Advertisement
Advertisement
 Search | |
| |
08-Nov-2012, 03:18 PM
#1 | ||||||
| Google Link Redirects Virus I am using Windows 7 I google "walmart" and click on the link that should go to walmart.com but it instead goes to http://8.26.70.252/see/display.php?q...3568&subid=e10 My hijackthis log: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 2:08:01 PM, on 11/8/2012 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16450) Boot mode: Normal Running processes: C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe C:\Program Files (x86)\Lexmark 7600 Series\lxdwmon.exe C:\Program Files (x86)\Lexmark 7600 Series\ezprint.exe C:\Program Files (x86)\Common Files\SupportSoft\bin\bcont.exe C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpy.exe C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe C:\Users\Dennis\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Program Files (x86)\SFT\GuardedID\GIDD.exe C:\Program Files (x86)\Comcast\Desktop Doctor\bin\sprtcmd.exe C:\Program Files (x86)\Hp\HP Software Update\hpwuSchd2.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe C:\Users\Dennis\Desktop\HijackThis.exe C:\Windows\SysWOW64\NOTEPAD.EXE C:\Windows\SysWOW64\NOTEPAD.EXE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: FreeOnlineRadioPlayerRecorder Toolbar - {f999a48b-1950-4d81-9971-79018f807b4b} - C:\Program Files (x86)\FreeOnlineRadioPlayerRecorder\prxtbFre0.dll F2 - REG:system.ini: UserInit=userinit.exe, O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\coIEPlg.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\IPS\IPSBHO.DLL O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL O2 - BHO: Constant Guard Protection Suite - {B84CDBE7-1B46-494B-A188-01D4C52DEB61} - C:\ProgramData\White Sky, Inc\ID Vault\IEBHO1.12.1012.1\NativeBHO.dll O2 - BHO: Updater For XFIN_PORTAL - {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} - C:\Program Files (x86)\xfin_portal\auxi\comcastAu.dll (file missing) O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing) O2 - BHO: FreeOnlineRadioPlayerRecorder - {f999a48b-1950-4d81-9971-79018f807b4b} - C:\Program Files (x86)\FreeOnlineRadioPlayerRecorder\prxtbFre0.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O3 - Toolbar: FreeOnlineRadioPlayerRecorder Toolbar - {f999a48b-1950-4d81-9971-79018f807b4b} - C:\Program Files (x86)\FreeOnlineRadioPlayerRecorder\prxtbFre0.dll O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing) O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\coIEPlg.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [GIDDesktop] C:\Program Files (x86)\SFT\GuardedID\gidd.exe /s O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [ddoctorv2] "C:\Program Files (x86)\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2 O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [MaxMySpeed Registry Cleaner] c:\program files (x86)\cyberdefender\registry scanner\Startcdrc.exe O4 - HKCU\..\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe O4 - HKCU\..\Run: [Desktop Software] "C:\Program Files (x86)\Common Files\SupportSoft\bin\bcont.exe" /ini "C:\Program Files (x86)\ComcastUI\Desktop Software\uinstaller.ini" /fromrun /starthidden O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe O4 - HKCU\..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe O4 - HKCU\..\Run: [com.apple.dav.bookmarks.daemon] C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe O4 - HKCU\..\Run: [ComcastAntispyClient] "C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntispy.exe" /hide O4 - HKCU\..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-21-679516130-3449678583-2315309752-1003\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'postgres') O4 - HKUS\S-1-5-21-679516130-3449678583-2315309752-1003\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'postgres') O4 - Startup: Dropbox.lnk = Dennis\AppData\Roaming\Dropbox\bin\Dropbox.exe O4 - Global Startup: Constant Guard.lnk = C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: PictureMover.lnk = C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files (x86)\Bodog Poker\BPGame.exe (file missing) O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn...Detection2.cab O16 - DPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73} (iCloud Web App Plugin) - https://www.icloud.com/system/iCloud.cab O16 - DPF: {AFD8A3A3-8B73-444B-82F2-2E4345FA5B38} (OneClickFixes Class) - http://www.comcastsupport.com/sdcxus...omcast.Ocf.cab O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: Comcast AntiSpyware (AntiSpywareService) - Unknown owner - C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: CinemaNow Service - CinemaNow, Inc. - C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: CGPS Service (IDVaultSvc) - White Sky, Inc. - C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files (x86)\CA\PPRT\bin\ITMRTSVC.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe O23 - Service: lxdwCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\x64\3\\lxdwserv.exe O23 - Service: lxdw_device - - C:\Windows\system32\lxdwcoms.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: Norton Security Suite (N360) - Symantec Corporation - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: PostgreSQL Database Server 8.3 (pgsql-8.3) - PostgreSQL Global Development Group - C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: Print Spooler (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files (x86)\Comcast\Desktop Doctor\bin\sprtsvc.exe O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files (x86)\Common Files\Symantec Shared\Support Controls\ssrc.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 18338 bytes ATTACH.TXT . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-07.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 6/16/2010 8:34:55 PM System Uptime: 11/1/2012 7:36:25 AM (174 hours ago) . Motherboard: MSI | | 2A9C Processor: Intel(R) Core(TM) i5 CPU 650 @ 3.20GHz | CPU 1 | 3201/133mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 920 GiB total, 811.324 GiB free. D: is FIXED (NTFS) - 12 GiB total, 1.405 GiB free. E: is CDROM (CDFS) G: is Removable H: is Removable I: is Removable J: is Removable . ==== Disabled Device Manager Items ============= . Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318} Description: Officejet J6400 series Device ID: ROOT\MULTIFUNCTION\0001 Manufacturer: HP Name: Officejet J6400 series PNP Device ID: ROOT\MULTIFUNCTION\0001 Service: . Class GUID: Description: Officejet J6400 series Device ID: ROOT\MULTIFUNCTION\0000 Manufacturer: Name: Officejet J6400 series PNP Device ID: ROOT\MULTIFUNCTION\0000 Service: . ==== System Restore Points =================== . RP324: 11/2/2012 3:00:10 AM - Windows Update RP325: 11/3/2012 3:00:11 AM - Windows Update RP326: 11/4/2012 2:00:11 AM - Windows Update RP327: 11/4/2012 3:00:10 AM - Windows Update RP328: 11/5/2012 3:00:11 AM - Windows Update RP329: 11/6/2012 1:20:10 AM - HPSF Restore Point RP330: 11/6/2012 3:00:11 AM - Windows Update RP331: 11/7/2012 3:00:12 AM - Windows Update RP332: 11/8/2012 3:00:11 AM - Windows Update . ==== Installed Programs ====================== . 64 Bit HP CIO Components Installer 6400_Help 7-Zip 4.65 Adobe Flash Player 10 ActiveX 64-bit Adobe Flash Player 11 ActiveX Adobe Reader 9.5.2 AIO_CDB_Software AIO_Scan AMD APP SDK Runtime Apple Application Support Apple Mobile Device Support Apple Software Update ATI Catalyst Install Manager ATI Problem Report Wizard AVS Audio Editor version 6.1 AVS Update Manager 1.0 AVS4YOU Software Navigator 1.4 Bejeweled 2 Deluxe Bing Bar Bing Rewards Client Installer Blackhawk Striker 2 Blasterball 3 Bonjour bpd_scan BPDSoftware BPDSoftware_Ini BufferChm Build-a-lot 2 CA Pest Patrol Realtime Protection Cake Mania Catalyst Control Center - Branding Catalyst Control Center Graphics Previews Common Catalyst Control Center Graphics Previews Vista Catalyst Control Center InstallProxy Catalyst Control Center Localization All ccc-core-static ccc-utility64 CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish Chuzzle Deluxe CinemaNow Media Manager Comcast Desktop Software (v1.2.0.9) Compatibility Pack for the 2007 Office system Constant Guard Protection Suite CustomerResearchQFolder CyberLink DVD Suite Deluxe D3DX10 Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition Desktop Doctor Destination Component DeviceDiscovery DeviceManagementQFolder Diner Dash 2 Restaurant Rescue DocMgr DocProc DocProcQFolder Dora's Carnival Adventure Dropbox DVD Menu Pack for HP MediaSmart Video EMCO Ping Monitor Free 4.2 Escape Rosecliff Island eSupportQFolder Faerie Solitaire FATE Fax FreeOnlineRadioPlayerRecorder Toolbar Google Chrome Google Earth Plug-in Google Toolbar for Internet Explorer Google Update Helper GPBaseService GuardedID Hardware Diagnostic Tools Hewlett-Packard ACLM.NET v1.1.2.0 Holdem Manager HP Advisor HP Customer Experience Enhancements HP Customer Participation Program 10.0 HP Document Manager 1.0 HP Game Console HP Games HP Imaging Device Functions 10.0 HP MediaSmart CinemaNow 2.0 HP MediaSmart DVD HP MediaSmart Music HP MediaSmart Photo HP MediaSmart SmartMenu HP MediaSmart Video HP MediaSmart/TouchSmart Netflix HP Odometer HP Officejet J6400 Series HP Photosmart Essential 2.5 HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B HP Product Detection HP Setup HP Smart Web Printing 4.60 HP Solution Center 10.0 HP Support Assistant HP Support Information HP Update HPDiagnosticAlert HPPhotoGadget HPProductAssistant HPSSupply Hulu Desktop HydraVision iCloud iTunes J6400 Java(TM) 6 Update 25 (64-bit) Jewel Quest 3 Jewel Quest Solitaire 2 Junk Mail filter update LabelPrint Lexmark 7600 Series LightScribe System Software Malwarebytes Anti-Malware version 1.65.1.1000 MarketResearch Microsoft .NET Framework 4 Client Profile Microsoft Application Error Reporting Microsoft Conferencing Add-in for Microsoft Office Outlook Microsoft IntelliPoint 8.2 Microsoft IntelliType Pro 8.2 Microsoft Office 2010 Service Pack 1 (SP1) Microsoft Office Access MUI (English) 2010 Microsoft Office Access Setup Metadata MUI (English) 2010 Microsoft Office Excel MUI (English) 2010 Microsoft Office Groove MUI (English) 2010 Microsoft Office InfoPath MUI (English) 2010 Microsoft Office Office 64-bit Components 2010 Microsoft Office OneNote MUI (English) 2010 Microsoft Office Outlook MUI (English) 2010 Microsoft Office PowerPoint MUI (English) 2010 Microsoft Office Professional Plus 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (English) 2010 Microsoft Office Publisher MUI (English) 2010 Microsoft Office Shared 64-bit MUI (English) 2010 Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft Office Word MUI (English) 2010 Microsoft SharedView Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Works Microsoft WSE 3.0 Runtime MobileMe Control Panel Movie Theme Pack for HP MediaSmart Video MSVCRT MSVCRT_amd64 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Mystery P.I. - The New York Fortune Network64 Norton Security Suite OCR Software by I.R.I.S. 10.0 Penguins! PhotoNow! PictureMover Plants vs. Zombies PlayReady PC Runtime amd64 Poker Superstars III PokerStars Polar Bowler Polar Golfer PostgreSQL 8.3 Power Sound Editor Free Power2Go PowerDirector ProductContext PSSWCORE QuickTime Ralink RT2860 Wireless LAN Card Realtek High Definition Audio Driver Recovery Manager Roxio CinemaNow 2.0 Safari Scan Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition Security Update for Microsoft InfoPath 2010 (KB2687436) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553091) Security Update for Microsoft Office 2010 (KB2553096) Security Update for Microsoft Office 2010 (KB2553260) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2589322) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition Security Update for Microsoft SharePoint Workspace 2010 (KB2566445) Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition Security Update for Microsoft Word 2010 (KB2553488) 32-Bit Edition SharkScope HUD 1.0.173 Shop for HP Supplies SitNGo Wizard Skype Click to Call Skype™ 5.10 SmartWebPrinting SolutionCenter South Point Poker Status Symantec Technical Support Web Controls TableNinja TextTwist 2 Toolbox Tournament Indicator 1.6.7 Tournament Shark TrayApp UnloadSupport Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft Office 2010 (KB2494150) Update for Microsoft Office 2010 (KB2553065) Update for Microsoft Office 2010 (KB2553092) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition Update for Microsoft Office 2010 (KB2553272) 32-Bit Edition Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition Update for Microsoft Office 2010 (KB2566458) Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition Update for Microsoft Office 2010 (KB2598289) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition VideoToolkit01 Virtual Families Virtual Villagers - The Secret City Web Cam 320 WebReg Wheel of Fortune 2 Windows Live Communications Platform Windows Live Essentials Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Language Selector Windows Live Mail Windows Live Messenger Windows Live MIME IFilter Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live Sync Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources Zuma's Revenge . ==== Event Viewer Messages From Past Week ======== . 11/8/2012 3:00:36 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Windows 7 for x64-based Systems (KB2724197). 11/8/2012 3:00:27 AM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume OS. 11/5/2012 10:14:43 AM, Error: Service Control Manager [7031] - The Norton Security Suite service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 11/1/2012 7:40:01 AM, Error: Service Control Manager [7022] - The HP CUE DeviceDiscovery Service service hung on starting. 11/1/2012 7:37:23 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the lxdwCATSCustConnectService service to connect. 11/1/2012 7:37:23 AM, Error: Service Control Manager [7000] - The lxdwCATSCustConnectService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 11/1/2012 7:36:59 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff800031906ea, 0x0000000000000001, 0x0000000000000018). A dump was saved in: C:\Windows\Minidump\110112-28002-01.dmp. Report Id: 110112-28002-01. 11/1/2012 7:35:07 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect. . ==== End Of File =========================== DDS.TXT DDS (Ver_2012-11-07.01) - NTFS_AMD64 Internet Explorer: 9.0.8112.16450 Run by Dennis at 13:54:04 on 2012-11-08 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8119.4652 [GMT -6:00] . AV: Norton Security Suite *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Norton Security Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} FW: Norton Security Suite *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\atieclxx.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt C:\Program Files (x86)\CA\PPRT\bin\ITMRTSVC.exe c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe C:\Windows\system32\lxdwcoms.exe C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe C:\Program Files\Microsoft IntelliType Pro\itype.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files (x86)\Lexmark 7600 Series\lxdwmon.exe C:\Program Files (x86)\Lexmark 7600 Series\ezprint.exe C:\Program Files (x86)\Common Files\SupportSoft\bin\bcont.exe C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpy.exe C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe C:\Users\Dennis\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe C:\Program Files (x86)\SFT\GuardedID\GIDD.exe C:\Program Files (x86)\Comcast\Desktop Doctor\bin\sprtcmd.exe C:\Program Files (x86)\Hp\HP Software Update\hpwuSchd2.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Windows\System32\svchost.exe -k HPZ12 \\.\globalroot\systemroot\svchost.exe -netsvcs C:\Program Files (x86)\SFT\GuardedID\x64\GIDD.exe C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe C:\Windows\System32\svchost.exe -k HPZ12 C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe C:\Program Files (x86)\Comcast\Desktop Doctor\bin\sprtsvc.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Windows\system32\svchost.exe -k HPService C:\Program Files\iPod\bin\iPodService.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\WUDFHost.exe C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\Explorer.EXE C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe C:\Windows\system32\svchost.exe -k SDRSVC C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\wuauclt.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Users\Dennis\Desktop\HijackThis.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.yahoo.com/ uURLSearchHooks: FreeOnlineRadioPlayerRecorder Toolbar: {f999a48b-1950-4d81-9971-79018f807b4b} - C:\Program Files (x86)\FreeOnlineRadioPlayerRecorder\prxtbFre0.dll mURLSearchHooks: FreeOnlineRadioPlayerRecorder Toolbar: {f999a48b-1950-4d81-9971-79018f807b4b} - C:\Program Files (x86)\FreeOnlineRadioPlayerRecorder\prxtbFre0.dll mWinlogon: Userinit = userinit.exe, BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned> BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\Hp\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Conduit Engine : {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll BHO: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\coieplg.dll BHO: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\ips\ipsbho.dll BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL BHO: Constant Guard Protection Suite: {B84CDBE7-1B46-494B-A188-01D4C52DEB61} - C:\ProgramData\White Sky, Inc\ID Vault\IEBHO1.12.1012.1\NativeBHO.dll BHO: Updater For XFIN_PORTAL: {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} - BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - BHO: FreeOnlineRadioPlayerRecorder Toolbar: {f999a48b-1950-4d81-9971-79018f807b4b} - C:\Program Files (x86)\FreeOnlineRadioPlayerRecorder\prxtbFre0.dll BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\Hp\Digital Imaging\Smart Web Printing\hpswp_BHO.dll TB: FreeOnlineRadioPlayerRecorder Toolbar: {F999A48B-1950-4D81-9971-79018F807B4B} - C:\Program Files (x86)\FreeOnlineRadioPlayerRecorder\prxtbFre0.dll TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll TB: FreeOnlineRadioPlayerRecorder Toolbar: {f999a48b-1950-4d81-9971-79018f807b4b} - C:\Program Files (x86)\FreeOnlineRadioPlayerRecorder\prxtbFre0.dll TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\coieplg.dll TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\Hp\Digital Imaging\Smart Web Printing\hpswp_bho.dll EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\Hp\Digital Imaging\Smart Web Printing\hpswp_bho.dll uRun: [MaxMySpeed Registry Cleaner] c:\program files (x86)\cyberdefender\registry scanner\Startcdrc.exe uRun: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe uRun: [POEngine5] <no file> mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [GIDDesktop] C:\Program Files (x86)\SFT\GuardedID\gidd.exe /s mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [ddoctorv2] "C:\Program Files (x86)\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2 mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" StartupFolder: C:\Users\Dennis\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ Dropbox.lnk - C:\Users\Dennis\AppData\Roaming\Dropbox\bin\Dropbox.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\CONSTA~1.LNK - C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PICTUR~1.LNK - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:0 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableLUA = dword:0 mPolicies-System: EnableUIADesktopToggle = dword:0 mPolicies-System: PromptOnSecureDesktop = dword:0 IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\Hp\Digital Imaging\Smart Web Printing\hpswp_BHO.dll IE: {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files (x86)\Bodog Poker\BPGame.exe DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab DPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73} - hxxps://www.icloud.com/system/iCloud.cab DPF: {AFD8A3A3-8B73-444B-82F2-2E4345FA5B38} - hxxp://www.comcastsupport.com/sdcxuser/oneclickfix/scripts/Comcast.Ocf.cab TCP: NameServer = 192.168.1.1 TCP: Interfaces\{166B2E5E-E75D-4043-9388-3FDE9F923034} : DHCPNameServer = 192.168.1.1 TCP: Interfaces\{8CAEE18C-624A-424A-A79B-DE7E1B54D0D0} : DHCPNameServer = 192.168.1.1 TCP: Interfaces\{8CAEE18C-624A-424A-A79B-DE7E1B54D0D0}\D4F445F425F4C414D27363333434 : DHCPNameServer = 68.87.68.166 68.87.74.166 TCP: Interfaces\{8CAEE18C-624A-424A-A79B-DE7E1B54D0D0}\E4544574541425 : DHCPNameServer = 192.168.1.1 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SSODL: WebCheck - <orphaned> SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL mASetup: {9191979D-821C-4EA8-B021-2DA1D859A7C5}-3Reg - C:\Program Files (x86)\SFT\GuardedID\gidi.exe /v x64-mSearchAssistant = hxxp://www.google.com/ie x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll x64-Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe x64-Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background x64-Run: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype.exe" x64-Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe" x64-Run: [lxdwmon.exe] "C:\Program Files (x86)\Lexmark 7600 Series\lxdwmon.exe" x64-Run: [EzPrint] "C:\Program Files (x86)\Lexmark 7600 Series\ezprint.exe" x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll x64-DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc64.cab x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab x64-DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-SSODL: WebCheck - <orphaned> x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL . ============= SERVICES / DRIVERS =============== . R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\N360x64\0502020.003\symds64.sys [2012-7-16 450680] R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\N360x64\0502020.003\symefa64.sys [2012-7-16 912504] R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20121030.002\BHDrvx64.sys [2012-11-5 1385632] R1 GIDv2;GIDv2;C:\Windows\System32\drivers\gidv2.sys [2012-2-27 29288] R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20121107.001\IDSviA64.sys [2012-11-7 513184] R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\N360x64\0502020.003\ironx64.sys [2012-7-16 171128] R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\N360x64\0502020.003\symnets.sys [2012-7-16 386168] R2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2010/05/12 19:30:23];C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2010-5-12 146928] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-1-24 203776] R2 AntiSpywareService;Comcast AntiSpyware;C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe [2009-6-17 616408] R2 CinemaNow Service;CinemaNow Service;C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe [2010-2-26 127984] R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072] R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264] R2 IDVaultSvc;CGPS Service;C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe [2012-10-16 61552] R2 lxdw_device;lxdw_device;C:\Windows\System32\lxdwcoms.exe -service --> C:\Windows\System32\lxdwcoms.exe -service [?] R2 N360;Norton Security Suite;C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\ccsvchst.exe [2012-7-16 130008] R2 pgsql-8.3;PostgreSQL Database Server 8.3;C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe [2009-12-10 65536] R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-10-2 3064000] R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2011-4-18 115216] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-8-9 138912] R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-5-12 56344] R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2010-5-12 852256] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-5-12 346144] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 lxdwCATSCustConnectService;lxdwCATSCustConnectService;C:\Windows\System32\s pool\drivers\x64\3\lxdwserv.exe [2012-8-27 33960] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944] S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-2-28 183560] S3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;C:\Windows\System32\drivers\BVRPMPR5a64.SYS [2010-9-10 35840] S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2012-1-18 351136] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-7-1 59392] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-6-17 1255736] . =============== Created Last 30 ================ . 