dav.bookmarks.daemon] C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
O4 - HKCU\..\Run: [ComcastAntispyClient] "C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntispy.exe" /hide
O4 - HKCU\..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-679516130-3449678583-2315309752-1003\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'postgres')
O4 - HKUS\S-1-5-21-679516130-3449678583-2315309752-1003\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'postgres')
O4 - Startup: Dropbox.lnk = Dennis\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Global Startup: Constant Guard.lnk = C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: PictureMover.lnk = C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files (x86)\Bodog Poker\BPGame.exe (file missing)
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn...Detection2.cab
O16 - DPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73} (iCloud Web App Plugin) - https://www.icloud.com/system/iCloud.cab
O16 - DPF: {AFD8A3A3-8B73-444B-82F2-2E4345FA5B38} (OneClickFixes Class) - http://www.comcastsupport.com/sdcxus...omcast.Ocf.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Comcast AntiSpyware (AntiSpywareService) - Unknown owner - C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CinemaNow Service - CinemaNow, Inc. - C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: CGPS Service (IDVaultSvc) - White Sky, Inc. - C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files (x86)\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxdwCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\x64\3\\lxdwserv.exe
O23 - Service: lxdw_device - - C:\Windows\system32\lxdwcoms.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Norton Security Suite (N360) - Symantec Corporation - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PostgreSQL Database Server 8.3 (pgsql-8.3) - PostgreSQL Global Development Group - C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: Print Spooler (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files (x86)\Comcast\Desktop Doctor\bin\sprtsvc.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files (x86)\Common Files\Symantec Shared\Support Controls\ssrc.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 18338 bytes


ATTACH.TXT
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-07.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 6/16/2010 8:34:55 PM
System Uptime: 11/1/2012 7:36:25 AM (174 hours ago)
.
Motherboard: MSI | | 2A9C
Processor: Intel(R) Core(TM) i5 CPU 650 @ 3.20GHz | CPU 1 | 3201/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 920 GiB total, 811.324 GiB free.
D: is FIXED (NTFS) - 12 GiB total, 1.405 GiB free.
E: is CDROM (CDFS)
G: is Removable
H: is Removable
I: is Removable
J: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Officejet J6400 series
Device ID: ROOT\MULTIFUNCTION\0001
Manufacturer: HP
Name: Officejet J6400 series
PNP Device ID: ROOT\MULTIFUNCTION\0001
Service:
.
Class GUID:
Description: Officejet J6400 series
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer:
Name: Officejet J6400 series
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:
.
==== System Restore Points ===================
.
RP324: 11/2/2012 3:00:10 AM - Windows Update
RP325: 11/3/2012 3:00:11 AM - Windows Update
RP326: 11/4/2012 2:00:11 AM - Windows Update
RP327: 11/4/2012 3:00:10 AM - Windows Update
RP328: 11/5/2012 3:00:11 AM - Windows Update
RP329: 11/6/2012 1:20:10 AM - HPSF Restore Point
RP330: 11/6/2012 3:00:11 AM - Windows Update
RP331: 11/7/2012 3:00:12 AM - Windows Update
RP332: 11/8/2012 3:00:11 AM - Windows Update
.
==== Installed Programs ======================
.
64 Bit HP CIO Components Installer
6400_Help
7-Zip 4.65
Adobe Flash Player 10 ActiveX 64-bit
Adobe Flash Player 11 ActiveX
Adobe Reader 9.5.2
AIO_CDB_Software
AIO_Scan
AMD APP SDK Runtime
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI Catalyst Install Manager
ATI Problem Report Wizard
AVS Audio Editor version 6.1
AVS Update Manager 1.0
AVS4YOU Software Navigator 1.4
Bejeweled 2 Deluxe
Bing Bar
Bing Rewards Client Installer
Blackhawk Striker 2
Blasterball 3
Bonjour
bpd_scan
BPDSoftware
BPDSoftware_Ini
BufferChm
Build-a-lot 2
CA Pest Patrol Realtime Protection
Cake Mania
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Chuzzle Deluxe
CinemaNow Media Manager
Comcast Desktop Software (v1.2.0.9)
Compatibility Pack for the 2007 Office system
Constant Guard Protection Suite
CustomerResearchQFolder
CyberLink DVD Suite Deluxe
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Desktop Doctor
Destination Component
DeviceDiscovery
DeviceManagementQFolder
Diner Dash 2 Restaurant Rescue
DocMgr
DocProc
DocProcQFolder
Dora's Carnival Adventure
Dropbox
DVD Menu Pack for HP MediaSmart Video
EMCO Ping Monitor Free 4.2
Escape Rosecliff Island
eSupportQFolder
Faerie Solitaire
FATE
Fax
FreeOnlineRadioPlayerRecorder Toolbar
Google Chrome
Google Earth Plug-in
Google Toolbar for Internet Explorer
Google Update Helper
GPBaseService
GuardedID
Hardware Diagnostic Tools
Hewlett-Packard ACLM.NET v1.1.2.0
Holdem Manager
HP Advisor
HP Customer Experience Enhancements
HP Customer Participation Program 10.0
HP Document Manager 1.0
HP Game Console
HP Games
HP Imaging Device Functions 10.0
HP MediaSmart CinemaNow 2.0
HP MediaSmart DVD
HP MediaSmart Music
HP MediaSmart Photo
HP MediaSmart SmartMenu
HP MediaSmart Video
HP MediaSmart/TouchSmart Netflix
HP Odometer
HP Officejet J6400 Series
HP Photosmart Essential 2.5
HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B
HP Product Detection
HP Setup
HP Smart Web Printing 4.60
HP Solution Center 10.0
HP Support Assistant
HP Support Information
HP Update
HPDiagnosticAlert
HPPhotoGadget
HPProductAssistant
HPSSupply
Hulu Desktop
HydraVision
iCloud
iTunes
J6400
Java(TM) 6 Update 25 (64-bit)
Jewel Quest 3
Jewel Quest Solitaire 2
Junk Mail filter update
LabelPrint
Lexmark 7600 Series
LightScribe System Software
Malwarebytes Anti-Malware version 1.65.1.1000
MarketResearch
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Conferencing Add-in for Microsoft Office Outlook
Microsoft IntelliPoint 8.2
Microsoft IntelliType Pro 8.2
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft SharedView
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
Microsoft WSE 3.0 Runtime
MobileMe Control Panel
Movie Theme Pack for HP MediaSmart Video
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Mystery P.I. - The New York Fortune
Network64
Norton Security Suite
OCR Software by I.R.I.S. 10.0
Penguins!
PhotoNow!
PictureMover
Plants vs. Zombies
PlayReady PC Runtime amd64
Poker Superstars III
PokerStars
Polar Bowler
Polar Golfer
PostgreSQL 8.3
Power Sound Editor Free
Power2Go
PowerDirector
ProductContext
PSSWCORE
QuickTime
Ralink RT2860 Wireless LAN Card
Realtek High Definition Audio Driver
Recovery Manager
Roxio CinemaNow 2.0
Safari
Scan
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687436) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553260) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589322) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2553488) 32-Bit Edition
SharkScope HUD 1.0.173
Shop for HP Supplies
SitNGo Wizard
Skype Click to Call
Skype™ 5.10
SmartWebPrinting
SolutionCenter
South Point Poker
Status
Symantec Technical Support Web Controls
TableNinja
TextTwist 2
Toolbox
Tournament Indicator 1.6.7
Tournament Shark
TrayApp
UnloadSupport
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553272) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598289) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
VideoToolkit01
Virtual Families
Virtual Villagers - The Secret City
Web Cam 320
WebReg
Wheel of Fortune 2
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Zuma's Revenge
.
==== Event Viewer Messages From Past Week ========
.
11/8/2012 3:00:36 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Windows 7 for x64-based Systems (KB2724197).
11/8/2012 3:00:27 AM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume OS.
11/5/2012 10:14:43 AM, Error: Service Control Manager [7031] - The Norton Security Suite service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
11/1/2012 7:40:01 AM, Error: Service Control Manager [7022] - The HP CUE DeviceDiscovery Service service hung on starting.
11/1/2012 7:37:23 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the lxdwCATSCustConnectService service to connect.
11/1/2012 7:37:23 AM, Error: Service Control Manager [7000] - The lxdwCATSCustConnectService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/1/2012 7:36:59 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff800031906ea, 0x0000000000000001, 0x0000000000000018). A dump was saved in: C:\Windows\Minidump\110112-28002-01.dmp. Report Id: 110112-28002-01.
11/1/2012 7:35:07 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.
.
==== End Of File ===========================



DDS.TXT
DDS (Ver_2012-11-07.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16450
Run by Dennis at 13:54:04 on 2012-11-08
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8119.4652 [GMT -6:00]
.
AV: Norton Security Suite *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Security Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Security Suite *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\CA\PPRT\bin\ITMRTSVC.exe
c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\lxdwcoms.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files (x86)\Lexmark 7600 Series\lxdwmon.exe
C:\Program Files (x86)\Lexmark 7600 Series\ezprint.exe
C:\Program Files (x86)\Common Files\SupportSoft\bin\bcont.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpy.exe
C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe
C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
C:\Users\Dennis\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
C:\Program Files (x86)\SFT\GuardedID\GIDD.exe
C:\Program Files (x86)\Comcast\Desktop Doctor\bin\sprtcmd.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\System32\svchost.exe -k HPZ12
\\.\globalroot\systemroot\svchost.exe -netsvcs
C:\Program Files (x86)\SFT\GuardedID\x64\GIDD.exe
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files (x86)\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\Explorer.EXE
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe
C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Dennis\Desktop\HijackThis.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uURLSearchHooks: FreeOnlineRadioPlayerRecorder Toolbar: {f999a48b-1950-4d81-9971-79018f807b4b} - C:\Program Files (x86)\FreeOnlineRadioPlayerRecorder\prxtbFre0.dll
mURLSearchHooks: FreeOnlineRadioPlayerRecorder Toolbar: {f999a48b-1950-4d81-9971-79018f807b4b} - C:\Program Files (x86)\FreeOnlineRadioPlayerRecorder\prxtbFre0.dll
mWinlogon: Userinit = userinit.exe,
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\Hp\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Conduit Engine : {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll
BHO: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\coieplg.dll
BHO: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\ips\ipsbho.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Constant Guard Protection Suite: {B84CDBE7-1B46-494B-A188-01D4C52DEB61} - C:\ProgramData\White Sky, Inc\ID Vault\IEBHO1.12.1012.1\NativeBHO.dll
BHO: Updater For XFIN_PORTAL: {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} -
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
BHO: FreeOnlineRadioPlayerRecorder Toolbar: {f999a48b-1950-4d81-9971-79018f807b4b} - C:\Program Files (x86)\FreeOnlineRadioPlayerRecorder\prxtbFre0.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\Hp\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: FreeOnlineRadioPlayerRecorder Toolbar: {F999A48B-1950-4D81-9971-79018F807B4B} - C:\Program Files (x86)\FreeOnlineRadioPlayerRecorder\prxtbFre0.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: FreeOnlineRadioPlayerRecorder Toolbar: {f999a48b-1950-4d81-9971-79018f807b4b} - C:\Program Files (x86)\FreeOnlineRadioPlayerRecorder\prxtbFre0.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\coieplg.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\Hp\Digital Imaging\Smart Web Printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\Hp\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [MaxMySpeed Registry Cleaner] c:\program files (x86)\cyberdefender\registry scanner\Startcdrc.exe
uRun: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe
uRun: [POEngine5] <no file>
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [GIDDesktop] C:\Program Files (x86)\SFT\GuardedID\gidd.exe /s
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [ddoctorv2] "C:\Program Files (x86)\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\Users\Dennis\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ Dropbox.lnk - C:\Users\Dennis\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\CONSTA~1.LNK - C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PICTUR~1.LNK - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\Hp\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
IE: {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files (x86)\Bodog Poker\BPGame.exe
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73} - hxxps://www.icloud.com/system/iCloud.cab
DPF: {AFD8A3A3-8B73-444B-82F2-2E4345FA5B38} - hxxp://www.comcastsupport.com/sdcxuser/oneclickfix/scripts/Comcast.Ocf.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{166B2E5E-E75D-4043-9388-3FDE9F923034} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{8CAEE18C-624A-424A-A79B-DE7E1B54D0D0} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{8CAEE18C-624A-424A-A79B-DE7E1B54D0D0}\D4F445F425F4C414D27363333434 : DHCPNameServer = 68.87.68.166 68.87.74.166
TCP: Interfaces\{8CAEE18C-624A-424A-A79B-DE7E1B54D0D0}\E4544574541425 : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
mASetup: {9191979D-821C-4EA8-B021-2DA1D859A7C5}-3Reg - C:\Program Files (x86)\SFT\GuardedID\gidi.exe /v
x64-mSearchAssistant = hxxp://www.google.com/ie
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
x64-Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background
x64-Run: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype.exe"
x64-Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
x64-Run: [lxdwmon.exe] "C:\Program Files (x86)\Lexmark 7600 Series\lxdwmon.exe"
x64-Run: [EzPrint] "C:\Program Files (x86)\Lexmark 7600 Series\ezprint.exe"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc64.cab
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\N360x64\0502020.003\symds64.sys [2012-7-16 450680]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\N360x64\0502020.003\symefa64.sys [2012-7-16 912504]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20121030.002\BHDrvx64.sys [2012-11-5 1385632]
R1 GIDv2;GIDv2;C:\Windows\System32\drivers\gidv2.sys [2012-2-27 29288]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20121107.001\IDSviA64.sys [2012-11-7 513184]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\N360x64\0502020.003\ironx64.sys [2012-7-16 171128]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\N360x64\0502020.003\symnets.sys [2012-7-16 386168]
R2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2010/05/12 19:30:23];C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2010-5-12 146928]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-1-24 203776]
R2 AntiSpywareService;Comcast AntiSpyware;C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe [2009-6-17 616408]
R2 CinemaNow Service;CinemaNow Service;C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe [2010-2-26 127984]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264]
R2 IDVaultSvc;CGPS Service;C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe [2012-10-16 61552]
R2 lxdw_device;lxdw_device;C:\Windows\System32\lxdwcoms.exe -service --> C:\Windows\System32\lxdwcoms.exe -service [?]
R2 N360;Norton Security Suite;C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\ccsvchst.exe [2012-7-16 130008]
R2 pgsql-8.3;PostgreSQL Database Server 8.3;C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe [2009-12-10 65536]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-10-2 3064000]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2011-4-18 115216]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-8-9 138912]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-5-12 56344]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2010-5-12 852256]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-5-12 346144]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 lxdwCATSCustConnectService;lxdwCATSCustConnectService;C:\Windows\System32\s pool\drivers\x64\3\lxdwserv.exe [2012-8-27 33960]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-2-28 183560]
S3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;C:\Windows\System32\drivers\BVRPMPR5a64.SYS [2010-9-10 35840]
S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2012-1-18 351136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-7-1 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-6-17 1255736]
.
=============== Created Last 30 ================
.
2012-10-31 20:43:12 20480 ----a-w- C:\Windows\svchost.exe
2012-10-31 18:16:03 -------- d-----w- C:\Users\Dennis\AppData\Roaming\Malwarebytes
2012-10-31 18:15:42 -------- d-----w- C:\ProgramData\Malwarebytes
2012-10-31 18:15:41 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-10-31 18:15:41 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-10-25 04:32:58 163056 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10142.bin
2012-10-17 19:37:28 -------- d-----w- C:\Users\Dennis\AppData\Local\{773ECF27-E6AA-4735-BF84-2BFD84914D0F}
2012-10-13 19:49:28 33240 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
2012-10-13 19:48:59 -------- d-----w- C:\Program Files\iPod
2012-10-13 19:48:58 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-10-13 19:48:58 -------- d-----w- C:\Program Files\iTunes
2012-10-13 19:48:58 -------- d-----w- C:\Program Files (x86)\iTunes
2012-10-10 15:39:58 1464320 ----a-w- C:\Windows\System32\crypt32.dll
2012-10-10 15:39:58 1159680 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-10-10 15:39:57 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-10-10 15:39:57 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-10-10 15:39:57 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-10-10 15:39:57 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
.
==================== Find3M ====================
.
2012-09-14 19:19:29 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-09-14 18:28:53 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-08-31 18:19:35 1659760 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2012-08-24 18:05:07 220160 ----a-w- C:\Windows\System32\wintrust.dll
2012-08-24 16:57:48 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-08-24 10:31:32 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-08-24 10:21:18 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-08-24 10:20:11 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-08-24 10:14:45 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-08-24 10:13:29 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-08-24 10:09:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-08-24 06:59:17 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-08-24 06:51:27 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-08-24 06:51:02 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-08-24 06:47:26 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-08-24 06:47:12 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-08-24 06:43:58 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-08-22 18:12:50 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-08-22 18:12:40 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys
2012-08-22 18:12:40 376688 ----a-w- C:\Windows\System32\drivers\netio.sys
2012-08-22 18:12:33 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2012-08-21 21:01:00 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe
2012-08-21 18:01:20 125872 ----a-w- C:\Windows\System32\GEARAspi64.dll
2012-08-21 18:01:20 106928 ----a-w- C:\Windows\SysWow64\GEARAspi.dll
2012-08-20 18:48:44 362496 ----a-w- C:\Windows\System32\wow64win.dll
2012-08-20 18:48:44 243200 ----a-w- C:\Windows\System32\wow64.dll
2012-08-20 18:48:44 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2012-08-20 18:48:43 215040 ----a-w- C:\Windows\System32\winsrv.dll
2012-08-20 18:48:37 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2012-08-20 18:48:35 424448 ----a-w- C:\Windows\System32\KernelBase.dll
2012-08-20 18:46:22 338432 ----a-w- C:\Windows\System32\conhost.exe
2012-08-20 17:40:21 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2012-08-20 17:38:44 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2012-08-20 17:38:26 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2012-08-20 17:37:19 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2012-08-20 17:37:18 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2012-08-20 15:38:21 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2012-08-20 15:38:20 2048 ----a-w- C:\Windows\SysWow64\user.exe
2012-08-20 15:33:28 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-08-20 15:33:28 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-20 15:33:28 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-08-20 15:33:28 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2012-08-11 00:56:03 715776 ----a-w- C:\Windows\System32\kerberos.dll
2012-08-10 23:56:14 542208 ----a-w- C:\Windows\SysWow64\kerberos.dll
.
============= FINISH: 13:54:55.42 ===============
FlyingSafe's Avatar
FlyingSafe FlyingSafe is offline
Member with 16 posts.
THREAD STARTER
 
Join Date: Nov 2012
12-Nov-2012, 09:15 AM #2
Bump
dvk01's Avatar
dvk01   (Derek) dvk01 is offline dvk01 is authorized to help remove malware.
Moderator & Malware Removal Specialist with 45,738 posts.
 
