Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Malware removal help needed

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Malware removal help needed

Unread postby Technot » September 27th, 2012, 3:07 am

Hi all,
The issue I'm having with my computer is what I've heard called a "Google redirect virus". After doing a search on Google, I click on a link, am then directed to a site that is not what I selected. Once I go back and select the link again, it will go to the proper site. I would appreciate your help in solving this problem.
Thanks,
Don

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.6.2
Run by Donald at 9:05:28 on 2012-09-26
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2143 [GMT -7:00]
.
AV: Norton Security Suite *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Security Suite *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\WD\WD Anywhere Backup\MemeoBackgroundService.exe
C:\Program Files\Norton Security Suite\Engine\4.4.0.12\ccSvcHst.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\TwonkyMedia\twonkymediaserverwatchdog.exe
C:\Program Files\TwonkyMedia\twonkywebdav.exe
C:\Program Files\TwonkyMedia\TwonkyMediaServer.exe
C:\Program Files\Norton Security Suite\Engine\4.4.0.12\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Page =
uSearch Bar =
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant =
uURLSearchHooks: AOLTBSearch Class: {ea756889-2338-43db-8f07-d1ca6fb9c90d} -
mURLSearchHooks: AOLTBSearch Class: {ea756889-2338-43db-8f07-d1ca6fb9c90d} -
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton security suite\engine\4.4.0.12\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton security suite\engine\4.4.0.12\IPSBHO.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre7\bin\ssv.dll
BHO: AOL Toolbar BHO: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - AOL Toolbar BHO
BHO: WebMinds Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: TwonkyMediaContextMenuHandler: {d6e0063b-7b09-45c9-a51d-1fb51840ebe0} - c:\program files\twonky\twonkybeam\internet explorer\TwonkyIEPlugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} -
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton security suite\engine\4.4.0.12\coIEPlg.dll
TB: WebMinds Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
c:\docume~1\donald\locals~1\temp\nsd32.tmp\temp00
c:\docume~1\donald\locals~1\temp\nsd32.tmp\temp00
c:\docume~1\donald\locals~1\temp\nsd32.tmp\temp00
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [<NO NAME>]
mRun: [nwiz] nwiz.exe /install
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [nmiscm] "c:\windows\system32\rundll32.exe" "c:\documents and settings\donald\application data\nmiscm.dll",GetImporter
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\donald\startm~1\programs\startup\autoru~1\ding!.lnk - c:\program files\southwest airlines\ding\Ding.exe
StartupFolder: c:\docume~1\donald\startm~1\programs\startup\autoru~1\twonky~1.lnk - c:\program files\twonkymedia\mediamanager\TwonkyMediaManager.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\KEM.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoru~1\ga311s~1.lnk - c:\program files\netgear ga311 adapter\GA311.exe
IE: &AOL Toolbar Search - c:\documents and settings\all users\application data\aol\ietoolbar\resources\en-us\local\search.html
IE: &Search
IE: Add to Playlist - c:\program files\twonky\twonkybeam\internet explorer\TwonkyIEPlugin.dll/314
IE: Beam to - c:\program files\twonky\twonkybeam\internet explorer\TwonkyIEPlugin.dll/231
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
Trusted Zone: closetmaid.com\vsp
Trusted Zone: internet
Trusted Zone: intuit.com\ttlc
Trusted Zone: mcafee.com
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/200 ... oader5.cab
DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} - hxxp://www.ipix.com/download/ipixx.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {2871FC9B-5E34-4AAE-9E9C-EBD1652D5C92} - hxxp://forms.real.com/real/player/downl ... st_Win.cab
DPF: {49232000-16E4-426C-A231-62846947304B} - hxxp://ipgweb.cce.hp.com/rdqaio/downloads/sysinfo.cab
DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - hxxp://aolcc.aol.com/computercheckup/qdiagcc.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupda ... 0197917781
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/Shar ... /cabsa.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftup ... 6499508718
DPF: {85BA505F-FD01-4A91-836C-F7D502E89C9A} - hxxp://www.evite.com/html/imageUpload/I ... oader4.cab
DPF: {87BE3784-6977-4E84-AA08-55A96B9CEAC5} - hxxp://jarmccall.no-ip.info:81/bl_camera.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {90051A81-3018-4826-8B38-DD60B6B53F9C} - hxxp://www.costcophotocenter.com/CostcoUpload.cab
DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - hxxp://www.sibelius.com/download/softwa ... Plugin.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdat ... /opuc4.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://download.macromedia.com/pub/sho ... wflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 10.0.0.1
TCP: Interfaces\{E15D1DDC-BCCF-45D5-8EC6-ECF47FB9515B} : DhcpNameServer = 10.0.0.1
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\donald\application data\mozilla\firefox\profiles\mxgkytql.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.xfinity.com/customer/start/? ... te08052011
FF - prefs.js: keyword.URL - hxxp://bing.zugo.com/s/?src=FF-Address& ... -73-0-faeY\n&q=
FF - component: c:\documents and settings\donald\application data\mozilla\firefox\profiles\mxgkytql.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_235.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_265.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
.
=============== Created Last 30 ================
.
2012-09-26 05:26:42 -------- d-----w- c:\documents and settings\all users\application data\RegAce
2012-09-26 05:23:51 -------- d-----w- c:\program files\Ask.com
2012-09-26 05:23:45 -------- d-----w- c:\documents and settings\donald\local settings\application data\AskToolbar
2012-09-25 09:01:48 6980552 ----a-w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\{a742a781-7c5c-48d5-b762-a813c593b3d0}\mpengine.dll
.
==================== Find3M ====================
.
2012-09-21 13:17:25 696240 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-21 13:17:24 73136 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-08 00:04:46 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-25 01:52:34 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-08-25 01:52:28 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-08-25 01:52:26 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-08-25 01:52:26 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-15 01:17:21 458752 ----a-w- c:\documents and settings\donald\application data\nmiscm.dll
.
============= FINISH: 9:07:33.73 ===============






DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 6/30/2005 7:36:29 PM
System Uptime: 9/26/2012 8:20:03 AM (1 hours ago)
.
Motherboard: Dell Computer Corp. | | 02Y832
Processor: Intel(R) Pentium(R) 4 CPU 2.40GHz | Microprocessor | 2394/533mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 74 GiB total, 22.533 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is FIXED (NTFS) - 233 GiB total, 232.772 GiB free.
G: is Removable
X: is NetworkDisk (NTFS) - 928 GiB total, 820.552 GiB free.
Y: is NetworkDisk (NTFS) - 928 GiB total, 820.552 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Intel(R) PRO/100 VE Network Connection
Device ID: PCI\VEN_8086&DEV_1050&SUBSYS_01551028&REV_02\4&1C660DD6&0&40F0
Manufacturer: Intel
Name: Intel(R) PRO/100 VE Network Connection
PNP Device ID: PCI\VEN_8086&DEV_1050&SUBSYS_01551028&REV_02\4&1C660DD6&0&40F0
Service: E100B
.
==== System Restore Points ===================
.
RP3447: 6/29/2012 1:40:23 AM - Software Distribution Service 3.0
RP3448: 6/30/2012 1:43:42 AM - System Checkpoint
RP3449: 7/1/2012 2:44:50 AM - System Checkpoint
RP3450: 7/2/2012 3:27:40 AM - System Checkpoint
RP3451: 7/3/2012 1:39:26 AM - Software Distribution Service 3.0
RP3452: 7/4/2012 1:43:46 AM - System Checkpoint
RP3453: 7/5/2012 2:54:12 AM - System Checkpoint
RP3454: 7/6/2012 1:44:38 AM - Software Distribution Service 3.0
RP3455: 7/7/2012 2:08:42 AM - System Checkpoint
RP3456: 7/8/2012 3:01:55 AM - System Checkpoint
RP3457: 7/9/2012 3:04:37 AM - System Checkpoint
RP3458: 7/10/2012 1:44:14 AM - Software Distribution Service 3.0
RP3459: 7/11/2012 2:01:49 AM - System Checkpoint
RP3460: 7/12/2012 1:44:23 AM - Software Distribution Service 3.0
RP3461: 7/13/2012 1:43:10 AM - Software Distribution Service 3.0
RP3462: 7/14/2012 2:08:30 AM - System Checkpoint
RP3463: 7/15/2012 3:00:44 AM - System Checkpoint
RP3464: 7/16/2012 3:14:10 AM - System Checkpoint
RP3465: 7/17/2012 1:43:26 AM - Software Distribution Service 3.0
RP3466: 7/18/2012 2:00:45 AM - System Checkpoint
RP3467: 7/19/2012 3:01:50 AM - System Checkpoint
RP3468: 7/20/2012 1:44:25 AM - Software Distribution Service 3.0
RP3469: 7/21/2012 2:00:41 AM - System Checkpoint
RP3470: 7/22/2012 3:06:14 AM - System Checkpoint
RP3471: 7/23/2012 3:13:48 AM - System Checkpoint
RP3472: 7/24/2012 1:44:28 AM - Software Distribution Service 3.0
RP3473: 7/25/2012 1:51:56 AM - System Checkpoint
RP3474: 7/26/2012 1:56:34 AM - System Checkpoint
RP3475: 7/27/2012 1:57:38 AM - System Checkpoint
RP3476: 7/27/2012 2:17:53 AM - Software Distribution Service 3.0
RP3477: 7/28/2012 2:56:33 AM - System Checkpoint
RP3478: 7/29/2012 2:57:38 AM - System Checkpoint
RP3479: 7/30/2012 3:11:46 AM - System Checkpoint
RP3480: 8/4/2012 10:23:18 PM - Software Distribution Service 3.0
RP3481: 8/5/2012 10:57:26 PM - System Checkpoint
RP3482: 8/11/2012 8:51:13 AM - Software Distribution Service 3.0
RP3483: 8/12/2012 9:34:04 AM - System Checkpoint
RP3484: 8/13/2012 2:09:36 PM - System Checkpoint
RP3485: 8/14/2012 1:52:27 AM - Software Distribution Service 3.0
RP3486: 8/15/2012 2:24:27 AM - System Checkpoint
RP3487: 8/16/2012 3:24:27 AM - System Checkpoint
RP3488: 8/16/2012 3:06:52 PM - Software Distribution Service 3.0
RP3489: 8/17/2012 2:02:15 AM - Software Distribution Service 3.0
RP3490: 8/18/2012 2:24:27 AM - System Checkpoint
RP3491: 8/19/2012 2:51:00 AM - System Checkpoint
RP3492: 8/20/2012 3:36:17 AM - System Checkpoint
RP3493: 8/21/2012 2:01:51 AM - Software Distribution Service 3.0
RP3494: 8/22/2012 2:25:30 AM - System Checkpoint
RP3495: 8/23/2012 3:24:26 AM - System Checkpoint
RP3496: 8/24/2012 2:02:39 AM - Software Distribution Service 3.0
RP3497: 8/24/2012 6:52:12 PM - Installed Java 7 Update 6
RP3498: 8/25/2012 7:24:25 PM - System Checkpoint
RP3499: 8/26/2012 8:24:20 PM - System Checkpoint
RP3500: 8/27/2012 9:51:42 PM - System Checkpoint
RP3501: 8/28/2012 2:02:37 AM - Software Distribution Service 3.0
RP3502: 8/29/2012 2:00:26 AM - Software Distribution Service 3.0
RP3503: 8/30/2012 2:21:06 AM - System Checkpoint
RP3504: 8/31/2012 2:07:30 AM - Software Distribution Service 3.0
RP3505: 9/1/2012 2:57:19 AM - System Checkpoint
RP3506: 9/2/2012 3:57:18 AM - System Checkpoint
RP3507: 9/3/2012 4:57:18 AM - System Checkpoint
RP3508: 9/4/2012 2:08:33 AM - Software Distribution Service 3.0
RP3509: 9/5/2012 2:57:19 AM - System Checkpoint
RP3510: 9/6/2012 2:08:51 AM - Software Distribution Service 3.0
RP3511: 9/7/2012 2:09:03 AM - Software Distribution Service 3.0
RP3512: 9/8/2012 3:09:19 AM - System Checkpoint
RP3513: 9/9/2012 3:57:14 AM - System Checkpoint
RP3514: 9/10/2012 4:57:13 AM - System Checkpoint
RP3515: 9/11/2012 2:09:45 AM - Software Distribution Service 3.0
RP3516: 9/12/2012 2:57:13 AM - System Checkpoint
RP3517: 9/13/2012 3:57:14 AM - System Checkpoint
RP3518: 9/14/2012 2:07:17 AM - Software Distribution Service 3.0
RP3519: 9/15/2012 2:57:13 AM - System Checkpoint
RP3520: 9/16/2012 3:57:11 AM - System Checkpoint
RP3521: 9/17/2012 4:57:10 AM - System Checkpoint
RP3522: 9/18/2012 2:08:49 AM - Software Distribution Service 3.0
RP3523: 9/19/2012 2:57:15 AM - System Checkpoint
RP3524: 9/20/2012 3:06:00 AM - System Checkpoint
RP3525: 9/21/2012 2:08:39 AM - Software Distribution Service 3.0
RP3526: 9/22/2012 2:57:11 AM - System Checkpoint
RP3527: 9/23/2012 3:43:23 AM - System Checkpoint
RP3528: 9/24/2012 4:05:09 AM - System Checkpoint
RP3529: 9/25/2012 2:01:44 AM - Software Distribution Service 3.0
RP3530: 9/26/2012 2:30:30 AM - System Checkpoint
RP3531: 9/26/2012 8:16:35 AM - Removed WebMinds Toolbar.
RP3532: 9/26/2012 8:17:07 AM - Removed WebMinds Toolbar.
RP3533: 9/26/2012 8:17:37 AM - Removed WebMinds Toolbar.
RP3534: 9/26/2012 8:18:31 AM - Removed WebMinds Toolbar.
RP3535: 9/26/2012 8:37:27 AM - Removed WebMinds Toolbar.
RP3536: 9/26/2012 8:40:13 AM - Removed iSEEK AnswerWorks English Runtime
RP3537: 9/26/2012 8:47:58 AM - Removed WebMinds Toolbar.
.
==== Installed Programs ======================
.
6300
6300_Help
6300Trb
Acronis Migrate Easy
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.4)
Adobe® Photoshop® Album Starter Edition 3.2
AiO_Scan_CDA
AiOSoftwareNPI
AOL Uninstaller
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ask Toolbar
BCM V.92 56K Modem
Bing Toolbar
Bonjour
BufferChm
Camera Support Core Library
Camera Window
Canon Camera Support Core Library
Canon Camera Window for ZoomBrowser EX
Canon MovieEdit Task for ZoomBrowser EX
Canon PhotoRecord
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities PhotoStitch 3.1
Canon Utilities ZoomBrowser EX
CDBurnerXP
Compatibility Pack for the 2007 Office system
Copy
CP_AtenaShokunin1Config
CP_CalendarTemplates1
cp_dwShrek2Albums1
cp_dwShrek2Cards1
cp_OnlineProjectsConfig
CP_Package_Basic1
CP_Package_Variety1
CP_Package_Variety2
CP_Package_Variety3
CP_Panorama1Config
cp_PosterPrintConfig
CreativeProjects
CreativeProjectsTemplates
Critical Update for Windows Media Player 11 (KB959772)
CueTour
dcmsvc 1.0
Dell ResourceCD
Destinations
DeviceFunctionQFolder
DING!
DirectX 9 Runtime
DivX Setup
DocProc
DocProcQFolder
DocumentViewer
DVDFab 8.1.1.2 (08/08/2011) Qt
Fax_CDA
HCR3 Exercise v1.4
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Document Viewer 7.0
HP Imaging Device Functions 7.0
HP Photosmart Premier Software 6.5
HP Photosmart, Officejet and Deskjet 7.0.A
HP Solution Center 7.0
HP Update
HPPhotoSmartExpress
HPProductAssistant
HPSystemDiagnostics
InstantShare
InstantShareDevices
InstantShareDevicesMFC
Intel(R) PRO Network Adapters and Drivers
Internet Explorer Q903235
iPod for Windows 2006-06-28
iTunes
iTunes Agent 1.3.3
iTunes Sync 1.5.1
Java 7 Update 6
Java Auto Updater
Java(TM) 6 Update 31
Logitech Desktop Messenger
Logitech Harmony Remote Software 7
Logitech MouseWare 9.41 .1
Logitech Resource Center
Logitech SetPoint
Logitech User's Guide
Malwarebytes Anti-Malware version 1.65.0.1400
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Encarta Encyclopedia Standard 2003
Microsoft IntelliType Pro 6.2
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Professional Edition 2003
Microsoft Picture It! Photo 7.0
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works 2003 Setup Launcher
Microsoft Works 7.0
Microsoft Works Suite Add-in for Microsoft Word
MovieEdit Task
Mozilla Firefox 10.0.2 (x86 en-US)
MSN Music Assistant
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML 6 Service Pack 2 (KB973686)
Netflix Movie Viewer
NETGEAR GA311 Gigabit Adapter
NETGEAR GA311 Smart Wizard Utility
NewCopy_CDA
Norton Security Suite
NVIDIA Windows 2000/XP Display Drivers
OCR Software by I.R.I.S 7.0
Palm VersaMail(tm)
palmOne
PanoStandAlone
Photo Viewer s2.5
PhotoGallery
PhotoStitch
Pocket Tunes 5.0.0
ProductContextNPI
ProSafe Plus Utility
QFolder
Quicken 2011
QuickLink Mobile Phonebook
QuickTime
RandMap
RAW Image Task 1.1
Remote Control USB Driver
RemoteCapture Task 1.0.3
RTC Client API v1.2
Scan
ScannerCopy
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165-v2)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982665)
Shockwave
SkinsHP1
SlideShow
SmartSound Quicktracks Plugin
SolutionCenter
Sonic_PrimoSDK
SoundMAX
Status
Toolbox
TrayApp
TwonkyBeam for Internet Explorer
TwonkyManager
TwonkyMedia Windows Components
Unload
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB982632)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2641690)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VC80CRTRedist - 8.0.50727.6195
Viewpoint Media Player
VLC media player 2.0.1
WD Anywhere Backup
WebFldrs XP
WebReg
Windows 7 Upgrade Advisor
Windows Defender
Windows Defender Signatures
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Installer Clean Up
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinPcap 4.0.2
WinX Blu-ray Decrypter 3.0.0
WinX DVD Author 5.9
WinX DVD Copy Pro 2.2.0
WinZip
Works Suite OS Pack
XML Paper Specification Shared Components Pack 1.0
.
==== Event Viewer Messages From Past Week ========
.
9/23/2012 2:28:38 AM, error: Service Control Manager [7023] - The HID Input Service service terminated with the following error: The specified module could not be found.
9/21/2012 7:42:34 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the N360 service.
9/21/2012 5:59:36 AM, error: Service Control Manager [7031] - The Norton Security Suite service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
.
==== End Of File ===========================
Technot
Active Member
 