2012-10-31 20:43:12 20480 ----a-w- C:\Windows\svchost.exe 2012-10-31 18:16:03 -------- d-----w- C:\Users\Dennis\AppData\Roaming\Malwarebytes 2012-10-31 18:15:42 -------- d-----w- C:\ProgramData\Malwarebytes 2012-10-31 18:15:41 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-10-31 18:15:41 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-10-25 04:32:58 163056 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10142.bin 2012-10-17 19:37:28 -------- d-----w- C:\Users\Dennis\AppData\Local\{773ECF27-E6AA-4735-BF84-2BFD84914D0F} 2012-10-13 19:49:28 33240 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys 2012-10-13 19:48:59 -------- d-----w- C:\Program Files\iPod 2012-10-13 19:48:58 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2012-10-13 19:48:58 -------- d-----w- C:\Program Files\iTunes 2012-10-13 19:48:58 -------- d-----w- C:\Program Files (x86)\iTunes 2012-10-10 15:39:58 1464320 ----a-w- C:\Windows\System32\crypt32.dll 2012-10-10 15:39:58 1159680 ----a-w- C:\Windows\SysWow64\crypt32.dll 2012-10-10 15:39:57 184320 ----a-w- C:\Windows\System32\cryptsvc.dll 2012-10-10 15:39:57 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll 2012-10-10 15:39:57 140288 ----a-w- C:\Windows\System32\cryptnet.dll 2012-10-10 15:39:57 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll . ==================== Find3M ==================== . 2012-09-14 19:19:29 2048 ----a-w- C:\Windows\System32\tzres.dll 2012-09-14 18:28:53 2048 ----a-w- C:\Windows\SysWow64\tzres.dll 2012-08-31 18:19:35 1659760 ----a-w- C:\Windows\System32\drivers\ntfs.sys 2012-08-24 18:05:07 220160 ----a-w- C:\Windows\System32\wintrust.dll 2012-08-24 16:57:48 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll 2012-08-24 10:31:32 2312704 ----a-w- C:\Windows\System32\jscript9.dll 2012-08-24 10:21:18 1392128 ----a-w- C:\Windows\System32\wininet.dll 2012-08-24 10:20:11 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2012-08-24 10:14:45 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2012-08-24 10:13:29 599040 ----a-w- C:\Windows\System32\vbscript.dll 2012-08-24 10:09:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2012-08-24 06:59:17 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll 2012-08-24 06:51:27 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-08-24 06:51:02 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2012-08-24 06:47:26 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2012-08-24 06:47:12 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll 2012-08-24 06:43:58 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-08-22 18:12:50 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2012-08-22 18:12:40 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys 2012-08-22 18:12:40 376688 ----a-w- C:\Windows\System32\drivers\netio.sys 2012-08-22 18:12:33 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS 2012-08-21 21:01:00 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe 2012-08-21 18:01:20 125872 ----a-w- C:\Windows\System32\GEARAspi64.dll 2012-08-21 18:01:20 106928 ----a-w- C:\Windows\SysWow64\GEARAspi.dll 2012-08-20 18:48:44 362496 ----a-w- C:\Windows\System32\wow64win.dll 2012-08-20 18:48:44 243200 ----a-w- C:\Windows\System32\wow64.dll 2012-08-20 18:48:44 13312 ----a-w- C:\Windows\System32\wow64cpu.dll 2012-08-20 18:48:43 215040 ----a-w- C:\Windows\System32\winsrv.dll 2012-08-20 18:48:37 16384 ----a-w- C:\Windows\System32\ntvdm64.dll 2012-08-20 18:48:35 424448 ----a-w- C:\Windows\System32\KernelBase.dll 2012-08-20 18:46:22 338432 ----a-w- C:\Windows\System32\conhost.exe 2012-08-20 17:40:21 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll 2012-08-20 17:38:44 44032 ----a-w- C:\Windows\apppatch\acwow64.dll 2012-08-20 17:38:26 25600 ----a-w- C:\Windows\SysWow64\setup16.exe 2012-08-20 17:37:19 5120 ----a-w- C:\Windows\SysWow64\wow32.dll 2012-08-20 17:37:18 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll 2012-08-20 15:38:21 7680 ----a-w- C:\Windows\SysWow64\instnm.exe 2012-08-20 15:38:20 2048 ----a-w- C:\Windows\SysWow64\user.exe 2012-08-20 15:33:28 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll 2012-08-20 15:33:28 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll 2012-08-20 15:33:28 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll 2012-08-20 15:33:28 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll 2012-08-11 00:56:03 715776 ----a-w- C:\Windows\System32\kerberos.dll 2012-08-10 23:56:14 542208 ----a-w- C:\Windows\SysWow64\kerberos.dll . ============= FINISH: 13:54:55.42 =============== |
12-Nov-2012, 08:15 AM
#2 | ||||||
| Bump |
13-Nov-2012, 12:51 PM
#3 | ||||||
| Run tdss killer from http://support.kaspersky.com/viruses...?qid=208280684 let it cure anything it fnds ( except SPTD.SYS or anything detected as UnsignedFile.Multi.Generic, which should be ignored) & then reboot post back with its log By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. Logs have names like: UtilityName.Version_Date_Time_log.txt. E.g. C:\TDSSKiller.2.4.7_23.07.2010_15.31.43_log.txt
__________________ Derek Microsoft MVP/Windows - Security | Thespykiller Find out all about the European Wild Hedgehog, what you can do to save it from extinction Hedgehog Rescue |
13-Nov-2012, 11:04 PM
#4 | ||||||
| Hi Derek. Thank you for helping me with this issue. I ran tdss killer and i clicked on the reboot button that popped up after the cure was applied. After the reboot the scan button was there but I did not run it a second time, but there are two logs with I am pasting: 21:40:22.0463 5648 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35 21:40:23.0446 5648 ============================================================ 21:40:23.0446 5648 Current date / time: 2012/11/13 21:40:23.0446 21:40:23.0446 5648 SystemInfo: 21:40:23.0446 5648 21:40:23.0446 5648 OS Version: 6.1.7601 ServicePack: 1.0 21:40:23.0446 5648 Product type: Workstation 21:40:23.0446 5648 ComputerName: DENNIS-HP 21:40:23.0446 5648 UserName: Dennis 21:40:23.0446 5648 Windows directory: C:\Windows 21:40:23.0446 5648 System windows directory: C:\Windows 21:40:23.0446 5648 Running under WOW64 21:40:23.0446 5648 Processor architecture: Intel x64 21:40:23.0446 5648 Number of processors: 4 21:40:23.0446 5648 Page size: 0x1000 21:40:23.0446 5648 Boot type: Normal boot 21:40:23.0446 5648 ============================================================ 21:40:25.0262 5648 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 21:40:25.0293 5648 ============================================================ 21:40:25.0293 5648 \Device\Harddisk0\DR0: 21:40:25.0293 5648 MBR partitions: 21:40:25.0293 5648 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000 21:40:25.0293 5648 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x72FC5800 21:40:25.0293 5648 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x72FF8000, BlocksNum 0x170E000 21:40:25.0293 5648 ============================================================ 21:40:25.0340 5648 C: <-> \Device\Harddisk0\DR0\Partition2 21:40:25.0386 5648 D: <-> \Device\Harddisk0\DR0\Partition3 21:40:25.0386 5648 ============================================================ 21:40:25.0386 5648 Initialize success 21:40:25.0386 5648 ============================================================ 21:41:50.0816 12184 ============================================================ 21:41:50.0831 12184 Scan started 21:41:50.0831 12184 Mode: Manual; 21:41:50.0831 12184 ============================================================ 21:41:52.0563 12184 ================ Scan system memory ======================== 21:41:52.0563 12184 System memory - ok 21:41:52.0563 12184 ================ Scan services ============================= 21:41:52.0813 12184 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys 21:41:52.0813 12184 1394ohci - ok 21:41:52.0859 12184 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys 21:41:52.0859 12184 ACPI - ok 21:41:52.0906 12184 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys 21:41:52.0906 12184 AcpiPmi - ok 21:41:52.0984 12184 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys 21:41:52.0984 12184 adp94xx - ok 21:41:53.0031 12184 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys 21:41:53.0047 12184 adpahci - ok 21:41:53.0062 12184 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys 21:41:53.0078 12184 adpu320 - ok 21:41:53.0109 12184 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 21:41:53.0125 12184 AeLookupSvc - ok 21:41:53.0203 12184 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys 21:41:53.0203 12184 AFD - ok 21:41:53.0218 12184 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys 21:41:53.0234 12184 agp440 - ok 21:41:53.0249 12184 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe 21:41:53.0249 12184 ALG - ok 21:41:53.0281 12184 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys 21:41:53.0281 12184 aliide - ok 21:41:53.0327 12184 [ 998021E7C3DE3E97E441ABACE498FFB6 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe 21:41:53.0327 12184 AMD External Events Utility - ok 21:41:53.0343 12184 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys 21:41:53.0343 12184 amdide - ok 21:41:53.0359 12184 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys 21:41:53.0359 12184 AmdK8 - ok 21:41:53.0483 12184 [ 250D5B746FFF9B7D88591EE60B63B3E4 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys 21:41:53.0561 12184 amdkmdag - ok 21:41:53.0577 12184 [ 781DAEC0C3E63950CCA53D193582F2E8 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys 21:41:53.0593 12184 amdkmdap - ok 21:41:53.0608 12184 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys 21:41:53.0608 12184 AmdPPM - ok 21:41:53.0655 12184 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys 21:41:53.0655 12184 amdsata - ok 21:41:53.0671 12184 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys 21:41:53.0671 12184 amdsbs - ok 21:41:53.0686 12184 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys 21:41:53.0686 12184 amdxata - ok 21:41:53.0795 12184 [ F9DAC844B1D370DA4C984D4C22F5E696 ] AntiSpywareService C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe 21:41:53.0795 12184 AntiSpywareService - ok 21:41:53.0842 12184 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys 21:41:53.0842 12184 AppID - ok 21:41:53.0858 12184 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll 21:41:53.0858 12184 AppIDSvc - ok 21:41:53.0889 12184 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll 21:41:53.0889 12184 Appinfo - ok 21:41:53.0983 12184 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 21:41:53.0983 12184 Apple Mobile Device - ok 21:41:54.0014 12184 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys 21:41:54.0014 12184 arc - ok 21:41:54.0029 12184 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys 21:41:54.0029 12184 arcsas - ok 21:41:54.0061 12184 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 21:41:54.0061 12184 AsyncMac - ok 21:41:54.0092 12184 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys 21:41:54.0092 12184 atapi - ok 21:41:54.0139 12184 [ 4BF5BCA6E2608CD8A00BC4A6673A9F47 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys 21:41:54.0139 12184 AtiHDAudioService - ok 21:41:54.0154 12184 [ 77C149E6D702737B2E372DEE166FAEF8 ] AtiHdmiService C:\Windows\system32\drivers\AtiHdmi.sys 21:41:54.0154 12184 AtiHdmiService - ok 21:41:54.0170 12184 ATIXPGAA - ok 21:41:54.0217 12184 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 21:41:54.0232 12184 AudioEndpointBuilder - ok 21:41:54.0232 12184 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll 21:41:54.0248 12184 AudioSrv - ok 21:41:54.0279 12184 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll 21:41:54.0295 12184 AxInstSV - ok 21:41:54.0310 12184 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys 21:41:54.0326 12184 b06bdrv - ok 21:41:54.0357 12184 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys 21:41:54.0357 12184 b57nd60a - ok 21:41:54.0419 12184 [ 825F81A6F7DD073509DB101F0BA6DC59 ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE 21:41:54.0419 12184 BBSvc - ok 21:41:54.0435 12184 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll 21:41:54.0435 12184 BDESVC - ok 21:41:54.0451 12184 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys 21:41:54.0451 12184 Beep - ok 21:41:54.0497 12184 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll 21:41:54.0513 12184 BFE - ok 21:41:54.0653 12184 [ 652F4D186325B69FFE80EE18AE9ACC77 ] BHDrvx64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20121030.002\BHDrvx64.sys 21:41:54.0653 12184 BHDrvx64 - ok 21:41:54.0685 12184 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll 21:41:54.0747 12184 BITS - ok 21:41:54.0763 12184 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys 21:41:54.0763 12184 blbdrive - ok 21:41:54.0841 12184 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe 21:41:54.0856 12184 Bonjour Service - ok 21:41:54.0887 12184 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys 21:41:54.0887 12184 bowser - ok 21:41:54.0903 12184 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys 21:41:54.0903 12184 BrFiltLo - ok 21:41:54.0919 12184 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys 21:41:54.0919 12184 BrFiltUp - ok 21:41:54.0950 12184 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll 21:41:54.0950 12184 Browser - ok 21:41:54.0965 12184 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys 21:41:54.0965 12184 Brserid - ok 21:41:54.0997 12184 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys 21:41:54.0997 12184 BrSerWdm - ok 21:41:54.0997 12184 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys 21:41:54.0997 12184 BrUsbMdm - ok 21:41:54.0997 12184 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys 21:41:55.0012 12184 BrUsbSer - ok 21:41:55.0012 12184 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys 21:41:55.0012 12184 BTHMODEM - ok 21:41:55.0043 12184 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll 21:41:55.0043 12184 bthserv - ok 21:41:55.0090 12184 [ 9887CA12F407D7FBC7F48F3678F5F0B6 ] BVRPMPR5a64 C:\Windows\system32\drivers\BVRPMPR5a64.SYS 21:41:55.0090 12184 BVRPMPR5a64 - ok 21:41:55.0106 12184 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 21:41:55.0106 12184 cdfs - ok 21:41:55.0137 12184 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys 21:41:55.0137 12184 cdrom - ok 21:41:55.0184 12184 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll 21:41:55.0184 12184 CertPropSvc - ok 21:41:55.0215 12184 [ 2C24DB5F78F0ACA759803001E6B4F320 ] CinemaNow Service C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe 21:41:55.0215 12184 CinemaNow Service - ok 21:41:55.0246 12184 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys 21:41:55.0246 12184 circlass - ok 21:41:55.0277 12184 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys 21:41:55.0277 12184 CLFS - ok 21:41:55.0340 12184 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 21:41:55.0340 12184 clr_optimization_v2.0.50727_32 - ok 21:41:55.0371 12184 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 21:41:55.0371 12184 clr_optimization_v2.0.50727_64 - ok 21:41:55.0433 12184 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 21:41:55.0433 12184 clr_optimization_v4.0.30319_32 - ok 21:41:55.0449 12184 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 21:41:55.0449 12184 clr_optimization_v4.0.30319_64 - ok 21:41:55.0465 12184 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys 21:41:55.0465 12184 CmBatt - ok 21:41:55.0511 12184 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys 21:41:55.0511 12184 cmdide - ok 21:41:55.0543 12184 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys 21:41:55.0558 12184 CNG - ok 21:41:55.0574 12184 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys 21:41:55.0574 12184 Compbatt - ok 21:41:55.0605 12184 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys 21:41:55.0605 12184 CompositeBus - ok 21:41:55.0621 12184 COMSysApp - ok 21:41:55.0621 12184 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys 21:41:55.0621 12184 crcdisk - ok 21:41:55.0667 12184 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll 21:41:55.0667 12184 CryptSvc - ok 21:41:55.0714 12184 [ 7AF9DAC504FBD047CBC3E64AE52C92BF ] dc3d C:\Windows\system32\DRIVERS\dc3d.sys 21:41:55.0714 12184 dc3d - ok 21:41:55.0745 12184 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll 21:41:55.0761 12184 DcomLaunch - ok 21:41:55.0777 12184 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll 21:41:55.0777 12184 defragsvc - ok 21:41:55.0808 12184 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys 21:41:55.0808 12184 DfsC - ok 21:41:55.0839 12184 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll 21:41:55.0839 12184 Dhcp - ok 21:41:55.0870 12184 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys 21:41:55.0870 12184 discache - ok 21:41:55.0886 12184 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys 21:41:55.0901 12184 Disk - ok 21:41:55.0917 12184 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll 21:41:55.0933 12184 Dnscache - ok 21:41:55.0964 12184 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll 21:41:55.0964 12184 dot3svc - ok 21:41:55.0979 12184 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll 21:41:55.0979 12184 DPS - ok 21:41:55.0995 12184 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 21:41:55.0995 12184 drmkaud - ok 21:41:56.0042 12184 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 21:41:56.0057 12184 DXGKrnl - ok 21:41:56.0089 12184 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll 21:41:56.0089 12184 EapHost - ok 21:41:56.0135 12184 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys 21:41:56.0167 12184 ebdrv - ok 21:41:56.0245 12184 [ 4353FF94D47A0A9D52B89ECCF0CDB013 ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys 21:41:56.0245 12184 eeCtrl - ok 21:41:56.0291 12184 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe 21:41:56.0291 12184 EFS - ok 21:41:56.0338 12184 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe 21:41:56.0354 12184 ehRecvr - ok 21:41:56.0369 12184 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe 21:41:56.0385 12184 ehSched - ok 21:41:56.0463 12184 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys 21:41:56.0463 12184 elxstor - ok 21:41:56.0603 12184 [ C5BCCB378D0A896304A3E71BE7215983 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 21:41:56.0603 12184 EraserUtilRebootDrv - ok 21:41:56.0635 12184 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys 21:41:56.0635 12184 ErrDev - ok 21:41:56.0681 12184 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll 21:41:56.0681 12184 EventSystem - ok 21:41:56.0697 12184 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys 21:41:56.0697 12184 exfat - ok 21:41:56.0713 12184 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys 21:41:56.0713 12184 fastfat - ok 21:41:56.0759 12184 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe 21:41:56.0775 12184 Fax - ok 21:41:56.0791 12184 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys 21:41:56.0791 12184 fdc - ok 21:41:56.0806 12184 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll 21:41:56.0806 12184 fdPHost - ok 21:41:56.0806 12184 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll 21:41:56.0822 12184 FDResPub - ok 21:41:56.0822 12184 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 21:41:56.0822 12184 FileInfo - ok 21:41:56.0837 12184 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys 21:41:56.0837 12184 Filetrace - ok 21:41:56.0853 12184 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys 21:41:56.0853 12184 flpydisk - ok 21:41:56.0869 12184 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 21:41:56.0869 12184 FltMgr - ok 21:41:56.0915 12184 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll 21:41:56.0931 12184 FontCache - ok 21:41:56.0978 12184 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 21:41:56.0993 12184 FontCache3.0.0.0 - ok 21:41:56.0993 12184 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys 21:41:56.0993 12184 FsDepends - ok 21:41:57.0025 12184 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 21:41:57.0040 12184 Fs_Rec - ok 21:41:57.0071 12184 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys 21:41:57.0071 12184 fvevol - ok 21:41:57.0103 12184 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys 21:41:57.0103 12184 gagp30kx - ok 21:41:57.0149 12184 [ E53EE18A21C025DEABCFE0F72FC481BB ] GameConsoleService C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe 21:41:57.0149 12184 GameConsoleService - ok 21:41:57.0181 12184 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 21:41:57.0181 12184 GEARAspiWDM - ok 21:41:57.0227 12184 [ 9BA22AEE7F531EF9CE085CC2E1112BC4 ] GIDv2 C:\Windows\system32\drivers\GIDv2.sys 21:41:57.0227 12184 GIDv2 - ok 21:41:57.0243 12184 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll 21:41:57.0259 12184 gpsvc - ok 21:41:57.0337 12184 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 21:41:57.0337 12184 gupdate - ok 21:41:57.0352 12184 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 21:41:57.0352 12184 gupdatem - ok 21:41:57.0383 12184 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe 21:41:57.0383 12184 gusvc - ok 21:41:57.0383 12184 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys 21:41:57.0399 12184 hcw85cir - ok 21:41:57.0415 12184 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 21:41:57.0430 12184 HdAudAddService - ok 21:41:57.0446 12184 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys 21:41:57.0446 12184 HDAudBus - ok 21:41:57.0461 12184 [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64 C:\Windows\system32\DRIVERS\HECIx64.sys 21:41:57.0461 12184 HECIx64 - ok 21:41:57.0477 12184 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys 21:41:57.0477 12184 HidBatt - ok 21:41:57.0493 12184 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys 21:41:57.0493 12184 HidBth - ok 21:41:57.0524 12184 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys 21:41:57.0524 12184 HidIr - ok 21:41:57.0539 12184 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll 21:41:57.0539 12184 hidserv - ok 21:41:57.0602 12184 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys 21:41:57.0602 12184 HidUsb - ok 21:41:57.0633 12184 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll 21:41:57.0649 12184 hkmsvc - ok 21:41:57.0664 12184 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll 21:41:57.0664 12184 HomeGroupListener - ok 21:41:57.0695 12184 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll 21:41:57.0695 12184 HomeGroupProvider - ok 21:41:57.0789 12184 [ 13BB1114451C63BFB41BA7DAA4D70A29 ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe 21:41:57.0789 12184 HP Support Assistant Service - ok 21:41:57.0851 12184 [ BCC4A8B2E2E902F52E7F2E7D8E125765 ] HPDrvMntSvc.