Join Date: Dec 2002
Location: Loughton, Essex, UK
13-Nov-2012, 01:51 PM #3
Run tdss killer from http://support.kaspersky.com/viruses...?qid=208280684
let it cure anything it fnds ( except SPTD.SYS or anything detected as UnsignedFile.Multi.Generic, which should be ignored) & then reboot
post back with its log
By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder.
Logs have names like: UtilityName.Version_Date_Time_log.txt.
E.g. C:\TDSSKiller.2.4.7_23.07.2010_15.31.43_log.txt
__________________
Derek Microsoft MVP/Windows - Security | Thespykiller | How to protect yourself and other Security Advice
Find out all about the European Wild Hedgehog, what you can do to save it from extinction Hedgehog Rescue
FlyingSafe's Avatar
FlyingSafe FlyingSafe is offline
Member with 16 posts.
THREAD STARTER
 
Join Date: Nov 2012
14-Nov-2012, 12:04 AM #4
Hi Derek. Thank you for helping me with this issue. I ran tdss killer and i clicked on the reboot button that popped up after the cure was applied. After the reboot the scan button was there but I did not run it a second time, but there are two logs with I am pasting:

21:40:22.0463 5648 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
21:40:23.0446 5648 ============================================================
21:40:23.0446 5648 Current date / time: 2012/11/13 21:40:23.0446
21:40:23.0446 5648 SystemInfo:
21:40:23.0446 5648
21:40:23.0446 5648 OS Version: 6.1.7601 ServicePack: 1.0
21:40:23.0446 5648 Product type: Workstation
21:40:23.0446 5648 ComputerName: DENNIS-HP
21:40:23.0446 5648 UserName: Dennis
21:40:23.0446 5648 Windows directory: C:\Windows
21:40:23.0446 5648 System windows directory: C:\Windows
21:40:23.0446 5648 Running under WOW64
21:40:23.0446 5648 Processor architecture: Intel x64
21:40:23.0446 5648 Number of processors: 4
21:40:23.0446 5648 Page size: 0x1000
21:40:23.0446 5648 Boot type: Normal boot
21:40:23.0446 5648 ============================================================
21:40:25.0262 5648 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:40:25.0293 5648 ============================================================
21:40:25.0293 5648 \Device\Harddisk0\DR0:
21:40:25.0293 5648 MBR partitions:
21:40:25.0293 5648 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
21:40:25.0293 5648 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x72FC5800
21:40:25.0293 5648 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x72FF8000, BlocksNum 0x170E000
21:40:25.0293 5648 ============================================================
21:40:25.0340 5648 C: <-> \Device\Harddisk0\DR0\Partition2
21:40:25.0386 5648 D: <-> \Device\Harddisk0\DR0\Partition3
21:40:25.0386 5648 ============================================================
21:40:25.0386 5648 Initialize success
21:40:25.0386 5648 ============================================================
21:41:50.0816 12184 ============================================================
21:41:50.0831 12184 Scan started
21:41:50.0831 12184 Mode: Manual;
21:41:50.0831 12184 ============================================================
21:41:52.0563 12184 ================ Scan system memory ========================
21:41:52.0563 12184 System memory - ok
21:41:52.0563 12184 ================ Scan services =============================
21:41:52.0813 12184 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
21:41:52.0813 12184 1394ohci - ok
21:41:52.0859 12184 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
21:41:52.0859 12184 ACPI - ok
21:41:52.0906 12184 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
21:41:52.0906 12184 AcpiPmi - ok
21:41:52.0984 12184 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
21:41:52.0984 12184 adp94xx - ok
21:41:53.0031 12184 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
21:41:53.0047 12184 adpahci - ok
21:41:53.0062 12184 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
21:41:53.0078 12184 adpu320 - ok
21:41:53.0109 12184 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
21:41:53.0125 12184 AeLookupSvc - ok
21:41:53.0203 12184 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
21:41:53.0203 12184 AFD - ok
21:41:53.0218 12184 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
21:41:53.0234 12184 agp440 - ok
21:41:53.0249 12184 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
21:41:53.0249 12184 ALG - ok
21:41:53.0281 12184 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
21:41:53.0281 12184 aliide - ok
21:41:53.0327 12184 [ 998021E7C3DE3E97E441ABACE498FFB6 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
21:41:53.0327 12184 AMD External Events Utility - ok
21:41:53.0343 12184 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
21:41:53.0343 12184 amdide - ok
21:41:53.0359 12184 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
21:41:53.0359 12184 AmdK8 - ok
21:41:53.0483 12184 [ 250D5B746FFF9B7D88591EE60B63B3E4 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
21:41:53.0561 12184 amdkmdag - ok
21:41:53.0577 12184 [ 781DAEC0C3E63950CCA53D193582F2E8 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
21:41:53.0593 12184 amdkmdap - ok
21:41:53.0608 12184 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
21:41:53.0608 12184 AmdPPM - ok
21:41:53.0655 12184 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
21:41:53.0655 12184 amdsata - ok
21:41:53.0671 12184 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
21:41:53.0671 12184 amdsbs - ok
21:41:53.0686 12184 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
21:41:53.0686 12184 amdxata - ok
21:41:53.0795 12184 [ F9DAC844B1D370DA4C984D4C22F5E696 ] AntiSpywareService C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe
21:41:53.0795 12184 AntiSpywareService - ok
21:41:53.0842 12184 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
21:41:53.0842 12184 AppID - ok
21:41:53.0858 12184 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
21:41:53.0858 12184 AppIDSvc - ok
21:41:53.0889 12184 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
21:41:53.0889 12184 Appinfo - ok
21:41:53.0983 12184 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:41:53.0983 12184 Apple Mobile Device - ok
21:41:54.0014 12184 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
21:41:54.0014 12184 arc - ok
21:41:54.0029 12184 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
21:41:54.0029 12184 arcsas - ok
21:41:54.0061 12184 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
21:41:54.0061 12184 AsyncMac - ok
21:41:54.0092 12184 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
21:41:54.0092 12184 atapi - ok
21:41:54.0139 12184 [ 4BF5BCA6E2608CD8A00BC4A6673A9F47 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
21:41:54.0139 12184 AtiHDAudioService - ok
21:41:54.0154 12184 [ 77C149E6D702737B2E372DEE166FAEF8 ] AtiHdmiService C:\Windows\system32\drivers\AtiHdmi.sys
21:41:54.0154 12184 AtiHdmiService - ok
21:41:54.0170 12184 ATIXPGAA - ok
21:41:54.0217 12184 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
21:41:54.0232 12184 AudioEndpointBuilder - ok
21:41:54.0232 12184 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
21:41:54.0248 12184 AudioSrv - ok
21:41:54.0279 12184 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
21:41:54.0295 12184 AxInstSV - ok
21:41:54.0310 12184 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
21:41:54.0326 12184 b06bdrv - ok
21:41:54.0357 12184 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
21:41:54.0357 12184 b57nd60a - ok
21:41:54.0419 12184 [ 825F81A6F7DD073509DB101F0BA6DC59 ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
21:41:54.0419 12184 BBSvc - ok
21:41:54.0435 12184 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
21:41:54.0435 12184 BDESVC - ok
21:41:54.0451 12184 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
21:41:54.0451 12184 Beep - ok
21:41:54.0497 12184 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
21:41:54.0513 12184 BFE - ok
21:41:54.0653 12184 [ 652F4D186325B69FFE80EE18AE9ACC77 ] BHDrvx64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20121030.002\BHDrvx64.sys
21:41:54.0653 12184 BHDrvx64 - ok
21:41:54.0685 12184 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
21:41:54.0747 12184 BITS - ok
21:41:54.0763 12184 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
21:41:54.0763 12184 blbdrive - ok
21:41:54.0841 12184 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
21:41:54.0856 12184 Bonjour Service - ok
21:41:54.0887 12184 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
21:41:54.0887 12184 bowser - ok
21:41:54.0903 12184 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:41:54.0903 12184 BrFiltLo - ok
21:41:54.0919 12184 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:41:54.0919 12184 BrFiltUp - ok
21:41:54.0950 12184 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
21:41:54.0950 12184 Browser - ok
21:41:54.0965 12184 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
21:41:54.0965 12184 Brserid - ok
21:41:54.0997 12184 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
21:41:54.0997 12184 BrSerWdm - ok
21:41:54.0997 12184 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
21:41:54.0997 12184 BrUsbMdm - ok
21:41:54.0997 12184 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
21:41:55.0012 12184 BrUsbSer - ok
21:41:55.0012 12184 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
21:41:55.0012 12184 BTHMODEM - ok
21:41:55.0043 12184 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
21:41:55.0043 12184 bthserv - ok
21:41:55.0090 12184 [ 9887CA12F407D7FBC7F48F3678F5F0B6 ] BVRPMPR5a64 C:\Windows\system32\drivers\BVRPMPR5a64.SYS
21:41:55.0090 12184 BVRPMPR5a64 - ok
21:41:55.0106 12184 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
21:41:55.0106 12184 cdfs - ok
21:41:55.0137 12184 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
21:41:55.0137 12184 cdrom - ok
21:41:55.0184 12184 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
21:41:55.0184 12184 CertPropSvc - ok
21:41:55.0215 12184 [ 2C24DB5F78F0ACA759803001E6B4F320 ] CinemaNow Service C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
21:41:55.0215 12184 CinemaNow Service - ok
21:41:55.0246 12184 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
21:41:55.0246 12184 circlass - ok
21:41:55.0277 12184 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
21:41:55.0277 12184 CLFS - ok
21:41:55.0340 12184 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:41:55.0340 12184 clr_optimization_v2.0.50727_32 - ok
21:41:55.0371 12184 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:41:55.0371 12184 clr_optimization_v2.0.50727_64 - ok
21:41:55.0433 12184 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:41:55.0433 12184 clr_optimization_v4.0.30319_32 - ok
21:41:55.0449 12184 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
21:41:55.0449 12184 clr_optimization_v4.0.30319_64 - ok
21:41:55.0465 12184 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
21:41:55.0465 12184 CmBatt - ok
21:41:55.0511 12184 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
21:41:55.0511 12184 cmdide - ok
21:41:55.0543 12184 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
21:41:55.0558 12184 CNG - ok
21:41:55.0574 12184 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
21:41:55.0574 12184 Compbatt - ok
21:41:55.0605 12184 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
21:41:55.0605 12184 CompositeBus - ok
21:41:55.0621 12184 COMSysApp - ok
21:41:55.0621 12184 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
21:41:55.0621 12184 crcdisk - ok
21:41:55.0667 12184 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
21:41:55.0667 12184 CryptSvc - ok
21:41:55.0714 12184 [ 7AF9DAC504FBD047CBC3E64AE52C92BF ] dc3d C:\Windows\system32\DRIVERS\dc3d.sys
21:41:55.0714 12184 dc3d - ok
21:41:55.0745 12184 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
21:41:55.0761 12184 DcomLaunch - ok
21:41:55.0777 12184 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
21:41:55.0777 12184 defragsvc - ok
21:41:55.0808 12184 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
21:41:55.0808 12184 DfsC - ok
21:41:55.0839 12184 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
21:41:55.0839 12184 Dhcp - ok
21:41:55.0870 12184 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
21:41:55.0870 12184 discache - ok
21:41:55.0886 12184 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
21:41:55.0901 12184 Disk - ok
21:41:55.0917 12184 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
21:41:55.0933 12184 Dnscache - ok
21:41:55.0964 12184 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
21:41:55.0964 12184 dot3svc - ok
21:41:55.0979 12184 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
21:41:55.0979 12184 DPS - ok
21:41:55.0995 12184 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
21:41:55.0995 12184 drmkaud - ok
21:41:56.0042 12184 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
21:41:56.0057 12184 DXGKrnl - ok
21:41:56.0089 12184 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
21:41:56.0089 12184 EapHost - ok
21:41:56.0135 12184 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
21:41:56.0167 12184 ebdrv - ok
21:41:56.0245 12184 [ 4353FF94D47A0A9D52B89ECCF0CDB013 ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
21:41:56.0245 12184 eeCtrl - ok
21:41:56.0291 12184 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
21:41:56.0291 12184 EFS - ok
21:41:56.0338 12184 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
21:41:56.0354 12184 ehRecvr - ok
21:41:56.0369 12184 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
21:41:56.0385 12184 ehSched - ok
21:41:56.0463 12184 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
21:41:56.0463 12184 elxstor - ok
21:41:56.0603 12184 [ C5BCCB378D0A896304A3E71BE7215983 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
21:41:56.0603 12184 EraserUtilRebootDrv - ok
21:41:56.0635 12184 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
21:41:56.0635 12184 ErrDev - ok
21:41:56.0681 12184 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
21:41:56.0681 12184 EventSystem - ok
21:41:56.0697 12184 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
21:41:56.0697 12184 exfat - ok
21:41:56.0713 12184 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
21:41:56.0713 12184 fastfat - ok
21:41:56.0759 12184 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
21:41:56.0775 12184 Fax - ok
21:41:56.0791 12184 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
21:41:56.0791 12184 fdc - ok
21:41:56.0806 12184 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
21:41:56.0806 12184 fdPHost - ok
21:41:56.0806 12184 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
21:41:56.0822 12184 FDResPub - ok
21:41:56.0822 12184 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
21:41:56.0822 12184 FileInfo - ok
21:41:56.0837 12184 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
21:41:56.0837 12184 Filetrace - ok
21:41:56.0853 12184 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
21:41:56.0853 12184 flpydisk - ok
21:41:56.0869 12184 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
21:41:56.0869 12184 FltMgr - ok
21:41:56.0915 12184 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
21:41:56.0931 12184 FontCache - ok
21:41:56.0978 12184 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:41:56.0993 12184 FontCache3.0.0.0 - ok
21:41:56.0993 12184 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
21:41:56.0993 12184 FsDepends - ok
21:41:57.0025 12184 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
21:41:57.0040 12184 Fs_Rec - ok
21:41:57.0071 12184 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
21:41:57.0071 12184 fvevol - ok
21:41:57.0103 12184 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
21:41:57.0103 12184 gagp30kx - ok
21:41:57.0149 12184 [ E53EE18A21C025DEABCFE0F72FC481BB ] GameConsoleService C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
21:41:57.0149 12184 GameConsoleService - ok
21:41:57.0181 12184 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:41:57.0181 12184 GEARAspiWDM - ok
21:41:57.0227 12184 [ 9BA22AEE7F531EF9CE085CC2E1112BC4 ] GIDv2 C:\Windows\system32\drivers\GIDv2.sys
21:41:57.0227 12184 GIDv2 - ok
21:41:57.0243 12184 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
21:41:57.0259 12184 gpsvc - ok
21:41:57.0337 12184 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:41:57.0337 12184 gupdate - ok
21:41:57.0352 12184 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:41:57.0352 12184 gupdatem - ok
21:41:57.0383 12184 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
21:41:57.0383 12184 gusvc - ok
21:41:57.0383 12184 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
21:41:57.0399 12184 hcw85cir - ok
21:41:57.0415 12184 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
21:41:57.0430 12184 HdAudAddService - ok
21:41:57.0446 12184 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
21:41:57.0446 12184 HDAudBus - ok
21:41:57.0461 12184 [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
21:41:57.0461 12184 HECIx64 - ok
21:41:57.0477 12184 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
21:41:57.0477 12184 HidBatt - ok
21:41:57.0493 12184 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
21:41:57.0493 12184 HidBth - ok
21:41:57.0524 12184 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
21:41:57.0524 12184 HidIr - ok
21:41:57.0539 12184 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
21:41:57.0539 12184 hidserv - ok
21:41:57.0602 12184 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
21:41:57.0602 12184 HidUsb - ok
21:41:57.0633 12184 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
21:41:57.0649 12184 hkmsvc - ok
21:41:57.0664 12184 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
21:41:57.0664 12184 HomeGroupListener - ok
21:41:57.0695 12184 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
21:41:57.0695 12184 HomeGroupProvider - ok
21:41:57.0789 12184 [ 13BB1114451C63BFB41BA7DAA4D70A29 ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
21:41:57.0789 12184 HP Support Assistant Service - ok
21:41:57.0851 12184 [ BCC4A8B2E2E902F52E7F2E7D8E125765 ] HPDrvMntSvc.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
21:41:57.0851 12184 HPDrvMntSvc.exe - ok
21:41:57.0961 12184 [ B14328CFEEB6B736BE44C2C9DB3B162C ] hpqcxs08 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
21:41:57.0976 12184 hpqcxs08 - ok
21:41:58.0023 12184 [ DF446BA625CC441617843E87798CE048 ] hpqddsvc C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
21:41:58.0023 12184 hpqddsvc - ok
21:41:58.0054 12184 [ EC9739A46F1F83C6E52A7A4697F44A65 ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
21:41:58.0070 12184 hpqwmiex - ok
21:41:58.0101 12184 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
21:41:58.0101 12184 HpSAMD - ok
21:41:58.0148 12184 [ F37882F128EFACEFE353E0BAE2766909 ] HPSLPSVC C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
21:41:58.0163 12184 HPSLPSVC - ok
21:41:58.0210 12184 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
21:41:58.0226 12184 HTTP - ok
21:41:58.0257 12184 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
21:41:58.0257 12184 hwpolicy - ok
21:41:58.0273 12184 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
21:41:58.0273 12184 i8042prt - ok
21:41:58.0288 12184 [ 85977CD13FC16069CE0AF7943A811775 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
21:41:58.0304 12184 iaStor - ok
21:41:58.0304 12184 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
21:41:58.0319 12184 iaStorV - ok
21:41:58.0366 12184 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:41:58.0382 12184 idsvc - ok
21:41:58.0460 12184 [ A48928D4CCA6F8B731989DB08CF2C0AB ] IDSVia64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20121113.004\IDSvia64.sys
21:41:58.0475 12184 IDSVia64 - ok
21:41:58.0585 12184 [ 9995160D6F69A603FA5B8DA9A42E8F9F ] IDVaultSvc C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe
21:41:58.0585 12184 IDVaultSvc - ok
21:41:58.0616 12184 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
21:41:58.0616 12184 iirsp - ok
21:41:58.0647 12184 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
21:41:58.0663 12184 IKEEXT - ok
21:41:58.0725 12184 [ 28CEEFBD2C63F91DC17DED3E8D27ECF5 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
21:41:58.0741 12184 IntcAzAudAddService - ok
21:41:58.0772 12184 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
21:41:58.0772 12184 intelide - ok
21:41:58.0803 12184 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
21:41:58.0803 12184 intelppm - ok
21:41:58.0834 12184 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
21:41:58.0834 12184 IPBusEnum - ok
21:41:58.0865 12184 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:41:58.0865 12184 IpFilterDriver - ok
21:41:58.0928 12184 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
21:41:58.0928 12184 iphlpsvc - ok
21:41:58.0943 12184 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
21:41:58.0943 12184 IPMIDRV - ok
21:41:58.0975 12184 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
21:41:58.0975 12184 IPNAT - ok
21:41:59.0021 12184 [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
21:41:59.0037 12184 iPod Service - ok
21:41:59.0053 12184 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
21:41:59.0053 12184 IRENUM - ok
21:41:59.0084 12184 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
21:41:59.0084 12184 isapnp - ok
21:41:59.0099 12184 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
21:41:59.0099 12184 iScsiPrt - ok
21:41:59.0177 12184 [ 54F694C6CD3A1149BA3A8BDACC83BADC ] ITMRTSVC C:\Program Files (x86)\CA\PPRT\bin\ITMRTSVC.exe
21:41:59.0177 12184 ITMRTSVC - ok
21:41:59.0193 12184 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
21:41:59.0193 12184 kbdclass - ok
21:41:59.0209 12184 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
21:41:59.0209 12184 kbdhid - ok
21:41:59.0209 12184 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
21:41:59.0209 12184 KeyIso - ok
21:41:59.0240 12184 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
21:41:59.0240 12184 KSecDD - ok
21:41:59.0255 12184 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
21:41:59.0255 12184 KSecPkg - ok
21:41:59.0271 12184 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
21:41:59.0287 12184 ksthunk - ok
21:41:59.0302 12184 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
21:41:59.0302 12184 KtmRm - ok
21:41:59.0349 12184 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
21:41:59.0349 12184 LanmanServer - ok
21:41:59.0380 12184 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
21:41:59.0396 12184 LanmanWorkstation - ok
21:41:59.0427 12184 [ 3503F257B3203F824B1567238EBE17E2 ] LightScribeService c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
21:41:59.0427 12184 LightScribeService - ok
21:41:59.0443 12184 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
21:41:59.0458 12184 lltdio - ok
21:41:59.0474 12184 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
21:41:59.0474 12184 lltdsvc - ok
21:41:59.0489 12184 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
21:41:59.0489 12184 lmhosts - ok
21:41:59.0521 12184 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
21:41:59.0521 12184 LSI_FC - ok
21:41:59.0536 12184 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
21:41:59.0536 12184 LSI_SAS - ok
21:41:59.0552 12184 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:41:59.0552 12184 LSI_SAS2 - ok
21:41:59.0567 12184 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:41:59.0567 12184 LSI_SCSI - ok
21:41:59.0583 12184 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
21:41:59.0583 12184 luafv - ok
21:41:59.0614 12184 [ 0C85B2B6FB74B36A251792D45E0EF860 ] LVRS64 C:\Windows\system32\DRIVERS\lvrs64.sys
21:41:59.0630 12184 LVRS64 - ok
21:41:59.0692 12184 [ 0C4BC1D7DB00896EE53862FCF29E6B5C ] lxdwCATSCustConnectService C:\Windows\system32\spool\DRIVERS\x64\3\\lxdwserv.exe
21:41:59.0708 12184 lxdwCATSCustConnectService - ok
21:41:59.0708 12184 lxdw_device - ok
21:41:59.0723 12184 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
21:41:59.0739 12184 Mcx2Svc - ok
21:41:59.0739 12184 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
21:41:59.0739 12184 megasas - ok
21:41:59.0770 12184 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
21:41:59.0770 12184 MegaSR - ok
21:41:59.0848 12184 Microsoft SharePoint Workspace Audit Service - ok
21:41:59.0879 12184 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
21:41:59.0879 12184 MMCSS - ok
21:41:59.0911 12184 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
21:41:59.0911 12184 Modem - ok
21:41:59.0926 12184 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
21:41:59.0926 12184 monitor - ok
21:41:59.0957 12184 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
21:41:59.0957 12184 mouclass - ok
21:41:59.0973 12184 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
21:41:59.0973 12184 mouhid - ok
21:42:00.0004 12184 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
21:42:00.0004 12184 mountmgr - ok
21:42:00.0020 12184 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
21:42:00.0020 12184 mpio - ok
21:42:00.0051 12184 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
21:42:00.0051 12184 mpsdrv - ok
21:42:00.0082 12184 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
21:42:00.0098 12184 MpsSvc - ok
21:42:00.0129 12184 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
21:42:00.0129 12184 MRxDAV - ok
21:42:00.0160 12184 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
21:42:00.0160 12184 mrxsmb - ok
21:42:00.0191 12184 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:42:00.0207 12184 mrxsmb10 - ok
21:42:00.0207 12184 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:42:00.0223 12184 mrxsmb20 - ok
21:42:00.0238 12184 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
21:42:00.0238 12184 msahci - ok
21:42:00.0285 12184 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
21:42:00.0285 12184 msdsm - ok
21:42:00.0301 12184 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
21:42:00.0301 12184 MSDTC - ok
21:42:00.0316 12184 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
21:42:00.0316 12184 Msfs - ok
21:42:00.0332 12184 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
21:42:00.0332 12184 mshidkmdf - ok
21:42:00.0347 12184 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
21:42:00.0347 12184 msisadrv - ok
21:42:00.0379 12184 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
21:42:00.0379 12184 MSiSCSI - ok
21:42:00.0379 12184 msiserver - ok
21:42:00.0425 12184 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
21:42:00.0425 12184 MSKSSRV - ok
21:42:00.0441 12184 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
21:42:00.0441 12184 MSPCLOCK - ok
21:42:00.0457 12184 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
21:42:00.0457 12184 MSPQM - ok
21:42:00.0488 12184 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
21:42:00.0488 12184 MsRPC - ok
21:42:00.0503 12184 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
21:42:00.0503 12184 mssmbios - ok
21:42:00.0503 12184 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
21:42:00.0503 12184 MSTEE - ok
21:42:00.0519 12184 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
21:42:00.0519 12184 MTConfig - ok
21:42:00.0535 12184 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
21:42:00.0535 12184 Mup - ok
21:42:00.0613 12184 [ E78A365CC3E0FBFC018A33DCE01909F8 ] N360 C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe
21:42:00.0613 12184 N360 - ok
21:42:00.0644 12184 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
21:42:00.0644 12184 napagent - ok
21:42:00.0691 12184 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
21:42:00.0691 12184 NativeWifiP - ok
21:42:00.0769 12184 [ C58D8A669D6551F616D90244BD2C2D4F ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20121113.009\ENG64.SYS
21:42:00.0769 12184 NAVENG - ok