Posts: 7
Joined: September 27th, 2012, 2:46 am
Advertisement
Register to Remove

Re: Malware removal help needed

Unread postby Cypher » October 1st, 2012, 12:50 pm

Hi,
Checking your logs now be right back.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Malware removal help needed

Unread postby Cypher » October 1st, 2012, 12:54 pm

Hi and welcome to Malware Removal Forum.
My name is Cypher, and I will be helping you with your malware problems.
This may or may not, solve other issues you have with your machine.
If you no longer require help i would be grateful if you would let me know.

Before we start please note the following important guidelines.
  • If you don't know or understand something, please don't hesitate to ask.
  • Only post your problem at One help site. Applying fixes from multiple help sites can cause problems.
  • Only reply to this thread do not start another, Please continue responding until I give you the "All Clean"
    Remember, absence of symptoms does not mean the infection is all gone.
  • Please DO NOT run any other tools or scans whilst I am helping you.
  • Please DO NOT install any other software (or hardware) during the cleaning process.
  • Print each set of instructions... if possible...your Internet connection will not be available during some fix processes.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  • Note: No Reply Within 3 Days Will Result In Your Topic Being Closed!

Note: If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.
Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start



Add/Remove programs
  • Click on start
  • Then Run
  • In the open text entry box please copy/paste appwiz.cpl Then click enter.
  • Press the "Remove" or "Change/Remove"...button to uninstall the following if present.
Ask Toolbar
Java 7 Update 6
Java(TM) 6 Update 31

Next.

Download and install Java 7 Update 7 from Here

Next.

Please download OTL by Old Timer and save it to your Desktop.

  • Double click on OTL.exe to run it.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.

Next.

Please download aswMBR and save it to your Desktop.
  • Double click aswMBR.exe to run it.
  • Click Yes to the prompt to download Avast! virus definitions.
    (Please be patient whilst the virus definitions download)
  • With the AVscan set to Quick Scan, click the Scan button.
    (Please be patient whilst your computer is scanned.)
  • After a while when the scan reports "Scan finished successfully", click Save log & save the log to your desktop.
  • Click OK > Exit.
  • Note: Do not attempt to fix anything at this stage!
  • Two files will be created, aswMBR.txt & a file named MBR.dat.
  • MBR.dat is a backup of the MBR(master boot record), do not delete it..
  • I strongly suggest you keep a copy of this backup stored on an external device.
  • Copy & Paste the contents of aswMBR.txt into your next reply.