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe 21:41:57.0851 12184 HPDrvMntSvc.exe - ok 21:41:57.0961 12184 [ B14328CFEEB6B736BE44C2C9DB3B162C ] hpqcxs08 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll 21:41:57.0976 12184 hpqcxs08 - ok 21:41:58.0023 12184 [ DF446BA625CC441617843E87798CE048 ] hpqddsvc C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll 21:41:58.0023 12184 hpqddsvc - ok 21:41:58.0054 12184 [ EC9739A46F1F83C6E52A7A4697F44A65 ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe 21:41:58.0070 12184 hpqwmiex - ok 21:41:58.0101 12184 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys 21:41:58.0101 12184 HpSAMD - ok 21:41:58.0148 12184 [ F37882F128EFACEFE353E0BAE2766909 ] HPSLPSVC C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL 21:41:58.0163 12184 HPSLPSVC - ok 21:41:58.0210 12184 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys 21:41:58.0226 12184 HTTP - ok 21:41:58.0257 12184 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys 21:41:58.0257 12184 hwpolicy - ok 21:41:58.0273 12184 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys 21:41:58.0273 12184 i8042prt - ok 21:41:58.0288 12184 [ 85977CD13FC16069CE0AF7943A811775 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys 21:41:58.0304 12184 iaStor - ok 21:41:58.0304 12184 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys 21:41:58.0319 12184 iaStorV - ok 21:41:58.0366 12184 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 21:41:58.0382 12184 idsvc - ok 21:41:58.0460 12184 [ A48928D4CCA6F8B731989DB08CF2C0AB ] IDSVia64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20121113.004\IDSvia64.sys 21:41:58.0475 12184 IDSVia64 - ok 21:41:58.0585 12184 [ 9995160D6F69A603FA5B8DA9A42E8F9F ] IDVaultSvc C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe 21:41:58.0585 12184 IDVaultSvc - ok 21:41:58.0616 12184 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys 21:41:58.0616 12184 iirsp - ok 21:41:58.0647 12184 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll 21:41:58.0663 12184 IKEEXT - ok 21:41:58.0725 12184 [ 28CEEFBD2C63F91DC17DED3E8D27ECF5 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys 21:41:58.0741 12184 IntcAzAudAddService - ok 21:41:58.0772 12184 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys 21:41:58.0772 12184 intelide - ok 21:41:58.0803 12184 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 21:41:58.0803 12184 intelppm - ok 21:41:58.0834 12184 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll 21:41:58.0834 12184 IPBusEnum - ok 21:41:58.0865 12184 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 21:41:58.0865 12184 IpFilterDriver - ok 21:41:58.0928 12184 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 21:41:58.0928 12184 iphlpsvc - ok 21:41:58.0943 12184 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys 21:41:58.0943 12184 IPMIDRV - ok 21:41:58.0975 12184 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys 21:41:58.0975 12184 IPNAT - ok 21:41:59.0021 12184 [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe 21:41:59.0037 12184 iPod Service - ok 21:41:59.0053 12184 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys 21:41:59.0053 12184 IRENUM - ok 21:41:59.0084 12184 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys 21:41:59.0084 12184 isapnp - ok 21:41:59.0099 12184 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys 21:41:59.0099 12184 iScsiPrt - ok 21:41:59.0177 12184 [ 54F694C6CD3A1149BA3A8BDACC83BADC ] ITMRTSVC C:\Program Files (x86)\CA\PPRT\bin\ITMRTSVC.exe 21:41:59.0177 12184 ITMRTSVC - ok 21:41:59.0193 12184 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys 21:41:59.0193 12184 kbdclass - ok 21:41:59.0209 12184 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys 21:41:59.0209 12184 kbdhid - ok 21:41:59.0209 12184 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe 21:41:59.0209 12184 KeyIso - ok 21:41:59.0240 12184 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 21:41:59.0240 12184 KSecDD - ok 21:41:59.0255 12184 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys 21:41:59.0255 12184 KSecPkg - ok 21:41:59.0271 12184 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys 21:41:59.0287 12184 ksthunk - ok 21:41:59.0302 12184 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll 21:41:59.0302 12184 KtmRm - ok 21:41:59.0349 12184 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll 21:41:59.0349 12184 LanmanServer - ok 21:41:59.0380 12184 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 21:41:59.0396 12184 LanmanWorkstation - ok 21:41:59.0427 12184 [ 3503F257B3203F824B1567238EBE17E2 ] LightScribeService c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe 21:41:59.0427 12184 LightScribeService - ok 21:41:59.0443 12184 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 21:41:59.0458 12184 lltdio - ok 21:41:59.0474 12184 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll 21:41:59.0474 12184 lltdsvc - ok 21:41:59.0489 12184 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll 21:41:59.0489 12184 lmhosts - ok 21:41:59.0521 12184 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys 21:41:59.0521 12184 LSI_FC - ok 21:41:59.0536 12184 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys 21:41:59.0536 12184 LSI_SAS - ok 21:41:59.0552 12184 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys 21:41:59.0552 12184 LSI_SAS2 - ok 21:41:59.0567 12184 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys 21:41:59.0567 12184 LSI_SCSI - ok 21:41:59.0583 12184 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys 21:41:59.0583 12184 luafv - ok 21:41:59.0614 12184 [ 0C85B2B6FB74B36A251792D45E0EF860 ] LVRS64 C:\Windows\system32\DRIVERS\lvrs64.sys 21:41:59.0630 12184 LVRS64 - ok 21:41:59.0692 12184 [ 0C4BC1D7DB00896EE53862FCF29E6B5C ] lxdwCATSCustConnectService C:\Windows\system32\spool\DRIVERS\x64\3\\lxdwserv.exe 21:41:59.0708 12184 lxdwCATSCustConnectService - ok 21:41:59.0708 12184 lxdw_device - ok 21:41:59.0723 12184 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 21:41:59.0739 12184 Mcx2Svc - ok 21:41:59.0739 12184 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys 21:41:59.0739 12184 megasas - ok 21:41:59.0770 12184 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys 21:41:59.0770 12184 MegaSR - ok 21:41:59.0848 12184 Microsoft SharePoint Workspace Audit Service - ok 21:41:59.0879 12184 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll 21:41:59.0879 12184 MMCSS - ok 21:41:59.0911 12184 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys 21:41:59.0911 12184 Modem - ok 21:41:59.0926 12184 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys 21:41:59.0926 12184 monitor - ok 21:41:59.0957 12184 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys 21:41:59.0957 12184 mouclass - ok 21:41:59.0973 12184 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 21:41:59.0973 12184 mouhid - ok 21:42:00.0004 12184 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys 21:42:00.0004 12184 mountmgr - ok 21:42:00.0020 12184 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys 21:42:00.0020 12184 mpio - ok 21:42:00.0051 12184 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 21:42:00.0051 12184 mpsdrv - ok 21:42:00.0082 12184 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll 21:42:00.0098 12184 MpsSvc - ok 21:42:00.0129 12184 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 21:42:00.0129 12184 MRxDAV - ok 21:42:00.0160 12184 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 21:42:00.0160 12184 mrxsmb - ok 21:42:00.0191 12184 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 21:42:00.0207 12184 mrxsmb10 - ok 21:42:00.0207 12184 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 21:42:00.0223 12184 mrxsmb20 - ok 21:42:00.0238 12184 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys 21:42:00.0238 12184 msahci - ok 21:42:00.0285 12184 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys 21:42:00.0285 12184 msdsm - ok 21:42:00.0301 12184 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe 21:42:00.0301 12184 MSDTC - ok 21:42:00.0316 12184 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys 21:42:00.0316 12184 Msfs - ok 21:42:00.0332 12184 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys 21:42:00.0332 12184 mshidkmdf - ok 21:42:00.0347 12184 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 21:42:00.0347 12184 msisadrv - ok 21:42:00.0379 12184 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 21:42:00.0379 12184 MSiSCSI - ok 21:42:00.0379 12184 msiserver - ok 21:42:00.0425 12184 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 21:42:00.0425 12184 MSKSSRV - ok 21:42:00.0441 12184 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 21:42:00.0441 12184 MSPCLOCK - ok 21:42:00.0457 12184 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 21:42:00.0457 12184 MSPQM - ok 21:42:00.0488 12184 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 21:42:00.0488 12184 MsRPC - ok 21:42:00.0503 12184 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys 21:42:00.0503 12184 mssmbios - ok 21:42:00.0503 12184 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 21:42:00.0503 12184 MSTEE - ok 21:42:00.0519 12184 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys 21:42:00.0519 12184 MTConfig - ok 21:42:00.0535 12184 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys 21:42:00.0535 12184 Mup - ok 21:42:00.0613 12184 [ E78A365CC3E0FBFC018A33DCE01909F8 ] N360 C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe 21:42:00.0613 12184 N360 - ok 21:42:00.0644 12184 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll 21:42:00.0644 12184 napagent - ok 21:42:00.0691 12184 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 21:42:00.0691 12184 NativeWifiP - ok 21:42:00.0769 12184 [ C58D8A669D6551F616D90244BD2C2D4F ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20121113.009\ENG64.SYS 21:42:00.0769 12184 NAVENG - ok 21:42:00.0878 12184 [ A3DBDB412ADFA5882DD6843B11FE0828 ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20121113.009\EX64.SYS 21:42:00.0893 12184 NAVEX15 - ok 21:42:00.0940 12184 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys 21:42:00.0956 12184 NDIS - ok 21:42:00.0971 12184 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys 21:42:00.0971 12184 NdisCap - ok 21:42:00.0987 12184 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 21:42:00.0987 12184 NdisTapi - ok 21:42:01.0018 12184 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 21:42:01.0018 12184 Ndisuio - ok 21:42:01.0049 12184 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 21:42:01.0049 12184 NdisWan - ok 21:42:01.0096 12184 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 21:42:01.0096 12184 NDProxy - ok 21:42:01.0143 12184 [ 2334DC48997BA203B794DF3EE70521DB ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll 21:42:01.0143 12184 Net Driver HPZ12 - ok 21:42:01.0159 12184 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 21:42:01.0174 12184 NetBIOS - ok 21:42:01.0205 12184 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys 21:42:01.0205 12184 NetBT - ok 21:42:01.0221 12184 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe 21:42:01.0221 12184 Netlogon - ok 21:42:01.0268 12184 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll 21:42:01.0268 12184 Netman - ok 21:42:01.0283 12184 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll 21:42:01.0283 12184 netprofm - ok 21:42:01.0315 12184 [ 064AB63C9A588D2611306AE16D017E7E ] netr28x C:\Windows\system32\DRIVERS\netr28x.sys 21:42:01.0330 12184 netr28x - ok 21:42:01.0346 12184 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe 21:42:01.0346 12184 NetTcpPortSharing - ok 21:42:01.0377 12184 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys 21:42:01.0377 12184 nfrd960 - ok 21:42:01.0408 12184 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll 21:42:01.0408 12184 NlaSvc - ok 21:42:01.0439 12184 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys 21:42:01.0439 12184 Npfs - ok 21:42:01.0439 12184 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll 21:42:01.0439 12184 nsi - ok 21:42:01.0455 12184 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 21:42:01.0455 12184 nsiproxy - ok 21:42:01.0502 12184 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 21:42:01.0517 12184 Ntfs - ok 21:42:01.0533 12184 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys 21:42:01.0533 12184 Null - ok 21:42:01.0564 12184 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys 21:42:01.0580 12184 nvraid - ok 21:42:01.0595 12184 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys 21:42:01.0595 12184 nvstor - ok 21:42:01.0642 12184 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 21:42:01.0642 12184 nv_agp - ok 21:42:01.0642 12184 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys 21:42:01.0658 12184 ohci1394 - ok 21:42:01.0689 12184 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 21:42:01.0689 12184 ose - ok 21:42:01.0814 12184 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE 21:42:01.0861 12184 osppsvc - ok 21:42:01.0876 12184 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll 21:42:01.0876 12184 p2pimsvc - ok 21:42:01.0892 12184 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll 21:42:01.0907 12184 p2psvc - ok 21:42:01.0907 12184 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys 21:42:01.0923 12184 Parport - ok 21:42:01.0954 12184 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys 21:42:01.0954 12184 partmgr - ok 21:42:01.0970 12184 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll 21:42:01.0970 12184 PcaSvc - ok 21:42:01.0985 12184 PcdrNdisuio - ok 21:42:02.0017 12184 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys 21:42:02.0017 12184 pci - ok 21:42:02.0032 12184 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys 21:42:02.0032 12184 pciide - ok 21:42:02.0048 12184 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys 21:42:02.0048 12184 pcmcia - ok 21:42:02.0063 12184 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys 21:42:02.0079 12184 pcw - ok 21:42:02.0095 12184 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys 21:42:02.0095 12184 PEAUTH - ok 21:42:02.0173 12184 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe 21:42:02.0188 12184 PerfHost - ok 21:42:02.0219 12184 [ ACC93675D78D1C07DAD09D7837F2397A ] pgsql-8.3 C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe 21:42:02.0219 12184 pgsql-8.3 - ok 21:42:02.0266 12184 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll 21:42:02.0282 12184 pla - ok 21:42:02.0329 12184 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll 21:42:02.0329 12184 PlugPlay - ok 21:42:02.0375 12184 [ AC78DF349F0E4CFB8B667C0CFFF83CCE ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll 21:42:02.0375 12184 Pml Driver HPZ12 - ok 21:42:02.0407 12184 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll 21:42:02.0407 12184 PNRPAutoReg - ok 21:42:02.0422 12184 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll 21:42:02.0422 12184 PNRPsvc - ok 21:42:02.0453 12184 [ 4F0878FD62D5F7444C5F1C4C66D9D293 ] Point64 C:\Windows\system32\DRIVERS\point64.sys 21:42:02.0469 12184 Point64 - ok 21:42:02.0485 12184 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 21:42:02.0485 12184 PolicyAgent - ok 21:42:02.0516 12184 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll 21:42:02.0531 12184 Power - ok 21:42:02.0563 12184 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 21:42:02.0563 12184 PptpMiniport - ok 21:42:02.0578 12184 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys 21:42:02.0578 12184 Processor - ok 21:42:02.0609 12184 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll 21:42:02.0625 12184 ProfSvc - ok 21:42:02.0641 12184 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe 21:42:02.0641 12184 ProtectedStorage - ok 21:42:02.0672 12184 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys 21:42:02.0672 12184 Psched - ok 21:42:02.0703 12184 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys 21:42:02.0703 12184 ql2300 - ok 21:42:02.0719 12184 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys 21:42:02.0719 12184 ql40xx - ok 21:42:02.0750 12184 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll 21:42:02.0750 12184 QWAVE - ok 21:42:02.0765 12184 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 21:42:02.0765 12184 QWAVEdrv - ok 21:42:02.0781 12184 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 21:42:02.0781 12184 RasAcd - ok 21:42:02.0812 12184 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys 21:42:02.0812 12184 RasAgileVpn - ok 21:42:02.0812 12184 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll 21:42:02.0828 12184 RasAuto - ok 21:42:02.0859 12184 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 21:42:02.0859 12184 Rasl2tp - ok 21:42:02.0875 12184 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll 21:42:02.0875 12184 RasMan - ok 21:42:02.0890 12184 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 21:42:02.0890 12184 RasPppoe - ok 21:42:02.0890 12184 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 21:42:02.0906 12184 RasSstp - ok 21:42:02.0937 12184 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 21:42:02.0937 12184 rdbss - ok 21:42:02.0953 12184 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys 21:42:02.0953 12184 rdpbus - ok 21:42:02.0984 12184 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 21:42:02.0984 12184 RDPCDD - ok 21:42:02.0984 12184 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 21:42:02.0984 12184 RDPENCDD - ok 21:42:02.0999 12184 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys 21:42:02.0999 12184 RDPREFMP - ok 21:42:03.0031 12184 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 21:42:03.0031 12184 RDPWD - ok 21:42:03.0062 12184 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys 21:42:03.0062 12184 rdyboost - ok 21:42:03.0093 12184 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll 21:42:03.0093 12184 RemoteAccess - ok 21:42:03.0109 12184 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll 21:42:03.0109 12184 RemoteRegistry - ok 21:42:03.0124 12184 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll 21:42:03.0124 12184 RpcEptMapper - ok 21:42:03.0140 12184 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe 21:42:03.0140 12184 RpcLocator - ok 21:42:03.0171 12184 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll 21:42:03.0171 12184 RpcSs - ok 21:42:03.0202 12184 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 21:42:03.0202 12184 rspndr - ok 21:42:03.0233 12184 [ 7EA8D2EB9BBFD2AB8A3117A1E96D3B3A ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys 21:42:03.0233 12184 RTL8167 - ok 21:42:03.0249 12184 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe 21:42:03.0249 12184 SamSs - ok 21:42:03.0280 12184 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 21:42:03.0280 12184 sbp2port - ok 21:42:03.0296 12184 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll 21:42:03.0296 12184 SCardSvr - ok 21:42:03.0311 12184 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys 21:42:03.0327 12184 scfilter - ok 21:42:03.0358 12184 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll 21:42:03.0358 12184 Schedule - ok 21:42:03.0389 12184 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll 21:42:03.0389 12184 SCPolicySvc - ok 21:42:03.0405 12184 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll 21:42:03.0405 12184 SDRSVC - ok 21:42:03.0452 12184 [ CC781378E7EDA615D2CDCA3B17829FA4 ] SeaPort C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE 21:42:03.0452 12184 SeaPort - ok 21:42:03.0514 12184 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys 21:42:03.0514 12184 secdrv - ok 21:42:03.0514 12184 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll 21:42:03.0530 12184 seclogon - ok 21:42:03.0545 12184 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll 21:42:03.0545 12184 SENS - ok 21:42:03.0561 12184 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll 21:42:03.0561 12184 SensrSvc - ok 21:42:03.0577 12184 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys 21:42:03.0577 12184 Serenum - ok 21:42:03.0592 12184 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys 21:42:03.0592 12184 Serial - ok 21:42:03.0623 12184 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys 21:42:03.0623 12184 sermouse - ok 21:42:03.0655 12184 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll 21:42:03.0655 12184 SessionEnv - ok 21:42:03.0686 12184 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 21:42:03.0701 12184 sffdisk - ok 21:42:03.0701 12184 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 21:42:03.0701 12184 sffp_mmc - ok 21:42:03.0701 12184 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 21:42:03.0717 12184 sffp_sd - ok 21:42:03.0717 12184 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys 21:42:03.0733 12184 sfloppy - ok 21:42:03.0764 12184 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll 21:42:03.0764 12184 SharedAccess - ok 21:42:03.0779 12184 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll 21:42:03.0779 12184 ShellHWDetection - ok 21:42:03.0795 12184 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys 21:42:03.0795 12184 SiSRaid2 - ok 21:42:03.0811 12184 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys 21:42:03.0811 12184 SiSRaid4 - ok 21:42:03.0935 12184 [ 388AE59FE75F1B959DFA0900923C61BB ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe 21:42:03.0967 12184 Skype C2C Service - ok 21:42:04.0045 12184 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe 21:42:04.0045 12184 SkypeUpdate - ok 21:42:04.0076 12184 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys 21:42:04.0076 12184 Smb - ok 21:42:04.0107 12184 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe 21:42:04.0123 12184 SNMPTRAP - ok 21:42:04.0123 12184 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys 21:42:04.0123 12184 spldr - ok 21:42:04.0154 12184 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe 21:42:04.0169 12184 Spooler - ok 21:42:04.0232 12184 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe 21:42:04.0263 12184 sppsvc - ok 21:42:04.0279 12184 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll 21:42:04.0279 12184 sppuinotify - ok 21:42:04.0357 12184 [ C3716EC0D36AD924B6888D794563E647 ] sprtsvc_ddoctorv2 C:\Program Files (x86)\Comcast\Desktop Doctor\bin\sprtsvc.exe 21:42:04.0357 12184 sprtsvc_ddoctorv2 - ok 21:42:04.0466 12184 [ 90EF30C3867BCDE4579C01A6D6E75A7A ] SRTSP C:\Windows\System32\Drivers\N360x64\0502020.003\SRTSP64.SYS 21:42:04.0466 12184 