21:42:00.0878 12184 [ A3DBDB412ADFA5882DD6843B11FE0828 ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20121113.009\EX64.SYS
21:42:00.0893 12184 NAVEX15 - ok
21:42:00.0940 12184 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
21:42:00.0956 12184 NDIS - ok
21:42:00.0971 12184 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
21:42:00.0971 12184 NdisCap - ok
21:42:00.0987 12184 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
21:42:00.0987 12184 NdisTapi - ok
21:42:01.0018 12184 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
21:42:01.0018 12184 Ndisuio - ok
21:42:01.0049 12184 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
21:42:01.0049 12184 NdisWan - ok
21:42:01.0096 12184 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
21:42:01.0096 12184 NDProxy - ok
21:42:01.0143 12184 [ 2334DC48997BA203B794DF3EE70521DB ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
21:42:01.0143 12184 Net Driver HPZ12 - ok
21:42:01.0159 12184 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
21:42:01.0174 12184 NetBIOS - ok
21:42:01.0205 12184 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
21:42:01.0205 12184 NetBT - ok
21:42:01.0221 12184 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
21:42:01.0221 12184 Netlogon - ok
21:42:01.0268 12184 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
21:42:01.0268 12184 Netman - ok
21:42:01.0283 12184 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
21:42:01.0283 12184 netprofm - ok
21:42:01.0315 12184 [ 064AB63C9A588D2611306AE16D017E7E ] netr28x C:\Windows\system32\DRIVERS\netr28x.sys
21:42:01.0330 12184 netr28x - ok
21:42:01.0346 12184 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:42:01.0346 12184 NetTcpPortSharing - ok
21:42:01.0377 12184 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
21:42:01.0377 12184 nfrd960 - ok
21:42:01.0408 12184 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
21:42:01.0408 12184 NlaSvc - ok
21:42:01.0439 12184 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
21:42:01.0439 12184 Npfs - ok
21:42:01.0439 12184 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
21:42:01.0439 12184 nsi - ok
21:42:01.0455 12184 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
21:42:01.0455 12184 nsiproxy - ok
21:42:01.0502 12184 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
21:42:01.0517 12184 Ntfs - ok
21:42:01.0533 12184 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
21:42:01.0533 12184 Null - ok
21:42:01.0564 12184 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
21:42:01.0580 12184 nvraid - ok
21:42:01.0595 12184 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
21:42:01.0595 12184 nvstor - ok
21:42:01.0642 12184 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
21:42:01.0642 12184 nv_agp - ok
21:42:01.0642 12184 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
21:42:01.0658 12184 ohci1394 - ok
21:42:01.0689 12184 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:42:01.0689 12184 ose - ok
21:42:01.0814 12184 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
21:42:01.0861 12184 osppsvc - ok
21:42:01.0876 12184 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
21:42:01.0876 12184 p2pimsvc - ok
21:42:01.0892 12184 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
21:42:01.0907 12184 p2psvc - ok
21:42:01.0907 12184 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
21:42:01.0923 12184 Parport - ok
21:42:01.0954 12184 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
21:42:01.0954 12184 partmgr - ok
21:42:01.0970 12184 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
21:42:01.0970 12184 PcaSvc - ok
21:42:01.0985 12184 PcdrNdisuio - ok
21:42:02.0017 12184 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
21:42:02.0017 12184 pci - ok
21:42:02.0032 12184 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
21:42:02.0032 12184 pciide - ok
21:42:02.0048 12184 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
21:42:02.0048 12184 pcmcia - ok
21:42:02.0063 12184 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
21:42:02.0079 12184 pcw - ok
21:42:02.0095 12184 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
21:42:02.0095 12184 PEAUTH - ok
21:42:02.0173 12184 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
21:42:02.0188 12184 PerfHost - ok
21:42:02.0219 12184 [ ACC93675D78D1C07DAD09D7837F2397A ] pgsql-8.3 C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe
21:42:02.0219 12184 pgsql-8.3 - ok
21:42:02.0266 12184 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
21:42:02.0282 12184 pla - ok
21:42:02.0329 12184 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
21:42:02.0329 12184 PlugPlay - ok
21:42:02.0375 12184 [ AC78DF349F0E4CFB8B667C0CFFF83CCE ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
21:42:02.0375 12184 Pml Driver HPZ12 - ok
21:42:02.0407 12184 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
21:42:02.0407 12184 PNRPAutoReg - ok
21:42:02.0422 12184 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
21:42:02.0422 12184 PNRPsvc - ok
21:42:02.0453 12184 [ 4F0878FD62D5F7444C5F1C4C66D9D293 ] Point64 C:\Windows\system32\DRIVERS\point64.sys
21:42:02.0469 12184 Point64 - ok
21:42:02.0485 12184 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
21:42:02.0485 12184 PolicyAgent - ok
21:42:02.0516 12184 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
21:42:02.0531 12184 Power - ok
21:42:02.0563 12184 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
21:42:02.0563 12184 PptpMiniport - ok
21:42:02.0578 12184 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
21:42:02.0578 12184 Processor - ok
21:42:02.0609 12184 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
21:42:02.0625 12184 ProfSvc - ok
21:42:02.0641 12184 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
21:42:02.0641 12184 ProtectedStorage - ok
21:42:02.0672 12184 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
21:42:02.0672 12184 Psched - ok
21:42:02.0703 12184 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
21:42:02.0703 12184 ql2300 - ok
21:42:02.0719 12184 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
21:42:02.0719 12184 ql40xx - ok
21:42:02.0750 12184 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
21:42:02.0750 12184 QWAVE - ok
21:42:02.0765 12184 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
21:42:02.0765 12184 QWAVEdrv - ok
21:42:02.0781 12184 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
21:42:02.0781 12184 RasAcd - ok
21:42:02.0812 12184 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
21:42:02.0812 12184 RasAgileVpn - ok
21:42:02.0812 12184 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
21:42:02.0828 12184 RasAuto - ok
21:42:02.0859 12184 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
21:42:02.0859 12184 Rasl2tp - ok
21:42:02.0875 12184 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
21:42:02.0875 12184 RasMan - ok
21:42:02.0890 12184 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
21:42:02.0890 12184 RasPppoe - ok
21:42:02.0890 12184 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
21:42:02.0906 12184 RasSstp - ok
21:42:02.0937 12184 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
21:42:02.0937 12184 rdbss - ok
21:42:02.0953 12184 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
21:42:02.0953 12184 rdpbus - ok
21:42:02.0984 12184 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
21:42:02.0984 12184 RDPCDD - ok
21:42:02.0984 12184 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
21:42:02.0984 12184 RDPENCDD - ok
21:42:02.0999 12184 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
21:42:02.0999 12184 RDPREFMP - ok
21:42:03.0031 12184 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
21:42:03.0031 12184 RDPWD - ok
21:42:03.0062 12184 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
21:42:03.0062 12184 rdyboost - ok
21:42:03.0093 12184 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
21:42:03.0093 12184 RemoteAccess - ok
21:42:03.0109 12184 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
21:42:03.0109 12184 RemoteRegistry - ok
21:42:03.0124 12184 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
21:42:03.0124 12184 RpcEptMapper - ok
21:42:03.0140 12184 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
21:42:03.0140 12184 RpcLocator - ok
21:42:03.0171 12184 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
21:42:03.0171 12184 RpcSs - ok
21:42:03.0202 12184 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
21:42:03.0202 12184 rspndr - ok
21:42:03.0233 12184 [ 7EA8D2EB9BBFD2AB8A3117A1E96D3B3A ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
21:42:03.0233 12184 RTL8167 - ok
21:42:03.0249 12184 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
21:42:03.0249 12184 SamSs - ok
21:42:03.0280 12184 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
21:42:03.0280 12184 sbp2port - ok
21:42:03.0296 12184 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
21:42:03.0296 12184 SCardSvr - ok
21:42:03.0311 12184 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
21:42:03.0327 12184 scfilter - ok
21:42:03.0358 12184 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
21:42:03.0358 12184 Schedule - ok
21:42:03.0389 12184 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
21:42:03.0389 12184 SCPolicySvc - ok
21:42:03.0405 12184 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
21:42:03.0405 12184 SDRSVC - ok
21:42:03.0452 12184 [ CC781378E7EDA615D2CDCA3B17829FA4 ] SeaPort C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
21:42:03.0452 12184 SeaPort - ok
21:42:03.0514 12184 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
21:42:03.0514 12184 secdrv - ok
21:42:03.0514 12184 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
21:42:03.0530 12184 seclogon - ok
21:42:03.0545 12184 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
21:42:03.0545 12184 SENS - ok
21:42:03.0561 12184 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
21:42:03.0561 12184 SensrSvc - ok
21:42:03.0577 12184 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
21:42:03.0577 12184 Serenum - ok
21:42:03.0592 12184 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
21:42:03.0592 12184 Serial - ok
21:42:03.0623 12184 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
21:42:03.0623 12184 sermouse - ok
21:42:03.0655 12184 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
21:42:03.0655 12184 SessionEnv - ok
21:42:03.0686 12184 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
21:42:03.0701 12184 sffdisk - ok
21:42:03.0701 12184 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
21:42:03.0701 12184 sffp_mmc - ok
21:42:03.0701 12184 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
21:42:03.0717 12184 sffp_sd - ok
21:42:03.0717 12184 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
21:42:03.0733 12184 sfloppy - ok
21:42:03.0764 12184 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
21:42:03.0764 12184 SharedAccess - ok
21:42:03.0779 12184 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
21:42:03.0779 12184 ShellHWDetection - ok
21:42:03.0795 12184 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:42:03.0795 12184 SiSRaid2 - ok
21:42:03.0811 12184 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
21:42:03.0811 12184 SiSRaid4 - ok
21:42:03.0935 12184 [ 388AE59FE75F1B959DFA0900923C61BB ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
21:42:03.0967 12184 Skype C2C Service - ok
21:42:04.0045 12184 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
21:42:04.0045 12184 SkypeUpdate - ok
21:42:04.0076 12184 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
21:42:04.0076 12184 Smb - ok
21:42:04.0107 12184 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
21:42:04.0123 12184 SNMPTRAP - ok
21:42:04.0123 12184 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
21:42:04.0123 12184 spldr - ok
21:42:04.0154 12184 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
21:42:04.0169 12184 Spooler - ok
21:42:04.0232 12184 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
21:42:04.0263 12184 sppsvc - ok
21:42:04.0279 12184 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
21:42:04.0279 12184 sppuinotify - ok
21:42:04.0357 12184 [ C3716EC0D36AD924B6888D794563E647 ] sprtsvc_ddoctorv2 C:\Program Files (x86)\Comcast\Desktop Doctor\bin\sprtsvc.exe
21:42:04.0357 12184 sprtsvc_ddoctorv2 - ok
21:42:04.0466 12184 [ 90EF30C3867BCDE4579C01A6D6E75A7A ] SRTSP C:\Windows\System32\Drivers\N360x64\0502020.003\SRTSP64.SYS
21:42:04.0466 12184 SRTSP - ok
21:42:04.0497 12184 [ C513E8A5E7978DA49077F5484344EE1B ] SRTSPX C:\Windows\system32\drivers\N360x64\0502020.003\SRTSPX64.SYS
21:42:04.0497 12184 SRTSPX - ok
21:42:04.0528 12184 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
21:42:04.0544 12184 srv - ok
21:42:04.0544 12184 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
21:42:04.0559 12184 srv2 - ok
21:42:04.0559 12184 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
21:42:04.0575 12184 srvnet - ok
21:42:04.0591 12184 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
21:42:04.0591 12184 SSDPSRV - ok
21:42:04.0606 12184 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
21:42:04.0606 12184 SstpSvc - ok
21:42:04.0622 12184 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
21:42:04.0622 12184 stexstor - ok
21:42:04.0669 12184 [ DECACB6921DED1A38642642685D77DAC ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
21:42:04.0684 12184 StillCam - ok
21:42:04.0715 12184 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
21:42:04.0731 12184 stisvc - ok
21:42:04.0762 12184 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
21:42:04.0762 12184 swenum - ok
21:42:04.0778 12184 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
21:42:04.0778 12184 swprv - ok
21:42:04.0840 12184 [ 267C914667C94E5F47D342311C1C577F ] Symantec RemoteAssist C:\Program Files (x86)\Common Files\Symantec Shared\Support Controls\ssrc.exe
21:42:04.0856 12184 Symantec RemoteAssist - ok
21:42:04.0887 12184 [ 6160145C7A87FC7672E8E3B886888176 ] SymDS C:\Windows\system32\drivers\N360x64\0502020.003\SYMDS64.SYS
21:42:04.0887 12184 SymDS - ok
21:42:04.0934 12184 [ 96AEED40D4D3521568B42027687E69E0 ] SymEFA C:\Windows\system32\drivers\N360x64\0502020.003\SYMEFA64.SYS
21:42:04.0934 12184 SymEFA - ok
21:42:04.0981 12184 [ 21A1C2D694C3CF962D31F5E873AB3D6F ] SymEvent C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
21:42:04.0981 12184 SymEvent - ok
21:42:05.0012 12184 [ BD0D711D8CBFCAA19CA123306EAF53A5 ] SymIRON C:\Windows\system32\drivers\N360x64\0502020.003\Ironx64.SYS
21:42:05.0012 12184 SymIRON - ok
21:42:05.0027 12184 [ A6ADB3D83023F8DAA0F7B6FDA785D83B ] SymNetS C:\Windows\System32\Drivers\N360x64\0502020.003\SYMNETS.SYS
21:42:05.0043 12184 SymNetS - ok
21:42:05.0090 12184 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
21:42:05.0090 12184 SysMain - ok
21:42:05.0121 12184 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
21:42:05.0121 12184 TabletInputService - ok
21:42:05.0137 12184 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
21:42:05.0152 12184 TapiSrv - ok
21:42:05.0168 12184 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
21:42:05.0183 12184 TBS - ok
21:42:05.0230 12184 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
21:42:05.0246 12184 Tcpip - ok
21:42:05.0261 12184 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
21:42:05.0277 12184 TCPIP6 - ok
21:42:05.0308 12184 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
21:42:05.0308 12184 tcpipreg - ok
21:42:05.0324 12184 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
21:42:05.0324 12184 TDPIPE - ok
21:42:05.0355 12184 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
21:42:05.0355 12184 TDTCP - ok
21:42:05.0402 12184 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
21:42:05.0402 12184 tdx - ok
21:42:05.0433 12184 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
21:42:05.0433 12184 TermDD - ok
21:42:05.0449 12184 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
21:42:05.0449 12184 TermService - ok
21:42:05.0464 12184 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
21:42:05.0464 12184 Themes - ok
21:42:05.0495 12184 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
21:42:05.0495 12184 THREADORDER - ok
21:42:05.0511 12184 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
21:42:05.0511 12184 TrkWks - ok
21:42:05.0558 12184 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
21:42:05.0558 12184 TrustedInstaller - ok
21:42:05.0589 12184 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
21:42:05.0605 12184 tssecsrv - ok
21:42:05.0636 12184 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
21:42:05.0636 12184 TsUsbFlt - ok
21:42:05.0683 12184 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
21:42:05.0683 12184 tunnel - ok
21:42:05.0698 12184 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
21:42:05.0698 12184 uagp35 - ok
21:42:05.0729 12184 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
21:42:05.0729 12184 udfs - ok
21:42:05.0761 12184 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
21:42:05.0761 12184 UI0Detect - ok
21:42:05.0792 12184 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
21:42:05.0792 12184 uliagpkx - ok
21:42:05.0823 12184 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
21:42:05.0823 12184 umbus - ok
21:42:05.0839 12184 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
21:42:05.0839 12184 UmPass - ok
21:42:05.0854 12184 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
21:42:05.0854 12184 upnphost - ok
21:42:05.0901 12184 [ AF1B9474D67897D0C2CFF58E0ACEACCC ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
21:42:05.0901 12184 USBAAPL64 - ok
21:42:05.0963 12184 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
21:42:05.0963 12184 usbaudio - ok
21:42:05.0979 12184 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
21:42:05.0979 12184 usbccgp - ok
21:42:06.0010 12184 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
21:42:06.0010 12184 usbcir - ok
21:42:06.0026 12184 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
21:42:06.0026 12184 usbehci - ok
21:42:06.0041 12184 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
21:42:06.0041 12184 usbhub - ok
21:42:06.0057 12184 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
21:42:06.0057 12184 usbohci - ok
21:42:06.0088 12184 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
21:42:06.0088 12184 usbprint - ok
21:42:06.0104 12184 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
21:42:06.0104 12184 usbscan - ok
21:42:06.0119 12184 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:42:06.0119 12184 USBSTOR - ok
21:42:06.0135 12184 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
21:42:06.0135 12184 usbuhci - ok
21:42:06.0166 12184 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
21:42:06.0166 12184 usbvideo - ok
21:42:06.0182 12184 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
21:42:06.0182 12184 UxSms - ok
21:42:06.0213 12184 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
21:42:06.0213 12184 VaultSvc - ok
21:42:06.0213 12184 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
21:42:06.0213 12184 vdrvroot - ok
21:42:06.0244 12184 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
21:42:06.0260 12184 vds - ok
21:42:06.0275 12184 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
21:42:06.0291 12184 vga - ok
21:42:06.0291 12184 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
21:42:06.0291 12184 VgaSave - ok
21:42:06.0322 12184 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
21:42:06.0322 12184 vhdmp - ok
21:42:06.0338 12184 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
21:42:06.0338 12184 viaide - ok
21:42:06.0353 12184 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
21:42:06.0353 12184 volmgr - ok
21:42:06.0385 12184 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
21:42:06.0400 12184 volmgrx - ok
21:42:06.0416 12184 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
21:42:06.0416 12184 volsnap - ok
21:42:06.0463 12184 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
21:42:06.0463 12184 vsmraid - ok
21:42:06.0509 12184 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
21:42:06.0525 12184 VSS - ok
21:42:06.0541 12184 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
21:42:06.0541 12184 vwifibus - ok
21:42:06.0572 12184 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
21:42:06.0572 12184 vwififlt - ok
21:42:06.0603 12184 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
21:42:06.0603 12184 vwifimp - ok
21:42:06.0619 12184 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
21:42:06.0634 12184 W32Time - ok
21:42:06.0650 12184 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
21:42:06.0650 12184 WacomPen - ok
21:42:06.0681 12184 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
21:42:06.0681 12184 WANARP - ok
21:42:06.0681 12184 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
21:42:06.0681 12184 Wanarpv6 - ok
21:42:06.0728 12184 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
21:42:06.0743 12184 WatAdminSvc - ok
21:42:06.0775 12184 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
21:42:06.0790 12184 wbengine - ok
21:42:06.0806 12184 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
21:42:06.0821 12184 WbioSrvc - ok
21:42:06.0853 12184 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
21:42:06.0853 12184 wcncsvc - ok
21:42:06.0868 12184 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
21:42:06.0868 12184 WcsPlugInService - ok
21:42:06.0884 12184 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
21:42:06.0884 12184 Wd - ok
21:42:06.0915 12184 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
21:42:06.0915 12184 Wdf01000 - ok
21:42:06.0931 12184 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
21:42:06.0931 12184 WdiServiceHost - ok
21:42:06.0931 12184 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
21:42:06.0931 12184 WdiSystemHost - ok
21:42:06.0977 12184 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
21:42:06.0977 12184 WebClient - ok
21:42:06.0993 12184 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
21:42:06.0993 12184 Wecsvc - ok
21:42:07.0009 12184 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
21:42:07.0009 12184 wercplsupport - ok
21:42:07.0024 12184 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
21:42:07.0024 12184 WerSvc - ok
21:42:07.0040 12184 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
21:42:07.0040 12184 WfpLwf - ok
21:42:07.0055 12184 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
21:42:07.0055 12184 WIMMount - ok
21:42:07.0071 12184 WinDefend - ok
21:42:07.0071 12184 WinHttpAutoProxySvc - ok
21:42:07.0102 12184 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
21:42:07.0118 12184 Winmgmt - ok
21:42:07.0165 12184 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
21:42:07.0180 12184 WinRM - ok
21:42:07.0211 12184 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
21:42:07.0211 12184 WinUsb - ok
21:42:07.0258 12184 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
21:42:07.0258 12184 Wlansvc - ok
21:42:07.0383 12184 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
21:42:07.0414 12184 wlidsvc - ok
21:42:07.0445 12184 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
21:42:07.0445 12184 WmiAcpi - ok
21:42:07.0461 12184 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
21:42:07.0461 12184 wmiApSrv - ok
21:42:07.0492 12184 WMPNetworkSvc - ok
21:42:07.0508 12184 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
21:42:07.0508 12184 WPCSvc - ok
21:42:07.0539 12184 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
21:42:07.0539 12184 WPDBusEnum - ok
21:42:07.0555 12184 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
21:42:07.0555 12184 ws2ifsl - ok
21:42:07.0570 12184 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
21:42:07.0570 12184 wscsvc - ok
21:42:07.0601 12184 [ 8D918B1DB190A4D9B1753A66FA8C96E8 ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys
21:42:07.0601 12184 WSDPrintDevice - ok
21:42:07.0601 12184 WSearch - ok
21:42:07.0664 12184 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
21:42:07.0679 12184 wuauserv - ok
21:42:07.0695 12184 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
21:42:07.0695 12184 WudfPf - ok
21:42:07.0726 12184 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
21:42:07.0742 12184 WUDFRd - ok
21:42:07.0757 12184 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
21:42:07.0757 12184 wudfsvc - ok
21:42:07.0789 12184 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
21:42:07.0789 12184 WwanSvc - ok
21:42:07.0835 12184 [ 74983ADDCA2D9618512C088D856D6615 ] {55662437-DA8C-40c0-AADA-2C816A897A49} c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl
21:42:07.0835 12184 {55662437-DA8C-40c0-AADA-2C816A897A49} - ok
21:42:07.0851 12184 ================ Scan global ===============================
21:42:07.0867 12184 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
21:42:07.0898 12184 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
21:42:07.0913 12184 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
21:42:07.0929 12184 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
21:42:07.0945 12184 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
21:42:07.0945 12184 [Global] - ok
21:42:07.0945 12184 ================ Scan MBR ==================================
21:42:07.0945 12184 [ 004E6614CDFE29D4A787E72B28C94708 ] \Device\Harddisk0\DR0
21:42:07.0945 12184 Suspicious mbr (Forged): \Device\Harddisk0\DR0
21:42:08.0007 12184 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
21:42:08.0007 12184 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
21:42:08.0007 12184 ================ Scan VBR ==================================
21:42:08.0007 12184 [ 5523D8C3D270D3D7C978384D27169FD3 ] \Device\Harddisk0\DR0\Partition1
21:42:08.0007 12184 \Device\Harddisk0\DR0\Partition1 - ok
21:42:08.0054 12184 [ 046BD4DA14A5AC799E9714CC5A1CDB23 ] \Device\Harddisk0\DR0\Partition2
21:42:08.0054 12184 \Device\Harddisk0\DR0\Partition2 - ok
21:42:08.0085 12184 [ D5C63AF99B8D883F53123946837F265E ] \Device\Harddisk0\DR0\Partition3
21:42:08.0085 12184 \Device\Harddisk0\DR0\Partition3 - ok
21:42:08.0085 12184 ============================================================
21:42:08.0085 12184 Scan finished
21:42:08.0085 12184 ============================================================
21:42:08.0085 6160 Detected object count: 1
21:42:08.0085 6160 Actual detected object count: 1
21:43:35.0162 6160 \Device\Harddisk0\DR0\# - copied to quarantine
21:43:35.0162 6160 \Device\Harddisk0\DR0 - copied to quarantine
21:43:35.0240 6160 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
21:43:35.0240 6160 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
21:43:35.0256 6160 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
21:43:35.0256 6160 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
21:43:35.0287 6160 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
21:43:35.0303 6160 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
21:43:35.0303 6160 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
21:43:35.0303 6160 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
21:43:35.0303 6160 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
21:43:35.0303 6160 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
21:43:35.0318 6160 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
21:43:35.0318 6160 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
21:43:35.0318 6160 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
21:43:35.0318 6160 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
21:43:35.0334 6160 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
21:43:35.0396 6160 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
21:43:35.0428 6160 \Device\Harddisk0\DR0 - ok
21:43:36.0769 6160 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
21:44:14.0630 9724 Deinitialize success