Logs/Information to Post in your Next Reply

  • OTL.txt and Extra.txt contents.
  • aswMBR.txt.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Malware removal help needed

Unread postby Technot » October 1st, 2012, 4:25 pm

Hi,
Thanks for your help.

I've deleted the 2 Java ver. 6 programs , and installed the Ver.7 I seem to remember that Mozilla firefox keeps deleting a plug in for Java, saying that it's incompatible. We'll see what happens.

I've tried removing the Ask/Web minds tool bar about 10 times since it hitchhiked on to my system during another install, and I can't remove it. The program tells me that I need to close all browsers before it can close. I've rebooted my system, and turned off Norton, but it still wont allow me to remove it

I installed the OTL program and saved it to my documents, then added a link to my desktop (I couldn't find a way to save it directly to my desktop) When I open the program, a window pops up telling me
"Access violation at address CCCC0460. Read of address CCCC0460"
It gives me the same error message when I try to run a quick scan, and then does not run the program.

Please advise next step.

Thanks
Technot
Active Member
 
Posts: 7
Joined: September 27th, 2012, 2:46 am

Re: Malware removal help needed

Unread postby Cypher » October 2nd, 2012, 4:24 am

Hi Technot,
Thanks for your help.

I've tried removing the Ask/Web minds tool bar about 10 times since it hitchhiked on to my system during another install, and I can't remove it.

Ok don't worry about that for now.
I installed the OTL program and saved it to my documents, then added a link to my desktop (I couldn't find a way to save it directly to my desktop)

Which browser are you using to download OTL? in FireFox try this

First delete OTL from my documents and your desktop.
Now in FireFox click Tools > Options > General.
Under Downloads select Save files to, then chose Desktop as the location, then click Ok.

Now download OTL again, save it to your desktop and try to run it again.
If successfully post the resulting logs, if you still have problems we will try a different approach.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Malware removal help needed

Unread postby Technot » October 2nd, 2012, 1:43 pm

Hi,
I was able to remove the Ask toolbar using Revo Uninstaller pro.
OTL ran fine, here are the 2 files

OTL logfile created on: 10/2/2012 1:38:00 AM - Run 1
OTL by OldTimer - Version 3.2.70.1 Folder = C:\Documents and Settings\Donald\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.08 Gb Available Physical Memory | 69.44% Memory free
4.35 Gb Paging File | 3.18 Gb Available in Paging File | 73.11% Paging File free
Paging file location(s): C:\pagefile.sys 1536 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 22.99 Gb Free Space | 30.86% Space Free | Partition Type: NTFS
Drive F: | 232.88 Gb Total Space | 232.78 Gb Free Space | 99.96% Space Free | Partition Type: NTFS
Drive X: | 928.30 Gb Total Space | 820.55 Gb Free Space | 88.39% Space Free | Partition Type: NTFS
Drive Y: | 928.30 Gb Total Space | 820.55 Gb Free Space | 88.39% Space Free | Partition Type: NTFS

Computer Name: DONALD-FDJSU4TP | User Name: Donald | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/10/02 01:35:46 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Donald\Desktop\OTL.exe
PRC - [2012/10/01 12:12:35 | 000,161,768 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2012/02/16 07:40:41 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/08/24 07:54:08 | 000,509,704 | ---- | M] (PacketVideo) -- C:\Program Files\TwonkyMedia\twonkymediaserverwatchdog.exe
PRC - [2011/08/24 07:54:06 | 001,517,320 | ---- | M] () -- C:\Program Files\TwonkyMedia\twonkymediaserver.exe
PRC - [2011/08/24 07:48:50 | 000,245,760 | ---- | M] () -- C:\Program Files\TwonkyMedia\twonkywebdav.exe
PRC - [2011/08/03 21:18:43 | 000,126,400 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Security Suite\Engine\4.4.0.12\ccsvchst.exe
PRC - [2011/07/28 16:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/03/10 17:59:30 | 000,082,776 | ---- | M] (Intuit Inc.) -- C:\Program Files\Quicken\qw.exe
PRC - [2010/03/04 23:38:00 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2009/06/17 10:49:44 | 000,616,408 | ---- | M] () -- C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe
PRC - [2008/11/07 12:20:40 | 000,025,824 | ---- | M] (Memeo) -- C:\Program Files\WD\WD Anywhere Backup\MemeoBackgroundService.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/08/09 00:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
PRC - [2004/10/28 10:29:48 | 000,581,632 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\SetPoint\KEM.exe
PRC - [2004/10/21 14:28:40 | 000,029,696 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\SetPoint\KHALMNPR.exe
PRC - [2004/10/15 13:54:14 | 000,100,016 | ---- | M] (America Online, Inc) -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
PRC - [2004/10/15 13:54:12 | 000,046,768 | ---- | M] (America Online Inc) -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
PRC - [2002/07/10 21:04:26 | 000,094,276 | ---- | M] (Microsoft® Corporation) -- C:\Program Files\Microsoft Works\msworks.exe


========== Modules (No Company Name) ==========

MOD - [2012/08/30 09:42:18 | 009,813,704 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll
MOD - [2012/03/10 00:04:59 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\11dcb806c92f55111f5fa9f1a90e3bdd\System.ServiceProcess.ni.dll
MOD - [2012/03/10 00:02:57 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\94a40f415bfa947e251888bbe88bb973\System.Configuration.ni.dll
MOD - [2012/03/10 00:00:21 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\77e1279cbf4eecfb0284b63316fe43fe\System.Xml.ni.dll
MOD - [2012/03/09 23:57:45 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\9e3803cd2a11f056291862e306a8e2b2\System.ni.dll
MOD - [2012/03/09 23:57:33 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MOD - [2012/03/09 23:56:04 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2012/02/16 07:40:41 | 001,911,768 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/08/24 07:54:06 | 001,517,320 | ---- | M] () -- C:\Program Files\TwonkyMedia\twonkymediaserver.exe
MOD - [2011/08/24 07:52:58 | 000,143,360 | ---- | M] () -- C:\Program Files\TwonkyMedia\wmdrmdll.dll
MOD - [2011/08/24 07:48:50 | 000,245,760 | ---- | M] () -- C:\Program Files\TwonkyMedia\twonkywebdav.exe
MOD - [2011/07/28 16:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/28 16:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2011/03/10 18:01:08 | 000,490,328 | ---- | M] () -- C:\Program Files\Quicken\alrtint8.dll
MOD - [2010/03/04 23:38:00 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
MOD - [2009/06/17 10:49:44 | 000,616,408 | ---- | M] () -- C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe
MOD - [2004/10/28 10:27:18 | 000,086,016 | ---- | M] () -- C:\Program Files\Logitech\SetPoint\lgscroll.dll