SRTSP - ok 21:42:04.0497 12184 [ C513E8A5E7978DA49077F5484344EE1B ] SRTSPX C:\Windows\system32\drivers\N360x64\0502020.003\SRTSPX64.SYS 21:42:04.0497 12184 SRTSPX - ok 21:42:04.0528 12184 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys 21:42:04.0544 12184 srv - ok 21:42:04.0544 12184 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 21:42:04.0559 12184 srv2 - ok 21:42:04.0559 12184 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 21:42:04.0575 12184 srvnet - ok 21:42:04.0591 12184 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 21:42:04.0591 12184 SSDPSRV - ok 21:42:04.0606 12184 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll 21:42:04.0606 12184 SstpSvc - ok 21:42:04.0622 12184 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys 21:42:04.0622 12184 stexstor - ok 21:42:04.0669 12184 [ DECACB6921DED1A38642642685D77DAC ] StillCam C:\Windows\system32\DRIVERS\serscan.sys 21:42:04.0684 12184 StillCam - ok 21:42:04.0715 12184 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll 21:42:04.0731 12184 stisvc - ok 21:42:04.0762 12184 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys 21:42:04.0762 12184 swenum - ok 21:42:04.0778 12184 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll 21:42:04.0778 12184 swprv - ok 21:42:04.0840 12184 [ 267C914667C94E5F47D342311C1C577F ] Symantec RemoteAssist C:\Program Files (x86)\Common Files\Symantec Shared\Support Controls\ssrc.exe 21:42:04.0856 12184 Symantec RemoteAssist - ok 21:42:04.0887 12184 [ 6160145C7A87FC7672E8E3B886888176 ] SymDS C:\Windows\system32\drivers\N360x64\0502020.003\SYMDS64.SYS 21:42:04.0887 12184 SymDS - ok 21:42:04.0934 12184 [ 96AEED40D4D3521568B42027687E69E0 ] SymEFA C:\Windows\system32\drivers\N360x64\0502020.003\SYMEFA64.SYS 21:42:04.0934 12184 SymEFA - ok 21:42:04.0981 12184 [ 21A1C2D694C3CF962D31F5E873AB3D6F ] SymEvent C:\Windows\system32\Drivers\SYMEVENT64x86.SYS 21:42:04.0981 12184 SymEvent - ok 21:42:05.0012 12184 [ BD0D711D8CBFCAA19CA123306EAF53A5 ] SymIRON C:\Windows\system32\drivers\N360x64\0502020.003\Ironx64.SYS 21:42:05.0012 12184 SymIRON - ok 21:42:05.0027 12184 [ A6ADB3D83023F8DAA0F7B6FDA785D83B ] SymNetS C:\Windows\System32\Drivers\N360x64\0502020.003\SYMNETS.SYS 21:42:05.0043 12184 SymNetS - ok 21:42:05.0090 12184 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll 21:42:05.0090 12184 SysMain - ok 21:42:05.0121 12184 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll 21:42:05.0121 12184 TabletInputService - ok 21:42:05.0137 12184 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll 21:42:05.0152 12184 TapiSrv - ok 21:42:05.0168 12184 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll 21:42:05.0183 12184 TBS - ok 21:42:05.0230 12184 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys 21:42:05.0246 12184 Tcpip - ok 21:42:05.0261 12184 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys 21:42:05.0277 12184 TCPIP6 - ok 21:42:05.0308 12184 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 21:42:05.0308 12184 tcpipreg - ok 21:42:05.0324 12184 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 21:42:05.0324 12184 TDPIPE - ok 21:42:05.0355 12184 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 21:42:05.0355 12184 TDTCP - ok 21:42:05.0402 12184 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 21:42:05.0402 12184 tdx - ok 21:42:05.0433 12184 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys 21:42:05.0433 12184 TermDD - ok 21:42:05.0449 12184 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll 21:42:05.0449 12184 TermService - ok 21:42:05.0464 12184 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll 21:42:05.0464 12184 Themes - ok 21:42:05.0495 12184 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll 21:42:05.0495 12184 THREADORDER - ok 21:42:05.0511 12184 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll 21:42:05.0511 12184 TrkWks - ok 21:42:05.0558 12184 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 21:42:05.0558 12184 TrustedInstaller - ok 21:42:05.0589 12184 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 21:42:05.0605 12184 tssecsrv - ok 21:42:05.0636 12184 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys 21:42:05.0636 12184 TsUsbFlt - ok 21:42:05.0683 12184 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 21:42:05.0683 12184 tunnel - ok 21:42:05.0698 12184 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys 21:42:05.0698 12184 uagp35 - ok 21:42:05.0729 12184 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys 21:42:05.0729 12184 udfs - ok 21:42:05.0761 12184 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe 21:42:05.0761 12184 UI0Detect - ok 21:42:05.0792 12184 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 21:42:05.0792 12184 uliagpkx - ok 21:42:05.0823 12184 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys 21:42:05.0823 12184 umbus - ok 21:42:05.0839 12184 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys 21:42:05.0839 12184 UmPass - ok 21:42:05.0854 12184 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll 21:42:05.0854 12184 upnphost - ok 21:42:05.0901 12184 [ AF1B9474D67897D0C2CFF58E0ACEACCC ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys 21:42:05.0901 12184 USBAAPL64 - ok 21:42:05.0963 12184 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys 21:42:05.0963 12184 usbaudio - ok 21:42:05.0979 12184 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 21:42:05.0979 12184 usbccgp - ok 21:42:06.0010 12184 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys 21:42:06.0010 12184 usbcir - ok 21:42:06.0026 12184 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys 21:42:06.0026 12184 usbehci - ok 21:42:06.0041 12184 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 21:42:06.0041 12184 usbhub - ok 21:42:06.0057 12184 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys 21:42:06.0057 12184 usbohci - ok 21:42:06.0088 12184 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys 21:42:06.0088 12184 usbprint - ok 21:42:06.0104 12184 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys 21:42:06.0104 12184 usbscan - ok 21:42:06.0119 12184 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 21:42:06.0119 12184 USBSTOR - ok 21:42:06.0135 12184 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys 21:42:06.0135 12184 usbuhci - ok 21:42:06.0166 12184 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys 21:42:06.0166 12184 usbvideo - ok 21:42:06.0182 12184 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll 21:42:06.0182 12184 UxSms - ok 21:42:06.0213 12184 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe 21:42:06.0213 12184 VaultSvc - ok 21:42:06.0213 12184 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys 21:42:06.0213 12184 vdrvroot - ok 21:42:06.0244 12184 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe 21:42:06.0260 12184 vds - ok 21:42:06.0275 12184 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 21:42:06.0291 12184 vga - ok 21:42:06.0291 12184 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys 21:42:06.0291 12184 VgaSave - ok 21:42:06.0322 12184 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys 21:42:06.0322 12184 vhdmp - ok 21:42:06.0338 12184 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys 21:42:06.0338 12184 viaide - ok 21:42:06.0353 12184 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys 21:42:06.0353 12184 volmgr - ok 21:42:06.0385 12184 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 21:42:06.0400 12184 volmgrx - ok 21:42:06.0416 12184 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys 21:42:06.0416 12184 volsnap - ok 21:42:06.0463 12184 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys 21:42:06.0463 12184 vsmraid - ok 21:42:06.0509 12184 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe 21:42:06.0525 12184 VSS - ok 21:42:06.0541 12184 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys 21:42:06.0541 12184 vwifibus - ok 21:42:06.0572 12184 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys 21:42:06.0572 12184 vwififlt - ok 21:42:06.0603 12184 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys 21:42:06.0603 12184 vwifimp - ok 21:42:06.0619 12184 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll 21:42:06.0634 12184 W32Time - ok 21:42:06.0650 12184 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys 21:42:06.0650 12184 WacomPen - ok 21:42:06.0681 12184 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys 21:42:06.0681 12184 WANARP - ok 21:42:06.0681 12184 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 21:42:06.0681 12184 Wanarpv6 - ok 21:42:06.0728 12184 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe 21:42:06.0743 12184 WatAdminSvc - ok 21:42:06.0775 12184 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe 21:42:06.0790 12184 wbengine - ok 21:42:06.0806 12184 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll 21:42:06.0821 12184 WbioSrvc - ok 21:42:06.0853 12184 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll 21:42:06.0853 12184 wcncsvc - ok 21:42:06.0868 12184 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 21:42:06.0868 12184 WcsPlugInService - ok 21:42:06.0884 12184 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys 21:42:06.0884 12184 Wd - ok 21:42:06.0915 12184 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 21:42:06.0915 12184 Wdf01000 - ok 21:42:06.0931 12184 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll 21:42:06.0931 12184 WdiServiceHost - ok 21:42:06.0931 12184 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll 21:42:06.0931 12184 WdiSystemHost - ok 21:42:06.0977 12184 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll 21:42:06.0977 12184 WebClient - ok 21:42:06.0993 12184 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll 21:42:06.0993 12184 Wecsvc - ok 21:42:07.0009 12184 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll 21:42:07.0009 12184 wercplsupport - ok 21:42:07.0024 12184 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll 21:42:07.0024 12184 WerSvc - ok 21:42:07.0040 12184 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys 21:42:07.0040 12184 WfpLwf - ok 21:42:07.0055 12184 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys 21:42:07.0055 12184 WIMMount - ok 21:42:07.0071 12184 WinDefend - ok 21:42:07.0071 12184 WinHttpAutoProxySvc - ok 21:42:07.0102 12184 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 21:42:07.0118 12184 Winmgmt - ok 21:42:07.0165 12184 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll 21:42:07.0180 12184 WinRM - ok 21:42:07.0211 12184 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys 21:42:07.0211 12184 WinUsb - ok 21:42:07.0258 12184 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll 21:42:07.0258 12184 Wlansvc - ok 21:42:07.0383 12184 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 21:42:07.0414 12184 wlidsvc - ok 21:42:07.0445 12184 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys 21:42:07.0445 12184 WmiAcpi - ok 21:42:07.0461 12184 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 21:42:07.0461 12184 wmiApSrv - ok 21:42:07.0492 12184 WMPNetworkSvc - ok 21:42:07.0508 12184 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll 21:42:07.0508 12184 WPCSvc - ok 21:42:07.0539 12184 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 21:42:07.0539 12184 WPDBusEnum - ok 21:42:07.0555 12184 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 21:42:07.0555 12184 ws2ifsl - ok 21:42:07.0570 12184 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll 21:42:07.0570 12184 wscsvc - ok 21:42:07.0601 12184 [ 8D918B1DB190A4D9B1753A66FA8C96E8 ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys 21:42:07.0601 12184 WSDPrintDevice - ok 21:42:07.0601 12184 WSearch - ok 21:42:07.0664 12184 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll 21:42:07.0679 12184 wuauserv - ok 21:42:07.0695 12184 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 21:42:07.0695 12184 WudfPf - ok 21:42:07.0726 12184 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 21:42:07.0742 12184 WUDFRd - ok 21:42:07.0757 12184 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll 21:42:07.0757 12184 wudfsvc - ok 21:42:07.0789 12184 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll 21:42:07.0789 12184 WwanSvc - ok 21:42:07.0835 12184 [ 74983ADDCA2D9618512C088D856D6615 ] {55662437-DA8C-40c0-AADA-2C816A897A49} c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl 21:42:07.0835 12184 {55662437-DA8C-40c0-AADA-2C816A897A49} - ok 21:42:07.0851 12184 ================ Scan global =============================== 21:42:07.0867 12184 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll 21:42:07.0898 12184 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll 21:42:07.0913 12184 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll 21:42:07.0929 12184 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll 21:42:07.0945 12184 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe 21:42:07.0945 12184 [Global] - ok 21:42:07.0945 12184 ================ Scan MBR ================================== 21:42:07.0945 12184 [ 004E6614CDFE29D4A787E72B28C94708 ] \Device\Harddisk0\DR0 21:42:07.0945 12184 Suspicious mbr (Forged): \Device\Harddisk0\DR0 21:42:08.0007 12184 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected 21:42:08.0007 12184 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0) 21:42:08.0007 12184 ================ Scan VBR ================================== 21:42:08.0007 12184 [ 5523D8C3D270D3D7C978384D27169FD3 ] \Device\Harddisk0\DR0\Partition1 21:42:08.0007 12184 \Device\Harddisk0\DR0\Partition1 - ok 21:42:08.0054 12184 [ 046BD4DA14A5AC799E9714CC5A1CDB23 ] \Device\Harddisk0\DR0\Partition2 21:42:08.0054 12184 \Device\Harddisk0\DR0\Partition2 - ok 21:42:08.0085 12184 [ D5C63AF99B8D883F53123946837F265E ] \Device\Harddisk0\DR0\Partition3 21:42:08.0085 12184 \Device\Harddisk0\DR0\Partition3 - ok 21:42:08.0085 12184 ============================================================ 21:42:08.0085 12184 Scan finished 21:42:08.0085 12184 ============================================================ 21:42:08.0085 6160 Detected object count: 1 21:42:08.0085 6160 Actual detected object count: 1 21:43:35.0162 6160 \Device\Harddisk0\DR0\# - copied to quarantine 21:43:35.0162 6160 \Device\Harddisk0\DR0 - copied to quarantine 21:43:35.0240 6160 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine 21:43:35.0240 6160 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine 21:43:35.0256 6160 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine 21:43:35.0256 6160 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine 21:43:35.0287 6160 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine 21:43:35.0303 6160 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine 21:43:35.0303 6160 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine 21:43:35.0303 6160 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine 21:43:35.0303 6160 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine 21:43:35.0303 6160 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine 21:43:35.0318 6160 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine 21:43:35.0318 6160 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine 21:43:35.0318 6160 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine 21:43:35.0318 6160 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine 21:43:35.0334 6160 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine 21:43:35.0396 6160 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot 21:43:35.0428 6160 \Device\Harddisk0\DR0 - ok 21:43:36.0769 6160 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure 21:44:14.0630 9724 Deinitialize success 21:48:52.0601 3416 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35 21:48:54.0614 3416 ============================================================ 21:48:54.0614 3416 Current date / time: 2012/11/13 21:48:54.0614 21:48:54.0614 3416 SystemInfo: 21:48:54.0614 3416 21:48:54.0614 3416 OS Version: 6.1.7601 ServicePack: 1.0 21:48:54.0614 3416 Product type: Workstation 21:48:54.0614 3416 ComputerName: DENNIS-HP 21:48:54.0614 3416 UserName: Dennis 21:48:54.0614 3416 Windows directory: C:\Windows 21:48:54.0614 3416 System windows directory: C:\Windows 21:48:54.0614 3416 Running under WOW64 21:48:54.0614 3416 Processor architecture: Intel x64 21:48:54.0614 3416 Number of processors: 4 21:48:54.0614 3416 Page size: 0x1000 21:48:54.0614 3416 Boot type: Normal boot 21:48:54.0614 3416 ============================================================ 21:49:04.0557 3416 BG loaded 21:49:05.0291 3416 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 21:49:05.0306 3416 ============================================================ 21:49:05.0306 3416 \Device\Harddisk0\DR0: 21:49:05.0322 3416 MBR partitions: 21:49:05.0322 3416 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000 21:49:05.0322 3416 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x72FC5800 21:49:05.0322 3416 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x72FF8000, BlocksNum 0x170E000 21:49:05.0322 3416 ============================================================ 21:49:06.0663 3416 C: <-> \Device\Harddisk0\DR0\Partition2 21:49:09.0035 3416 D: <-> \Device\Harddisk0\DR0\Partition3 21:49:09.0035 3416 ============================================================ 21:49:09.0035 3416 Initialize success 21:49:09.0035 3416 ============================================================ |
14-Nov-2012, 06:10 AM
#5 | ||||||
| next step Delete any existing version of ComboFix you have sitting on your desktop Please read and follow all these instructions very carefully Do not edit or remove any information or user names etc, otherwise we cannot fix the problem. If you insist on editing out anything then I will close the topic & refuse to offer any help. Download ComboFix from Hereto your Desktop. As you download it rename it to username123.exe **Note: It is important that it is saved directly to your desktop and run from the desktop and not any other folder on your computer** -------------------------------------------------------------------- 1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
2. Close any open browsers and any other programs you might have running Double click on renamed combofix.exe & follow the prompts. If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?"Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes. When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" for further review ****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze **** Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser. Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.Read HERE why we disable autoruns Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version. Please tell us if it has cured the problems or if there are any outstanding issues *EXTRA NOTES*
Post the log in next reply please...
__________________ Derek Microsoft MVP/Windows - Security | Thespykiller Find out all about the European Wild Hedgehog, what you can do to save it from extinction Hedgehog Rescue |
14-Nov-2012, 07:50 AM
#6 | ||||||
| After running combofix this log appeard on my screen. It didnt prompt me to reboot. So I'm sending the log file and then I will do a restart on my own. Here is the log: ComboFix 12-11-13.03 - Dennis 11/14/2012 6:12.1.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8119.5895 [GMT -6:00] Running from: c:\users\Dennis\Desktop\username123.exe AV: Norton Security Suite *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} FW: Norton Security Suite *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} SP: Norton Security Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\ntuser.dat c:\users\Dennis\AppData\Roaming\IVST Manager c:\users\Dennis\Documents\~WRL0005.tmp c:\users\Dennis\Documents\~WRL0006.tmp c:\users\Dennis\Documents\~WRL0011.tmp c:\users\Dennis\Documents\~WRL0044.tmp c:\users\Dennis\Documents\~WRL0106.tmp c:\users\Dennis\Documents\~WRL0199.tmp c:\users\Dennis\Documents\~WRL1293.tmp c:\users\Dennis\Documents\~WRL1730.tmp c:\users\Dennis\Documents\~WRL1966.tmp c:\users\Dennis\Documents\~WRL2020.tmp c:\users\Dennis\Documents\~WRL2906.tmp c:\windows\svchost.exe . . ((((((((((((((((((((((((( Files Created from 2012-10-14 to 2012-11-14 ))))))))))))))))))))))))))))))) . . 2012-11-14 12:23 . 2012-11-14 12:23 -------- d-----w- c:\users\postgres\AppData\Local\temp 2012-11-14 12:23 . 2012-11-14 12:23 -------- d-----w- c:\users\Guest\AppData\Local\temp 2012-11-14 12:23 . 2012-11-14 12:23 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-11-14 09:11 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys 2012-11-14 09:11 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys 2012-11-14 09:11 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui 2012-11-14 09:11 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll 2012-11-14 09:02 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe 2012-11-14 09:02 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll 2012-11-14 09:02 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll 2012-11-14 09:02 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll 2012-11-14 09:02 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll 2012-11-14 09:02 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys 2012-11-14 09:02 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys 2012-11-14 03:43 . 2012-11-14 03:43 -------- d-----w- C:\TDSSKiller_Quarantine 2012-10-31 18:16 . 2012-10-31 18:16 -------- d-----w- c:\users\Dennis\AppData\Roaming\Malwarebytes 2012-10-31 18:15 . 2012-10-31 18:15 -------- d-----w- c:\programdata\Malwarebytes 2012-10-31 18:15 . 2012-10-31 18:15 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-10-31 18:15 . 2012-09-30 00:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-10-25 04:32 . 2012-10-25 04:32 163056 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10142.bin . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-11-14 09:35 . 2010-06-03 18:54 295254 ----a-w- C:\DUMP4e9c.tmp 2012-10-11 08:04 . 2010-06-17 07:40 65309168 ----a-w- c:\windows\system32\MRT.exe 2012-09-14 19:19 . 2012-10-10 15:40 2048 ----a-w- c:\windows\system32\tzres.dll 2012-09-14 18:28 . 2012-10-10 15:40 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2012-08-31 18:19 . 2012-10-10 15:40 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys 2012-08-24 18:05 . 2012-10-10 15:40 220160 ----a-w- c:\windows\system32\wintrust.dll 2012-08-24 16:57 . 2012-10-10 15:40 172544 ----a-w- c:\windows\SysWow64\wintrust.dll 2012-08-22 18:12 . 2012-09-12 06:28 950128 ----a-w- c:\windows\system32\drivers\ndis.sys 2012-08-22 18:12 . 2012-09-12 06:28 376688 ----a-w- c:\windows\system32\drivers\netio.sys 2012-08-22 18:12 . 2012-09-12 06:28 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS 2012-08-21 21:01 . 2012-09-26 12:34 245760 ----a-w- c:\windows\system32\OxpsConverter.exe 2012-08-21 18:01 . 2012-10-13 19:49 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys 2012-08-21 18:01 . 2010-06-17 05:21 125872 ----a-w- c:\windows\system32\GEARAspi64.dll 2012-08-21 18:01 . 2010-06-17 05:21 106928 ----a-w- c:\windows\SysWow64\GEARAspi.dll 2012-08-20 18:48 . 2012-10-10 15:40 362496 ----a-w- c:\windows\system32\wow64win.dll 2012-08-20 18:48 . 2012-10-10 15:40 243200 ----a-w- c:\windows\system32\wow64.dll 2012-08-20 18:48 . 