21:48:52.0601 3416 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
21:48:54.0614 3416 ============================================================
21:48:54.0614 3416 Current date / time: 2012/11/13 21:48:54.0614
21:48:54.0614 3416 SystemInfo:
21:48:54.0614 3416
21:48:54.0614 3416 OS Version: 6.1.7601 ServicePack: 1.0
21:48:54.0614 3416 Product type: Workstation
21:48:54.0614 3416 ComputerName: DENNIS-HP
21:48:54.0614 3416 UserName: Dennis
21:48:54.0614 3416 Windows directory: C:\Windows
21:48:54.0614 3416 System windows directory: C:\Windows
21:48:54.0614 3416 Running under WOW64
21:48:54.0614 3416 Processor architecture: Intel x64
21:48:54.0614 3416 Number of processors: 4
21:48:54.0614 3416 Page size: 0x1000
21:48:54.0614 3416 Boot type: Normal boot
21:48:54.0614 3416 ============================================================
21:49:04.0557 3416 BG loaded
21:49:05.0291 3416 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:49:05.0306 3416 ============================================================
21:49:05.0306 3416 \Device\Harddisk0\DR0:
21:49:05.0322 3416 MBR partitions:
21:49:05.0322 3416 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
21:49:05.0322 3416 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x72FC5800
21:49:05.0322 3416 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x72FF8000, BlocksNum 0x170E000
21:49:05.0322 3416 ============================================================
21:49:06.0663 3416 C: <-> \Device\Harddisk0\DR0\Partition2
21:49:09.0035 3416 D: <-> \Device\Harddisk0\DR0\Partition3
21:49:09.0035 3416 ============================================================
21:49:09.0035 3416 Initialize success
21:49:09.0035 3416 ============================================================
dvk01's Avatar
dvk01   (Derek) dvk01 is offline dvk01 is authorized to help remove malware.
Moderator & Malware Removal Specialist with 45,738 posts.
 
Join Date: Dec 2002
Location: Loughton, Essex, UK
14-Nov-2012, 07:10 AM #5
next step
Delete any existing version of ComboFix you have sitting on your desktop
Please read and follow all these instructions very carefully
Do not edit or remove any information or user names etc, otherwise we cannot fix the problem. If you insist on editing out anything then I will close the topic & refuse to offer any help.

Download ComboFix from Hereto your Desktop.
As you download it rename it to username123.exe


**Note: It is important that it is saved directly to your desktop and run from the desktop and not any other folder on your computer**
--------------------------------------------------------------------
1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Very Important! Temporarily disable your anti-virus and anti-malware real-time protection and any script blocking components of them or your firewall before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results" or stop combofix running at all
  • Click on THIS LINK to see instructions on how to temporarily disable many security programs while running combofix. The list does not cover every program. If yours is not listed and you don't know how to disable it, please ask.
  • Remember to re enable the protection again after combofix has finished
--------------------------------------------------------------------
2. Close any open browsers and any other programs you might have running
Double click on renamed combofix.exe & follow the prompts.
If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?"
Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt" for further review


****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.Read HERE why we disable autoruns

Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version.

Please tell us if it has cured the problems or if there are any outstanding issues

*EXTRA NOTES*
  • If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
  • If Combofix reboot is due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
  • If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

Post the log in next reply please...
FlyingSafe's Avatar
FlyingSafe FlyingSafe is offline
Member with 16 posts.
THREAD STARTER
 
Join Date: Nov 2012
14-Nov-2012, 08:50 AM #6
After running combofix this log appeard on my screen. It didnt prompt me to reboot. So I'm sending the log file and then I will do a restart on my own. Here is the log:

ComboFix 12-11-13.03 - Dennis 11/14/2012 6:12.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8119.5895 [GMT -6:00]
Running from: c:\users\Dennis\Desktop\username123.exe
AV: Norton Security Suite *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Security Suite *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Security Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ntuser.dat
c:\users\Dennis\AppData\Roaming\IVST Manager
c:\users\Dennis\Documents\~WRL0005.tmp
c:\users\Dennis\Documents\~WRL0006.tmp
c:\users\Dennis\Documents\~WRL0011.tmp
c:\users\Dennis\Documents\~WRL0044.tmp
c:\users\Dennis\Documents\~WRL0106.tmp
c:\users\Dennis\Documents\~WRL0199.tmp
c:\users\Dennis\Documents\~WRL1293.tmp
c:\users\Dennis\Documents\~WRL1730.tmp
c:\users\Dennis\Documents\~WRL1966.tmp
c:\users\Dennis\Documents\~WRL2020.tmp
c:\users\Dennis\Documents\~WRL2906.tmp
c:\windows\svchost.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-10-14 to 2012-11-14 )))))))))))))))))))))))))))))))
.
.
2012-11-14 12:23 . 2012-11-14 12:23 -------- d-----w- c:\users\postgres\AppData\Local\temp
2012-11-14 12:23 . 2012-11-14 12:23 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-11-14 12:23 . 2012-11-14 12:23 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-14 09:11 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-11-14 09:11 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-11-14 09:11 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2012-11-14 09:11 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
2012-11-14 09:02 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2012-11-14 09:02 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2012-11-14 09:02 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
2012-11-14 09:02 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2012-11-14 09:02 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2012-11-14 09:02 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2012-11-14 09:02 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2012-11-14 03:43 . 2012-11-14 03:43 -------- d-----w- C:\TDSSKiller_Quarantine
2012-10-31 18:16 . 2012-10-31 18:16 -------- d-----w- c:\users\Dennis\AppData\Roaming\Malwarebytes
2012-10-31 18:15 . 2012-10-31 18:15 -------- d-----w- c:\programdata\Malwarebytes
2012-10-31 18:15 . 2012-10-31 18:15 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-10-31 18:15 . 2012-09-30 00:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-10-25 04:32 . 2012-10-25 04:32 163056 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10142.bin
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-14 09:35 . 2010-06-03 18:54 295254 ----a-w- C:\DUMP4e9c.tmp
2012-10-11 08:04 . 2010-06-17 07:40 65309168 ----a-w- c:\windows\system32\MRT.exe
2012-09-14 19:19 . 2012-10-10 15:40 2048 ----a-w- c:\windows\system32\tzres.dll
2012-09-14 18:28 . 2012-10-10 15:40 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-08-31 18:19 . 2012-10-10 15:40 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-08-24 18:05 . 2012-10-10 15:40 220160 ----a-w- c:\windows\system32\wintrust.dll
2012-08-24 16:57 . 2012-10-10 15:40 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-08-22 18:12 . 2012-09-12 06:28 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-08-22 18:12 . 2012-09-12 06:28 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-08-22 18:12 . 2012-09-12 06:28 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-21 21:01 . 2012-09-26 12:34 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-08-21 18:01 . 2012-10-13 19:49 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-08-21 18:01 . 2010-06-17 05:21 125872 ----a-w- c:\windows\system32\GEARAspi64.dll
2012-08-21 18:01 . 2010-06-17 05:21 106928 ----a-w- c:\windows\SysWow64\GEARAspi.dll
2012-08-20 18:48 . 2012-10-10 15:40 362496 ----a-w- c:\windows\system32\wow64win.dll
2012-08-20 18:48 . 2012-10-10 15:40 243200 ----a-w- c:\windows\system32\wow64.dll
2012-08-20 18:48 . 2012-10-10 15:40 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2012-08-20 18:48 . 2012-10-10 15:40 215040 ----a-w- c:\windows\system32\winsrv.dll
2012-08-20 18:48 . 2012-10-10 15:40 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2012-08-20 18:48 . 2012-10-10 15:40 424448 ----a-w- c:\windows\system32\KernelBase.dll
2012-08-20 18:48 . 2012-10-10 15:40 1162240 ----a-w- c:\windows\system32\kernel32.dll
2012-08-20 18:46 . 2012-10-10 15:40 338432 ----a-w- c:\windows\system32\conhost.exe
2012-08-20 18:38 . 2012-10-10 15:40 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 15:40 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 15:40 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 15:40 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 15:40 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 15:40 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 15:40 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 15:40 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 15:40 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 15:40 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 15:40 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 15:40 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 15:40 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 15:40 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 15:40 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 15:40 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 15:40 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 15:40 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 15:40 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 15:40 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 15:40 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 15:40 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 15:40 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 15:40 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 15:40 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 15:40 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 15:40 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 15:40 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2012-08-20 17:40 . 2012-10-10 15:40 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2012-08-20 17:38 . 2012-10-10 15:40 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-08-20 17:38 . 2012-10-10 15:40 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2012-08-20 17:37 . 2012-10-10 15:40 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2012-08-20 17:37 . 2012-10-10 15:40 274944 ----a-w- c:\windows\SysWow64\KernelBase.dll
2012-08-20 17:32 . 2012-10-10 15:40 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 15:40 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 15:40 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 15:40 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 15:40 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 15:40 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 15:40 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 15:40 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 15:40 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 15:40 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 15:40 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 15:40 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 15:40 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 15:40 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 15:40 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 15:40 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 15:40 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 15:40 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 15:40 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 15:40 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 15:40 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 15:40 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 15:40 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 15:40 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
2012-08-20 15:38 . 2012-10-10 15:40 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2012-08-20 15:38 . 2012-10-10 15:40 2048 ----a-w- c:\windows\SysWow64\user.exe
2012-08-20 15:33 . 2012-10-10 15:40 6144 ---ha-w- c:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-08-20 15:33 . 2012-10-10 15:40 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-20 15:33 . 2012-10-10 15:40 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-08-20 15:33 . 2012-10-10 15:40 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{f999a48b-1950-4d81-9971-79018f807b4b}"= "c:\program files (x86)\FreeOnlineRadioPlayerRecorder\prxtbFre0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{f999a48b-1950-4d81-9971-79018f807b4b}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 14:54 175912 ----a-w- c:\program files (x86)\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{f999a48b-1950-4d81-9971-79018f807b4b}]
2011-01-17 14:54 175912 ----a-w- c:\program files (x86)\FreeOnlineRadioPlayerRecorder\prxtbFre0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{f999a48b-1950-4d81-9971-79018f807b4b}"= "c:\program files (x86)\FreeOnlineRadioPlayerRecorder\prxtbFre0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{f999a48b-1950-4d81-9971-79018f807b4b}]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\ex plorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Dennis\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\ex plorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Dennis\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\ex plorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Dennis\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\ex plorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Dennis\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPAdvisorDock"="c:\program files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe" [2010-09-28 1715768]
"Desktop Software"="c:\program files (x86)\Common Files\SupportSoft\bin\bcont.exe" [2009-04-24 1025320]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-05-10 39408]
"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2012-08-29 59280]
"ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2012-09-10 59280]
"com.apple.dav.bookmarks.daemon"="c:\program files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe" [2012-09-05 59280]
"ComcastAntispyClient"="c:\program files (x86)\comcasttb\ComcastSpywareScan\ComcastAntispy.exe" [2009-08-19 1589208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ru n]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-09-27 59240]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]
"GIDDesktop"="c:\program files (x86)\SFT\GuardedID\gidd.exe" [2011-07-05 395528]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-09-08 98304]
"ddoctorv2"="c:\program files (x86)\Comcast\Desktop Doctor\bin\sprtcmd.exe" [2008-04-24 202560]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776]
.
c:\users\Dennis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Dennis\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Constant Guard.lnk - c:\program files (x86)\Constant Guard Protection Suite\IDVault.exe [2012-10-16 5958256]
HP Digital Imaging Monitor.lnk - c:\program files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe [2009-6-3 430080]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\syste m]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 lxdwCATSCustConnectService;lxdwCATSCustConnectService;c:\windows\system32\s pool\DRIVERS\x64\3\\lxdwserv.exe [2009-10-16 33960]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-10-02 3064000]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 ATIXPGAA;ATIXPGAA; [x]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
R3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;c:\windows\system32\drivers\BVRPMPR5a64.SYS [2009-10-01 35840]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2012-01-18 351136]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-17 1255736]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0502020.003\SYMDS64.SYS [2011-01-27 450680]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0502020.003\SYMEFA64.SYS [2011-03-15 912504]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20121030.002\BHDrvx64.sys [2012-10-05 1385632]
S1 GIDv2;GIDv2; [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20121113.006\IDSvia64.sys [2012-09-06 513184]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0502020.003\Ironx64.SYS [2010-11-16 171128]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\0502020.003\SYMNETS.SYS [2011-04-21 386168]
S2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2010/05/12 19:30];c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2010-03-03 06:03 146928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-06-01 203776]
S2 AntiSpywareService;Comcast AntiSpyware;c:\program files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe [2009-06-17 616408]
S2 CinemaNow Service;CinemaNow Service;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [2010-02-26 127984]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 IDVaultSvc;CGPS Service;c:\program files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe [2012-10-16 61552]
S2 lxdw_device;lxdw_device;c:\windows\system32\lxdwcoms.exe [2009-10-16 1044136]
S2 N360;Norton Security Suite;c:\program files (x86)\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe [2011-04-17 130008]
S2 pgsql-8.3;PostgreSQL Database Server 8.3;c:\program files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe [2009-12-10 65536]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-04-19 115216]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-05-18 47616]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-08-09 138912]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2009-12-19 852256]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-03-04 346144]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
svcboot REG_MULTI_SZ svcboot
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{9191979D-821C-4EA8-B021-2DA1D859A7C5}-3Reg]
2011-07-05 16:26 435976 ----a-w- c:\program files (x86)\SFT\GuardedID\GIDI.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-10 13:00]
.
2012-11-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-10 13:00]
.
2012-11-14 c:\windows\Tasks\HPCeeScheduleForDennis.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 03:15]
.
2012-11-08 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdrcui.exe [2010-02-01 23:02]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Dennis\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Dennis\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Dennis\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Dennis\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2010-01-18 568888]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-10 1873256]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
"lxdwmon.exe"="c:\program files (x86)\Lexmark 7600 Series\lxdwmon.exe" [2010-02-10 676520]
"EzPrint"="c:\program files (x86)\Lexmark 7600 Series\ezprint.exe" [2010-02-10 131752]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
DPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73} - hxxps://www.icloud.com/system/iCloud.cab
DPF: {AFD8A3A3-8B73-444B-82F2-2E4345FA5B38} - hxxp://www.comcastsupport.com/sdcxuser/oneclickfix/scripts/Comcast.Ocf.cab
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-MaxMySpeed Registry Cleaner - c:\program files (x86)\cyberdefender\registry scanner\Startcdrc.exe
Wow6432Node-HKCU-Run-POEngine5 - (no file)
Wow6432Node-HKCU-Run-MobileDocuments - c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe
SafeBoot-84599447.sys
WebBrowser-{F999A48B-1950-4D81-9971-79018F807B4B} - (no file)
AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton Security Suite\Engine\5.2.2.3\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{55662437-DA8C-40c0-AADA-2C816A897A49}]
"ImagePath"="\??\c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_ 3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX .exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Cryptography\RNG*]
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1 d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99, \
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1 d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99, \
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1 d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99, \
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01 ,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,74,96,37,5c,c4,92,b3,40,a3,a7,e3, \
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01 ,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,74,96,37,5c,c4,92,b3,40,a3,a7,e3, \
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-11-14 06:45:51
ComboFix-quarantined-files.txt 2012-11-14 12:45
.
Pre-Run: 867,805,986,816 bytes free
Post-Run: 866,735,902,720 bytes free
.
- - End Of File - - D33CD656D05123C4200DC375A7189D45
dvk01's Avatar
dvk01   (Derek) dvk01 is offline dvk01 is authorized to help remove malware.
Moderator & Malware Removal Specialist with 45,738 posts.
 
Join Date: Dec 2002
Location: Loughton, Essex, UK
14-Nov-2012, 09:10 AM #7
are you getting any problems now
I can't see any obvious problems still there
FlyingSafe's Avatar
FlyingSafe FlyingSafe is offline
Member with 16 posts.
THREAD STARTER
 
Join Date: Nov 2012
14-Nov-2012, 09:19 AM #8
It still has an issue. I googled "tech support guy" and this link was near the top. I clicked on this link,
Tech Support Guy - Free help for Windows 8, 7, Vista, XP, and more!

forums.techguy.org/

But this appead in the URL bar http://privatesearchforu.com/
dvk01's Avatar
dvk01   (Derek) dvk01 is offline dvk01 is authorized to help remove malware.
Moderator & Malware Removal Specialist with 45,738 posts.
 
Join Date: Dec 2002
Location: Loughton, Essex, UK
14-Nov-2012, 09:36 AM #9
reset your router to default
it looks like it has been hijacked to divert searches via a dodgy dns server
FlyingSafe's Avatar
FlyingSafe FlyingSafe is offline
Member with 16 posts.
THREAD STARTER
 
Join Date: Nov 2012
14-Nov-2012, 09:37 AM #10
I just googled "xfinity remote codes" and this link was at the top

Xfinity® Customer Central | Comcast.com

www.comcast.com/Help

bit when I clicked on it, the url bar read like this:

http://beesq.net/find_1.php?k=xfinit...t=11962&bbnx=1

And it went to a site that had the word bees at the top with a picture of a bee
dvk01's Avatar
dvk01   (Derek) dvk01 is offline dvk01 is authorized to help remove malware.
Moderator & Malware Removal Specialist with 45,738 posts.
 
Join Date: Dec 2002
Location: Loughton, Essex, UK
14-Nov-2012, 09:52 AM #11
have you reset router
FlyingSafe's Avatar
FlyingSafe FlyingSafe is offline
Member with 16 posts.
THREAD STARTER
 
Join Date: Nov 2012
14-Nov-2012, 10:00 AM #12
Sorry - my last message was a simultaneous post. I have reset the routher to default now. I repeated the google tech guys with the same result -- it went to http://privatesearchforu.com/

I have to run to a Dr Appt now. I'll be back in two hours and will follow any instructions you leave for me. Thanks
dvk01's Avatar
dvk01   (Derek) dvk01 is offline dvk01 is authorized to help remove malware.
Moderator & Malware Removal Specialist with 45,738 posts.
 