========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Roxio Creator 2009\Digital Home 11\RoxioUPnPRenderer11.exe -- (Roxio UPnP Renderer 11)
SRV - File not found [Auto | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2012/10/01 12:12:35 | 000,161,768 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012/09/21 06:17:31 | 000,250,288 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2011/08/24 07:54:08 | 000,509,704 | ---- | M] (PacketVideo) [Auto | Running] -- C:\Program Files\TwonkyMedia\twonkymediaserverwatchdog.exe -- (TwonkyMedia)
SRV - [2011/08/24 07:48:50 | 000,245,760 | ---- | M] () [Auto | Running] -- C:\Program Files\TwonkyMedia\twonkywebdav.exe -- (TwonkyWebDav)
SRV - [2011/08/03 21:18:43 | 000,126,400 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Security Suite\Engine\4.4.0.12\ccSvcHst.exe -- (N360)
SRV - [2010/03/04 23:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)
SRV - [2009/06/17 10:49:44 | 000,616,408 | ---- | M] () [Auto | Running] -- C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe -- (AntiSpywareService)
SRV - [2008/11/07 12:20:40 | 000,025,824 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files\WD\WD Anywhere Backup\MemeoBackgroundService.exe -- (MemeoBackgroundService)
SRV - [2007/08/09 00:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2004/10/15 13:54:14 | 000,100,016 | ---- | M] (America Online, Inc) [Auto | Running] -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe -- (AOL TopSpeedMonitor)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\VcommMgr.sys -- (VcommMgr)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\VComm.sys -- (VComm)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\VERIZO~1\VZACCE~1\SMNDIS5.SYS -- (SMNDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | Boot | Stopped] -- System32\Drivers\BTHidMgr.sys -- (BTHidMgr)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\vbtenum.sys -- (BTHidEnum)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\btcusb.sys -- (Btcsrusb)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\btnetdrv.sys -- (BT)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\BlueletSCOAudio.sys -- (BlueletSCOAudio)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\blueletaudio.sys -- (BlueletAudio)
DRV - [2012/09/23 02:52:24 | 001,601,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20121001.004\NAVEX15.SYS -- (NAVEX15)
DRV - [2012/09/23 02:52:24 | 000,092,704 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20121001.004\NAVENG.SYS -- (NAVENG)
DRV - [2012/09/21 15:31:10 | 000,373,728 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20120928.001\IDSXpx86.sys -- (IDSxpx86)
DRV - [2012/08/31 15:09:14 | 000,995,488 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20120919.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2012/08/11 10:47:27 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012/08/11 10:47:27 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/08/29 22:24:54 | 000,114,048 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\snapman.sys -- (snapman)
DRV - [2011/08/21 19:53:36 | 000,362,360 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0404000.00C\symtdi.sys -- (SYMTDI)
DRV - [2011/08/21 19:53:35 | 000,173,176 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0404000.00C\symefa.sys -- (SymEFA)
DRV - [2011/08/03 21:19:30 | 000,485,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0404000.00C\cchpx86.sys -- (ccHP)
DRV - [2011/06/03 08:48:48 | 000,066,944 | ---- | M] (TOSHIBA Corporation) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\thdudf.sys -- (thdudf)
DRV - [2010/09/26 19:10:30 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2010/05/05 06:01:30 | 000,278,560 | R--- | M] (Netgear) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\G311N6.sys -- (G311N6)
DRV - [2010/05/04 22:15:30 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/04/28 22:03:51 | 000,116,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0404000.00C\ironx86.sys -- (SymIRON)
DRV - [2010/04/21 19:29:50 | 000,325,680 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\N360\0404000.00C\srtsp.sys -- (SRTSP)
DRV - [2010/04/21 19:29:50 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0404000.00C\srtspx.sys -- (SRTSPX)
DRV - [2009/12/30 11:20:56 | 000,027,064 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\revoflt.sys -- (Revoflt)
DRV - [2009/11/12 14:48:56 | 000,005,504 | ---- | M] () [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009/10/14 20:50:05 | 000,328,752 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0404000.00C\symds.sys -- (SymDS)
DRV - [2009/07/16 16:20:58 | 000,016,694 | ---- | M] (PalmSource, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PalmUSBD.sys -- (PalmUSBD)
DRV - [2008/04/13 11:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2005/07/14 08:57:05 | 000,043,672 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2004/10/21 14:31:14 | 000,038,691 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidUsbK.sys -- (LHidUsbK)
DRV - [2004/10/21 14:31:06 | 000,054,851 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\L8042mou.Sys -- (L8042mou)
DRV - [2004/10/21 14:30:56 | 000,071,535 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2004/10/21 14:30:38 | 000,024,671 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidKE.Sys -- (LHidKe)
DRV - [2003/12/25 19:53:10 | 000,067,456 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\GA311ND5.SYS -- (RTL8023)
DRV - [2003/12/25 19:53:10 | 000,011,237 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\diag69xp.sys -- (Diag69xp)
DRV - [2003/12/25 19:53:10 | 000,008,440 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LANPkt.sys -- (LANPkt)
DRV - [2003/08/29 05:59:24 | 001,101,696 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMSM.sys -- (BCMModem)
DRV - [2003/01/10 14:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw)
DRV - [2001/09/19 03:11:00 | 000,067,440 | ---- | M] (Logitech) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFlt2.sys -- (LMouFlt2)
DRV - [2001/09/19 03:11:00 | 000,050,432 | ---- | M] (Logitech) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042Pr2.sys -- (l8042pr2)
DRV - [2001/09/19 03:11:00 | 000,037,822 | ---- | M] (Logitech) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHIDUSB.SYS -- (LHidUsb)
DRV - [2001/09/19 03:11:00 | 000,022,064 | ---- | M] (Logitech) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHIDFLT2.SYS -- (LHidFlt2)
DRV - [2001/09/19 03:11:00 | 000,005,840 | ---- | M] (Logitech) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LKbdFlt2.sys -- (LKbdFlt2)
DRV - [2001/08/22 08:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (OMCI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKLM\..\URLSearchHook: {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - SOFTWARE\Classes\CLSID\{EA756889-2338-43DB-8F07-D1CA6FB9C90D}\InprocServer32 File not found
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - SOFTWARE\Classes\CLSID\{EA756889-2338-43DB-8F07-D1CA6FB9C90D}\InprocServer32 File not found
IE - HKCU\..\SearchScopes,DefaultScope = {077EB44A-E3F6-4E11-ACB5-BFF9C7515E88}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKCU\..\SearchScopes\{077EB44A-E3F6-4E11-ACB5-BFF9C7515E88}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADBR_en
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :0

========== FireFox ==========

FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "http://www.xfinity.com/customer/start/?attr=mm&cid=insDate08052011"
FF - prefs.js..extensions.enabledAddons: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:2.0.3
FF - prefs.js..extensions.enabledAddons: {F029FFC6-E676-11E1-8270-B8AC6F996F26}:2.0.14
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.7
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.126
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}:6.0.30
FF - prefs.js..keyword.URL: "http://bing.zugo.com/s/?src=FF-Address&site=Bing&cfg=2-73-0-faeY\n&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn\ [2011/07/25 19:33:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn_2010_9_0_6 [2012/10/01 12:18:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/09/25 15:49:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/09 23:26:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/10/01 11:45:42 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{F029FFC6-E676-11E1-8270-B8AC6F996F26}: C:\Documents and Settings\Donald\Local Settings\Application Data\{F029FFC6-E676-11E1-8270-B8AC6F996F26}\ [2012/08/14 18:17:28 | 000,000,000 | ---D | M]