2012-10-10 15:40 13312 ----a-w- c:\windows\system32\wow64cpu.dll 2012-08-20 18:48 . 2012-10-10 15:40 215040 ----a-w- c:\windows\system32\winsrv.dll 2012-08-20 18:48 . 2012-10-10 15:40 16384 ----a-w- c:\windows\system32\ntvdm64.dll 2012-08-20 18:48 . 2012-10-10 15:40 424448 ----a-w- c:\windows\system32\KernelBase.dll 2012-08-20 18:48 . 2012-10-10 15:40 1162240 ----a-w- c:\windows\system32\kernel32.dll 2012-08-20 18:46 . 2012-10-10 15:40 338432 ----a-w- c:\windows\system32\conhost.exe 2012-08-20 18:38 . 2012-10-10 15:40 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 15:40 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 15:40 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 15:40 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 15:40 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 15:40 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 15:40 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 15:40 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 15:40 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 15:40 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 15:40 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 15:40 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 15:40 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 15:40 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 15:40 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 15:40 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 15:40 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 15:40 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 15:40 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 15:40 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 15:40 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 15:40 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 15:40 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 15:40 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 15:40 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 15:40 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 15:40 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 15:40 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll 2012-08-20 17:40 . 2012-10-10 15:40 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll 2012-08-20 17:38 . 2012-10-10 15:40 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2012-08-20 17:38 . 2012-10-10 15:40 25600 ----a-w- c:\windows\SysWow64\setup16.exe 2012-08-20 17:37 . 2012-10-10 15:40 5120 ----a-w- c:\windows\SysWow64\wow32.dll 2012-08-20 17:37 . 2012-10-10 15:40 274944 ----a-w- c:\windows\SysWow64\KernelBase.dll 2012-08-20 17:32 . 2012-10-10 15:40 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll 2012-08-20 17:32 . 2012-10-10 15:40 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll 2012-08-20 17:32 . 2012-10-10 15:40 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll 2012-08-20 17:32 . 2012-10-10 15:40 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll 2012-08-20 17:32 . 2012-10-10 15:40 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll 2012-08-20 17:32 . 2012-10-10 15:40 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll 2012-08-20 17:32 . 2012-10-10 15:40 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll 2012-08-20 17:32 . 2012-10-10 15:40 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll 2012-08-20 17:32 . 2012-10-10 15:40 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll 2012-08-20 17:32 . 2012-10-10 15:40 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll 2012-08-20 17:32 . 2012-10-10 15:40 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll 2012-08-20 17:32 . 2012-10-10 15:40 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll 2012-08-20 17:32 . 2012-10-10 15:40 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll 2012-08-20 17:32 . 2012-10-10 15:40 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll 2012-08-20 17:32 . 2012-10-10 15:40 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll 2012-08-20 17:32 . 2012-10-10 15:40 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll 2012-08-20 17:32 . 2012-10-10 15:40 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll 2012-08-20 17:32 . 2012-10-10 15:40 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll 2012-08-20 17:32 . 2012-10-10 15:40 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll 2012-08-20 17:32 . 2012-10-10 15:40 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll 2012-08-20 17:32 . 2012-10-10 15:40 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll 2012-08-20 17:32 . 2012-10-10 15:40 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll 2012-08-20 17:32 . 2012-10-10 15:40 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll 2012-08-20 17:32 . 2012-10-10 15:40 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll 2012-08-20 15:38 . 2012-10-10 15:40 7680 ----a-w- c:\windows\SysWow64\instnm.exe 2012-08-20 15:38 . 2012-10-10 15:40 2048 ----a-w- c:\windows\SysWow64\user.exe 2012-08-20 15:33 . 2012-10-10 15:40 6144 ---ha-w- c:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll 2012-08-20 15:33 . 2012-10-10 15:40 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll 2012-08-20 15:33 . 2012-10-10 15:40 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll 2012-08-20 15:33 . 2012-10-10 15:40 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{f999a48b-1950-4d81-9971-79018f807b4b}"= "c:\program files (x86)\FreeOnlineRadioPlayerRecorder\prxtbFre0.dll" [2011-01-17 175912] . [HKEY_CLASSES_ROOT\clsid\{f999a48b-1950-4d81-9971-79018f807b4b}] . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}] 2011-01-17 14:54 175912 ----a-w- c:\program files (x86)\ConduitEngine\prxConduitEngine.dll . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{f999a48b-1950-4d81-9971-79018f807b4b}] 2011-01-17 14:54 175912 ----a-w- c:\program files (x86)\FreeOnlineRadioPlayerRecorder\prxtbFre0.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{f999a48b-1950-4d81-9971-79018f807b4b}"= "c:\program files (x86)\FreeOnlineRadioPlayerRecorder\prxtbFre0.dll" [2011-01-17 175912] . [HKEY_CLASSES_ROOT\clsid\{f999a48b-1950-4d81-9971-79018f807b4b}] . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\ex plorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\users\Dennis\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\ex plorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\users\Dennis\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\ex plorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\users\Dennis\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\ex plorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\users\Dennis\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HPAdvisorDock"="c:\program files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe" [2010-09-28 1715768] "Desktop Software"="c:\program files (x86)\Common Files\SupportSoft\bin\bcont.exe" [2009-04-24 1025320] "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-05-10 39408] "iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2012-08-29 59280] "ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2012-09-10 59280] "com.apple.dav.bookmarks.daemon"="c:\program files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe" [2012-09-05 59280] "ComcastAntispyClient"="c:\program files (x86)\comcasttb\ComcastSpywareScan\ComcastAntispy.exe" [2009-08-19 1589208] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ru n] "AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-09-27 59240] "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280] "GIDDesktop"="c:\program files (x86)\SFT\GuardedID\gidd.exe" [2011-07-05 395528] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-09-08 98304] "ddoctorv2"="c:\program files (x86)\Comcast\Desktop Doctor\bin\sprtcmd.exe" [2008-04-24 202560] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008] "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152] "hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776] . c:\users\Dennis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\Dennis\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Constant Guard.lnk - c:\program files (x86)\Constant Guard Protection Suite\IDVault.exe [2012-10-16 5958256] HP Digital Imaging Monitor.lnk - c:\program files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360] PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe [2009-6-3 430080] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\syste m] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 lxdwCATSCustConnectService;lxdwCATSCustConnectService;c:\windows\system32\s pool\DRIVERS\x64\3\\lxdwserv.exe [2009-10-16 33960] R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-10-02 3064000] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944] R3 ATIXPGAA;ATIXPGAA; [x] R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560] R3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;c:\windows\system32\drivers\BVRPMPR5a64.SYS [2009-10-01 35840] R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2012-01-18 351136] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-17 1255736] S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0502020.003\SYMDS64.SYS [2011-01-27 450680] S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0502020.003\SYMEFA64.SYS [2011-03-15 912504] S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20121030.002\BHDrvx64.sys [2012-10-05 1385632] S1 GIDv2;GIDv2; [x] S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20121113.006\IDSvia64.sys [2012-09-06 513184] S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0502020.003\Ironx64.SYS [2010-11-16 171128] S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\0502020.003\SYMNETS.SYS [2011-04-21 386168] S2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2010/05/12 19:30];c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2010-03-03 06:03 146928] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-06-01 203776] S2 AntiSpywareService;Comcast AntiSpyware;c:\program files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe [2009-06-17 616408] S2 CinemaNow Service;CinemaNow Service;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [2010-02-26 127984] S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072] S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264] S2 IDVaultSvc;CGPS Service;c:\program files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe [2012-10-16 61552] S2 lxdw_device;lxdw_device;c:\windows\system32\lxdwcoms.exe [2009-10-16 1044136] S2 N360;Norton Security Suite;c:\program files (x86)\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe [2011-04-17 130008] S2 pgsql-8.3;PostgreSQL Database Server 8.3;c:\program files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe [2009-12-10 65536] S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-04-19 115216] S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-05-18 47616] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-08-09 138912] S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344] S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2009-12-19 852256] S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-03-04 346144] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] svcboot REG_MULTI_SZ svcboot hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{9191979D-821C-4EA8-B021-2DA1D859A7C5}-3Reg] 2011-07-05 16:26 435976 ----a-w- c:\program files (x86)\SFT\GuardedID\GIDI.exe . Contents of the 'Scheduled Tasks' folder . 2012-11-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-10 13:00] . 2012-11-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-10 13:00] . 2012-11-14 c:\windows\Tasks\HPCeeScheduleForDennis.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 03:15] . 2012-11-08 c:\windows\Tasks\PCDRScheduledMaintenance.job - c:\program files\PC-Doctor for Windows\pcdrcui.exe [2010-02-01 23:02] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 97792 ----a-w- c:\users\Dennis\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 97792 ----a-w- c:\users\Dennis\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 97792 ----a-w- c:\users\Dennis\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 97792 ----a-w- c:\users\Dennis\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768] "SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2010-01-18 568888] "itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-10 1873256] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032] "lxdwmon.exe"="c:\program files (x86)\Lexmark 7600 Series\lxdwmon.exe" [2010-02-10 676520] "EzPrint"="c:\program files (x86)\Lexmark 7600 Series\ezprint.exe" [2010-02-10 131752] . ------- Supplementary Scan ------- . uStart Page = hxxp://www.yahoo.com/ uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105 TCP: DhcpNameServer = 192.168.1.1 DPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73} - hxxps://www.icloud.com/system/iCloud.cab DPF: {AFD8A3A3-8B73-444B-82F2-2E4345FA5B38} - hxxp://www.comcastsupport.com/sdcxuser/oneclickfix/scripts/Comcast.Ocf.cab . - - - - ORPHANS REMOVED - - - - . Wow6432Node-HKCU-Run-MaxMySpeed Registry Cleaner - c:\program files (x86)\cyberdefender\registry scanner\Startcdrc.exe Wow6432Node-HKCU-Run-POEngine5 - (no file) Wow6432Node-HKCU-Run-MobileDocuments - c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe SafeBoot-84599447.sys WebBrowser-{F999A48B-1950-4D81-9971-79018F807B4B} - (no file) AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe . . . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\N360] "ImagePath"="\"c:\program files (x86)\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton Security Suite\Engine\5.2.2.3\diMaster.dll\" /prefetch:1" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\{55662437-DA8C-40c0-AADA-2C816A897A49}] "ImagePath"="\??\c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_ 3_300_257_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX .exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Microsoft\Cryptography\RNG*] "Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1 d, bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99, \ "Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1 d, bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99, \ "Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1 d, bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99, \ . [HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (Administrator) "6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01 ,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,74,96,37,5c,c4,92,b3,40,a3,a7,e3, \ "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01 ,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,74,96,37,5c,c4,92,b3,40,a3,a7,e3, \ . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2012-11-14 06:45:51 ComboFix-quarantined-files.txt 2012-11-14 12:45 . Pre-Run: 867,805,986,816 bytes free Post-Run: 866,735,902,720 bytes free . - - End Of File - - D33CD656D05123C4200DC375A7189D45 |
14-Nov-2012, 08:19 AM
#8 | ||||||
| It still has an issue. I googled "tech support guy" and this link was near the top. I clicked on this link, Tech Support Guy - Free help for Windows 8, 7, Vista, XP, and more! forums.techguy.org/ But this appead in the URL bar http://privatesearchforu.com/ |
14-Nov-2012, 08:37 AM
#10 | ||||||
| I just googled "xfinity remote codes" and this link was at the top Xfinity® Customer Central | Comcast.com www.comcast.com/Help bit when I clicked on it, the url bar read like this: http://beesq.net/find_1.php?k=xfinit...t=11962&bbnx=1 And it went to a site that had the word bees at the top with a picture of a bee |
14-Nov-2012, 09:00 AM
#12 | ||||||
| Sorry - my last message was a simultaneous post. I have reset the routher to default now. I repeated the google tech guys with the same result -- it went to http://privatesearchforu.com/ I have to run to a Dr Appt now. I'll be back in two hours and will follow any instructions you leave for me. Thanks |
14-Nov-2012, 09:09 AM
#13 | ||||||
| Download OTScanIt.exe to your Desktop
__________________ Derek Microsoft MVP/Windows - Security | Thespykiller Find out all about the European Wild Hedgehog, what you can do to save it from extinction Hedgehog Rescue |
14-Nov-2012, 11:33 AM
#14 | ||||||
| Here is the OTSscanit log file: Code: OTS logfile created on: 11/14/2012 10:21:09 AM - Run 1 OTS by OldTimer - Version 3.1.47.2 Folder = C:\Users\Dennis\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 8.00 Gb Total Physical Memory | 4.00 Gb Available Physical Memory | 52.00% Memory free 16.00 Gb Paging File | 12.00 Gb Available in Paging File | 74.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 919.89 Gb Total Space | 806.95 Gb Free Space | 87.72% Space Free | Partition Type: NTFS Drive D: | 11.53 Gb Total Space | 1.40 Gb Free Space | 12.18% Space Free | Partition Type: NTFS Drive E: | 482.40 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: DENNIS-HP Current User Name: Dennis Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Include 64bit Scans Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days [Processes - Safe List] ots.exe -> C:\Users\Dennis\Desktop\OTS.exe -> [2012/11/14 10:17:29 | 000,646,656 | ---- | M] (OldTimer Tools) idvaultsvc.exe -> C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe -> [2012/10/16 11:20:28 | 000,061,552 | ---- | M] (White Sky, Inc.) idvault.exe -> C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe -> [2012/10/16 11:20:26 | 005,958,256 | ---- | M] (White Sky, Inc.) c2c_service.exe -> C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -> [2012/10/02 11:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) applephotostreams.exe -> C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe -> [2012/09/10 15:58:16 | 000,059,280 | ---- | M] (Apple Inc.) bookmarkdav_client.exe -> C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe -> [2012/09/05 03:04:08 | 000,059,280 | ---- | M] (Apple Inc.) icloudservices.exe -> C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe -> [2012/08/29 13:00:12 | 000,059,280 | ---- | M] (Apple Inc.) apsdaemon.exe -> C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe -> [2012/08/27 20:32:54 | 000,059,280 | ---- | M] (Apple Inc.) acrord32.exe -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe -> [2012/07/31 05:24:07 | 000,357,840 | ---- | M] (Adobe Systems Incorporated) dropbox.exe -> C:\Users\Dennis\AppData\Roaming\Dropbox\bin\Dropbox.exe -> [2012/05/24 12:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) gidd.exe -> C:\Program Files (x86)\SFT\GuardedID\GIDD.exe -> [2011/07/05 10:24:06 | 000,395,528 | ---- | M] (StrikeForce Technologies Inc.) ccsvchst.exe -> C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\ccsvchst.exe -> [2011/04/16 18:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) hpdrvmntsvc.exe -> C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -> [2011/03/28 16:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) seaport.exe -> C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -> [2011/02/25 08:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) cinemanowsvc.exe -> C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe -> [2010/02/26 17:27:16 | 000,127,984 | ---- | M] (CinemaNow, Inc.) ezprint.exe -> C:\Program Files (x86)\Lexmark 7600 Series\ezprint.exe -> [2010/02/10 08:04:48 | 000,131,752 | ---- | M] (Lexmark International Inc.) lxdwmon.exe -> C:\Program Files (x86)\Lexmark 7600 Series\lxdwmon.exe -> [2010/02/10 08:04:44 | 000,676,520 | ---- | M] () smartmenu.exe -> C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe -> [2010/01/18 11:21:08 | 000,568,888 | ---- | M] () pg_ctl.exe -> C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe -> [2009/12/10 01:39:04 | 000,065,536 | ---- | M] (PostgreSQL Global Development Group) postgres.exe -> C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe -> [2009/12/10 01:37:16 | 003,690,496 | ---- | M] (PostgreSQL Global Development Group) comcastantispy.exe -> C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpy.exe -> [2009/08/19 11:25:52 | 001,589,208 | ---- | M] () svchost.exe -> \\.