Join Date: Dec 2002
Location: Loughton, Essex, UK
14-Nov-2012, 10:09 AM #13
Download OTScanIt.exe to your Desktop
  • Close any open browsers.
  • If your Real protection or Antivirus intervenes with OTScanIt, allow it to run.
  • Double-click on OTS.exe to start the program.
  • In the Files Age drop down box click 120
  • Now on the toolbar at the top select "Scan all users" then click the Run Scan button
  • The program will be scanning huge amounts of data so depending on your system it could take a long time to complete. Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Save that notepad file
If the log is too large to post, use the Reply button, scroll down to the attachments section and attach the notepad file here.
FlyingSafe's Avatar
FlyingSafe FlyingSafe is offline
Member with 16 posts.
THREAD STARTER
 
Join Date: Nov 2012
14-Nov-2012, 12:33 PM #14
Here is the OTSscanit log file:
Code:
OTS logfile created on: 11/14/2012 10:21:09 AM - Run 1
OTS by OldTimer - Version 3.1.47.2     Folder = C:\Users\Dennis\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
8.00 Gb Total Physical Memory | 4.00 Gb Available Physical Memory | 52.00% Memory free
16.00 Gb Paging File | 12.00 Gb Available in Paging File | 74.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 919.89 Gb Total Space | 806.95 Gb Free Space | 87.72% Space Free | Partition Type: NTFS
Drive D: | 11.53 Gb Total Space | 1.40 Gb Free Space | 12.18% Space Free | Partition Type: NTFS
Drive E: | 482.40 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: DENNIS-HP
Current User Name: Dennis
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
 
[Processes - Safe List]
ots.exe -> C:\Users\Dennis\Desktop\OTS.exe -> [2012/11/14 10:17:29 | 000,646,656 | ---- | M] (OldTimer Tools)
idvaultsvc.exe -> C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe -> [2012/10/16 11:20:28 | 000,061,552 | ---- | M] (White Sky, Inc.)
idvault.exe -> C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe -> [2012/10/16 11:20:26 | 005,958,256 | ---- | M] (White Sky, Inc.)
c2c_service.exe -> C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -> [2012/10/02 11:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.)
applephotostreams.exe -> C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe -> [2012/09/10 15:58:16 | 000,059,280 | ---- | M] (Apple Inc.)
bookmarkdav_client.exe -> C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe -> [2012/09/05 03:04:08 | 000,059,280 | ---- | M] (Apple Inc.)
icloudservices.exe -> C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe -> [2012/08/29 13:00:12 | 000,059,280 | ---- | M] (Apple Inc.)
apsdaemon.exe -> C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe -> [2012/08/27 20:32:54 | 000,059,280 | ---- | M] (Apple Inc.)
acrord32.exe -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe -> [2012/07/31 05:24:07 | 000,357,840 | ---- | M] (Adobe Systems Incorporated)
dropbox.exe -> C:\Users\Dennis\AppData\Roaming\Dropbox\bin\Dropbox.exe -> [2012/05/24 12:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.)
gidd.exe -> C:\Program Files (x86)\SFT\GuardedID\GIDD.exe -> [2011/07/05 10:24:06 | 000,395,528 | ---- | M] (StrikeForce Technologies Inc.)
ccsvchst.exe -> C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\ccsvchst.exe -> [2011/04/16 18:45:11 | 000,130,008 | R--- | M] (Symantec Corporation)
hpdrvmntsvc.exe -> C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -> [2011/03/28 16:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company)
seaport.exe -> C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -> [2011/02/25 08:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation)
cinemanowsvc.exe -> C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe -> [2010/02/26 17:27:16 | 000,127,984 | ---- | M] (CinemaNow, Inc.)
ezprint.exe -> C:\Program Files (x86)\Lexmark 7600 Series\ezprint.exe -> [2010/02/10 08:04:48 | 000,131,752 | ---- | M] (Lexmark International Inc.)
lxdwmon.exe -> C:\Program Files (x86)\Lexmark 7600 Series\lxdwmon.exe -> [2010/02/10 08:04:44 | 000,676,520 | ---- | M] ()
smartmenu.exe -> C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe -> [2010/01/18 11:21:08 | 000,568,888 | ---- | M] ()
pg_ctl.exe -> C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe -> [2009/12/10 01:39:04 | 000,065,536 | ---- | M] (PostgreSQL Global Development Group)
postgres.exe -> C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe -> [2009/12/10 01:37:16 | 003,690,496 | ---- | M] (PostgreSQL Global Development Group)
comcastantispy.exe -> C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpy.exe -> [2009/08/19 11:25:52 | 001,589,208 | ---- | M] ()
svchost.exe -> \\.\globalroot\systemroot\svchost.exe -> [2009/07/13 19:14:45 | 000,020,480 | ---- | M] ()
comcastantispyservice.exe -> C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe -> [2009/06/17 11:49:44 | 000,616,408 | ---- | M] ()
picturemover.exe -> C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe -> [2009/06/03 13:35:16 | 000,430,080 | ---- | M] (Hewlett-Packard Company)
bcont.exe -> C:\Program Files (x86)\Common Files\SupportSoft\bin\bcont.exe -> [2009/04/24 00:57:42 | 001,025,320 | ---- | M] (SupportSoft, Inc.)
hpsysdrv.exe -> C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe -> [2008/11/20 11:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard)
sprtsvc.exe -> C:\Program Files (x86)\Comcast\Desktop Doctor\bin\sprtsvc.exe -> [2008/04/24 11:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.)
sprtcmd.exe -> C:\Program Files (x86)\Comcast\Desktop Doctor\bin\sprtcmd.exe -> [2008/04/24 11:25:22 | 000,202,560 | ---- | M] (SupportSoft, Inc.)
itmrtsvc.exe -> C:\Program Files (x86)\CA\PPRT\bin\ITMRTSVC.exe -> [2007/09/26 13:55:04 | 000,283,912 | ---- | M] (CA, Inc.)
 
[Modules - No Company Name]
windowsformsintegration.ni.dll -> C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\9f7b241c4cff24e6d0b554efb60aa8be\WindowsFormsIntegration.ni.dll -> [2012/11/14 03:47:17 | 000,240,128 | ---- | M] ()
system.workflowservices.ni.dll -> C:\Windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\0cb48ee4524d818a38028e44d6ba2968\System.WorkflowServices.ni.dll -> [2012/11/14 03:47:15 | 001,358,336 | ---- | M] ()
system.servicemodel.web.ni.dll -> C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\30f9318fcf980a0ac504421c663d24e5\System.ServiceModel.Web.ni.dll -> [2012/11/14 03:46:54 | 001,707,008 | ---- | M] ()
system.management.ni.dll -> C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\66694f9192bd0dddc2eaf90fbcbcd555\System.Management.ni.dll -> [2012/11/14 03:45:57 | 001,051,136 | ---- | M] ()
system.identitymodel.ni.dll -> C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\40267c1bec60c4b94be794a65a4a8a49\System.IdentityModel.ni.dll -> [2012/11/14 03:45:14 | 001,083,392 | ---- | M] ()
system.runtime.serialization.ni.dll -> C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\fecb0ca59057e9d190318551d40feb22\System.Runtime.Serialization.ni.dll -> [2012/11/14 03:45:12 | 002,347,008 | ---- | M] ()
smdiagnostics.ni.dll -> C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\3d3f043f645c0afeee0f7ed04c5e26e7\SMDiagnostics.ni.dll -> [2012/11/14 03:45:11 | 000,256,000 | ---- | M] ()
system.servicemodel.ni.dll -> C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\8cdf7f9bde2b780692428f439f0f5a08\System.ServiceModel.ni.dll -> [2012/11/14 03:45:09 | 017,478,656 | ---- | M] ()
presentationframework.aero.ni.dll -> C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7c4de95aa433eb8d81a81caf805947a8\PresentationFramework.Aero.ni.dll -> [2012/11/14 03:41:30 | 000,368,128 | ---- | M] ()
system.serviceprocess.ni.dll -> C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\17796f2951c17ebf92dd4b7c9b3ce556\System.ServiceProcess.ni.dll -> [2012/11/14 03:41:29 | 000,212,992 | ---- | M] ()
system.web.services.ni.dll -> C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\cf840dca36a7b949696ce331d0532d3e\System.Web.Services.ni.dll -> [2012/11/14 03:41:24 | 001,840,640 | ---- | M] ()
system.web.ni.dll -> C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\03cfab5534482e8fc313ead6edc19100\System.Web.ni.dll -> [2012/11/14 03:41:23 | 011,833,344 | ---- | M] ()
system.runtime.remoting.ni.dll -> C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\413288993ff690e8251d2dbe32bee01f\System.Runtime.Remoting.ni.dll -> [2012/11/14 03:41:19 | 000,771,584 | ---- | M] ()
system.data.ni.dll -> C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\3d4e9d4f6c945d6d3b7d423fdb6bd274\System.Data.ni.dll -> [2012/11/14 03:41:18 | 006,611,456 | ---- | M] ()
system.transactions.ni.dll -> C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\4d7a457d9f9adcce4d201119b5179c29\System.Transactions.ni.dll -> [2012/11/14 03:41:18 | 000,627,200 | ---- | M] ()
presentationframework.ni.dll -> C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\1ec80905a71750be50dfc7981ad5ae28\PresentationFramework.ni.dll -> [2012/11/14 03:41:11 | 014,340,608 | ---- | M] ()
system.windows.forms.ni.dll -> C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d040079bc7148afeca03c5abb6fc3c61\System.Windows.Forms.ni.dll -> [2012/11/14 03:41:01 | 012,436,480 | ---- | M] ()
system.drawing.ni.dll -> C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll -> [2012/11/14 03:40:57 | 001,591,808 | ---- | M] ()
uiautomationprovider.ni.dll -> C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\aa983d1ad8df4422c0859ab4d6e19a83\UIAutomationProvider.ni.dll -> [2012/11/14 03:40:55 | 000,060,928 | ---- | M] ()
presentationcore.ni.dll -> C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\53d6d827964619285771ed72332d3659\PresentationCore.ni.dll -> [2012/11/14 03:40:54 | 012,237,824 | ---- | M] ()
windowsbase.ni.dll -> C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b311b783e1efaa9527f4c2c9680c44d1\WindowsBase.ni.dll -> [2012/11/14 03:40:47 | 003,347,968 | ---- | M] ()
system.security.ni.dll -> C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\3079aabe5fd4f325656d52b94b19ae2e\System.Security.ni.dll -> [2012/11/14 03:40:46 | 000,680,448 | ---- | M] ()
system.xml.ni.dll -> C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\25e672ea505e50ab058258ac72a54f02\System.Xml.ni.dll -> [2012/11/14 03:40:44 | 005,452,800 | ---- | M] ()
system.ni.dll -> C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll -> [2012/11/14 03:40:41 | 007,988,736 | ---- | M] ()
system.configuration.ni.dll -> C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c64ca3678261c8ffcd9e7efd1af6ed54\System.Configuration.ni.dll -> [2012/11/14 03:40:41 | 000,971,264 | ---- | M] ()
mscorlib.ni.dll -> C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll -> [2012/11/14 03:40:37 | 011,493,376 | ---- | M] ()
idvaultcore.xmlserializers.dll -> C:\Program Files (x86)\Constant Guard Protection Suite\IdVaultCore.XmlSerializers.dll -> [2012/10/16 11:20:27 | 000,104,048 | ---- | M] ()
sqlite3.dll -> C:\Program Files (x86)\Constant Guard Protection Suite\sqlite3.dll -> [2012/10/12 13:52:26 | 000,548,040 | ---- | M] ()
hp.activesupportlibrary.dll -> C:\Windows\assembly\GAC_MSIL\HP.ActiveSupportLibrary\2.0.0.1__01a974bc1760f423\HP.ActiveSupportLibrary.dll -> [2012/08/14 15:33:36 | 000,036,920 | ---- | M] ()
zlib1.dll -> C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll -> [2011/06/24 21:56:36 | 000,087,328 | ---- | M] ()
libxml2.dll -> C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll -> [2011/06/24 21:56:14 | 001,241,888 | ---- | M] ()
office.odf -> C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF -> [2011/03/16 23:11:16 | 004,297,568 | ---- | M] ()
system.data.dll -> C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll -> [2010/11/04 19:58:05 | 002,927,616 | ---- | M] ()
grooveintlresource.dll -> C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll -> [2010/10/20 14:45:26 | 008,801,120 | ---- | M] ()
pcalertspillar.dll -> C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll -> [2010/09/28 13:00:32 | 000,061,440 | ---- | M] ()
eclibrary.dll -> C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll -> [2010/09/28 13:00:30 | 000,131,072 | ---- | M] ()
microsoft.practices.enterpriselibrary.exceptionhandling.logging.dll -> C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll -> [2010/09/28 13:00:14 | 000,028,672 | ---- | M] ()
microsoft.mshtml.dll -> C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll -> [2010/07/01 14:22:41 | 008,007,680 | ---- | M] ()
lxdwmon.exe -> C:\Program Files (x86)\Lexmark 7600 Series\lxdwmon.exe -> [2010/02/10 08:04:44 | 000,676,520 | ---- | M] ()
lxdwcaps.dll -> C:\Program Files (x86)\Lexmark 7600 Series\lxdwcaps.dll -> [2010/02/10 07:51:53 | 000,081,920 | ---- | M] ()
lxdwscw.dll -> C:\Program Files (x86)\Lexmark 7600 Series\lxdwscw.dll -> [2010/02/10 07:51:37 | 000,380,928 | ---- | M] ()
lxdwdrs.dll -> C:\Program Files (x86)\Lexmark 7600 Series\lxdwdrs.dll -> [2010/02/10 07:51:34 | 001,036,288 | ---- | M] ()
iptk.dll -> C:\Program Files (x86)\Lexmark 7600 Series\iptk.dll -> [2010/02/10 07:47:51 | 000,380,928 | ---- | M] ()
lxdwdatr.dll -> C:\Program Files (x86)\Lexmark 7600 Series\lxdwdatr.dll -> [2010/02/10 07:25:20 | 000,188,416 | ---- | M] ()
lxdwcnv4.dll -> C:\Program Files (x86)\Lexmark 7600 Series\lxdwcnv4.dll -> [2010/02/10 07:25:11 | 000,069,632 | ---- | M] ()
smartmenu.exe -> C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe -> [2010/01/18 11:21:08 | 000,568,888 | ---- | M] ()
comcastantispy.exe -> C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpy.exe -> [2009/08/19 11:25:52 | 001,589,208 | ---- | M] ()
msjetoledb40.dll -> C:\Windows\SysWOW64\msjetoledb40.dll -> [2009/07/13 19:15:45 | 000,364,544 | ---- | M] ()
easyhook32.dll -> C:\Windows\SysWOW64\EasyHook32.dll -> [2009/06/12 16:32:16 | 000,104,456 | ---- | M] ()
system.transactions.dll -> C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll -> [2009/06/10 15:23:19 | 000,261,632 | ---- | M] ()
presentation.dll -> C:\Users\Dennis\AppData\Roaming\PictureMover\EN-US\Presentation.dll -> [2009/06/03 13:43:14 | 001,703,936 | ---- | M] ()
core.dll -> C:\Users\Dennis\AppData\Roaming\PictureMover\Bin\Core.dll -> [2009/06/03 13:34:18 | 003,764,224 | ---- | M] ()
sqlite.dll -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\sqlite.dll -> [2009/02/27 11:52:56 | 000,258,048 | ---- | M] ()
lxdwptp.dll -> C:\Program Files (x86)\Lexmark 7600 Series\lxdwptp.dll -> [2008/03/17 03:52:47 | 000,151,552 | ---- | M] ()
 
[Win32 Services - Safe List]
64bit-(AMD External Events Utility)  [Auto | Running] -> C:\Windows\SysNative\atiesrxx.exe -> [2011/06/01 00:58:10 | 000,203,776 | ---- | M] (AMD)
64bit-(lxdw_device)  [Auto | Running] -> C:\Windows\SysNative\lxdwcoms.exe -> [2009/10/16 09:09:18 | 001,044,136 | ---- | M] ( )
64bit-(lxdwCATSCustConnectService)  [Auto | Stopped] -> C:\Windows\SysNative\spool\DRIVERS\x64\3\\lxdwserv.exe -> [2009/10/16 09:09:08 | 000,033,960 | ---- | M] ()
64bit-(WinDefend)  [On_Demand | Stopped] -> C:\Program Files\Windows Defender\MpSvc.dll -> [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation)
(IDVaultSvc) CGPS Service [Auto | Running] -> C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe -> [2012/10/16 11:20:28 | 000,061,552 | ---- | M] (White Sky, Inc.)
(Skype C2C Service) Skype C2C Service [Auto | Running] -> C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -> [2012/10/02 11:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.)
(SkypeUpdate) Skype Updater [Auto | Stopped] -> C:\Program Files (x86)\Skype\Updater\Updater.exe -> [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies)
(HP Support Assistant Service) HP Support Assistant Service [Auto | Running] -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe -> [2011/09/09 16:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company)
(N360) Norton Security Suite [Unknown | Running] -> C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe -> [2011/04/16 18:45:11 | 000,130,008 | R--- | M] (Symantec Corporation)
(HPDrvMntSvc.exe) HP Quick Synchronization Service [Auto | Running] -> C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -> [2011/03/28 16:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company)
(BBSvc) Bing Bar Update Service [On_Demand | Stopped] -> C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -> [2011/02/28 16:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.)
(SeaPort) SeaPort [Auto | Running] -> C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -> [2011/02/25 08:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation)
(HPSLPSVC) HP Network Devices Support [Auto | Running] -> C:\Program Files (x86)\Hp\Digital Imaging\bin\HPSLPSVC64.DLL -> [2010/10/22 12:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.)
(clr_optimization_v4.0.30319_32) Microsoft .NET Framework NGEN v4.0.30319_X86 [Auto | Stopped] -> C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -> [2010/03/18 11:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation)
(CinemaNow Service) CinemaNow Service [Auto | Running] -> C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe -> [2010/02/26 17:27:16 | 000,127,984 | ---- | M] (CinemaNow, Inc.)
(GameConsoleService) GameConsoleService [On_Demand | Stopped] -> C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -> [2010/01/04 12:03:42 | 000,238,328 | ---- | M] (WildTangent, Inc.)
(pgsql-8.3) PostgreSQL Database Server 8.3 [Auto | Running] -> C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe -> [2009/12/10 01:39:04 | 000,065,536 | ---- | M] (PostgreSQL Global Development Group)
(lxdw_device) lxdw_device [Auto | Running] -> C:\Windows\SysWow64\lxdwcoms.exe -> [2009/10/16 09:08:51 | 000,594,600 | ---- | M] ( )
(AntiSpywareService) Comcast AntiSpyware [Auto | Running] -> C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe -> [2009/06/17 11:49:44 | 000,616,408 | ---- | M] ()
(clr_optimization_v2.0.50727_32) Microsoft .NET Framework NGEN v2.0.50727_X86 [Disabled | Stopped] -> C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -> [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation)
(sprtsvc_ddoctorv2) SupportSoft Sprocket Service (ddoctorv2) [Auto | Running] -> C:\Program Files (x86)\Comcast\Desktop Doctor\bin\sprtsvc.exe -> [2008/04/24 11:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.)
(Symantec RemoteAssist) Symantec RemoteAssist [On_Demand | Stopped] -> C:\Program Files (x86)\Common Files\Symantec Shared\Support Controls\ssrc.exe -> [2008/01/29 14:09:02 | 000,394,704 | ---- | M] (Symantec, Inc.)
(ITMRTSVC) CA Pest Patrol Realtime Protection Service [Auto | Running] -> C:\Program Files (x86)\CA\PPRT\bin\ITMRTSVC.exe -> [2007/09/26 13:55:04 | 000,283,912 | ---- | M] (CA, Inc.)
 