[2008/11/20 20:21:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Donald\Application Data\Mozilla\Extensions
[2012/10/02 00:59:11 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Donald\Application Data\Mozilla\Firefox\Profiles\mxgkytql.default\extensions
[2010/05/09 22:36:44 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Donald\Application Data\Mozilla\Firefox\Profiles\mxgkytql.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/06/04 11:11:51 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Documents and Settings\Donald\Application Data\Mozilla\Firefox\Profiles\mxgkytql.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
[2011/09/25 15:53:38 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Documents and Settings\Donald\Application Data\Mozilla\Firefox\Profiles\mxgkytql.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2011/06/04 11:11:53 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Documents and Settings\Donald\Application Data\Mozilla\Firefox\Profiles\mxgkytql.default\extensions\engine@conduit.com
[2012/01/07 22:58:00 | 000,634,964 | ---- | M] () (No name found) -- C:\Documents and Settings\Donald\Application Data\Mozilla\Firefox\Profiles\mxgkytql.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2010/01/31 17:09:55 | 000,002,188 | ---- | M] () -- C:\Documents and Settings\Donald\Application Data\Mozilla\Firefox\Profiles\mxgkytql.default\searchplugins\bing-ff.xml
[2012/10/01 11:47:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/08/14 18:17:28 | 000,000,000 | ---D | M] (Mozilla Safe Browsing) -- C:\DOCUMENTS AND SETTINGS\DONALD\LOCAL SETTINGS\APPLICATION DATA\{F029FFC6-E676-11E1-8270-B8AC6F996F26}
[2012/02/16 07:40:42 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/02/16 03:42:53 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/16 03:42:53 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\14.0.835.186\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\14.0.835.186\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\14.0.835.186\pdf.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Documents and Settings\Donald\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.126_0\

O1 HOSTS File: ([2003/07/16 09:23:48 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\4.4.0.12\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\4.4.0.12\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (AOL Toolbar BHO) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - Reg Error: Value error. File not found
O2 - BHO: (TwonkyMediaContextMenuHandler) - {D6E0063B-7B09-45C9-A51D-1FB51840EBE0} - C:\Program Files\Twonky\TwonkyBeam\Internet Explorer\TwonkyIEPlugin.dll (PacketVideo)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\4.4.0.12\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - Reg Error: Value error. File not found
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\4.4.0.12\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - Reg Error: Value error. File not found
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech Inc.)
O4 - HKLM..\Run: [nmiscm] C:\Documents and Settings\Donald\Application Data\nmiscm.dll (BitTorrent, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKCU..\Run: [NVIEW] C:\WINDOWS\System32\nview.dll (NVIDIA Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled [2011/09/15 20:52:09 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe (Logitech Inc.)
O4 - Startup: C:\Documents and Settings\Donald\Start Menu\Programs\Startup\AutorunsDisabled [2011/09/04 20:55:53 | 000,000,000 | -H-D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &AOL Toolbar Search - C:\Documents and Settings\All Users\Application Data\AOL\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: &Search - Reg Error: Value error. File not found
O8 - Extra context menu item: Add to Playlist - C:\Program Files\Twonky\TwonkyBeam\Internet Explorer\TwonkyIEPlugin.dll (PacketVideo)
O8 - Extra context menu item: Beam to - C:\Program Files\Twonky\TwonkyBeam\Internet Explorer\TwonkyIEPlugin.dll (PacketVideo)
O9 - Extra Button: TwonkyBeam for Internet Explorer - {339E0A0F-ACAE-408f-AAD7-4E9158FFDE7C} - C:\Program Files\Twonky\TwonkyBeam\Internet Explorer\TwonkyIEPlugin.dll (PacketVideo)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: closetmaid.com ([vsp] http in Trusted sites)
O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/200 ... oader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} http://www.ipix.com/download/ipixx.cab (iPIX ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {2871FC9B-5E34-4AAE-9E9C-EBD1652D5C92} http://forms.real.com/real/player/downl ... st_Win.cab (Reg Error: Unable to open value key)
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} http://ipgweb.cce.hp.com/rdqaio/downloads/sysinfo.cab (SysData Class)
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} http://aolcc.aol.com/computercheckup/qdiagcc.cab (QDiagAOLCCUpdateObj Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupda ... 0197917781 (WUWebControl Class)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/Shar ... /cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftup ... 6499508718 (MUWebControl Class)
O16 - DPF: {85BA505F-FD01-4A91-836C-F7D502E89C9A} http://www.evite.com/html/imageUpload/I ... oader4.cab (Image Uploader Control)
O16 - DPF: {87BE3784-6977-4E84-AA08-55A96B9CEAC5} http://jarmccall.no-ip.info:81/bl_camera.cab (Bl_camera Control)
O16 - DPF: {90051A81-3018-4826-8B38-DD60B6B53F9C} http://www.costcophotocenter.com/CostcoUpload.cab (Snapfish File Upload ActiveX Control)
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} http://www.sibelius.com/download/softwa ... Plugin.cab (ScorchPlugin Class)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdat ... /opuc4.cab (Office Update Installation Engine)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://download.macromedia.com/pub/sho ... wflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Unable to open value key)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E15D1DDC-BCCF-45D5-8EC6-ECF47FB9515B}: DhcpNameServer = 10.0.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Donald\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/06/30 19:31:03 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{d15a8031-59bf-11e0-ba3e-000cf1717603}\Shell\AutoRun\command - "" = G:\Setup_FlipShare.exe
O33 - MountPoints2\{d15a8031-59bf-11e0-ba3e-000cf1717603}\Shell\Setup FlipShare\command - "" = G:\Setup_FlipShare.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/10/02 01:35:43 | 000,600,064 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Donald\Desktop\OTL.exe
[2012/10/02 00:52:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Donald\Local Settings\Application Data\VS Revo Group
[2012/10/02 00:52:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2012/10/02 00:52:03 | 000,027,064 | ---- | C] (VS Revo Group) -- C:\WINDOWS\System32\drivers\revoflt.sys
[2012/10/02 00:52:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Revo Uninstaller Pro
[2012/10/02 00:51:59 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2012/10/02 00:51:17 | 007,902,008 | ---- | C] (VS Revo Group ) -- C:\Documents and Settings\Donald\My Documents\RevoUninProSetup.exe
[2012/10/01 12:13:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/09/26 09:02:02 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Donald\My Documents\dds.scr
[2012/09/25 22:26:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\RegAce
[2012/09/25 22:23:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Donald\Local Settings\Application Data\AskToolbar
[2012/09/25 22:22:18 | 004,733,064 | ---- | C] (WebMinds, Inc. ) -- C:\Documents and Settings\Donald\My Documents\regacesetup.exe
[2012/09/23 02:19:53 | 022,801,616 | ---- | C] (CompanionLink Software, Inc. ) -- C:\Documents and Settings\Donald\My Documents\clpdt50setup(1).exe
[2012/09/23 02:09:00 | 022,801,616 | ---- | C] (CompanionLink Software, Inc. ) -- C:\Documents and Settings\Donald\My Documents\clpdt50setup.exe
[2012/08/14 18:17:14 | 000,458,752 | ---- | C] (BitTorrent, Inc.) -- C:\Documents and Settings\Donald\Application Data\nmiscm.dll
[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\Documents and Settings\Donald\My Documents\*.tmp files -> C:\Documents and Settings\Donald\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/10/02 01:49:00 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2012/10/02 01:35:46 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Donald\Desktop\OTL.exe
[2012/10/02 01:17:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/10/02 00:52:07 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Donald\Application Data\Microsoft\Internet Explorer\Quick Launch\Revo Uninstaller Pro.lnk
[2012/10/02 00:52:07 | 000,000,932 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Revo Uninstaller Pro.lnk
[2012/10/02 00:51:20 | 007,902,008 | ---- | M] (VS Revo Group ) -- C:\Documents and Settings\Donald\My Documents\RevoUninProSetup.exe
[2012/10/01 12:21:38 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/10/01 12:21:28 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2012/10/01 12:17:01 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/09/30 03:00:00 | 000,000,374 | ---- | M] () -- C:\WINDOWS\tasks\RegAce Scheduled Scan - Donald.job
[2012/09/26 23:56:04 | 000,005,409 | ---- | M] () -- C:\Documents and Settings\Donald\Desktop\attach.zip
[2012/09/26 23:55:42 | 000,004,631 | ---- | M] () -- C:\Documents and Settings\Donald\Desktop\dds.zip
[2012/09/26 09:02:05 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Donald\My Documents\dds.scr
[2012/09/25 22:22:22 | 004,733,064 | ---- | M] (WebMinds, Inc. ) -- C:\Documents and Settings\Donald\My Documents\regacesetup.exe
[2012/09/23 02:20:16 | 022,801,616 | ---- | M] (CompanionLink Software, Inc. ) -- C:\Documents and Settings\Donald\My Documents\clpdt50setup(1).exe
[2012/09/23 02:09:22 | 022,801,616 | ---- | M] (CompanionLink Software, Inc. ) -- C:\Documents and Settings\Donald\My Documents\clpdt50setup.exe
[2012/09/07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\Documents and Settings\Donald\My Documents\*.tmp files -> C:\Documents and Settings\Donald\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/10/02 00:52:07 | 000,000,950 | ---- | C] () -- C:\Documents and Settings\Donald\Application Data\Microsoft\Internet Explorer\Quick Launch\Revo Uninstaller Pro.lnk
[2012/10/02 00:52:07 | 000,000,932 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Revo Uninstaller Pro.lnk
[2012/09/26 23:56:04 | 000,005,409 | ---- | C] () -- C:\Documents and Settings\Donald\Desktop\attach.zip
[2012/09/26 23:55:42 | 000,004,631 | ---- | C] () -- C:\Documents and Settings\Donald\Desktop\dds.zip
[2012/09/25 22:26:46 | 000,000,374 | ---- | C] () -- C:\WINDOWS\tasks\RegAce Scheduled Scan - Donald.job
[2012/09/25 22:24:03 | 000,000,236 | ---- | C] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2012/03/09 22:51:05 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/09/04 15:37:38 | 000,000,011 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\.tv6
[2011/08/25 00:17:02 | 000,080,416 | R--- | C] () -- C:\WINDOWS\System32\RtNicProp.dll
[2011/08/10 10:48:29 | 000,005,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2011/06/17 17:51:19 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\Donald\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/05/12 12:04:59 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/05/04 07:11:49 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Donald\LOG
[2010/12/22 11:18:51 | 000,117,100 | ---- | C] () -- C:\WINDOWS\hpoins11.dat.temp
[2010/12/22 11:18:51 | 000,011,634 | ---- | C] () -- C:\WINDOWS\hpomdl11.dat.temp
[2010/12/22 11:16:55 | 000,011,634 | ---- | C] () -- C:\WINDOWS\hpomdl11.dat
[2010/12/22 10:02:18 | 000,397,792 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/12/22 09:29:45 | 000,116,458 | ---- | C] () -- C:\WINDOWS\hpoins11.dat
[2009/11/12 18:23:46 | 000,108,920 | ---- | C] () -- C:\Documents and Settings\Donald\g2ax_customer_downloadhelper_win32_x86.exe
[2009/07/19 10:46:32 | 000,003,530 | ---- | C] () -- C:\Documents and Settings\Donald\palm.csv
[2009/07/17 10:55:36 | 000,300,848 | ---- | C] ( ) -- C:\Documents and Settings\All Users\dcmsvcsetup.exe
[2009/07/17 10:55:34 | 000,009,960 | ---- | C] () -- C:\Documents and Settings\All Users\invokesi.exe
[2007/04/03 16:07:32 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2005/12/17 16:58:20 | 000,015,360 | ---- | C] () -- C:\Documents and Settings\Donald\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/07/11 19:00:11 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\Donald\Local Settings\Application Data\fusioncache.dat