\globalroot\systemroot\svchost.exe -> [2009/07/13 19:14:45 | 000,020,480 | ---- | M] () comcastantispyservice.exe -> C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe -> [2009/06/17 11:49:44 | 000,616,408 | ---- | M] () picturemover.exe -> C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe -> [2009/06/03 13:35:16 | 000,430,080 | ---- | M] (Hewlett-Packard Company) bcont.exe -> C:\Program Files (x86)\Common Files\SupportSoft\bin\bcont.exe -> [2009/04/24 00:57:42 | 001,025,320 | ---- | M] (SupportSoft, Inc.) hpsysdrv.exe -> C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe -> [2008/11/20 11:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) sprtsvc.exe -> C:\Program Files (x86)\Comcast\Desktop Doctor\bin\sprtsvc.exe -> [2008/04/24 11:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.) sprtcmd.exe -> C:\Program Files (x86)\Comcast\Desktop Doctor\bin\sprtcmd.exe -> [2008/04/24 11:25:22 | 000,202,560 | ---- | M] (SupportSoft, Inc.) itmrtsvc.exe -> C:\Program Files (x86)\CA\PPRT\bin\ITMRTSVC.exe -> [2007/09/26 13:55:04 | 000,283,912 | ---- | M] (CA, Inc.) [Modules - No Company Name] windowsformsintegration.ni.dll -> C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\9f7b241c4cff24e6d0b554efb60aa8be\WindowsFormsIntegration.ni.dll -> [2012/11/14 03:47:17 | 000,240,128 | ---- | M] () system.workflowservices.ni.dll -> C:\Windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\0cb48ee4524d818a38028e44d6ba2968\System.WorkflowServices.ni.dll -> [2012/11/14 03:47:15 | 001,358,336 | ---- | M] () system.servicemodel.web.ni.dll -> C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\30f9318fcf980a0ac504421c663d24e5\System.ServiceModel.Web.ni.dll -> [2012/11/14 03:46:54 | 001,707,008 | ---- | M] () system.management.ni.dll -> C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\66694f9192bd0dddc2eaf90fbcbcd555\System.Management.ni.dll -> [2012/11/14 03:45:57 | 001,051,136 | ---- | M] () system.identitymodel.ni.dll -> C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\40267c1bec60c4b94be794a65a4a8a49\System.IdentityModel.ni.dll -> [2012/11/14 03:45:14 | 001,083,392 | ---- | M] () system.runtime.serialization.ni.dll -> C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\fecb0ca59057e9d190318551d40feb22\System.Runtime.Serialization.ni.dll -> [2012/11/14 03:45:12 | 002,347,008 | ---- | M] () smdiagnostics.ni.dll -> C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\3d3f043f645c0afeee0f7ed04c5e26e7\SMDiagnostics.ni.dll -> [2012/11/14 03:45:11 | 000,256,000 | ---- | M] () system.servicemodel.ni.dll -> C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\8cdf7f9bde2b780692428f439f0f5a08\System.ServiceModel.ni.dll -> [2012/11/14 03:45:09 | 017,478,656 | ---- | M] () presentationframework.aero.ni.dll -> C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7c4de95aa433eb8d81a81caf805947a8\PresentationFramework.Aero.ni.dll -> [2012/11/14 03:41:30 | 000,368,128 | ---- | M] () system.serviceprocess.ni.dll -> C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\17796f2951c17ebf92dd4b7c9b3ce556\System.ServiceProcess.ni.dll -> [2012/11/14 03:41:29 | 000,212,992 | ---- | M] () system.web.services.ni.dll -> C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\cf840dca36a7b949696ce331d0532d3e\System.Web.Services.ni.dll -> [2012/11/14 03:41:24 | 001,840,640 | ---- | M] () system.web.ni.dll -> C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\03cfab5534482e8fc313ead6edc19100\System.Web.ni.dll -> [2012/11/14 03:41:23 | 011,833,344 | ---- | M] () system.runtime.remoting.ni.dll -> C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\413288993ff690e8251d2dbe32bee01f\System.Runtime.Remoting.ni.dll -> [2012/11/14 03:41:19 | 000,771,584 | ---- | M] () system.data.ni.dll -> C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\3d4e9d4f6c945d6d3b7d423fdb6bd274\System.Data.ni.dll -> [2012/11/14 03:41:18 | 006,611,456 | ---- | M] () system.transactions.ni.dll -> C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\4d7a457d9f9adcce4d201119b5179c29\System.Transactions.ni.dll -> [2012/11/14 03:41:18 | 000,627,200 | ---- | M] () presentationframework.ni.dll -> C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\1ec80905a71750be50dfc7981ad5ae28\PresentationFramework.ni.dll -> [2012/11/14 03:41:11 | 014,340,608 | ---- | M] () system.windows.forms.ni.dll -> C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d040079bc7148afeca03c5abb6fc3c61\System.Windows.Forms.ni.dll -> [2012/11/14 03:41:01 | 012,436,480 | ---- | M] () system.drawing.ni.dll -> C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll -> [2012/11/14 03:40:57 | 001,591,808 | ---- | M] () uiautomationprovider.ni.dll -> C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\aa983d1ad8df4422c0859ab4d6e19a83\UIAutomationProvider.ni.dll -> [2012/11/14 03:40:55 | 000,060,928 | ---- | M] () presentationcore.ni.dll -> C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\53d6d827964619285771ed72332d3659\PresentationCore.ni.dll -> [2012/11/14 03:40:54 | 012,237,824 | ---- | M] () windowsbase.ni.dll -> C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b311b783e1efaa9527f4c2c9680c44d1\WindowsBase.ni.dll -> [2012/11/14 03:40:47 | 003,347,968 | ---- | M] () system.security.ni.dll -> C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\3079aabe5fd4f325656d52b94b19ae2e\System.Security.ni.dll -> [2012/11/14 03:40:46 | 000,680,448 | ---- | M] () system.xml.ni.dll -> C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\25e672ea505e50ab058258ac72a54f02\System.Xml.ni.dll -> [2012/11/14 03:40:44 | 005,452,800 | ---- | M] () system.ni.dll -> C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll -> [2012/11/14 03:40:41 | 007,988,736 | ---- | M] () system.configuration.ni.dll -> C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c64ca3678261c8ffcd9e7efd1af6ed54\System.Configuration.ni.dll -> [2012/11/14 03:40:41 | 000,971,264 | ---- | M] () mscorlib.ni.dll -> C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll -> [2012/11/14 03:40:37 | 011,493,376 | ---- | M] () idvaultcore.xmlserializers.dll -> C:\Program Files (x86)\Constant Guard Protection Suite\IdVaultCore.XmlSerializers.dll -> [2012/10/16 11:20:27 | 000,104,048 | ---- | M] () sqlite3.dll -> C:\Program Files (x86)\Constant Guard Protection Suite\sqlite3.dll -> [2012/10/12 13:52:26 | 000,548,040 | ---- | M] () hp.activesupportlibrary.dll -> C:\Windows\assembly\GAC_MSIL\HP.ActiveSupportLibrary\2.0.0.1__01a974bc1760f423\HP.ActiveSupportLibrary.dll -> [2012/08/14 15:33:36 | 000,036,920 | ---- | M] () zlib1.dll -> C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll -> [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () libxml2.dll -> C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll -> [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () office.odf -> C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF -> [2011/03/16 23:11:16 | 004,297,568 | ---- | M] () system.data.dll -> C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll -> [2010/11/04 19:58:05 | 002,927,616 | ---- | M] () grooveintlresource.dll -> C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll -> [2010/10/20 14:45:26 | 008,801,120 | ---- | M] () pcalertspillar.dll -> C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll -> [2010/09/28 13:00:32 | 000,061,440 | ---- | M] () eclibrary.dll -> C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll -> [2010/09/28 13:00:30 | 000,131,072 | ---- | M] () microsoft.practices.enterpriselibrary.exceptionhandling.logging.dll -> C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll -> [2010/09/28 13:00:14 | 000,028,672 | ---- | M] () microsoft.mshtml.dll -> C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll -> [2010/07/01 14:22:41 | 008,007,680 | ---- | M] () lxdwmon.exe -> C:\Program Files (x86)\Lexmark 7600 Series\lxdwmon.exe -> [2010/02/10 08:04:44 | 000,676,520 | ---- | M] () lxdwcaps.dll -> C:\Program Files (x86)\Lexmark 7600 Series\lxdwcaps.dll -> [2010/02/10 07:51:53 | 000,081,920 | ---- | M] () lxdwscw.dll -> C:\Program Files (x86)\Lexmark 7600 Series\lxdwscw.dll -> [2010/02/10 07:51:37 | 000,380,928 | ---- | M] () lxdwdrs.dll -> C:\Program Files (x86)\Lexmark 7600 Series\lxdwdrs.dll -> [2010/02/10 07:51:34 | 001,036,288 | ---- | M] () iptk.dll -> C:\Program Files (x86)\Lexmark 7600 Series\iptk.dll -> [2010/02/10 07:47:51 | 000,380,928 | ---- | M] () lxdwdatr.dll -> C:\Program Files (x86)\Lexmark 7600 Series\lxdwdatr.dll -> [2010/02/10 07:25:20 | 000,188,416 | ---- | M] () lxdwcnv4.dll -> C:\Program Files (x86)\Lexmark 7600 Series\lxdwcnv4.dll -> [2010/02/10 07:25:11 | 000,069,632 | ---- | M] () smartmenu.exe -> C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe -> [2010/01/18 11:21:08 | 000,568,888 | ---- | M] () comcastantispy.exe -> C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpy.exe -> [2009/08/19 11:25:52 | 001,589,208 | ---- | M] () msjetoledb40.dll -> C:\Windows\SysWOW64\msjetoledb40.dll -> [2009/07/13 19:15:45 | 000,364,544 | ---- | M] () easyhook32.dll -> C:\Windows\SysWOW64\EasyHook32.dll -> [2009/06/12 16:32:16 | 000,104,456 | ---- | M] () system.transactions.dll -> C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll -> [2009/06/10 15:23:19 | 000,261,632 | ---- | M] () presentation.dll -> C:\Users\Dennis\AppData\Roaming\PictureMover\EN-US\Presentation.dll -> [2009/06/03 13:43:14 | 001,703,936 | ---- | M] () core.dll -> C:\Users\Dennis\AppData\Roaming\PictureMover\Bin\Core.dll -> [2009/06/03 13:34:18 | 003,764,224 | ---- | M] () sqlite.dll -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\sqlite.dll -> [2009/02/27 11:52:56 | 000,258,048 | ---- | M] () lxdwptp.dll -> C:\Program Files (x86)\Lexmark 7600 Series\lxdwptp.dll -> [2008/03/17 03:52:47 | 000,151,552 | ---- | M] () [Win32 Services - Safe List] 64bit-(AMD External Events Utility) [Auto | Running] -> C:\Windows\SysNative\atiesrxx.exe -> [2011/06/01 00:58:10 | 000,203,776 | ---- | M] (AMD) 64bit-(lxdw_device) [Auto | Running] -> C:\Windows\SysNative\lxdwcoms.exe -> [2009/10/16 09:09:18 | 001,044,136 | ---- | M] ( ) 64bit-(lxdwCATSCustConnectService) [Auto | Stopped] -> C:\Windows\SysNative\spool\DRIVERS\x64\3\\lxdwserv.exe -> [2009/10/16 09:09:08 | 000,033,960 | ---- | M] () 64bit-(WinDefend) [On_Demand | Stopped] -> C:\Program Files\Windows Defender\MpSvc.dll -> [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) (IDVaultSvc) CGPS Service [Auto | Running] -> C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe -> [2012/10/16 11:20:28 | 000,061,552 | ---- | M] (White Sky, Inc.) (Skype C2C Service) Skype C2C Service [Auto | Running] -> C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -> [2012/10/02 11:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) (SkypeUpdate) Skype Updater [Auto | Stopped] -> C:\Program Files (x86)\Skype\Updater\Updater.exe -> [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) (HP Support Assistant Service) HP Support Assistant Service [Auto | Running] -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe -> [2011/09/09 16:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) (N360) Norton Security Suite [Unknown | Running] -> C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe -> [2011/04/16 18:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) (HPDrvMntSvc.exe) HP Quick Synchronization Service [Auto | Running] -> C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -> [2011/03/28 16:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) (BBSvc) Bing Bar Update Service [On_Demand | Stopped] -> C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -> [2011/02/28 16:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) (SeaPort) SeaPort [Auto | Running] -> C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -> [2011/02/25 08:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) (HPSLPSVC) HP Network Devices Support [Auto | Running] -> C:\Program Files (x86)\Hp\Digital Imaging\bin\HPSLPSVC64.DLL -> [2010/10/22 12:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) (clr_optimization_v4.0.30319_32) Microsoft .NET Framework NGEN v4.0.30319_X86 [Auto | Stopped] -> C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -> [2010/03/18 11:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) (CinemaNow Service) CinemaNow Service [Auto | Running] -> C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe -> [2010/02/26 17:27:16 | 000,127,984 | ---- | M] (CinemaNow, Inc.) (GameConsoleService) GameConsoleService [On_Demand | Stopped] -> C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -> [2010/01/04 12:03:42 | 000,238,328 | ---- | M] (WildTangent, Inc.) (pgsql-8.3) PostgreSQL Database Server 8.3 [Auto | Running] -> C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe -> [2009/12/10 01:39:04 | 000,065,536 | ---- | M] (PostgreSQL Global Development Group) (lxdw_device) lxdw_device [Auto | Running] -> C:\Windows\SysWow64\lxdwcoms.exe -> [2009/10/16 09:08:51 | 000,594,600 | ---- | M] ( ) (AntiSpywareService) Comcast AntiSpyware [Auto | Running] -> C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe -> [2009/06/17 11:49:44 | 000,616,408 | ---- | M] () (clr_optimization_v2.0.50727_32) Microsoft .NET Framework NGEN v2.0.50727_X86 [Disabled | Stopped] -> C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -> [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) (sprtsvc_ddoctorv2) SupportSoft Sprocket Service (ddoctorv2) [Auto | Running] -> C:\Program Files (x86)\Comcast\Desktop Doctor\bin\sprtsvc.exe -> [2008/04/24 11:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.) (Symantec RemoteAssist) Symantec RemoteAssist [On_Demand | Stopped] -> C:\Program Files (x86)\Common Files\Symantec Shared\Support Controls\ssrc.exe -> [2008/01/29 14:09:02 | 000,394,704 | ---- | M] (Symantec, Inc.) (ITMRTSVC) CA Pest Patrol Realtime Protection Service [Auto | Running] -> C:\Program Files (x86)\CA\PPRT\bin\ITMRTSVC.exe -> [2007/09/26 13:55:04 | 000,283,912 | ---- | M] (CA, Inc.) [Driver Services - Safe List] 64bit-(GEARAspiWDM) GEAR ASPI Filter Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\GEARAspiWDM.sys -> [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) 64bit-(USBAAPL64) Apple Mobile USB Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\usbaapl64.sys -> [2012/07/09 12:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) 64bit-(SymEvent) SymEvent [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -> [2012/02/27 18:24:36 | 000,174,200 | ---- | M] (Symantec Corporation) 64bit-(LVRS64) Logitech RightSound Filter Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\lvrs64.sys -> [2012/01/18 06:44:28 | 000,351,136 | ---- | M] (Logitech Inc.) 64bit-(Point64) Microsoft IntelliPoint Filter Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\point64.sys -> [2011/08/01 14:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) 64bit-(GIDv2) GIDv2 [Kernel | System | Running] -> C:\Windows\SysNative\drivers\gidv2.sys -> [2011/07/05 10:18:38 | 000,029,288 | ---- | M] (StrikeForce Technologies, Inc.) 64bit-(amdkmdag) amdkmdag [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\atikmdag.sys -> [2011/06/01 03:12:38 | 009,320,448 | ---- | M] (ATI Technologies Inc.) 64bit-(amdkmdap) amdkmdap [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\atikmpag.sys -> [2011/06/01 00:19:14 | 000,306,688 | ---- | M] (Advanced Micro Devices, Inc.) 64bit-(dc3d) MS Hardware Device Detection Driver (USB) [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\dc3d.sys -> [2011/05/18 07:08:32 | 000,047,616 | ---- | M] (Microsoft Corporation) 64bit-(SymNetS) Symantec Network Security WFP Driver [Kernel | System | Running] -> C:\Windows\SysNative\drivers\N360x64\0502020.003\symnets.sys -> [2011/04/20 19:37:49 | 000,386,168 | ---- | M] (Symantec Corporation) 64bit-(AtiHDAudioService) ATI Function Driver for HD Audio Service [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\AtihdW76.sys -> [2011/04/18 21:21:17 | 000,115,216 | ---- | M] (Advanced Micro Devices) 64bit-(SRTSP) Symantec Real Time Storage Protection x64 [File_System | On_Demand | Running] -> C:\Windows\SysNative\drivers\N360x64\0502020.003\srtsp64.sys -> [2011/03/30 21:00:09 | 000,744,568 | ---- | M] (Symantec Corporation) 64bit-(SRTSPX) Symantec Real Time Storage Protection (PEL) x64 [Kernel | System | Running] -> C:\Windows\SysNative\drivers\N360x64\0502020.003\srtspx64.sys -> [2011/03/30 21:00:09 | 000,040,568 | ---- | M] (Symantec Corporation) 64bit-(SymEFA) Symantec Extended File Attributes [File_System | Boot | Running] -> C:\Windows\SysNative\drivers\N360x64\0502020.003\symefa64.sys -> [2011/03/14 20:31:23 | 000,912,504 | ---- | M] (Symantec Corporation) 64bit-(amdsata) amdsata [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\amdsata.sys -> [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) 64bit-(amdxata) amdxata [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\amdxata.sys -> [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) 64bit-(SymDS) Symantec Data Store [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\N360x64\0502020.003\symds64.sys -> [2011/01/27 00:47:10 | 000,450,680 | ---- | M] (Symantec Corporation) 64bit-(HpSAMD) HpSAMD [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\HpSAMD.sys -> [2010/11/20 07:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) 64bit-(TsUsbFlt) TsUsbFlt [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\TsUsbFlt.sys -> [2010/11/20 05:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) 64bit-(SymIRON) Symantec Iron Driver [Kernel | System | Running] -> C:\Windows\SysNative\drivers\N360x64\0502020.003\ironx64.sys -> [2010/11/15 19:45:33 | 000,171,128 | R--- | M] (Symantec Corporation) 64bit-(RTL8167) Realtek 8167 NT Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\Rt64win7.sys -> [2010/03/04 08:43:00 | 000,346,144 | ---- | M] (Realtek ) 64bit-(AtiHdmiService) ATI Function Driver for High Definition Audio Service [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\AtiHdmi.sys -> [2010/01/27 23:33:38 | 000,116,736 | ---- | M] (ATI Technologies, Inc.) 64bit-(iaStor) Intel RAID Controller [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\iaStor.sys -> [2010/01/15 14:22:08 | 000,538,136 | ---- | M] (Intel Corporation) 64bit-(netr28x) Ralink 802.11n Extensible Wireless Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\netr28x.sys -> [2009/12/18 21:33:34 | 000,852,256 | ---- | M] (Ralink Technology, Corp.) 64bit-(BVRPMPR5a64) BVRPMPR5a64 NDIS Protocol Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\BVRPMPR5a64.SYS -> [2009/09/30 19:22:08 | 000,035,840 | R--- | M] (Avanquest Software) 64bit-(HECIx64) Intel(R) Management Engine Interface [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\HECIx64.sys -> [2009/09/17 14:54:54 | 000,056,344 | ---- | M] (Intel Corporation) 64bit-(amdsbs) amdsbs [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\amdsbs.sys -> [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) 64bit-(LSI_SAS2) LSI_SAS2 [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\lsi_sas2.sys -> [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) 64bit-(stexstor) stexstor [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\stexstor.sys -> [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) 64bit-(WSDPrintDevice) WSD Print Support via UMB [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\WSDPrint.sys -> [2009/07/13 18:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) 64bit-(StillCam) Still Serial Digital Camera Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\serscan.sys -> [2009/07/13 18:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) 64bit-(ebdrv) Broadcom NetXtreme II 10 GigE VBD [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\evbda.sys -> [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) 64bit-(b06bdrv) Broadcom NetXtreme II VBD [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\bxvbda.sys -> [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) 64bit-(b57nd60a) Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0 [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\b57nd60a.sys -> [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) 64bit-(hcw85cir) Hauppauge Consumer Infrared Receiver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\hcw85cir.sys -> [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) (NAVEX15) NAVEX15 [Kernel | On_Demand | Running] -> C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20121113.022\ex64.sys -> [2012/10/30 15:37:14 | 002,084,000 | ---- | M] (Symantec Corporation) (NAVENG) NAVENG [Kernel | On_Demand | Running] -> C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20121113.022\eng64.sys -> [2012/10/30 15:37:14 | 000,126,112 | ---- | M] (Symantec Corporation) (BHDrvx64) BHDrvx64 [Kernel | System | Running] -> C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20121030.002\BHDrvx64.sys -> [2012/10/05 12:23:26 | 001,385,632 | ---- | M] (Symantec Corporation) (IDSVia64) IDSVia64 [Kernel | System | Running] -> C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20121113.006\IDSviA64.sys -> [2012/09/06 03:54:30 | 000,513,184 | ---- | M] (Symantec Corporation) (eeCtrl) Symantec Eraser Control driver [Kernel | System | Running] -> C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -> [2012/08/08 21:11:59 | 000,484,512 | ---- | M] (Symantec Corporation) (EraserUtilRebootDrv) EraserUtilRebootDrv [Kernel | On_Demand | Running] -> C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -> [2012/08/08 21:11:59 | 000,138,912 | ---- | M] (Symantec Corporation) ({55662437-DA8C-40c0-AADA-2C816A897A49}) Power Control [2010/05/12 19:30:23] [Kernel | Auto | Running] -> c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl -> [2010/03/03 00:03:46 | 000,146,928 | ---- | M] (CyberLink Corp.) (WIMMount) WIMMount [File_System | On_Demand | Stopped] -> C:\Windows\SysWOW64\drivers\wimmount.sys -> [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [Registry - Safe List] < 64bit-Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Search\\"CustomSearch" -> http://us.rd.yahoo.com/customize/ie/...ch/search.html -> HKEY_LOCAL_MACHINE\: Search\\"Default_Search_URL" -> http://www.google.com/ie -> < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://g.msn.com/HPDSK/1 -> HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> C:\Windows\SysWOW64\blank.htm -> HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://g.msn.com/HPDSK/1 -> HKEY_LOCAL_MACHINE\: URLSearchHooks\\"{f999a48b-1950-4d81-9971-79018f807b4b}" [HKLM] -> C:\Program Files (x86)\FreeOnlineRadioPlayerRecorder\prxtbFre0.dll [FreeOnlineRadioPlayerRecorder Toolbar] -> [2011/01/17 08:54:02 | 000,175,912 | ---- | M] (Conduit Ltd.) < Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> HKEY_USERS\.DEFAULT\: "ProxyEnable" -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> HKEY_USERS\S-1-5-18\: "ProxyEnable" -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> < Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> HKEY_USERS\S-1-5-20\: "ProxyEnable" -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-21-679516130-3449678583-2315309752-1001\] > -> -> HKEY_USERS\S-1-5-21-679516130-3449678583-2315309752-1001\: Main\\"Start Page" -> http://www.yahoo.com/ -> HKEY_USERS\S-1-5-21-679516130-3449678583-2315309752-1001\: URLSearchHooks\\"{f999a48b-1950-4d81-9971-79018f807b4b}" [HKLM] -> C:\Program Files (x86)\FreeOnlineRadioPlayerRecorder\prxtbFre0.dll [FreeOnlineRadioPlayerRecorder Toolbar] -> [2011/01/17 08:54:02 | 000,175,912 | ---- | M] (Conduit Ltd.) HKEY_USERS\S-1-5-21-679516130-3449678583-2315309752-1001\: "ProxyEnable" -> 0 -> HKEY_USERS\S-1-5-21-679516130-3449678583-2315309752-1001\: "ProxyOverride" -> *.local -> < Internet Explorer Settings [HKEY_USERS\S-1-5-21-679516130-3449678583-2315309752-1003\] > -> -> HKEY_USERS\S-1-5-21-679516130-3449678583-2315309752-1003\: Main\\"Default_Page_URL" -> http://g.msn.com/HPDSK/1 -> HKEY_USERS\S-1-5-21-679516130-3449678583-2315309752-1003\: Main\\"First Home Page" -> http://g.msn.com/HPDSK/1 -> HKEY_USERS\S-1-5-21-679516130-3449678583-2315309752-1003\: Main\\"Start Page" -> http://g.msn.com/HPDSK/1 -> < FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla HKLM\software\mozilla\Firefox\Extensions -> -> HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com -> C:\Program Files (x86)\Hp\Digital Imaging\Smart Web Printing\MozillaAddOn3 [C:\PROGRAM FILES (X86)\HP\DIGITAL IMAGING\SMART WEB PRINTING\MOZILLAADDON3] -> [2010/08/01 04:40:41 | 000,000,000 | ---D | M] HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB} -> C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPLGN\ [C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPLGN\] -> [2012/10/30 18:33:11 | 000,000,000 | ---D | M] HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62} -> C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\coFFPlgn_2011_7_13_2 [C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\COFFPLGN_2011_7_13_2] -> [2012/11/14 06:55:16 | 000,000,000 | ---D | M] < FireFox Extensions [User Folders] > -> < HOSTS File > ([2012/11/14 06:23:54 | 000,000,027 | ---- | M] - 1 lines) -> C:\Windows\SysNative\Drivers\etc\hosts -> Reset Hosts 127.0.0.1 localhost < 64bit-BHO's [HKEY_LOCAL_MACHINE] > -> 64bit-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {AA58ED58-01DD-4d91-8333-CF10577473F7} [HKLM] -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [Google Toolbar Helper] -> [2012/09/21 01:52:09 | 000,253,584 | ---- | M] (Google Inc.) {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} [HKLM] -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [Skype add-on for Internet Explorer] -> [2012/10/02 11:06:02 | 005,748,928 | ---- | M] (Skype Technologies S.A.) < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {02478D38-C3F9-4efb-9B51-7695ECA05670} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found {30F9B915-B755-4826-820B-08FBA6BD249D} [HKLM] -> C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll [Conduit Engine ] -> [2011/01/17 08:54:02 | 000,175,912 | ---- | M] (Conduit Ltd.) {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} [HKLM] -> C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\coieplg.dll [Symantec NCO BHO] -> [2012/06/07 06:46:24 | 000,436,192 | R--- | M] (Symantec Corporation) {6D53EC84-6AAE-4787-AEEE-F4628F01010C} [HKLM] -> C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\ips\ipsbho.dll [Symantec Intrusion Prevention] -> [2011/03/30 21:01:20 | 000,210,872 | R--- | M] (Symantec