[Driver Services - Safe List]
64bit-(GEARAspiWDM) GEAR ASPI Filter Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\GEARAspiWDM.sys -> [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.)
64bit-(USBAAPL64) Apple Mobile USB Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\usbaapl64.sys -> [2012/07/09 12:42:54 | 000,052,736 | ---- | M] (Apple, Inc.)
64bit-(SymEvent) SymEvent [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -> [2012/02/27 18:24:36 | 000,174,200 | ---- | M] (Symantec Corporation)
64bit-(LVRS64) Logitech RightSound Filter Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\lvrs64.sys -> [2012/01/18 06:44:28 | 000,351,136 | ---- | M] (Logitech Inc.)
64bit-(Point64) Microsoft IntelliPoint Filter Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\point64.sys -> [2011/08/01 14:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation)
64bit-(GIDv2) GIDv2 [Kernel | System | Running] -> C:\Windows\SysNative\drivers\gidv2.sys -> [2011/07/05 10:18:38 | 000,029,288 | ---- | M] (StrikeForce Technologies, Inc.)
64bit-(amdkmdag) amdkmdag [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\atikmdag.sys -> [2011/06/01 03:12:38 | 009,320,448 | ---- | M] (ATI Technologies Inc.)
64bit-(amdkmdap) amdkmdap [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\atikmpag.sys -> [2011/06/01 00:19:14 | 000,306,688 | ---- | M] (Advanced Micro Devices, Inc.)
64bit-(dc3d) MS Hardware Device Detection Driver (USB) [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\dc3d.sys -> [2011/05/18 07:08:32 | 000,047,616 | ---- | M] (Microsoft Corporation)
64bit-(SymNetS) Symantec Network Security WFP Driver [Kernel | System | Running] -> C:\Windows\SysNative\drivers\N360x64\0502020.003\symnets.sys -> [2011/04/20 19:37:49 | 000,386,168 | ---- | M] (Symantec Corporation)
64bit-(AtiHDAudioService) ATI Function Driver for HD Audio Service [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\AtihdW76.sys -> [2011/04/18 21:21:17 | 000,115,216 | ---- | M] (Advanced Micro Devices)
64bit-(SRTSP) Symantec Real Time Storage Protection x64 [File_System | On_Demand | Running] -> C:\Windows\SysNative\drivers\N360x64\0502020.003\srtsp64.sys -> [2011/03/30 21:00:09 | 000,744,568 | ---- | M] (Symantec Corporation)
64bit-(SRTSPX) Symantec Real Time Storage Protection (PEL) x64 [Kernel | System | Running] -> C:\Windows\SysNative\drivers\N360x64\0502020.003\srtspx64.sys -> [2011/03/30 21:00:09 | 000,040,568 | ---- | M] (Symantec Corporation)
64bit-(SymEFA) Symantec Extended File Attributes [File_System | Boot | Running] -> C:\Windows\SysNative\drivers\N360x64\0502020.003\symefa64.sys -> [2011/03/14 20:31:23 | 000,912,504 | ---- | M] (Symantec Corporation)
64bit-(amdsata) amdsata [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\amdsata.sys -> [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices)
64bit-(amdxata) amdxata [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\amdxata.sys -> [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices)
64bit-(SymDS) Symantec Data Store [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\N360x64\0502020.003\symds64.sys -> [2011/01/27 00:47:10 | 000,450,680 | ---- | M] (Symantec Corporation)
64bit-(HpSAMD) HpSAMD [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\HpSAMD.sys -> [2010/11/20 07:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company)
64bit-(TsUsbFlt) TsUsbFlt [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\TsUsbFlt.sys -> [2010/11/20 05:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation)
64bit-(SymIRON) Symantec Iron Driver [Kernel | System | Running] -> C:\Windows\SysNative\drivers\N360x64\0502020.003\ironx64.sys -> [2010/11/15 19:45:33 | 000,171,128 | R--- | M] (Symantec Corporation)
64bit-(RTL8167) Realtek 8167 NT Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\Rt64win7.sys -> [2010/03/04 08:43:00 | 000,346,144 | ---- | M] (Realtek                                            )
64bit-(AtiHdmiService) ATI Function Driver for High Definition Audio Service [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\AtiHdmi.sys -> [2010/01/27 23:33:38 | 000,116,736 | ---- | M] (ATI Technologies, Inc.)
64bit-(iaStor) Intel RAID Controller [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\iaStor.sys -> [2010/01/15 14:22:08 | 000,538,136 | ---- | M] (Intel Corporation)
64bit-(netr28x) Ralink 802.11n Extensible Wireless Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\netr28x.sys -> [2009/12/18 21:33:34 | 000,852,256 | ---- | M] (Ralink Technology, Corp.)
64bit-(BVRPMPR5a64) BVRPMPR5a64 NDIS Protocol Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\BVRPMPR5a64.SYS -> [2009/09/30 19:22:08 | 000,035,840 | R--- | M] (Avanquest Software)
64bit-(HECIx64) Intel(R) Management Engine Interface [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\HECIx64.sys -> [2009/09/17 14:54:54 | 000,056,344 | ---- | M] (Intel Corporation)
64bit-(amdsbs) amdsbs [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\amdsbs.sys -> [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.)
64bit-(LSI_SAS2) LSI_SAS2 [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\lsi_sas2.sys -> [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation)
64bit-(stexstor) stexstor [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\stexstor.sys -> [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology)
64bit-(WSDPrintDevice) WSD Print Support via UMB [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\WSDPrint.sys -> [2009/07/13 18:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation)
64bit-(StillCam) Still Serial Digital Camera Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\serscan.sys -> [2009/07/13 18:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation)
64bit-(ebdrv) Broadcom NetXtreme II 10 GigE VBD [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\evbda.sys -> [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation)
64bit-(b06bdrv) Broadcom NetXtreme II VBD [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\bxvbda.sys -> [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation)
64bit-(b57nd60a) Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0 [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\b57nd60a.sys -> [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation)
64bit-(hcw85cir) Hauppauge Consumer Infrared Receiver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\hcw85cir.sys -> [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.)
(NAVEX15) NAVEX15 [Kernel | On_Demand | Running] -> C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20121113.022\ex64.sys -> [2012/10/30 15:37:14 | 002,084,000 | ---- | M] (Symantec Corporation)
(NAVENG) NAVENG [Kernel | On_Demand | Running] -> C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20121113.022\eng64.sys -> [2012/10/30 15:37:14 | 000,126,112 | ---- | M] (Symantec Corporation)
(BHDrvx64) BHDrvx64 [Kernel | System | Running] -> C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20121030.002\BHDrvx64.sys -> [2012/10/05 12:23:26 | 001,385,632 | ---- | M] (Symantec Corporation)
(IDSVia64) IDSVia64 [Kernel | System | Running] -> C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20121113.006\IDSviA64.sys -> [2012/09/06 03:54:30 | 000,513,184 | ---- | M] (Symantec Corporation)
(eeCtrl) Symantec Eraser Control driver [Kernel | System | Running] -> C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -> [2012/08/08 21:11:59 | 000,484,512 | ---- | M] (Symantec Corporation)
(EraserUtilRebootDrv) EraserUtilRebootDrv [Kernel | On_Demand | Running] -> C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -> [2012/08/08 21:11:59 | 000,138,912 | ---- | M] (Symantec Corporation)
({55662437-DA8C-40c0-AADA-2C816A897A49}) Power Control [2010/05/12 19:30:23] [Kernel | Auto | Running] -> c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl -> [2010/03/03 00:03:46 | 000,146,928 | ---- | M] (CyberLink Corp.)
(WIMMount) WIMMount [File_System | On_Demand | Stopped] -> C:\Windows\SysWOW64\drivers\wimmount.sys -> [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation)
 