========== ZeroAccess Check ==========

[2005/07/11 18:48:37 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\System32\shdocvw.dll -- [2008/04/13 17:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\System32\wbem\fastprox.dll -- [2009/02/09 05:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\System32\wbem\wbemess.dll -- [2008/04/13 17:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2010/04/27 23:37:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Bluetooth
[2011/08/10 10:49:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited
[2009/07/16 16:26:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HotSync
[2010/06/11 16:02:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MemeoCommon
[2012/09/25 22:26:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RegAce
[2009/10/27 22:32:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/04/27 23:25:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Toolbar4
[2012/10/01 12:22:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TwonkyMedia
[2012/10/01 12:18:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\twonkyserver
[2008/11/01 21:32:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Uninstall
[2007/03/16 07:41:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/02/15 00:30:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WindSolutions
[2010/07/25 00:21:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/12/23 00:46:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/17 21:52:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2011/08/24 23:31:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{B7A015B7-4802-4678-8CEC-700380BA9AFD}
[2010/09/28 23:30:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Donald\Application Data\Amazon
[2010/04/27 23:35:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Donald\Application Data\Any Video Converter
[2010/09/19 22:55:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Donald\Application Data\Binary Fortress Software
[2011/08/05 18:31:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Donald\Application Data\CallingID
[2011/08/10 10:49:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Donald\Application Data\Canneverbe Limited
[2009/12/30 16:38:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Donald\Application Data\com.warnerbros.DigitalCopyManager.449F66ACC381FDC604DC2AA255FEECEEBBBEE1E5.1
[2011/08/05 18:13:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Donald\Application Data\comcasttb
[2008/12/15 13:18:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Donald\Application Data\CopyTrans
[2008/12/15 22:06:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Donald\Application Data\CopyTransControlCenter
[2008/12/17 21:43:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Donald\Application Data\CopyTransDoctor
[2011/09/25 15:51:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Donald\Application Data\DDMSettings
[2011/09/06 19:34:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Donald\Application Data\Digiarty
[2011/07/31 16:37:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Donald\Application Data\GetRightToGo
[2011/09/04 20:19:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Donald\Application Data\HandBrake
[2009/07/16 14:26:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Donald\Application Data\HotSync
[2010/02/18 17:56:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Donald\Application Data\iPodder
[2010/08/05 19:03:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Donald\Application Data\Jaran Nilsen
[2005/07/09 08:49:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Donald\Application Data\Leadertech
[2011/06/11 11:10:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Donald\Application Data\MioNetApplet
[2012/03/03 12:15:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Donald\Application Data\net.pixelevolution.hcr3
[2010/02/14 22:07:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Donald\Application Data\NormSoft
[2009/07/27 09:14:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Donald\Application Data\OfficeUpdate12
[2009/07/08 21:16:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Donald\Application Data\OpenOffice.org
[2010/01/31 17:07:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Donald\Application Data\Participatory Culture Foundation
[2011/07/31 16:38:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Donald\Application Data\Pavtube
[2006/08/19 14:13:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Donald\Application Data\Smith Micro
[2009/02/16 01:47:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Donald\Application Data\Southwest Airlines
[2011/07/29 08:51:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Donald\Application Data\Tific
[2011/09/06 19:32:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Donald\Application Data\TwonkyMedia
[2011/06/04 15:07:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Donald\Application Data\uTorrent
[2007/03/16 07:41:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Donald\Application Data\Viewpoint
[2009/06/22 15:49:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Donald\Application Data\W Photo Studio Viewer
[2010/06/11 15:59:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Donald\Application Data\WD
[2010/09/28 23:20:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Donald\Application Data\WeatherBug
[2010/02/15 00:30:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Donald\Application Data\WindSolutions