Corporation) {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} [HKLM] -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [Skype Browser Helper] -> [2012/10/02 11:13:44 | 004,119,744 | ---- | M] (Skype Technologies S.A.) {B84CDBE7-1B46-494B-A188-01D4C52DEB61} [HKLM] -> C:\ProgramData\White Sky, Inc\ID Vault\IEBHO1.12.1012.1\NativeBHO.dll [Constant Guard Protection Suite] -> [2012/10/16 11:20:25 | 000,099,952 | ---- | M] (WhiteSky) {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} [HKLM] -> [Updater For XFIN_PORTAL] -> File not found {d2ce3e00-f94a-4740-988e-03dc2f38c34f} [HKLM] -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [Bing Bar Helper] -> [2011/02/28 16:44:14 | 001,089,288 | ---- | M] (Microsoft Corporation.) {f999a48b-1950-4d81-9971-79018f807b4b} [HKLM] -> C:\Program Files (x86)\FreeOnlineRadioPlayerRecorder\prxtbFre0.dll [FreeOnlineRadioPlayerRecorder Toolbar] -> [2011/01/17 08:54:02 | 000,175,912 | ---- | M] (Conduit Ltd.) < 64bit-Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" [HKLM] -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [Google Toolbar] -> [2012/09/21 01:52:09 | 000,253,584 | ---- | M] (Google Inc.) < Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> "{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" [HKLM] -> C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\coieplg.dll [Norton Toolbar] -> [2012/06/07 06:46:24 | 000,436,192 | R--- | M] (Symantec Corporation) "{8dcb7100-df86-4384-8842-8fa844297b3f}" [HKLM] -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [Bing Bar] -> [2011/02/28 16:44:14 | 001,089,288 | ---- | M] (Microsoft Corporation.) "{f999a48b-1950-4d81-9971-79018f807b4b}" [HKLM] -> C:\Program Files (x86)\FreeOnlineRadioPlayerRecorder\prxtbFre0.dll [FreeOnlineRadioPlayerRecorder Toolbar] -> [2011/01/17 08:54:02 | 000,175,912 | ---- | M] (Conduit Ltd.) < Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-679516130-3449678583-2315309752-1001\] > -> HKEY_USERS\S-1-5-21-679516130-3449678583-2315309752-1001\Software\Microsoft\Internet Explorer\Toolbar\ -> 64bit-WebBrowser\\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" [HKLM] -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [Google Toolbar] -> [2012/09/21 01:52:09 | 000,253,584 | ---- | M] (Google Inc.) WebBrowser\\"{F999A48B-1950-4D81-9971-79018F807B4B}" [HKLM] -> C:\Program Files (x86)\FreeOnlineRadioPlayerRecorder\prxtbFre0.dll [FreeOnlineRadioPlayerRecorder Toolbar] -> [2011/01/17 08:54:02 | 000,175,912 | ---- | M] (Conduit Ltd.) < 64bit-Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "EzPrint" -> C:\Program Files (x86)\Lexmark 7600 Series\ezprint.exe ["C:\Program Files (x86)\Lexmark 7600 Series\ezprint.exe"] -> [2010/02/10 08:04:48 | 000,131,752 | ---- | M] (Lexmark International Inc.) "hpsysdrv" -> c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe [c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe] -> [2008/11/20 11:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) "IntelliPoint" -> c:\Program Files\Microsoft IntelliPoint\ipoint.exe ["c:\Program Files\Microsoft IntelliPoint\ipoint.exe"] -> [2011/08/01 14:59:06 | 002,417,032 | ---- | M] (Microsoft Corporation) "itype" -> c:\Program Files\Microsoft IntelliType Pro\itype.exe ["c:\Program Files\Microsoft IntelliType Pro\itype.exe"] -> [2011/08/10 15:40:58 | 001,873,256 | ---- | M] (Microsoft Corporation) "lxdwmon.exe" -> C:\Program Files (x86)\Lexmark 7600 Series\lxdwmon.exe ["C:\Program Files (x86)\Lexmark 7600 Series\lxdwmon.exe"] -> [2010/02/10 08:04:44 | 000,676,520 | ---- | M] () "SmartMenu" -> C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background] -> [2010/01/18 11:21:08 | 000,568,888 | ---- | M] () < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "APSDaemon" -> C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe ["C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"] -> [2012/08/27 20:32:54 | 000,059,280 | ---- | M] (Apple Inc.) "ddoctorv2" -> C:\Program Files (x86)\Comcast\Desktop Doctor\bin\sprtcmd.exe ["C:\Program Files (x86)\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2] -> [2008/04/24 11:25:22 | 000,202,560 | ---- | M] (SupportSoft, Inc.) "GIDDesktop" -> C:\Program Files (x86)\SFT\GuardedID\gidd.exe [C:\Program Files (x86)\SFT\GuardedID\gidd.exe /s] -> [2011/07/05 10:24:06 | 000,395,528 | ---- | M] (StrikeForce Technologies Inc.) "StartCCC" -> C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ["C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun] -> [2010/09/07 19:31:02 | 000,098,304 | ---- | M] (Advanced Micro Devices, Inc.) < Run [HKEY_USERS\S-1-5-21-679516130-3449678583-2315309752-1001\] > -> HKEY_USERS\S-1-5-21-679516130-3449678583-2315309752-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "ApplePhotoStreams" -> C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe] -> [2012/09/10 15:58:16 | 000,059,280 | ---- | M] (Apple Inc.) "com.apple.dav.bookmarks.daemon" -> C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe [C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe] -> [2012/09/05 03:04:08 | 000,059,280 | ---- | M] (Apple Inc.) "ComcastAntispyClient" -> C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntispy.exe ["C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntispy.exe" /hide] -> [2009/08/19 11:25:52 | 001,589,208 | ---- | M] () "Desktop Software" -> C:\Program Files (x86)\Common Files\SupportSoft\bin\bcont.exe ["C:\Program Files (x86)\Common Files\SupportSoft\bin\bcont.exe" /ini "C:\Program Files (x86)\ComcastUI\Desktop Software\uinstaller.ini" /fromrun /starthidden] -> [2009/04/24 00:57:42 | 001,025,320 | ---- | M] (SupportSoft, Inc.) "HPAdvisorDock" -> C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe [C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe] -> [2010/09/28 13:04:20 | 001,715,768 | ---- | M] (Hewlett-Packard) "iCloudServices" -> C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe] -> [2012/08/29 13:00:12 | 000,059,280 | ---- | M] (Apple Inc.) < Run [HKEY_USERS\S-1-5-21-679516130-3449678583-2315309752-1003\] > -> HKEY_USERS\S-1-5-21-679516130-3449678583-2315309752-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "HPAdvisorDock" -> C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe [C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe] -> [2010/09/28 13:04:20 | 001,715,768 | ---- | M] (Hewlett-Packard) "Sidebar" -> C:\Program Files (x86)\Windows Sidebar\Sidebar.exe [%ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun] -> [2010/11/20 06:17:41 | 001,174,016 | ---- | M] (Microsoft Corporation) < RunOnce [HKEY_USERS\S-1-5-21-679516130-3449678583-2315309752-1003\] > -> HKEY_USERS\S-1-5-21-679516130-3449678583-2315309752-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce -> "mctadmin" -> [C:\Windows\System32\mctadmin.exe] -> File not found < Software Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer -> < Software Policy Settings [HKEY_USERS\S-1-5-21-679516130-3449678583-2315309752-1001] > -> HKEY_USERS\S-1-5-21-679516130-3449678583-2315309752-1001\SOFTWARE\Policies\Microsoft\Internet Explorer -> < CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"NoDrives" -> [0] -> File not found < CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System \\"ConsentPromptBehaviorAdmin" -> [0] -> File not found \\"ConsentPromptBehaviorUser" -> [3] -> File not found \\"EnableLUA" -> [0] -> File not found \\"PromptOnSecureDesktop" -> [0] -> File not found HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats < CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> < CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-679516130-3449678583-2315309752-1001] > -> HKEY_USERS\S-1-5-21-679516130-3449678583-2315309752-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_USERS\S-1-5-21-679516130-3449678583-2315309752-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"NoDriveTypeAutoRun" -> [145] -> File not found \\"NoDrives" -> [0] -> File not found < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-679516130-3449678583-2315309752-1001] > -> HKEY_USERS\S-1-5-21-679516130-3449678583-2315309752-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> < Internet Explorer Menu Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\MenuExt\ -> E&xport to Microsoft Excel -> [res://C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000] -> File not found < Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\MenuExt\ -> E&xport to Microsoft Excel -> [res://C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000] -> File not found < 64bit-Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {898EA8C8-E7FF-479B-8935-AEC46303B9E5}:{898EA8C8-E7FF-479B-8935-AEC46303B9E5} [HKLM] -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [Button: Skype Click to Call] -> [2012/10/02 11:06:02 | 005,748,928 | ---- | M] (Skype Technologies S.A.) < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {898EA8C8-E7FF-479B-8935-AEC46303B9E5}:{898EA8C8-E7FF-479B-8935-AEC46303B9E5} [HKLM] -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [Button: Skype Click to Call] -> [2012/10/02 11:13:44 | 004,119,744 | ---- | M] (Skype Technologies S.A.) {F47C1DB5-ED21-4dc1-853E-D1495792D4C5}:Exec [HKLM] -> [Button: Bodog Poker] -> File not found < 64bit-Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> PluginsPage -> http://activex.microsoft.com/control...ext=%s&mime=%s -> < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> < 64bit-Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix "" -> http:// < Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix "" -> http:// < 64bit-Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> mot.com .[*] -> Local intranet -> < 64bit-Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-21-679516130-3449678583-2315309752-1001\] > -> HKEY_USERS\S-1-5-21-679516130-3449678583-2315309752-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-21-679516130-3449678583-2315309752-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-21-679516130-3449678583-2315309752-1001\] > -> HKEY_USERS\S-1-5-21-679516130-3449678583-2315309752-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-21-679516130-3449678583-2315309752-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-21-679516130-3449678583-2315309752-1003\] > -> HKEY_USERS\S-1-5-21-679516130-3449678583-2315309752-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-21-679516130-3449678583-2315309752-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-21-679516130-3449678583-2315309752-1003\] > -> HKEY_USERS\S-1-5-21-679516130-3449678583-2315309752-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-21-679516130-3449678583-2315309752-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < 64bit-Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {02BCC737-B171-4746-94C9-0D8A0B2C0089} [HKLM] -> http://office.microsoft.com/_layouts.../ieawsdc64.cab [Microsoft Office Template and Media Control] -> {8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jin...ndows-i586.cab [Java Plug-in 1.6.0_25] -> {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jin...ndows-i586.cab [Java Plug-in 1.6.0_25] -> {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jin...ndows-i586.cab [Java Plug-in 1.6.0_25] -> < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} [HKLM] -> http://h20270.www2.hp.com/ediags/gmn...Detection2.cab [GMNRev Class] -> {82E5DF24-51E8-47CD-864A-F4BD5005AA73} [HKLM] -> https://www.icloud.com/system/iCloud.cab [iCloud Web App Plugin] -> {AFD8A3A3-8B73-444B-82F2-2E4345FA5B38} [HKLM] -> http://www.comcastsupport.com/sdcxus...omcast.Ocf.cab [OneClickFixes Class] -> < Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ -> DhcpNameServer -> 192.168.1.1 -> < Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {166B2E5E-E75D-4043-9388-3FDE9F923034}\\DhcpNameServer -> 192.168.1.1 (Realtek PCIe GBE Family Controller) -> {8CAEE18C-624A-424A-A79B-DE7E1B54D0D0}\\DhcpNameServer -> 192.168.1.1 (802.11n Wireless LAN Card) -> < 64bit-Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 64bit-*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> Explorer.exe -> C:\Windows\explorer.exe -> [2011/02/25 00:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) *MultiFile Done* -> -> 64bit-*UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit -> C:\Windows\system32\userinit.exe -> C:\Windows\SysNative\userinit.exe -> [2010/11/20 07:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) *MultiFile Done* -> -> 64bit-*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> SystemPropertiesPerformance.exe -> C:\Windows\SysNative\SystemPropertiesPerformance.exe -> [2009/07/13 19:39:47 | 000,082,432 | ---- | M] (Microsoft Corporation) /pagefile -> -> File not found *MultiFile Done* -> -> < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> *Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> explorer.exe -> C:\Windows\SysWow64\explorer.exe -> [2011/02/24 23:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) *MultiFile Done* -> -> *UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit -> C:\Windows\system32\userinit.exe -> C:\Windows\SysWOW64\userinit.exe -> [2010/11/20 06:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) *MultiFile Done* -> -> *VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> /pagefile -> -> File not found *MultiFile Done* -> -> < 64bit-SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad -> "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" [HKLM] -> Reg Error: Key error. [WebCheck] -> File not found < SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad -> "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" [HKLM] -> Reg Error: Key error. [WebCheck] -> File not found < Vista Active Firewall Rules > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules -> {092E3EC1-A0A1-42DC-A0CA-4844E1753A2A} -> lport=2869 | protocol=6 | dir=in | action=allow | name=windows live communications platform (upnp) | {141475F5-ADF2-4D12-B227-C65B901212F9} -> lport=445 | profile=private | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-28511 | app=system | {28F32130-50E5-402F-8502-937E9C197EF1} -> lport=5355 | profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-28548 | app=%systemroot%\system32\svchost.exe | svc=dnscache | {32911593-B72B-4F37-9D3E-0B2AF716685F} -> lport=6004 | profile=private | protocol=17 | dir=in | action=allow | name=microsoft office outlook | app=c:\program files (x86)\microsoft office\office14\outlook.exe | {367A3DF9-42B6-4CBB-96B3-ECECA95E60DE} -> lport=139 | profile=private | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-28503 | app=system | {37EB8892-6041-4435-83EC-2D7FB4688484} -> rport=2177 | profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-31265 | app=%systemroot%\system32\svchost.exe | svc=qwave | {4BB05357-519F-4270-9B4D-E055DDF7C678} -> lport=138 | profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-28527 | app=system | {55E13CF8-8C61-44AB-8735-E44FD805517C} -> lport=2177 | profile=private | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-31261 | app=%systemroot%\system32\svchost.exe | svc=qwave | {588D5F7E-76F7-4E26-A9CB-F580902E541B} -> rport=137 | profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-28523 | app=system | {5D286D68-D194-442D-891B-74E6216FD497} -> lport=137 | profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-28519 | app=system | {796D9F03-D37A-4F6D-97E2-7A68126851BD} -> lport=1900 | protocol=17 | dir=in | action=allow | name=windows live communications platform (ssdp) | {7DCF6948-8236-42B3-BE88-C70930D0A6B9} -> rport=2177 | profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-31257 | app=%systemroot%\system32\svchost.exe | svc=qwave | {85E5A241-95EE-48FF-81FA-A6BBA5761DEB} -> lport=rpc-epmap | profile=private | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-28539 | svc=rpcss | {9C3480A0-40FF-4731-A8E9-BA0303071796} -> rport=445 | profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-28515 | app=system | {A31D6CA9-9FA5-491E-822D-3CFE2FBC63BE} -> rport=138 | profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-28531 | app=system | {B1E77111-7CFC-4BDD-8768-7B33B43370FD} -> rport=1900 | profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-31273 | app=%systemroot%\system32\svchost.exe | svc=ssdpsrv | {B378A30C-5ACE-45C2-BC08-8C2753742052} -> rport=5355 | profile=public | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-28550 | app=%systemroot%\system32\svchost.exe | svc=dnscache | {CAD10245-3013-45A6-BDEF-6C7BE9119A48} -> lport=2177 | profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-31253 | app=%systemroot%\system32\svchost.exe | svc=qwave | {D0A33B8C-15D6-41CD-ADE1-1D5C5D737A0F} -> rport=10243 | profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-31289 | app=system | {D78BB105-7749-40FA-96A4-F9E3837F2FC5} -> rport=139 | profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-28507 | app=system | {D912209B-729E-490B-9344-A389CF4170BB} -> lport=10243 | profile=private | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-31285 | app=system | {D924F91A-366C-424D-9942-A5ECAE858CBD} -> lport=1900 | profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-31269 | app=%systemroot%\system32\svchost.exe | svc=ssdpsrv | {E4C63BEC-7533-4E26-8B9D-4282A4711B63} -> lport=2869 | protocol=6 | dir=in | action=allow | name=windows live messenger (upnp-in) | app=system | {E5AF8A13-B906-4762-901C-92BC7237BB4B} -> lport=2869 | profile=private | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-31277 | app=system | {E5E67BFB-42BB-4657-9BE0-A24F9851F51C} -> lport=1900 | protocol=17 | dir=in | action=allow | name=windows live messenger (ssdp-in) | app=svchost.exe | svc=ssdpsrv | {E9296F63-3ABB-466A-B589-783FB197A853} -> rport=5355 | profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-28550 | app=%systemroot%\system32\svchost.exe | svc=dnscache | {FE8910AB-11EC-4920-B1AE-11F30C38084D} -> lport=rpc | profile=private | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-28535 | app=%systemroot%\system32\spoolsv.exe | svc=spooler | {FF3987C2-D3D6-4895-B011-5D57CF0F2EA9} -> lport=5355 | profile=public | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-28548 | app=%systemroot%\system32\svchost.exe | svc=dnscache | < Vista Active Application Exception Rules > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules -> {01CC8B95-D787-4543-987F-392A8CCC38E7} -> dir=in | action=allow | name=hpwucli.exe | app=c:\program files (x86)\hp\hp software update\hpwucli.exe | {023E3773-8FF8-409D-B195-F0BC887A9606} -> profile=private | protocol=17 | dir=in | action=allow | name=7600 series server | app=c:\windows\syswow64\lxdwcoms.exe | {04715D2E-320C-45D5-89D4-4E072FA22A10} -> profile=private | protocol=17 | dir=in | action=allow | name=printer status window | app=c:\windows\system32\spool\drivers\x64\3\lxdwpswx.exe | {082774D0-6C45-454E-A1D8-108F52DEA4C0} -> dir=in | action=allow | name=hp touchsmart photo | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartphoto.exe | {1936D37D-3A85-40F5-A41E-481546CF32CB} -> profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-31024 | app=%programfiles(x86)%\windows media player\wmplayer.exe | {1967C3C8-A187-4670-AC92-6E06D01A6DA7} -> profile=public | protocol=17 | dir=in | action=allow | name=roxio cinemanow 2.0 | app=c:\program files (x86)\hewlett-packard\mediasmart\cinemanow\cinemanow.exe | {1D2072EC-7478-40B9-A659-80357A92DE7A} -> dir=in | action=allow | name=hposid01.exe | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe | {20CE8D77-9554-47AE-96F0-0E6042207583} -> profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-31321 | app=%systemroot%\system32\svchost.exe | svc=upnphost | {21CCF71B-EB76-4D41-B578-93871C7CE155} -> protocol=58 | dir=in | action=allow | name=@iphlpsvc.dll,-502 | app=system | {22314171-7491-45B2-85E0-733D1E4D3969} -> protocol=58 | dir=out | action=allow | name=@iphlpsvc.dll,-503 | {271283B4-9FD7-4D90-B373-A5BFE3688CD9} -> dir=in | action=allow | name=hpzwiz01.exe | app=c:\program files (x86)\hp\digital imaging\bin\hpzwiz01.exe | {29BA9648-4E86-4FCE-91F5-BF443A3A4AA3} -> dir=in | action=allow | name=hpqste08.exe | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe | {2BCB56A1-677B-4FA6-A437-904E92EFC5DF} -> profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-31309 | app=%programfiles%\windows media player\wmpnetwk.exe | {30F32DC8-29E2-41D7-935A-D67CB229EFD9} -> dir=in | action=allow | name=hpqusgm.exe | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe | {32451A2D-47E8-46A7-AFF4-BE99D3AB7A30} -> dir=in | action=allow | name=cyberlink media service | app=c:\program files (x86)\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe | {3B926E30-32A1-4718-9F33-EE56C9EAA608} -> dir=in | action=allow | name=hpiscnapp.exe | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe | {4099FD54-78DB-4374-942B-7819BBEA84B0} -> profile=private | protocol=6 | dir=in | action=allow | name=printer status window | app=c:\windows\system32\spool\drivers\x64\3\lxdwpswx.exe | {47D3C1A6-F23A-4D0F-969B-74FEC31AE1B8} -> dir=in | action=allow | name=webkit | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | {49D494DB-3B7F-4A5C-AE6A-D405DE7421FC} -> dir=in | action=allow | name=hp touchsmart music | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartmusic.exe | {4B8947B3-C717-472A-B4A3-6FC7DC399CA1} -> dir=in | action=allow | name=windows live messenger | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | {4CAA5A9D-62A1-42FC-AA3C-3FB7FF810493} -> profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-31023 | app=%programfiles(x86)%\windows media player\wmplayer.exe | {534DAA75-DA95-4F46-9092-156D26FEBA98} -> dir=in | action=allow | name=hpofxs08.exe | app=c:\program files (x86)\hp\digital imaging\bin\hpofxs08.exe | {58CB6BB7-90A2-4C1B-88F9-F09865974B39} -> profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-31305 | app=%programfiles%\windows media player\wmpnetwk.exe | {5AB78B21-07E0-46BC-822F-9295190A64E3} -> profile=public | protocol=17 | dir=in | action=allow | name=cinemanow media manager | app=c:\program files (x86)\cinemanow\cinemanow media manager\cinemanowshell.exe | {64A48774-A11A-4ABA-86FE-9FCE66759EE0} -> profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-31301 | app=%programfiles%\windows media player\wmplayer.exe | {64DC1DAB-5124-41DC-ADEE-ADB98DDDBF75} -> profile=private | protocol=17 | dir=in | action=allow | name=microsoft onenote | app=c:\program files (x86)\microsoft office\office14\onenote.exe | {6B363E3D-A286-4864-AFC3-4B47FA26703E} -> dir=in | action=allow | name=hpqkygrp.exe | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe | {6D29EF2F-47AF-412B-9552-2AD5D3517680} -> profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-31007 | app=%programfiles%\windows media player\wmplayer.exe | {75C95B91-AB2B-495C-8DAD-F8CB8A1A3707} -> dir=in | action=allow | name=hpqfxt08.exe | app=c:\program files (x86)\hp\digital imaging\bin\hpqfxt08.exe | {7A50B6B0-68EC-489F-9CA2-1F4973DC254D} -> dir=in | action=allow | name=hpoews01.exe | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe | {7B51261A-8773-4845-947C-685515ED790B} -> dir=in | action=allow | name=hpofxm08.exe | app=c:\program files (x86)\hp\digital imaging\bin\hpofxm08.exe | {7D1C9B7A-E2D5-40FC-933F-8106244C7FA8} -> profile=public | protocol=6 | dir=in | action=allow | name=roxio cinemanow 2.0 | app=c:\program files (x86)\hewlett-packard\mediasmart\cinemanow\cinemanow.exe | {7E4395E2-D312-4E7B-9306-8322114C1AC9} -> dir=in | action=allow | name=hposfx08.exe | app=c:\program files (x86)\hp\digital imaging\bin\hposfx08.exe | {883B5856-7316-40EE-94AE-A55A9ADAD553} -> dir=in | action=allow | name=7600 series server | app=c:\windows\syswow64\lxdwcoms.exe | {88EAB582-E68D-45E8-8F1D-374861C94683} -> profile=private | protocol=6 | dir=in | action=allow | name=dropbox | app=c:\users\dennis\appdata\roaming\dropbox\bin\dropbox.exe | {8A020D22-0883-4594-A3B8-7642E64E126D} -> dir=in | action=allow | name=hp touchsmart media resident program | app=c:\program files (x86)\hewlett-packard\media\dvd\tsmagent.exe | {8A045C62-8F9B-4AB8-956F-ABAFEC824FE8} -> dir=in | action=allow | name=hpqnrs08.exe | app=c:\program files (x86)\hp\digital imaging\bin\hpqnrs08.exe | {8A3F46D9-47F7-4134-B63E-343F411C5CF2} -> dir=in | action=allow | name=hpqpse.exe | app=c:\program files (x86)\hp\digital imaging\bin\hpqpse.exe | {8A64500A-A160-4712-9C7E-E6FDB628C203} -> dir=in | action=allow | name=itunes | app=c:\program files (x86)\itunes\itunes.exe | {8AA68600-F154-4512-9510-D5D42DF08346} -> dir=in | action=allow | name=lexmark communications system | app=c:\windows\system32\lxdwcoms.exe | {8CF19D4E-BBDA-45B9-B3B8-AE1821B0B1D3} -> profile=private | protocol=6 | dir=in | action=allow | name=bonjour service | app=c:\program files (x86)\bonjour\mdnsresponder.exe | {8D1C9413-22E0-412A-A7BE-83BCCF13E9F7} -> profile=private | protocol=17 | dir=in | action=allow | name=tournament indicator | app=c:\program files (x86)\tournament indicator\indicator.exe | {8F09E5AF-0EAB-41B5-B585-AA956B2D59CE} -> dir=in | action=allow | name=hpqgplgtupl.exe | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe | {8F0F9D4D-C9A0-4B43-ABC8-BC9D7680819C} -> profile=private | protocol=6 | dir=in | action=allow | name=tournament indicator | app=c:\program files (x86)\tournament indicator\indicator.exe | {9272B7E2-CF4B-48BD-8A74-3C8F94D07010} -> profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-31297 | app=%programfiles%\windows media player\wmplayer.exe | {949326EE-3E00-4E65-B89F-27615F6F1EF0} -> profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-31003 | app=%programfiles%\windows media player\wmplayer.exe | {95264043-3198-4F66-88B2-2221B348A6D5} -> dir=in | action=allow | name=smartwebprintexe.exe | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe | {9B5F411D-CBD3-49A5-B3B4-1FA2158FCCAB} -> profile=private | protocol=17 | dir=in | action=allow | name=bonjour service | app=c:\program files (x86)\bonjour\mdnsresponder.exe | {9F1E699F-2D81-4CB7-89EE-A3610EBB020C} -> profile=private | protocol=17 | dir=in | action=allow | name=lexmark communications system | app=c:\windows\system32\lxdwcoms.exe | {9F4F4B54-C602-4C7B-84E9-C03EB57448D9} -> dir=in | action=allow | name=hpqgpc01.exe | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe | {9FB8E3EF-67C0-43A1-80A1-613CD24BFEF1} -> profile=private | protocol=6 | dir=in | action=allow | name=lexmark communications system | app=c:\windows\system32\lxdwcoms.exe | {A0BA8688-824F-40CC-9C4D-9CCCE5839D02} -> dir=in | action=allow | name=hpqcopy2.exe | app=c:\program files (x86)\hp\digital imaging\bin\hpqcopy2.exe | {A75A0DE4-FCCD-4F9C-8918-ED8AB025045D} -> profile=private | protocol=58 | dir=in | action=allow | name=@firewallapi.dll,-28545 | {AB25848F-2ABE-442E-93C8-BA3989EAFA1F} -> dir=in | action=allow | name=hpqpsapp.exe | app=c:\program files (x86)\hp\digital imaging\bin\hpqpsapp.exe | {AB900FC4-8400-44A4-95EC-2B2AB6F0985A} -> dir=in | action=allow | name=hp mediasmart dvd | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe | {AC462AA6-06B4-415B-B5CD-8FFD832C9E33} -> profile=private | protocol=17 | dir=in | action=allow | name=microsoft sharepoint workspace | app=c:\program files (x86)\microsoft office\office14\groove.exe | {AC8DF999-1137-4A62-9EA5-67D96524CFF0} -> dir=in | action=allow | name=windows live communications platform | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | {B2097D54-2081-456F-B6E4-B0F2FE6A3603} -> profile=private | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-31313 | app=%programfiles%\windows media player\wmpnetwk.exe | {B3F62732-EC55-4F49-B405-2A52F82A0873} -> dir=in | action=allow | name=hpfccopy.exe | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe | {B5BA3228-00BB-4BB2-A166-8A5E1C2070FD} -> dir=in | action=allow | name=hp touchsmart music | app=c:\program files (x86)\hewlett-packard\touchsmart\music\hptouchsmartmusic.exe | {B80F7C65-9D73-4C52-9ABB-726C749C24C1} -> profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-31281 | app=system | {B816342D-9E43-4508-989B-AB34DE809F33} -> profile=public | protocol=6 | dir=in | action=allow | name=cinemanow media manager | app=c:\program files (x86)\cinemanow\cinemanow media manager\cinemanowshell.exe | {B82162AF-17D0-46FC-84E2-9B0EDEA3B08C} -> profile=private | protocol=6 | dir=in | action=allow | name=bonjour service | app=c:\program files\bonjour\mdnsresponder.exe | {B960442C-FA44-4644-82EC-4738B0AD0AD2} -> dir=in | action=allow | name=cyberlink powerdirector | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe | {BB8678FB-97BA-477B-81F2-74981C678798} -> dir=in | action=allow | name=skype | app=c:\program files (x86)\skype\phone\skype.exe | {BCDB99F1-C215-48D9-A0DC-B23C01D091CD} -> profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-31293 | app=%programfiles%\windows media player\wmplayer.exe | {BD759C0E-8326-4C40-B9D3-C9D9FB2BEC1A} -> profile=private | protocol=6 | dir=in | action=allow | name=microsoft sharepoint workspace | app=c:\program files (x86)\microsoft office\office14\groove.exe | {BDD0773E-027B-44A0-BD8D-D5480AEF0170} -> profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-31317 | app=%programfiles%\windows media player\wmpnetwk.exe | {C4881395-01EC-4D11-895E-4219F693A174} -> profile=private | protocol=58 | dir=out | action=allow | name=@firewallapi.dll,-28546 | {C765BB02-E71D-445A-A07B-DC42D023E02B} -> dir=in | action=allow | name=hpqusgh.exe | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe | {C79F4C64-B728-49DE-8654-27AF9D41704E} -> dir=in | action=allow | name=hp touchsmart video | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartvideo.exe | {D3E67649-D4DB-4FFD-8B94-1CB1783F6D7D} -> dir=in | action=allow | name=windows live sync | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | {D673C542-923B-4D7A-92B7-54C95DC1853C} -> profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-31025 | app=%programfiles(x86)%\windows media player\wmplayer.exe | {D857B1FD-F2A7-45BE-A835-CD1D1481C613} -> profile=private | protocol=17 | dir=in | action=allow | name=bonjour service | app=c:\program files\bonjour\mdnsresponder.exe | {D88C23FA-6630-47AC-9221-3F0C3A1CE07F} -> dir=in | action=allow | name=printer status window interface | app=c:\windows\system32\spool\drivers\x64\3\lxdwpswx.exe | {DAAEB2FE-DCE8-4A9A-8D26-ED4FE8969154} -> profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-31011 | app=%programfiles%\windows media player\wmplayer.exe | {DAE054F1-3C71-4C50-9F4E-9CE053090005} -> profile=private | protocol=17 | dir=in | action=allow | name=dropbox | app=c:\users\dennis\appdata\roaming\dropbox\bin\dropbox.exe | {E2EC1196-A970-484B-A146-C04671D81E34} -> dir=in | action=allow | name=hpqphotocrm.exe | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe | {E617E7E8-54B8-43AA-9D68-54D98E7D8286} -> profile=private | protocol=1 | dir=in | action=allow | name=@firewallapi.dll,-28543 | {EEACD900-9D58-493D-927A-C2293BB3A739} -> profile=private | protocol=6 | dir=in | action=allow | name=7600 series server | app=c:\windows\syswow64\lxdwcoms.exe | {EFA6E77C-4905-412A-993C-E508561C65D7} -> dir=in | action=allow | name=hpqtra08.exe | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe | {F39DBE3A-390A-4E93-BFAA-6CE70B1B62AD} -> dir=in | action=allow | name=hpqsudi.exe | app=c:\program files (x86)\hp\digital imaging\bin\hpqsudi.exe | {FB1A41B8-F0BB-4F28-BC8D-E257A5DB1960} -> profile=private | protocol=6 | dir=in | action=allow | name=microsoft onenote | app=c:\program files (x86)\microsoft office\office14\onenote.exe | {FD29D1ED-00F0-4D63-BA60-8044A46DABEC} -> dir=in | action=allow | name=time executable | app=c:\windows\system32\spool\drivers\x64\3\lxdwtime.exe | {FD8E2104-0337-4454-96EC-FA7A7C583CCB} -> profile=private | protocol=1 | dir=out | action=allow | name=@firewallapi.dll,-28544 | < Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> < SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> < CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom -> "AutoRun" -> 1 -> "DisplayName" -> CD-ROM Driver -> "ImagePath" -> [\SystemRoot\system32\drivers\cdrom.sys] -> File not found < Drives with AutoRun files > -> -> E:\autorun.inf [[autorun] | open=Setup.EXE | | [DeviceInstall] | DriverPath=Drivers\Scan | DriverPath=Drivers\Win_XP2K | HardwareId="USB\Vid_043D&Pid_0150&MI_00" | HardwareId="USBPrint\Lexmark7600_SeriesB64D" | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | ] -> E:\autorun.inf [ CDFS ] -> [2008/09/10 03:53:13 | 000,000,252 | R--- | M] () < MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> < Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command -> 64bit-comfile [open] -> "%1" %* 64bit-exefile [open] -> "%1" %* comfile [open] -> "%1" %* -> exefile [open] -> "%1" %* -> < 64bit-File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ -> .com [@ = ComFile] -> "%1" %* -> .exe [@ = exefile] -> "%1" %* -> < File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ -> .com [@ = ComFile] -> "%1" %* -> .exe [@ = exefile] -> "%1" %* -> [Files/Folders - Created Within 30 Days] OTS.exe -> C:\Users\Dennis\Desktop\OTS.exe -> [2012/11/14 10:17:09 | 000,646,656 | ---- | C] (OldTimer Tools) $RECYCLE.BIN -> C:\$RECYCLE.BIN -> [2012/11/14 06:54:20 | 000,000,000 | -HSD | C] svchost.exe -> C:\Windows\svchost.exe -> [2012/11/14 06:45:59 | 000,020,480 | ---- | C] (Microsoft Corporation) SWREG.exe -> C:\Windows\SWREG.exe -> [2012/11/14 06:10:22 | 000,518,144 | ---- | C] (SteelWerX) SWSC.exe -> C:\Windows\SWSC.exe -> [2012/11/14 06:10:22 | 000,406,528 | ---- | C] (SteelWerX) NIRCMD.exe -> C:\Windows\NIRCMD.exe -> [2012/11/14 06:10:22 | 000,060,416 | ---- | C] (NirSoft) Qoobox -> C:\Qoobox -> [2012/11/14 06:04:39 | 000,000,000 | ---D | C] erdnt -> C:\Windows\erdnt -> [2012/11/14 06:03:46 | 000,000,000 | ---D | C] username123.exe -> C:\Users\Dennis\Desktop\username123.exe -> [2012/11/14 05:59:40 | 005,001,477 | R--- | C] (Swearware) WdfLdr.sys -> C:\Windows\SysNative\drivers\WdfLdr.sys -> [2012/11/14 03:11:59 | 000,054,376 | ---- | C] (Microsoft Corporation) Wdfres.dll -> C:\Windows\SysNative\Wdfres.dll -> [2012/11/14 03:11:59 | 000,009,728 | ---- | C] (Microsoft Corporation) mshtmled.dll -> C:\Windows\SysNative\mshtmled.dll -> [2012/11/14 03:03:11 | 000,096,768 | ---- | C] (Microsoft Corporation) mshtmled.dll -> C:\Windows\SysWow64\mshtmled.dll -> [2012/11/14 03:03:10 | 000,073,216 | ---- | C] (Microsoft Corporation) jscript9.dll -> C:\Windows\SysNative\jscript9.dll -> [2012/11/14 03:03:09 | 002,312,704 | ---- | C] (Microsoft Corporation) inetcpl.cpl -> C:\Windows\SysNative\inetcpl.cpl -> [2012/11/14 03:03:09 | 001,494,528 | ---- | C] (Microsoft Corporation) inetcpl.cpl -> C:\Windows\SysWow64\inetcpl.cpl -> [2012/11/14 03:03:09 | 001,427,968 | ---- | C] (Microsoft Corporation) ieui.dll -> C:\Windows\SysNative\ieui.dll -> [2012/11/14 03:03:09 | 000,248,320 | ---- | C] (Microsoft Corporation) url.dll -> C:\Windows\SysNative\url.dll -> [2012/11/14 03:03:09 | 000,237,056 | ---- | C] (Microsoft Corporation) url.dll -> C:\Windows\SysWow64\url.dll -> [2012/11/14 03:03:09 | 000,231,936 | ---- | C] (Microsoft Corporation) ieui.dll -> C:\Windows\SysWow64\ieui.dll -> [2012/11/14 03:03:09 | 000,176,640 | ---- | C] (Microsoft Corporation) ieUnatt.exe -> C:\Windows\SysNative\ieUnatt.exe -> [2012/11/14 03:03:09 | 000,173,056 | ---- | C] (Microsoft Corporation) ieUnatt.exe -> C:\Windows\SysWow64\ieUnatt.exe -> [2012/11/14 03:03:09 | 000,142,848 | ---- | C] (Microsoft Corporation) msfeeds.dll -> C:\Windows\SysNative\msfeeds.dll -> [2012/11/14 03:03:08 | 000,729,088 | ---- | C] (Microsoft Corporation) jscript.dll -> C:\Windows\SysNative\jscript.dll -> [2012/11/14 03:03:07 | 000,816,640 | ---- | C] (Microsoft Corporation) jscript.dll -> C:\Windows\SysWow64\jscript.dll -> [2012/11/14 03:03:07 | 000,717,824 | ---- | C] (Microsoft Corporation) vbscript.dll -> C:\Windows\SysNative\vbscript.dll -> [2012/11/14 03:03:07 | 000,599,040 | ---- | C] (Microsoft Corporation) WUDFx.dll -> C:\Windows\SysNative\WUDFx.dll -> [2012/11/14 03:02:33 | 000,744,448 | ---- | C] (Microsoft Corporation) WUDFHost.exe -> C:\Windows\SysNative\WUDFHost.exe -> [2012/11/14 03:02:33 | 000,229,888 | ---- | C] (Microsoft Corporation) WUDFPlatform.dll -> C:\Windows\SysNative\WUDFPlatform.dll -> [2012/11/14 03:02:33 | 000,194,048 | ---- | C] (Microsoft Corporation) WUDFCoinstaller.dll -> C:\Windows\SysNative\WUDFCoinstaller.dll -> [2012/11/14 03:02:33 | 000,045,056 | ---- | C] (Microsoft Corporation) TDSSKiller_Quarantine -> C:\TDSSKiller_Quarantine -> [2012/11/13 21:43:34 | 000,000,000 | ---D | C] dhcpcore6.dll -> C:\Windows\SysNative\dhcpcore6.dll -> [2012/11/13 17:01:45 | 000,226,816 | ---- | C] (Microsoft Corporation) dhcpcore6.dll -> C:\Windows\SysWow64\dhcpcore6.dll -> [2012/11/13 17:01:45 | 000,193,536 | ---- | C] (Microsoft Corporation) dhcpcsvc6.dll -> C:\Windows\SysNative\dhcpcsvc6.dll -> [2012/11/13 17:01:45 | 000,055,296 | ---- | C] (Microsoft Corporation) netcorehc.dll -> C:\Windows\SysNative\netcorehc.dll -> [2012/11/13 17:01:40 | 000,246,272 | ---- | C] (Microsoft Corporation) ncsi.dll -> C:\Windows\SysNative\ncsi.dll -> [2012/11/13 17:01:40 | 000,216,576 | ---- | C] (Microsoft Corporation) netcorehc.dll -> C:\Windows\SysWow64\netcorehc.dll -> [2012/11/13 17:01:40 | 000,175,104 | ---- | C] (Microsoft Corporation) ncsi.dll -> C:\Windows\SysWow64\ncsi.dll -> [2012/11/13 17:01:40 | 000,156,672 | ---- | C] (Microsoft Corporation) netevent.dll -> C:\Windows\SysWow64\netevent.dll -> [2012/11/13 17:01:40 | 000,018,944 | ---- | C] (Microsoft Corporation) netevent.dll -> C:\Windows\SysNative\netevent.dll -> [2012/11/13 17:01:40 | 000,018,944 | ---- | C] (Microsoft Corporation) synceng.dll -> C:\Windows\SysNative\synceng.dll -> [2012/11/13 17:01:28 | 000,095,744 | ---- | C] (Microsoft Corporation) synceng.dll -> C:\Windows\SysWow64\synceng.dll -> [2012/11/13 17:01:28 | 000,078,336 | ---- | C] (Microsoft Corporation) dds.scr -> C:\Users\Dennis\Desktop\dds.scr -> [2012/11/08 13:50:50 | 000,688,901 | R--- | C] (Swearware) HijackThis.exe -> C:\Users\Dennis\Desktop\HijackThis.exe -> [2012/11/08 13:41:32 | 000,388,608 | ---- | C] (Trend Micro Inc.) Malwarebytes -> C:\Users\Dennis\AppData\Roaming\Malwarebytes -> [2012/10/31 12:16:03 | 000,000,000 | ---D | C] Malwarebytes' Anti-Malware -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware -> [2012/10/31 12:15:42 | 000,000,000 | ---D | C] Malwarebytes -> C:\ProgramData\Malwarebytes -> [2012/10/31 12:15:42 | 000,000,000 | ---D | C] mbam.sys -> C:\Windows\SysNative\drivers\mbam.sys -> [2012/10/31 12:15:41 | 000,025,928 | ---- | C] (Malwarebytes Corporation) Malwarebytes' Anti-Malware -> C:\Program Files (x86)\Malwarebytes' Anti-Malware -> [2012/10/31 12:15:41 | 000,000,000 | ---D | C] MRT.exe -> C:\Windows\SysWow64\MRT.exe -> [2012/10/31 10:01:35 | 062,968,832 | ---- | C] (Microsoft Corporation) {773ECF27-E6AA-4735-BF84-2BFD84914D0F} -> C:\Users\Dennis\AppData\Local\{773ECF27-E6AA-4735-BF84-2BFD84914D0F} -> [2012/10/17 13:37:28 | 000,000,000 | ---D | C] 1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> 1 C:\*.tmp files -> C:\*.tmp -> [Files/Folders - Modified Within 30 Days] OTS.exe -> C:\Users\Dennis\Desktop\OTS.exe -> [2012/11/14 10:17:29 | 000,646,656 | ---- | M] (OldTimer Tools) GoogleUpdateTaskMachineUA.job -> C:\Windows\tasks\GoogleUpdateTaskMachineUA.job -> [2012/11/14 09:51:00 | 000,000,898 | ---- | M] () 7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 -> [2012/11/14 07:04:50 | 000,015,792 | -H-- | M] () 7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 -> [2012/11/14 07:04:50 | 000,015,792 | -H-- | M] () PerfStringBackup.INI -> C:\Windows\SysNative\PerfStringBackup.INI -> [2012/11/14 07:00:41 | 000,730,448 | ---- | M] () perfh009.dat -> C:\Windows\SysNative\perfh009.dat -> [2012/11/14 07:00:41 | 000,627,066 | ---- | M] () perfc009.dat -> C:\Windows\SysNative\perfc009.dat -> [2012/11/14 07:00:41 | 000,107,382 | ---- | M] () GoogleUpdateTaskMachineCore.job -> C:\Windows\tasks\GoogleUpdateTaskMachineCore.job -> [2012/11/14 06:56:25 | 000,000,894 | ---- | M] () bootstat.dat -> C:\Windows\bootstat.dat -> [2012/11/14 06:53:58 | 000,067,584 | --S- | M] () hiberfil.sys -> C:\hiberfil.sys -> [2012/11/14 06:53:47 | 2090,135,551 | -HS- | M] () hosts -> C:\Windows\SysNative\drivers\etc\hosts -> [2012/11/14 06:23:54 | 000,000,027 | ---- | M] () username123.exe -> C:\Users\Dennis\Desktop\username123.exe -> [2012/11/14 05:59:41 | 005,001,477 | R--- | M] (Swearware) FNTCACHE.DAT -> C:\Windows\SysNative\FNTCACHE.DAT -> [2012/11/14 03:37:26 | 000,438,560 | ---- | M] () HPCeeScheduleForDennis.job -> C:\Windows\tasks\HPCeeScheduleForDennis.job -> [2012/11/13 21:46:25 | 000,000,336 | ---- | M] () dds.scr -> C:\Users\Dennis\Desktop\dds.scr -> [2012/11/08 13:50:50 | 000,688,901 | R--- | M] (Swearware) PCDRScheduledMaintenance.job -> C:\Windows\tasks\PCDRScheduledMaintenance.job -> [2012/11/08 13:42:37 | 000,000,448 | ---- | M] () HijackThis.exe -> C:\Users\Dennis\Desktop\HijackThis.exe -> [2012/11/08 13:41:32 | 000,388,608 | ---- | M] (Trend Micro Inc.) Google Chrome.lnk -> C:\Users\Public\Desktop\Google Chrome.lnk -> [2012/11/07 00:52:37 | 000,002,376 | ---- | M] () 201210HouseholdVisa.csv -> C:\Users\Dennis\Documents\201210HouseholdVisa.csv -> [2012/11/06 08:21:59 | 000,001,437 | ---- | M] () Malwarebytes Anti-Malware.lnk -> C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk -> [2012/10/31 12:15:43 | 000,001,111 | ---- | M] () Adobe Reader 9.lnk -> C:\Users\Public\Desktop\Adobe Reader 9.lnk -> [2012/10/30 15:38:26 | 000,002,016 | ---- | M] () Constant Guard.lnk -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Constant Guard.lnk -> [2012/10/25 16:12:41 | 000,002,209 | ---- | M] () Constant Guard.lnk -> C:\Users\Public\Desktop\Constant Guard.lnk -> [2012/10/25 16:12:41 | 000,002,191 | ---- | M] () 1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> 1 C:\*.tmp files -> C:\*.tmp -> [Files - No Company Name] PEV.exe -> C:\Windows\PEV.exe -> [2012/11/14 06:10:22 | 000,256,000 | ---- | C] () MBR.exe -> C:\Windows\MBR.exe -> [2012/11/14 06:10:22 | 000,208,896 | ---- | C] () sed.exe -> C:\Windows\sed.exe -> [2012/11/14 06:10:22 | 000,098,816 | ---- | C] () grep.exe -> C:\Windows\grep.exe -> [2012/11/14 06:10:22 | 000,080,412 | ---- | C] () zip.exe -> C:\Windows\zip.exe -> [2012/11/14 06:10:22 | 000,068,096 | ---- | C] () MsftWdf_Kernel_01011_Inbox_Critical.Wdf -> C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf -> [2012/11/14 03:12:02 | 000,000,003 | ---- | C] () MsftWdf_User_01_11_00_Inbox_Critical.Wdf -> C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf -> [2012/11/14 03:02:32 | 000,000,003 | ---- | C] () 201210HouseholdVisa.csv -> C:\Users\Dennis\Documents\201210HouseholdVisa.csv -> [2012/11/06 08:21:59 | 000,001,437 | ---- | C] () Malwarebytes Anti-Malware.lnk -> C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk -> [2012/10/31 12:15:42 | 000,001,111 | ---- | C] () lxdwdrs.dll -> C:\Windows\SysWow64\lxdwdrs.dll -> [2012/08/27 19:22:38 | 001,036,288 | ---- | C] () lxdwcaps.dll -> C:\Windows\SysWow64\lxdwcaps.dll -> [2012/08/27 19:22:38 | 000,081,920 | ---- | C] () lxdwcnv4.dll -> C:\Windows\SysWow64\lxdwcnv4.dll -> [2012/08/27 19:22:38 | 000,069,632 | ---- | C] () lxdwserv.dll -> C:\Windows\SysWow64\lxdwserv.dll -> [2012/08/27 19:22:21 | 001,069,056 | ---- | C] ( ) lxdwusb1.dll -> C:\Windows\SysWow64\lxdwusb1.dll -> [2012/08/27 19:22:21 | 000,860,160 | ---- | C] ( ) lxdwcomc.dll -> C:\Windows\SysWow64\lxdwcomc.dll -> [2012/08/27 19:22:21 | 000,761,856 | ---- | C] ( ) lxdwhbn3.dll -> C:\Windows\SysWow64\lxdwhbn3.dll -> [2012/08/27 19:22:21 | 000,684,032 | ---- | C] ( ) lxdwpmui.dll -> C:\Windows\SysWow64\lxdwpmui.dll -> [2012/08/27 19:22:21 | 000,651,264 | ---- | C] ( ) lxdwcoms.exe -> C:\Windows\SysWow64\lxdwcoms.exe -> [2012/08/27 19:22:21 | 000,594,600 | ---- | C] ( ) lxdwlmpm.dll -> C:\Windows\SysWow64\lxdwlmpm.dll -> [2012/08/27 19:22:21 | 000,577,536 | ---- | C] ( ) LXDWinst.dll -> C:\Windows\SysWow64\LXDWinst.dll -> [2012/08/27 19:22:21 | 000,389,120 | ---- | C] () lxdwcomm.dll -> C:\Windows\SysWow64\lxdwcomm.dll -> [2012/08/27 19:22:21 | 000,376,832 | ---- | C] ( ) lxdwcfg.exe -> C:\Windows\SysWow64\lxdwcfg.exe -> [2012/08/27 19:22:21 | 000,369,320 | ---- | C] ( ) lxdwinpa.dll -> C:\Windows\SysWow64\lxdwinpa.dll -> [2012/08/27 19:22:21 | 000,364,544 | ---- | C] ( ) lxdwiesc.dll -> C:\Windows\SysWow64\lxdwiesc.dll -> [2012/08/27 19:22:21 | 000,339,968 | ---- | C] ( ) lxdwcomx.dll -> C:\Windows\SysWow64\lxdwcomx.dll -> [2012/08/27 19:22:21 | 000,335,872 | ---- | C] () lxdwih.exe -> C:\Windows\SysWow64\lxdwih.exe -> [2012/08/27 19:22:21 | 000,328,360 | ---- | C] ( ) hpwins14.dat -> C:\Windows\hpwins14.dat -> [2012/07/07 18:03:09 | 000,179,759 | ---- | C] () hpomdl19.dat.temp -> C:\Windows\hpomdl19.dat.temp -> [2012/07/07 16:32:52 | 000,013,898 | ---- | C] () hpoins19.dat -> C:\Windows\hpoins19.dat -> [2012/07/07 15:51:22 | 000,221,284 | ---- | C] () hpomdl19.dat -> C:\Windows\hpomdl19.dat -> [2012/07/07 15:51:22 | 000,013,898 | ---- | C] () Bench32.INI -> C:\Windows\Bench32.INI -> [2011/08/12 12:23:41 | 000,000,064 | ---- | C] () mlfcache.dat -> C:\Windows\SysWow64\mlfcache.dat -> [2011/08/06 16:08:33 | 000,195,680 | -H-- | C] () {96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini -> C:\Users\Dennis\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini -> [2011/05/21 11:05:24 | 000,001,940 | ---- | C] () atipblag.dat -> C:\Windows\SysWow64\atipblag.dat -> [2011/03/17 16:51:46 | 000,003,929 | ---- | C] () OVDecode.dll -> C:\Windows\SysWow64\OVDecode.dll -> [2011/03/09 21:59:14 | 000,059,904 | ---- | C] () HMHud.INI -> C:\Windows\HMHud.INI -> [2010/12/19 20:41:56 | 000,000,000 | ---- | C] () < End of report > |
14-Nov-2012, 11:52 AM
#15 | ||||||
| that is showing nothing wrong at all how are you resetting your router can you log into it & see what the name servers are set at lets try this & see if we can bypass the router name servers & make sure it is the router & not something so deeply hidden on your computer first set up google dns on your computer by following advice here you only need to do IPV4 not V6 https://developers.google.com/speed/...dns/docs/using
__________________ Derek Microsoft MVP/Windows - Security | Thespykiller Find out all about the European Wild Hedgehog, what you can do to save it from extinction Hedgehog Rescue |
Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.
If you're not already familiar with forums, watch our Welcome Guide to get started.
| |
| Currently Active Users Viewing This Thread: 1 (0 members and 1 guests) | |
| Thread Tools | |
| |