[Registry - Safe List]
< 64bit-Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Search\\"CustomSearch" -> http://us.rd.yahoo.com/customize/ie/...ch/search.html -> 
HKEY_LOCAL_MACHINE\: Search\\"Default_Search_URL" -> http://www.google.com/ie -> 
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://g.msn.com/HPDSK/1 -> 
HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> C:\Windows\SysWOW64\blank.htm -> 
HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://g.msn.com/HPDSK/1 -> 
HKEY_LOCAL_MACHINE\: URLSearchHooks\\"{f999a48b-1950-4d81-9971-79018f807b4b}" [HKLM] -> C:\Program Files (x86)\FreeOnlineRadioPlayerRecorder\prxtbFre0.dll [FreeOnlineRadioPlayerRecorder Toolbar] -> [2011/01/17 08:54:02 | 000,175,912 | ---- | M] (Conduit Ltd.)
< Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> 
HKEY_USERS\.DEFAULT\: "ProxyEnable" -> 0 -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> 
HKEY_USERS\S-1-5-18\: "ProxyEnable" -> 0 -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> 
HKEY_USERS\S-1-5-20\: "ProxyEnable" -> 0 -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-21-679516130-3449678583-2315309752-1001\] > -> -> 
HKEY_USERS\S-1-5-21-679516130-3449678583-2315309752-1001\: Main\\"Start Page" -> http://www.yahoo.com/ -> 
HKEY_USERS\S-1-5-21-679516130-3449678583-2315309752-1001\: URLSearchHooks\\"{f999a48b-1950-4d81-9971-79018f807b4b}" [HKLM] -> C:\Program Files (x86)\FreeOnlineRadioPlayerRecorder\prxtbFre0.dll [FreeOnlineRadioPlayerRecorder Toolbar] -> [2011/01/17 08:54:02 | 000,175,912 | ---- | M] (Conduit Ltd.)
HKEY_USERS\S-1-5-21-679516130-3449678583-2315309752-1001\: "ProxyEnable" -> 0 -> 
HKEY_USERS\S-1-5-21-679516130-3449678583-2315309752-1001\: "ProxyOverride" -> *.local -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-21-679516130-3449678583-2315309752-1003\] > -> -> 
HKEY_USERS\S-1-5-21-679516130-3449678583-2315309752-1003\: Main\\"Default_Page_URL" -> http://g.msn.com/HPDSK/1 -> 
HKEY_USERS\S-1-5-21-679516130-3449678583-2315309752-1003\: Main\\"First Home Page" -> http://g.msn.com/HPDSK/1 -> 
HKEY_USERS\S-1-5-21-679516130-3449678583-2315309752-1003\: Main\\"Start Page" -> http://g.msn.com/HPDSK/1 -> 
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\Firefox\Extensions ->  -> 
HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com -> C:\Program Files (x86)\Hp\Digital Imaging\Smart Web Printing\MozillaAddOn3 [C:\PROGRAM FILES (X86)\HP\DIGITAL IMAGING\SMART WEB PRINTING\MOZILLAADDON3] -> [2010/08/01 04:40:41 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB} -> C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPLGN\ [C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPLGN\] -> [2012/10/30 18:33:11 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62} -> C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\coFFPlgn_2011_7_13_2 [C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\COFFPLGN_2011_7_13_2] -> [2012/11/14 06:55:16 | 000,000,000 | ---D | M]
< FireFox Extensions [User Folders] > -> 
< HOSTS File > ([2012/11/14 06:23:54 | 000,000,027 | ---- | M] - 1 lines) -> C:\Windows\SysNative\Drivers\etc\hosts -> 
Reset Hosts
127.0.0.1       localhost
< 64bit-BHO's [HKEY_LOCAL_MACHINE] > -> 64bit-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKLM] -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [Google Toolbar Helper] -> [2012/09/21 01:52:09 | 000,253,584 | ---- | M] (Google Inc.)
{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} [HKLM] -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [Skype add-on for Internet Explorer] -> [2012/10/02 11:06:02 | 005,748,928 | ---- | M] (Skype Technologies S.A.)
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{02478D38-C3F9-4efb-9B51-7695ECA05670} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{30F9B915-B755-4826-820B-08FBA6BD249D} [HKLM] -> C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll [Conduit Engine ] -> [2011/01/17 08:54:02 | 000,175,912 | ---- | M] (Conduit Ltd.)
{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} [HKLM] -> C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\coieplg.dll [Symantec NCO BHO] -> [2012/06/07 06:46:24 | 000,436,192 | R--- | M] (Symantec Corporation)
{6D53EC84-6AAE-4787-AEEE-F4628F01010C} [HKLM] -> C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\ips\ipsbho.dll [Symantec Intrusion Prevention] -> [2011/03/30 21:01:20 | 000,210,872 | R--- | M] (Symantec Corporation)
{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} [HKLM] -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [Skype Browser Helper] -> [2012/10/02 11:13:44 | 004,119,744 | ---- | M] (Skype Technologies S.A.)
{B84CDBE7-1B46-494B-A188-01D4C52DEB61} [HKLM] -> C:\ProgramData\White Sky, Inc\ID Vault\IEBHO1.12.1012.1\NativeBHO.dll [Constant Guard Protection Suite] -> [2012/10/16 11:20:25 | 000,099,952 | ---- | M] (WhiteSky)
{bb46be07-13eb-4c49-b0f0-fc78b9ea4983} [HKLM] ->  [Updater For XFIN_PORTAL] -> File not found
{d2ce3e00-f94a-4740-988e-03dc2f38c34f} [HKLM] -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [Bing Bar Helper] -> [2011/02/28 16:44:14 | 001,089,288 | ---- | M] (Microsoft Corporation.)
{f999a48b-1950-4d81-9971-79018f807b4b} [HKLM] -> C:\Program Files (x86)\FreeOnlineRadioPlayerRecorder\prxtbFre0.dll [FreeOnlineRadioPlayerRecorder Toolbar] -> [2011/01/17 08:54:02 | 000,175,912 | ---- | M] (Conduit Ltd.)
< 64bit-Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" [HKLM] -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [Google Toolbar] -> [2012/09/21 01:52:09 | 000,253,584 | ---- | M] (Google Inc.)
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" [HKLM] -> C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\coieplg.dll [Norton Toolbar] -> [2012/06/07 06:46:24 | 000,436,192 | R--- | M] (Symantec Corporation)
"{8dcb7100-df86-4384-8842-8fa844297b3f}" [HKLM] -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [Bing Bar] -> [2011/02/28 16:44:14 | 001,089,288 | ---- | M] (Microsoft Corporation.)
"{f999a48b-1950-4d81-9971-79018f807b4b}" [HKLM] -> C:\Program Files (x86)\FreeOnlineRadioPlayerRecorder\prxtbFre0.dll [FreeOnlineRadioPlayerRecorder Toolbar] -> [2011/01/17 08:54:02 | 000,175,912 | ---- | M] (Conduit Ltd.)
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-679516130-3449678583-2315309752-1001\] > -> HKEY_USERS\S-1-5-21-679516130-3449678583-2315309752-1001\Software\Microsoft\Internet Explorer\Toolbar\ -> 
64bit-WebBrowser\\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" [HKLM] -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [Google Toolbar] -> [2012/09/21 01:52:09 | 000,253,584 | ---- | M] (Google Inc.)
WebBrowser\\"{F999A48B-1950-4D81-9971-79018F807B4B}" [HKLM] -> C:\Program Files (x86)\FreeOnlineRadioPlayerRecorder\prxtbFre0.dll [FreeOnlineRadioPlayerRecorder Toolbar] -> [2011/01/17 08:54:02 | 000,175,912 | ---- | M] (Conduit Ltd.)
< 64bit-Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"EzPrint" -> C:\Program Files (x86)\Lexmark 7600 Series\ezprint.exe ["C:\Program Files (x86)\Lexmark 7600 Series\ezprint.exe"] -> [2010/02/10 08:04:48 | 000,131,752 | ---- | M] (Lexmark International Inc.)
"hpsysdrv" -> c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe [c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe] -> [2008/11/20 11:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard)
"IntelliPoint" -> c:\Program Files\Microsoft IntelliPoint\ipoint.exe ["c:\Program Files\Microsoft IntelliPoint\ipoint.exe"] -> [2011/08/01 14:59:06 | 002,417,032 | ---- | M] (Microsoft Corporation)
"itype" -> c:\Program Files\Microsoft IntelliType Pro\itype.exe ["c:\Program Files\Microsoft IntelliType Pro\itype.exe"] -> [2011/08/10 15:40:58 | 001,873,256 | ---- | M] (Microsoft Corporation)
"lxdwmon.exe" -> C:\Program Files (x86)\Lexmark 7600 Series\lxdwmon.exe ["C:\Program Files (x86)\Lexmark 7600 Series\lxdwmon.exe"] -> [2010/02/10 08:04:44 | 000,676,520 | ---- | M] ()
"SmartMenu" -> C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background] -> [2010/01/18 11:21:08 | 000,568,888 | ---- | M] ()
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"APSDaemon" -> C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe ["C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"] -> [2012/08/27 20:32:54 | 000,059,280 | ---- | M] (Apple Inc.)
"ddoctorv2" -> C:\Program Files (x86)\Comcast\Desktop Doctor\bin\sprtcmd.exe ["C:\Program Files (x86)\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2] -> [2008/04/24 11:25:22 | 000,202,560 | ---- | M] (SupportSoft, Inc.)
"GIDDesktop" -> C:\Program Files (x86)\SFT\GuardedID\gidd.exe [C:\Program Files (x86)\SFT\GuardedID\gidd.exe  /s] -> [2011/07/05 10:24:06 | 000,395,528 | ---- | M] (StrikeForce Technologies Inc.)
"StartCCC" -> C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ["C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun] -> [2010/09/07 19:31:02 | 000,098,304 | ---- | M] (Advanced Micro Devices, Inc.)
< Run [HKEY_USERS\S-1-5-21-679516130-3449678583-2315309752-1001\] > -> HKEY_USERS\S-1-5-21-679516130-3449678583-2315309752-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"ApplePhotoStreams" -> C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe] -> [2012/09/10 15:58:16 | 000,059,280 | ---- | M] (Apple Inc.)
"com.apple.dav.bookmarks.daemon" -> C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe [C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe] -> [2012/09/05 03:04:08 | 000,059,280 | ---- | M] (Apple Inc.)
"ComcastAntispyClient" -> C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntispy.exe ["C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntispy.exe" /hide] -> [2009/08/19 11:25:52 | 001,589,208 | ---- | M] ()
"Desktop Software" -> C:\Program Files (x86)\Common Files\SupportSoft\bin\bcont.exe ["C:\Program Files (x86)\Common Files\SupportSoft\bin\bcont.exe"  /ini "C:\Program Files (x86)\ComcastUI\Desktop Software\uinstaller.ini" /fromrun /starthidden] -> [2009/04/24 00:57:42 | 001,025,320 | ---- | M] (SupportSoft, Inc.)
"HPAdvisorDock" -> C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe [C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe] -> [2010/09/28 13:04:20 | 001,715,768 | ---- | M] (Hewlett-Packard)
"iCloudServices" -> C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe] -> [2012/08/29 13:00:12 | 000,059,280 | ---- | M] (Apple Inc.)
< Run [HKEY_USERS\S-1-5-21-679516130-3449678583-2315309752-1003\] > -> HKEY_USERS\S-1-5-21-679516130-3449678583-2315309752-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"HPAdvisorDock" -> C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe [C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe] -> [2010/09/28 13:04:20 | 001,715,768 | ---- | M] (Hewlett-Packard)
"Sidebar" -> C:\Program Files (x86)\Windows Sidebar\Sidebar.exe [%ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun] -> [2010/11/20 06:17:41 | 001,174,016 | ---- | M] (Microsoft Corporation)
< RunOnce [HKEY_USERS\S-1-5-21-679516130-3449678583-2315309752-1003\] > -> HKEY_USERS\S-1-5-21-679516130-3449678583-2315309752-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce -> 
"mctadmin" ->  [C:\Windows\System32\mctadmin.exe] -> File not found
< Software Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer -> 
< Software Policy Settings [HKEY_USERS\S-1-5-21-679516130-3449678583-2315309752-1001] > -> HKEY_USERS\S-1-5-21-679516130-3449678583-2315309752-1001\SOFTWARE\Policies\Microsoft\Internet Explorer -> 
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDrives" ->  [0] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\\"ConsentPromptBehaviorAdmin" ->  [0] -> File not found
\\"ConsentPromptBehaviorUser" ->  [3] -> File not found
\\"EnableLUA" ->  [0] -> File not found
\\"PromptOnSecureDesktop" ->  [0] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats
< CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
< CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-679516130-3449678583-2315309752-1001] > -> HKEY_USERS\S-1-5-21-679516130-3449678583-2315309752-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\S-1-5-21-679516130-3449678583-2315309752-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [145] -> File not found
\\"NoDrives" ->  [0] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-679516130-3449678583-2315309752-1001] > -> HKEY_USERS\S-1-5-21-679516130-3449678583-2315309752-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
< Internet Explorer Menu Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\MenuExt\ -> 
E&xport to Microsoft Excel ->  [res://C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000] -> File not found
< Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\MenuExt\ -> 
E&xport to Microsoft Excel ->  [res://C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000] -> File not found
< 64bit-Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{898EA8C8-E7FF-479B-8935-AEC46303B9E5}:{898EA8C8-E7FF-479B-8935-AEC46303B9E5} [HKLM] -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [Button: Skype Click to Call] -> [2012/10/02 11:06:02 | 005,748,928 | ---- | M] (Skype Technologies S.A.)
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{898EA8C8-E7FF-479B-8935-AEC46303B9E5}:{898EA8C8-E7FF-479B-8935-AEC46303B9E5} [HKLM] -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [Button: Skype Click to Call] -> [2012/10/02 11:13:44 | 004,119,744 | ---- | M] (Skype Technologies S.A.)
{F47C1DB5-ED21-4dc1-853E-D1495792D4C5}:Exec [HKLM] ->  [Button: Bodog Poker] -> File not found
< 64bit-Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 
PluginsPage -> http://activex.microsoft.com/control...ext=%s&mime=%s -> 
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
< 64bit-Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< 64bit-Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 
mot.com .[*] -> Local intranet -> 
< 64bit-Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-21-679516130-3449678583-2315309752-1001\] > -> HKEY_USERS\S-1-5-21-679516130-3449678583-2315309752-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-21-679516130-3449678583-2315309752-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-21-679516130-3449678583-2315309752-1001\] > -> HKEY_USERS\S-1-5-21-679516130-3449678583-2315309752-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-21-679516130-3449678583-2315309752-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-21-679516130-3449678583-2315309752-1003\] > -> HKEY_USERS\S-1-5-21-679516130-3449678583-2315309752-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-21-679516130-3449678583-2315309752-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-21-679516130-3449678583-2315309752-1003\] > -> HKEY_USERS\S-1-5-21-679516130-3449678583-2315309752-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-21-679516130-3449678583-2315309752-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< 64bit-Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{02BCC737-B171-4746-94C9-0D8A0B2C0089} [HKLM] -> http://office.microsoft.com/_layouts.../ieawsdc64.cab [Microsoft Office Template and Media Control] -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jin...ndows-i586.cab [Java Plug-in 1.6.0_25] -> 
{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jin...ndows-i586.cab [Java Plug-in 1.6.0_25] -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jin...ndows-i586.cab [Java Plug-in 1.6.0_25] -> 
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{73ECB3AA-4717-450C-A2AB-D00DAD9EE203} [HKLM] -> http://h20270.www2.hp.com/ediags/gmn...Detection2.cab [GMNRev Class] -> 
{82E5DF24-51E8-47CD-864A-F4BD5005AA73} [HKLM] -> https://www.icloud.com/system/iCloud.cab [iCloud Web App Plugin] -> 
{AFD8A3A3-8B73-444B-82F2-2E4345FA5B38} [HKLM] -> http://www.comcastsupport.com/sdcxus...omcast.Ocf.cab [OneClickFixes Class] -> 
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ -> 
DhcpNameServer -> 192.168.1.1 -> 
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{166B2E5E-E75D-4043-9388-3FDE9F923034}\\DhcpNameServer -> 192.168.1.1   (Realtek PCIe GBE Family Controller) -> 
{8CAEE18C-624A-424A-A79B-DE7E1B54D0D0}\\DhcpNameServer -> 192.168.1.1   (802.11n Wireless LAN Card) -> 
< 64bit-Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
64bit-*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
Explorer.exe -> C:\Windows\explorer.exe -> [2011/02/25 00:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
64bit-*UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit -> 
C:\Windows\system32\userinit.exe -> C:\Windows\SysNative\userinit.exe -> [2010/11/20 07:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
64bit-*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> 
SystemPropertiesPerformance.exe -> C:\Windows\SysNative\SystemPropertiesPerformance.exe -> [2009/07/13 19:39:47 | 000,082,432 | ---- | M] (Microsoft Corporation)
/pagefile ->  -> File not found
*MultiFile Done* -> -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
explorer.exe -> C:\Windows\SysWow64\explorer.exe -> [2011/02/24 23:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
*UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit -> 
C:\Windows\system32\userinit.exe -> C:\Windows\SysWOW64\userinit.exe -> [2010/11/20 06:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> 
/pagefile ->  -> File not found
*MultiFile Done* -> -> 
< 64bit-SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad -> 
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" [HKLM] -> Reg Error: Key error. [WebCheck] -> File not found
< SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad -> 
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" [HKLM] -> Reg Error: Key error. [WebCheck] -> File not found
< Vista Active Firewall Rules > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules -> 
{092E3EC1-A0A1-42DC-A0CA-4844E1753A2A} -> lport=2869 | protocol=6 | dir=in | action=allow | name=windows live communications platform (upnp) | 
{141475F5-ADF2-4D12-B227-C65B901212F9} -> lport=445 | profile=private | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-28511 | app=system | 
{28F32130-50E5-402F-8502-937E9C197EF1} -> lport=5355 | profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-28548 | app=%systemroot%\system32\svchost.exe | svc=dnscache | 
{32911593-B72B-4F37-9D3E-0B2AF716685F} -> lport=6004 | profile=private | protocol=17 | dir=in | action=allow | name=microsoft office outlook | app=c:\program files (x86)\microsoft office\office14\outlook.exe | 
{367A3DF9-42B6-4CBB-96B3-ECECA95E60DE} -> lport=139 | profile=private | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-28503 | app=system | 
{37EB8892-6041-4435-83EC-2D7FB4688484} -> rport=2177 | profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-31265 | app=%systemroot%\system32\svchost.exe | svc=qwave | 
{4BB05357-519F-4270-9B4D-E055DDF7C678} -> lport=138 | profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-28527 | app=system | 
{55E13CF8-8C61-44AB-8735-E44FD805517C} -> lport=2177 | profile=private | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-31261 | app=%systemroot%\system32\svchost.exe | svc=qwave | 
{588D5F7E-76F7-4E26-A9CB-F580902E541B} -> rport=137 | profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-28523 | app=system | 
{5D286D68-D194-442D-891B-74E6216FD497} -> lport=137 | profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-28519 | app=system | 
{796D9F03-D37A-4F6D-97E2-7A68126851BD} -> lport=1900 | protocol=17 | dir=in | action=allow | name=windows live communications platform (ssdp) | 
{7DCF6948-8236-42B3-BE88-C70930D0A6B9} -> rport=2177 | profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-31257 | app=%systemroot%\system32\svchost.exe | svc=qwave | 
{85E5A241-95EE-48FF-81FA-A6BBA5761DEB} -> lport=rpc-epmap | profile=private | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-28539 | svc=rpcss | 
{9C3480A0-40FF-4731-A8E9-BA0303071796} -> rport=445 | profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-28515 | app=system | 
{A31D6CA9-9FA5-491E-822D-3CFE2FBC63BE} -> rport=138 | profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-28531 | app=system | 
{B1E77111-7CFC-4BDD-8768-7B33B43370FD} -> rport=1900 | profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-31273 | app=%systemroot%\system32\svchost.exe | svc=ssdpsrv | 
{B378A30C-5ACE-45C2-BC08-8C2753742052} -> rport=5355 | profile=public | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-28550 | app=%systemroot%\system32\svchost.exe | svc=dnscache | 
{CAD10245-3013-45A6-BDEF-6C7BE9119A48} -> lport=2177 | profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-31253 | app=%systemroot%\system32\svchost.exe | svc=qwave | 
{D0A33B8C-15D6-41CD-ADE1-1D5C5D737A0F} -> rport=10243 | profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-31289 | app=system | 
{D78BB105-7749-40FA-96A4-F9E3837F2FC5} -> rport=139 | profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-28507 | app=system | 
{D912209B-729E-490B-9344-A389CF4170BB} -> lport=10243 | profile=private | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-31285 | app=system | 
{D924F91A-366C-424D-9942-A5ECAE858CBD} -> lport=1900 | profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-31269 | app=%systemroot%\system32\svchost.exe | svc=ssdpsrv | 
{E4C63BEC-7533-4E26-8B9D-4282A4711B63} -> lport=2869 | protocol=6 | dir=in | action=allow | name=windows live messenger (upnp-in) | app=system | 
{E5AF8A13-B906-4762-901C-92BC7237BB4B} -> lport=2869 | profile=private | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-31277 | app=system | 
{E5E67BFB-42BB-4657-9BE0-A24F9851F51C} -> lport=1900 | protocol=17 | dir=in | action=allow | name=windows live messenger (ssdp-in) | app=svchost.exe | svc=ssdpsrv | 
{E9296F63-3ABB-466A-B589-783FB197A853} -> rport=5355 | profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-28550 | app=%systemroot%\system32\svchost.exe | svc=dnscache | 
{FE8910AB-11EC-4920-B1AE-11F30C38084D} -> lport=rpc | profile=private | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-28535 | app=%systemroot%\system32\spoolsv.exe | svc=spooler | 
{FF3987C2-D3D6-4895-B011-5D57CF0F2EA9} -> lport=5355 | profile=public | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-28548 | app=%systemroot%\system32\svchost.exe | svc=dnscache | 
< Vista Active Application Exception Rules > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules -> 
{01CC8B95-D787-4543-987F-392A8CCC38E7} -> dir=in | action=allow | name=hpwucli.exe | app=c:\program files (x86)\hp\hp software update\hpwucli.exe | 
{023E3773-8FF8-409D-B195-F0BC887A9606} -> profile=private | protocol=17 | dir=in | action=allow | name=7600 series server | app=c:\windows\syswow64\lxdwcoms.exe | 
{04715D2E-320C-45D5-89D4-4E072FA22A10} -> profile=private | protocol=17 | dir=in | action=allow | name=printer status window | app=c:\windows\system32\spool\drivers\x64\3\lxdwpswx.exe | 
{082774D0-6C45-454E-A1D8-108F52DEA4C0} -> dir=in | action=allow | name=hp touchsmart photo | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartphoto.exe | 
{1936D37D-3A85-40F5-A41E-481546CF32CB} -> profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-31024 | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
{1967C3C8-A187-4670-AC92-6E06D01A6DA7} -> profile=public | protocol=17 | dir=in | action=allow | name=roxio cinemanow 2.0 | app=c:\program files (x86)\hewlett-packard\mediasmart\cinemanow\cinemanow.exe | 
{1D2072EC-7478-40B9-A659-80357A92DE7A} -> dir=in | action=allow | name=hposid01.exe | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe | 
{20CE8D77-9554-47AE-96F0-0E6042207583} -> profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-31321 | app=%systemroot%\system32\svchost.exe | svc=upnphost | 
{21CCF71B-EB76-4D41-B578-93871C7CE155} -> protocol=58 | dir=in | action=allow | name=@iphlpsvc.dll,-502 | app=system | 
{22314171-7491-45B2-85E0-733D1E4D3969} -> protocol=58 | dir=out | action=allow | name=@iphlpsvc.dll,-503 | 
{271283B4-9FD7-4D90-B373-A5BFE3688CD9} -> dir=in | action=allow | name=hpzwiz01.exe | app=c:\program files (x86)\hp\digital imaging\bin\hpzwiz01.exe | 
{29BA9648-4E86-4FCE-91F5-BF443A3A4AA3} -> dir=in | action=allow | name=hpqste08.exe | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe | 
{2BCB56A1-677B-4FA6-A437-904E92EFC5DF} -> profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-31309 | app=%programfiles%\windows media player\wmpnetwk.exe | 
{30F32DC8-29E2-41D7-935A-D67CB229EFD9} -> dir=in | action=allow | name=hpqusgm.exe | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe | 
{32451A2D-47E8-46A7-AFF4-BE99D3AB7A30} -> dir=in | action=allow | name=cyberlink media service | app=c:\program files (x86)\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe | 
{3B926E30-32A1-4718-9F33-EE56C9EAA608} -> dir=in | action=allow | name=hpiscnapp.exe | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe | 
{4099FD54-78DB-4374-942B-7819BBEA84B0} -> profile=private | protocol=6 | dir=in | action=allow | name=printer status window | app=c:\windows\system32\spool\drivers\x64\3\lxdwpswx.exe | 
{47D3C1A6-F23A-4D0F-969B-74FEC31AE1B8} -> dir=in | action=allow | name=webkit | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
{49D494DB-3B7F-4A5C-AE6A-D405DE7421FC} -> dir=in | action=allow | name=hp touchsmart music | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartmusic.exe | 
{4B8947B3-C717-472A-B4A3-6FC7DC399CA1} -> dir=in | action=allow | name=windows live messenger | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
{4CAA5A9D-62A1-42FC-AA3C-3FB7FF810493} -> profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-31023 | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
{534DAA75-DA95-4F46-9092-156D26FEBA98} -> dir=in | action=allow | name=hpofxs08.exe | app=c:\program files (x86)\hp\digital imaging\bin\hpofxs08.exe | 
{58CB6BB7-90A2-4C1B-88F9-F09865974B39} -> profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-31305 | app=%programfiles%\windows media player\wmpnetwk.exe | 
{5AB78B21-07E0-46BC-822F-9295190A64E3} -> profile=public | protocol=17 | dir=in | action=allow | name=cinemanow media manager | app=c:\program files (x86)\cinemanow\cinemanow media manager\cinemanowshell.exe | 
{64A48774-A11A-4ABA-86FE-9FCE66759EE0} -> profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-31301 | app=%programfiles%\windows media player\wmplayer.exe | 
{64DC1DAB-5124-41DC-ADEE-ADB98DDDBF75} -> profile=private | protocol=17 | dir=in | action=allow | name=microsoft onenote | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
{6B363E3D-A286-4864-AFC3-4B47FA26703E} -> dir=in | action=allow | name=hpqkygrp.exe | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe | 
{6D29EF2F-47AF-412B-9552-2AD5D3517680} -> profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-31007 | app=%programfiles%\windows media player\wmplayer.exe | 
{75C95B91-AB2B-495C-8DAD-F8CB8A1A3707} -> dir=in | action=allow | name=hpqfxt08.exe | app=c:\program files (x86)\hp\digital imaging\bin\hpqfxt08.exe | 
{7A50B6B0-68EC-489F-9CA2-1F4973DC254D} -> dir=in | action=allow | name=hpoews01.exe | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe | 
{7B51261A-8773-4845-947C-685515ED790B} -> dir=in | action=allow | name=hpofxm08.exe | app=c:\program files (x86)\hp\digital imaging\bin\hpofxm08.exe | 
{7D1C9B7A-E2D5-40FC-933F-8106244C7FA8} -> profile=public | protocol=6 | dir=in | action=allow | name=roxio cinemanow 2.0 | app=c:\program files (x86)\hewlett-packard\mediasmart\cinemanow\cinemanow.exe | 
{7E4395E2-D312-4E7B-9306-8322114C1AC9} -> dir=in | action=allow | name=hposfx08.exe | app=c:\program files (x86)\hp\digital imaging\bin\hposfx08.exe | 
{883B5856-7316-40EE-94AE-A55A9ADAD553} -> dir=in | action=allow | name=7600 series server | app=c:\windows\syswow64\lxdwcoms.exe | 
{88EAB582-E68D-45E8-8F1D-374861C94683} -> profile=private | protocol=6 | dir=in | action=allow | name=dropbox | app=c:\users\dennis\appdata\roaming\dropbox\bin\dropbox.exe | 
{8A020D22-0883-4594-A3B8-7642E64E126D} -> dir=in | action=allow | name=hp touchsmart media resident program | app=c:\program files (x86)\hewlett-packard\media\dvd\tsmagent.exe | 
{8A045C62-8F9B-4AB8-956F-ABAFEC824FE8} -> dir=in | action=allow | name=hpqnrs08.exe | app=c:\program files (x86)\hp\digital imaging\bin\hpqnrs08.exe | 
{8A3F46D9-47F7-4134-B63E-343F411C5CF2} -> dir=in | action=allow | name=hpqpse.exe | app=c:\program files (x86)\hp\digital imaging\bin\hpqpse.exe | 
{8A64500A-A160-4712-9C7E-E6FDB628C203} -> dir=in | action=allow | name=itunes | app=c:\program files (x86)\itunes\itunes.exe | 
{8AA68600-F154-4512-9510-D5D42DF08346} -> dir=in | action=allow | name=lexmark communications system | app=c:\windows\system32\lxdwcoms.exe | 
{8CF19D4E-BBDA-45B9-B3B8-AE1821B0B1D3} -> profile=private | protocol=6 | dir=in | action=allow | name=bonjour service | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
{8D1C9413-22E0-412A-A7BE-83BCCF13E9F7} -> profile=private | protocol=17 | dir=in | action=allow | name=tournament indicator | app=c:\program files (x86)\tournament indicator\indicator.exe | 
{8F09E5AF-0EAB-41B5-B585-AA956B2D59CE} -> dir=in | action=allow | name=hpqgplgtupl.exe | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe | 
{8F0F9D4D-C9A0-4B43-ABC8-BC9D7680819C} -> profile=private | protocol=6 | dir=in | action=allow | name=tournament indicator | app=c:\program files (x86)\tournament indicator\indicator.exe | 
{9272B7E2-CF4B-48BD-8A74-3C8F94D07010} -> profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-31297 | app=%programfiles%\windows media player\wmplayer.exe | 
{949326EE-3E00-4E65-B89F-27615F6F1EF0} -> profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-31003 | app=%programfiles%\windows media player\wmplayer.exe | 
{95264043-3198-4F66-88B2-2221B348A6D5} -> dir=in | action=allow | name=smartwebprintexe.exe | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe | 
{9B5F411D-CBD3-49A5-B3B4-1FA2158FCCAB} -> profile=private | protocol=17 | dir=in | action=allow | name=bonjour service | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
{9F1E699F-2D81-4CB7-89EE-A3610EBB020C} -> profile=private | protocol=17 | dir=in | action=allow | name=lexmark communications system | app=c:\windows\system32\lxdwcoms.exe | 
{9F4F4B54-C602-4C7B-84E9-C03EB57448D9} -> dir=in | action=allow | name=hpqgpc01.exe | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe | 
{9FB8E3EF-67C0-43A1-80A1-613CD24BFEF1} -> profile=private | protocol=6 | dir=in | action=allow | name=lexmark communications system | app=c:\windows\system32\lxdwcoms.exe | 
{A0BA8688-824F-40CC-9C4D-9CCCE5839D02} -> dir=in | action=allow | name=hpqcopy2.exe | app=c:\program files (x86)\hp\digital imaging\bin\hpqcopy2.exe | 
{A75A0DE4-FCCD-4F9C-8918-ED8AB025045D} -> profile=private | protocol=58 | dir=in | action=allow | name=@firewallapi.dll,-28545 | 
{AB25848F-2ABE-442E-93C8-BA3989EAFA1F} -> dir=in | action=allow | name=hpqpsapp.exe | app=c:\program files (x86)\hp\digital imaging\bin\hpqpsapp.exe | 
{AB900FC4-8400-44A4-95EC-2B2AB6F0985A} -> dir=in | action=allow | name=hp mediasmart dvd | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe | 
{AC462AA6-06B4-415B-B5CD-8FFD832C9E33} -> profile=private | protocol=17 | dir=in | action=allow | name=microsoft sharepoint workspace | app=c:\program files (x86)\microsoft office\office14\groove.exe | 
{AC8DF999-1137-4A62-9EA5-67D96524CFF0} -> dir=in | action=allow | name=windows live communications platform | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
{B2097D54-2081-456F-B6E4-B0F2FE6A3603} -> profile=private | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-31313 | app=%programfiles%\windows media player\wmpnetwk.exe | 
{B3F62732-EC55-4F49-B405-2A52F82A0873} -> dir=in | action=allow | name=hpfccopy.exe | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe | 
{B5BA3228-00BB-4BB2-A166-8A5E1C2070FD} -> dir=in | action=allow | name=hp touchsmart music | app=c:\program files (x86)\hewlett-packard\touchsmart\music\hptouchsmartmusic.exe | 
{B80F7C65-9D73-4C52-9ABB-726C749C24C1} -> profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-31281 | app=system | 
{B816342D-9E43-4508-989B-AB34DE809F33} -> profile=public | protocol=6 | dir=in | action=allow | name=cinemanow media manager | app=c:\program files (x86)\cinemanow\cinemanow media manager\cinemanowshell.exe | 
{B82162AF-17D0-46FC-84E2-9B0EDEA3B08C} -> profile=private | protocol=6 | dir=in | action=allow | name=bonjour service | app=c:\program files\bonjour\mdnsresponder.exe | 
{B960442C-FA44-4644-82EC-4738B0AD0AD2} -> dir=in | action=allow | name=cyberlink powerdirector | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe | 
{BB8678FB-97BA-477B-81F2-74981C678798} -> dir=in | action=allow | name=skype | app=c:\program files (x86)\skype\phone\skype.exe | 
{BCDB99F1-C215-48D9-A0DC-B23C01D091CD} -> profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-31293 | app=%programfiles%\windows media player\wmplayer.exe | 
{BD759C0E-8326-4C40-B9D3-C9D9FB2BEC1A} -> profile=private | protocol=6 | dir=in | action=allow | name=microsoft sharepoint workspace | app=c:\program files (x86)\microsoft office\office14\groove.exe | 
{BDD0773E-027B-44A0-BD8D-D5480AEF0170} -> profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-31317 | app=%programfiles%\windows media player\wmpnetwk.exe | 
{C4881395-01EC-4D11-895E-4219F693A174} -> profile=private | protocol=58 | dir=out | action=allow | name=@firewallapi.dll,-28546 | 
{C765BB02-E71D-445A-A07B-DC42D023E02B} -> dir=in | action=allow | name=hpqusgh.exe | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe | 
{C79F4C64-B728-49DE-8654-27AF9D41704E} -> dir=in | action=allow | name=hp touchsmart video | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartvideo.exe | 
{D3E67649-D4DB-4FFD-8B94-1CB1783F6D7D} -> dir=in | action=allow | name=windows live sync | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | 
{D673C542-923B-4D7A-92B7-54C95DC1853C} -> profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-31025 | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
{D857B1FD-F2A7-45BE-A835-CD1D1481C613} -> profile=private | protocol=17 | dir=in | action=allow | name=bonjour service | app=c:\program files\bonjour\mdnsresponder.exe | 
{D88C23FA-6630-47AC-9221-3F0C3A1CE07F} -> dir=in | action=allow | name=printer status window interface | app=c:\windows\system32\spool\drivers\x64\3\lxdwpswx.exe | 
{DAAEB2FE-DCE8-4A9A-8D26-ED4FE8969154} -> profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-31011 | app=%programfiles%\windows media player\wmplayer.exe | 
{DAE054F1-3C71-4C50-9F4E-9CE053090005} -> profile=private | protocol=17 | dir=in | action=allow | name=dropbox | app=c:\users\dennis\appdata\roaming\dropbox\bin\dropbox.exe | 
{E2EC1196-A970-484B-A146-C04671D81E34} -> dir=in | action=allow | name=hpqphotocrm.exe | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe | 
{E617E7E8-54B8-43AA-9D68-54D98E7D8286} -> profile=private | protocol=1 | dir=in | action=allow | name=@firewallapi.dll,-28543 | 
{EEACD900-9D58-493D-927A-C2293BB3A739} -> profile=private | protocol=6 | dir=in | action=allow | name=7600 series server | app=c:\windows\syswow64\lxdwcoms.exe | 
{EFA6E77C-4905-412A-993C-E508561C65D7} -> dir=in | action=allow | name=hpqtra08.exe | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe | 
{F39DBE3A-390A-4E93-BFAA-6CE70B1B62AD} -> dir=in | action=allow | name=hpqsudi.exe | app=c:\program files (x86)\hp\digital imaging\bin\hpqsudi.exe | 
{FB1A41B8-F0BB-4F28-BC8D-E257A5DB1960} -> profile=private | protocol=6 | dir=in | action=allow | name=microsoft onenote | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
{FD29D1ED-00F0-4D63-BA60-8044A46DABEC} -> dir=in | action=allow | name=time executable | app=c:\windows\system32\spool\drivers\x64\3\lxdwtime.exe | 
{FD8E2104-0337-4454-96EC-FA7A7C583CCB} -> profile=private | protocol=1 | dir=out | action=allow | name=@firewallapi.dll,-28544 | 
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> 
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> 
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 -> 
"DisplayName" -> CD-ROM Driver -> 
"ImagePath" ->  [\SystemRoot\system32\drivers\cdrom.sys] -> File not found
< Drives with AutoRun files > ->  -> 
E:\autorun.inf [[autorun] | open=Setup.EXE |  | [DeviceInstall] | DriverPath=Drivers\Scan | DriverPath=Drivers\Win_XP2K | HardwareId="USB\Vid_043D&Pid_0150&MI_00" | HardwareId="USBPrint\Lexmark7600_SeriesB64D" |  |  |  |  |  |  |  |  |  |  |  |  |  |  |  |  |  |  |  |  |  |  |  |  |  |  |  |  |  |  |  |  | ] -> E:\autorun.inf [ CDFS ] -> [2008/09/10 03:53:13 | 000,000,252 | R--- | M] ()
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> 
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command -> 
64bit-comfile [open] -> "%1" %*
64bit-exefile [open] -> "%1" %*
comfile [open] -> "%1" %* -> 
exefile [open] -> "%1" %* -> 
< 64bit-File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ -> 
.com [@ = ComFile] -> "%1" %* -> 
.exe [@ = exefile] -> "%1" %* -> 
< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ -> 
.com [@ = ComFile] -> "%1" %* -> 
.exe [@ = exefile] -> "%1" %* -> 
 
 
[Files/Folders - Created Within 30 Days]
 OTS.exe -> C:\Users\Dennis\Desktop\OTS.exe -> [2012/11/14 10:17:09 | 000,646,656 | ---- | C] (OldTimer Tools)
 $RECYCLE.BIN -> C:\$RECYCLE.BIN -> [2012/11/14 06:54:20 | 000,000,000 | -HSD | C]
 svchost.exe -> C:\Windows\svchost.exe -> [2012/11/14 06:45:59 | 000,020,480 | ---- | C] (Microsoft Corporation)
 SWREG.exe -> C:\Windows\SWREG.exe -> [2012/11/14 06:10:22 | 000,518,144 | ---- | C] (SteelWerX)
 SWSC.exe -> C:\Windows\SWSC.exe -> [2012/11/14 06:10:22 | 000,406,528 | ---- | C] (SteelWerX)
 NIRCMD.exe -> C:\Windows\NIRCMD.exe -> [2012/11/14 06:10:22 | 000,060,416 | ---- | C] (NirSoft)
 Qoobox -> C:\Qoobox -> [2012/11/14 06:04:39 | 000,000,000 | ---D | C]
 erdnt -> C:\Windows\erdnt -> [2012/11/14 06:03:46 | 000,000,000 | ---D | C]
 username123.exe -> C:\Users\Dennis\Desktop\username123.exe -> [2012/11/14 05:59:40 | 005,001,477 | R--- | C] (Swearware)
 WdfLdr.sys -> C:\Windows\SysNative\drivers\WdfLdr.sys -> [2012/11/14 03:11:59 | 000,054,376 | ---- | C] (Microsoft Corporation)
 Wdfres.dll -> C:\Windows\SysNative\Wdfres.dll -> [2012/11/14 03:11:59 | 000,009,728 | ---- | C] (Microsoft Corporation)
 mshtmled.dll -> C:\Windows\SysNative\mshtmled.dll -> [2012/11/14 03:03:11 | 000,096,768 | ---- | C] (Microsoft Corporation)
 mshtmled.dll -> C:\Windows\SysWow64\mshtmled.dll -> [2012/11/14 03:03:10 | 000,073,216 | ---- | C] (Microsoft Corporation)
 jscript9.dll -> C:\Windows\SysNative\jscript9.dll -> [2012/11/14 03:03:09 | 002,312,704 | ---- | C] (Microsoft Corporation)
 inetcpl.cpl -> C:\Windows\SysNative\inetcpl.cpl -> [2012/11/14 03:03:09 | 001,494,528 | ---- | C] (Microsoft Corporation)
 inetcpl.cpl -> C:\Windows\SysWow64\inetcpl.cpl -> [2012/11/14 03:03:09 | 001,427,968 | ---- | C] (Microsoft Corporation)
 ieui.dll -> C:\Windows\SysNative\ieui.dll -> [2012/11/14 03:03:09 | 000,248,320 | ---- | C] (Microsoft Corporation)
 url.dll -> C:\Windows\SysNative\url.dll -> [2012/11/14 03:03:09 | 000,237,056 | ---- | C] (Microsoft Corporation)
 url.dll -> C:\Windows\SysWow64\url.dll -> [2012/11/14 03:03:09 | 000,231,936 | ---- | C] (Microsoft Corporation)
 ieui.dll -> C:\Windows\SysWow64\ieui.dll -> [2012/11/14 03:03:09 | 000,176,640 | ---- | C] (Microsoft Corporation)
 ieUnatt.exe -> C:\Windows\SysNative\ieUnatt.exe -> [2012/11/14 03:03:09 | 000,173,056 | ---- | C] (Microsoft Corporation)
 ieUnatt.exe -> C:\Windows\SysWow64\ieUnatt.exe -> [2012/11/14 03:03:09 | 000,142,848 | ---- | C] (Microsoft Corporation)
 msfeeds.dll -> C:\Windows\SysNative\msfeeds.dll -> [2012/11/14 03:03:08 | 000,729,088 | ---- | C] (Microsoft Corporation)
 jscript.dll -> C:\Windows\SysNative\jscript.dll -> [2012/11/14 03:03:07 | 000,816,640 | ---- | C] (Microsoft Corporation)
 jscript.dll -> C:\Windows\SysWow64\jscript.dll -> [2012/11/14 03:03:07 | 000,717,824 | ---- | C] (Microsoft Corporation)
 vbscript.dll -> C:\Windows\SysNative\vbscript.dll -> [2012/11/14 03:03:07 | 000,599,040 | ---- | C] (Microsoft Corporation)
 WUDFx.dll -> C:\Windows\SysNative\WUDFx.dll -> [2012/11/14 03:02:33 | 000,744,448 | ---- | C] (Microsoft Corporation)
 WUDFHost.exe -> C:\Windows\SysNative\WUDFHost.exe -> [2012/11/14 03:02:33 | 000,229,888 | ---- | C] (Microsoft Corporation)
 WUDFPlatform.dll -> C:\Windows\SysNative\WUDFPlatform.dll -> [2012/11/14 03:02:33 | 000,194,048 | ---- | C] (Microsoft Corporation)
 WUDFCoinstaller.dll -> C:\Windows\SysNative\WUDFCoinstaller.dll -> [2012/11/14 03:02:33 | 000,045,056 | ---- | C] (Microsoft Corporation)
 TDSSKiller_Quarantine -> C:\TDSSKiller_Quarantine -> [2012/11/13 21:43:34 | 000,000,000 | ---D | C]
 dhcpcore6.dll -> C:\Windows\SysNative\dhcpcore6.dll -> [2012/11/13 17:01:45 | 000,226,816 | ---- | C] (Microsoft Corporation)
 dhcpcore6.dll -> C:\Windows\SysWow64\dhcpcore6.dll -> [2012/11/13 17:01:45 | 000,193,536 | ---- | C] (Microsoft Corporation)
 dhcpcsvc6.dll -> C:\Windows\SysNative\dhcpcsvc6.dll -> [2012/11/13 17:01:45 | 000,055,296 | ---- | C] (Microsoft Corporation)
 netcorehc.dll -> C:\Windows\SysNative\netcorehc.dll -> [2012/11/13 17:01:40 | 000,246,272 | ---- | C] (Microsoft Corporation)
 ncsi.dll -> C:\Windows\SysNative\ncsi.dll -> [2012/11/13 17:01:40 | 000,216,576 | ---- | C] (Microsoft Corporation)
 netcorehc.dll -> C:\Windows\SysWow64\netcorehc.dll -> [2012/11/13 17:01:40 | 000,175,104 | ---- | C] (Microsoft Corporation)
 ncsi.dll -> C:\Windows\SysWow64\ncsi.dll -> [2012/11/13 17:01:40 | 000,156,672 | ---- | C] (Microsoft Corporation)
 netevent.dll -> C:\Windows\SysWow64\netevent.dll -> [2012/11/13 17:01:40 | 000,018,944 | ---- | C] (Microsoft Corporation)
 netevent.dll -> C:\Windows\SysNative\netevent.dll -> [2012/11/13 17:01:40 | 000,018,944 | ---- | C] (Microsoft Corporation)
 synceng.dll -> C:\Windows\SysNative\synceng.dll -> [2012/11/13 17:01:28 | 000,095,744 | ---- | C] (Microsoft Corporation)
 synceng.dll -> C:\Windows\SysWow64\synceng.dll -> [2012/11/13 17:01:28 | 000,078,336 | ---- | C] (Microsoft Corporation)
 dds.scr -> C:\Users\Dennis\Desktop\dds.scr -> [2012/11/08 13:50:50 | 000,688,901 | R--- | C] (Swearware)
 HijackThis.exe -> C:\Users\Dennis\Desktop\HijackThis.exe -> [2012/11/08 13:41:32 | 000,388,608 | ---- | C] (Trend Micro Inc.)
 Malwarebytes -> C:\Users\Dennis\AppData\Roaming\Malwarebytes -> [2012/10/31 12:16:03 | 000,000,000 | ---D | C]
 Malwarebytes' Anti-Malware -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware -> [2012/10/31 12:15:42 | 000,000,000 | ---D | C]
 Malwarebytes -> C:\ProgramData\Malwarebytes -> [2012/10/31 12:15:42 | 000,000,000 | ---D | C]
 mbam.sys -> C:\Windows\SysNative\drivers\mbam.sys -> [2012/10/31 12:15:41 | 000,025,928 | ---- | C] (Malwarebytes Corporation)
 Malwarebytes' Anti-Malware -> C:\Program Files (x86)\Malwarebytes' Anti-Malware -> [2012/10/31 12:15:41 | 000,000,000 | ---D | C]
 MRT.exe -> C:\Windows\SysWow64\MRT.exe -> [2012/10/31 10:01:35 | 062,968,832 | ---- | C] (Microsoft Corporation)
 {773ECF27-E6AA-4735-BF84-2BFD84914D0F} -> C:\Users\Dennis\AppData\Local\{773ECF27-E6AA-4735-BF84-2BFD84914D0F} -> [2012/10/17 13:37:28 | 000,000,000 | ---D | C]
 1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> 
 1 C:\*.tmp files -> C:\*.tmp -> 
 
[Files/Folders - Modified Within 30 Days]
 OTS.exe -> C:\Users\Dennis\Desktop\OTS.exe -> [2012/11/14 10:17:29 | 000,646,656 | ---- | M] (OldTimer Tools)
 GoogleUpdateTaskMachineUA.job -> C:\Windows\tasks\GoogleUpdateTaskMachineUA.job -> [2012/11/14 09:51:00 | 000,000,898 | ---- | M] ()
 7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 -> [2012/11/14 07:04:50 | 000,015,792 | -H-- | M] ()
 7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 -> [2012/11/14 07:04:50 | 000,015,792 | -H-- | M] ()
 PerfStringBackup.INI -> C:\Windows\SysNative\PerfStringBackup.INI -> [2012/11/14 07:00:41 | 000,730,448 | ---- | M] ()
 perfh009.dat -> C:\Windows\SysNative\perfh009.dat -> [2012/11/14 07:00:41 | 000,627,066 | ---- | M] ()
 perfc009.dat -> C:\Windows\SysNative\perfc009.dat -> [2012/11/14 07:00:41 | 000,107,382 | ---- | M] ()
 GoogleUpdateTaskMachineCore.job -> C:\Windows\tasks\GoogleUpdateTaskMachineCore.job -> [2012/11/14 06:56:25 | 000,000,894 | ---- | M] ()
 bootstat.dat -> C:\Windows\bootstat.dat -> [2012/11/14 06:53:58 | 000,067,584 | --S- | M] ()
 hiberfil.sys -> C:\hiberfil.sys -> [2012/11/14 06:53:47 | 2090,135,551 | -HS- | M] ()
 hosts -> C:\Windows\SysNative\drivers\etc\hosts -> [2012/11/14 06:23:54 | 000,000,027 | ---- | M] ()
 username123.exe -> C:\Users\Dennis\Desktop\username123.exe -> [2012/11/14 05:59:41 | 005,001,477 | R--- | M] (Swearware)
 FNTCACHE.DAT -> C:\Windows\SysNative\FNTCACHE.DAT -> [2012/11/14 03:37:26 | 000,438,560 | ---- | M] ()
 HPCeeScheduleForDennis.job -> C:\Windows\tasks\HPCeeScheduleForDennis.job -> [2012/11/13 21:46:25 | 000,000,336 | ---- | M] ()
 dds.scr -> C:\Users\Dennis\Desktop\dds.scr -> [2012/11/08 13:50:50 | 000,688,901 | R--- | M] (Swearware)
 PCDRScheduledMaintenance.job -> C:\Windows\tasks\PCDRScheduledMaintenance.job -> [2012/11/08 13:42:37 | 000,000,448 | ---- | M] ()
 HijackThis.exe -> C:\Users\Dennis\Desktop\HijackThis.exe -> [2012/11/08 13:41:32 | 000,388,608 | ---- | M] (Trend Micro Inc.)
 Google Chrome.lnk -> C:\Users\Public\Desktop\Google Chrome.lnk -> [2012/11/07 00:52:37 | 000,002,376 | ---- | M] ()
 201210HouseholdVisa.csv -> C:\Users\Dennis\Documents\201210HouseholdVisa.csv -> [2012/11/06 08:21:59 | 000,001,437 | ---- | M] ()
 Malwarebytes Anti-Malware.lnk -> C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk -> [2012/10/31 12:15:43 | 000,001,111 | ---- | M] ()
 Adobe Reader 9.lnk -> C:\Users\Public\Desktop\Adobe Reader 9.lnk -> [2012/10/30 15:38:26 | 000,002,016 | ---- | M] ()
 Constant Guard.lnk -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Constant Guard.lnk -> [2012/10/25 16:12:41 | 000,002,209 | ---- | M] ()
 Constant Guard.lnk -> C:\Users\Public\Desktop\Constant Guard.lnk -> [2012/10/25 16:12:41 | 000,002,191 | ---- | M] ()
 1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> 
 1 C:\*.tmp files -> C:\*.tmp -> 
 
[Files - No Company Name]
 PEV.exe -> C:\Windows\PEV.exe -> [2012/11/14 06:10:22 | 000,256,000 | ---- | C] ()
 MBR.exe -> C:\Windows\MBR.exe -> [2012/11/14 06:10:22 | 000,208,896 | ---- | C] ()
 sed.exe -> C:\Windows\sed.exe -> [2012/11/14 06:10:22 | 000,098,816 | ---- | C] ()
 grep.exe -> C:\Windows\grep.exe -> [2012/11/14 06:10:22 | 000,080,412 | ---- | C] ()
 zip.exe -> C:\Windows\zip.exe -> [2012/11/14 06:10:22 | 000,068,096 | ---- | C] ()
 MsftWdf_Kernel_01011_Inbox_Critical.Wdf -> C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf -> [2012/11/14 03:12:02 | 000,000,003 | ---- | C] ()
 MsftWdf_User_01_11_00_Inbox_Critical.Wdf -> C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf -> [2012/11/14 03:02:32 | 000,000,003 | ---- | C] ()
 201210HouseholdVisa.csv -> C:\Users\Dennis\Documents\201210HouseholdVisa.csv -> [2012/11/06 08:21:59 | 000,001,437 | ---- | C] ()
 Malwarebytes Anti-Malware.lnk -> C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk -> [2012/10/31 12:15:42 | 000,001,111 | ---- | C] ()
 lxdwdrs.dll -> C:\Windows\SysWow64\lxdwdrs.dll -> [2012/08/27 19:22:38 | 001,036,288 | ---- | C] ()
 lxdwcaps.dll -> C:\Windows\SysWow64\lxdwcaps.dll -> [2012/08/27 19:22:38 | 000,081,920 | ---- | C] ()
 lxdwcnv4.dll -> C:\Windows\SysWow64\lxdwcnv4.dll -> [2012/08/27 19:22:38 | 000,069,632 | ---- | C] ()
 lxdwserv.dll -> C:\Windows\SysWow64\lxdwserv.dll -> [2012/08/27 19:22:21 | 001,069,056 | ---- | C] ( )
 lxdwusb1.dll -> C:\Windows\SysWow64\lxdwusb1.dll -> [2012/08/27 19:22:21 | 000,860,160 | ---- | C] ( )
 lxdwcomc.dll -> C:\Windows\SysWow64\lxdwcomc.dll -> [2012/08/27 19:22:21 | 000,761,856 | ---- | C] ( )
 lxdwhbn3.dll -> C:\Windows\SysWow64\lxdwhbn3.dll -> [2012/08/27 19:22:21 | 000,684,032 | ---- | C] ( )
 lxdwpmui.dll -> C:\Windows\SysWow64\lxdwpmui.dll -> [2012/08/27 19:22:21 | 000,651,264 | ---- | C] ( )
 lxdwcoms.exe -> C:\Windows\SysWow64\lxdwcoms.exe -> [2012/08/27 19:22:21 | 000,594,600 | ---- | C] ( )
 lxdwlmpm.dll -> C:\Windows\SysWow64\lxdwlmpm.dll -> [2012/08/27 19:22:21 | 000,577,536 | ---- | C] ( )
 LXDWinst.dll -> C:\Windows\SysWow64\LXDWinst.dll -> [2012/08/27 19:22:21 | 000,389,120 | ---- | C] ()
 lxdwcomm.dll -> C:\Windows\SysWow64\lxdwcomm.dll -> [2012/08/27 19:22:21 | 000,376,832 | ---- | C] ( )
 lxdwcfg.exe -> C:\Windows\SysWow64\lxdwcfg.exe -> [2012/08/27 19:22:21 | 000,369,320 | ---- | C] ( )
 lxdwinpa.dll -> C:\Windows\SysWow64\lxdwinpa.dll -> [2012/08/27 19:22:21 | 000,364,544 | ---- | C] ( )
 lxdwiesc.dll -> C:\Windows\SysWow64\lxdwiesc.dll -> [2012/08/27 19:22:21 | 000,339,968 | ---- | C] ( )
 lxdwcomx.dll -> C:\Windows\SysWow64\lxdwcomx.dll -> [2012/08/27 19:22:21 | 000,335,872 | ---- | C] ()
 lxdwih.exe -> C:\Windows\SysWow64\lxdwih.exe -> [2012/08/27 19:22:21 | 000,328,360 | ---- | C] ( )
 hpwins14.dat -> C:\Windows\hpwins14.dat -> [2012/07/07 18:03:09 | 000,179,759 | ---- | C] ()
 hpomdl19.dat.temp -> C:\Windows\hpomdl19.dat.temp -> [2012/07/07 16:32:52 | 000,013,898 | ---- | C] ()
 hpoins19.dat -> C:\Windows\hpoins19.dat -> [2012/07/07 15:51:22 | 000,221,284 | ---- | C] ()
 hpomdl19.dat -> C:\Windows\hpomdl19.dat -> [2012/07/07 15:51:22 | 000,013,898 | ---- | C] ()
 Bench32.INI -> C:\Windows\Bench32.INI -> [2011/08/12 12:23:41 | 000,000,064 | ---- | C] ()
 mlfcache.dat -> C:\Windows\SysWow64\mlfcache.dat -> [2011/08/06 16:08:33 | 000,195,680 | -H-- | C] ()
 {96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini -> C:\Users\Dennis\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini -> [2011/05/21 11:05:24 | 000,001,940 | ---- | C] ()
 atipblag.dat -> C:\Windows\SysWow64\atipblag.dat -> [2011/03/17 16:51:46 | 000,003,929 | ---- | C] ()
 OVDecode.dll -> C:\Windows\SysWow64\OVDecode.dll -> [2011/03/09 21:59:14 | 000,059,904 | ---- | C] ()
 HMHud.INI -> C:\Windows\HMHud.INI -> [2010/12/19 20:41:56 | 000,000,000 | ---- | C] ()
< End of report >
dvk01's Avatar
dvk01   (Derek) dvk01 is offline dvk01 is authorized to help remove malware.
Moderator & Malware Removal Specialist with 45,738 posts.
 
Join Date: Dec 2002
Location: Loughton, Essex, UK
14-Nov-2012, 12:52 PM #15
that is showing nothing wrong at all

how are you resetting your router
can you log into it & see what the name servers are set at

lets try this & see if we can bypass the router name servers & make sure it is the router & not something so deeply hidden on your computer first

set up google dns on your computer by following advice here
you only need to do IPV4 not V6
https://developers.google.com/speed/...dns/docs/using
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