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1

< End of report >






And then the Extras.txt

OTL Extras logfile created on: 10/2/2012 1:38:00 AM - Run 1
OTL by OldTimer - Version 3.2.70.1 Folder = C:\Documents and Settings\Donald\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.08 Gb Available Physical Memory | 69.44% Memory free
4.35 Gb Paging File | 3.18 Gb Available in Paging File | 73.11% Paging File free
Paging file location(s): C:\pagefile.sys 1536 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 22.99 Gb Free Space | 30.86% Space Free | Partition Type: NTFS
Drive F: | 232.88 Gb Total Space | 232.78 Gb Free Space | 99.96% Space Free | Partition Type: NTFS
Drive X: | 928.30 Gb Total Space | 820.55 Gb Free Space | 88.39% Space Free | Partition Type: NTFS
Drive Y: | 928.30 Gb Total Space | 820.55 Gb Free Space | 88.39% Space Free | Partition Type: NTFS

Computer Name: DONALD-FDJSU4TP | User Name: Donald | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Unable to open value key
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Unable to open value key
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
"14238:TCP" = 14238:TCP:*:Enabled:Hot Sync Manager
"1700:TCP" = 1700:TCP:*:Enabled:MioNet Remote Drive Access 0
"1701:TCP" = 1701:TCP:*:Enabled:MioNet Remote Drive Access 1
"1702:TCP" = 1702:TCP:*:Enabled:MioNet Remote Drive Access 2
"1703:TCP" = 1703:TCP:*:Enabled:MioNet Remote Drive Access 3
"1704:TCP" = 1704:TCP:*:Enabled:MioNet Remote Drive Access 4
"1705:TCP" = 1705:TCP:*:Enabled:MioNet Remote Drive Access 5
"1706:TCP" = 1706:TCP:*:Enabled:MioNet Remote Drive Access 6
"1707:TCP" = 1707:TCP:*:Enabled:MioNet Remote Drive Access 7
"1708:TCP" = 1708:TCP:*:Enabled:MioNet Remote Drive Access 8
"1709:TCP" = 1709:TCP:*:Enabled:MioNet Remote Drive Access 9
"1641:TCP" = 1641:TCP:*:Enabled:MioNet Remote Drive Verification
"1647:TCP" = 1647:TCP:*:Enabled:MioNet Storage Device Configuration
"5432:UDP" = 5432:UDP:*:Enabled:MioNet Storage Device Discovery

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0
"C:\Program Files\Windows Media Player\wmplayer.exe" = C:\Program Files\Windows Media Player\wmplayer.exe:*:Enabled:Windows Media Player -- (Microsoft Corporation)
"C:\Program Files\America Online 9.0a\waol.exe" = C:\Program Files\America Online 9.0a\waol.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\1120188975\EE\AOLServiceHost.exe" = C:\Program Files\Common Files\AOL\1120188975\EE\AOLServiceHost.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL -- (America Online, Inc.)
"C:\Program Files\Common Files\AOL\System Information\sinf.exe" = C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL -- (AOL LLC)
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe" = C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:*:Enabled:AOL -- (America Online, Inc)
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe" = C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:*:Enabled:AOL -- (America Online Inc)
"C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe" = C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:*:Enabled:AOL
"C:\Palm\PPLTReg.exe" = C:\Palm\PPLTReg.exe:*:Enabled:PPLTReg
"C:\Program Files\America Online 9.0b\waol.exe" = C:\Program Files\America Online 9.0b\waol.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\1160841484\EE\AOLServiceHost.exe" = C:\Program Files\Common Files\AOL\1160841484\EE\AOLServiceHost.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe" = C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe:*:Enabled:AOL TopSpeed
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe" = C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe" = C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\1167326973\EE\AOLServiceHost.exe" = C:\Program Files\Common Files\AOL\1167326973\EE\AOLServiceHost.exe:*:Enabled:AOL -- (America Online, Inc.)
"C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe" = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe:*:Enabled:BlueSoleil
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe -- ()
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\MioNet\MioNetManager.exe" = C:\Program Files\MioNet\MioNetManager.exe:*:Enabled:MioNetManager
"C:\Program Files\MioNet\jvm\bin\MioNet.exe" = C:\Program Files\MioNet\jvm\bin\MioNet.exe:*:Enabled:MioNet
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\NetGear\ProSafe Plus Utility\ProSafe Plus Utility.exe" = C:\Program Files\NetGear\ProSafe Plus Utility\ProSafe Plus Utility.exe:*:Enabled:ProSafe Plus Utility -- ()
"C:\Program Files\NetGear\ProSafe Plus Utility\NsdpManager.exe" = C:\Program Files\NetGear\ProSafe Plus Utility\NsdpManager.exe:*:Enabled:NsdpManager -- ()
"C:\Program Files\NetGear\ProSafe Plus Utility\NetGearServer.exe" = C:\Program Files\NetGear\ProSafe Plus Utility\NetGearServer.exe:*:Enabled:NetGearServer -- ()
"C:\Program Files\TwonkyMedia\twonkymediaserverwatchdog.exe" = C:\Program Files\TwonkyMedia\twonkymediaserverwatchdog.exe:*:Enabled:TwonkyMedia -- (PacketVideo)
"C:\Program Files\TwonkyMedia\TwonkyMediaServer.exe" = C:\Program Files\TwonkyMedia\TwonkyMediaServer.exe:*:Enabled:TwonkyMediaServer -- ()
"C:\Program Files\TwonkyMedia\MediaManager\TwonkyMediaManager.exe" = C:\Program Files\TwonkyMedia\MediaManager\TwonkyMediaManager.exe:*:Enabled:TwonkyMediaManager -- (PacketVideo )
"C:\Program Files\Twonky\TwonkyBeam\TMSLite\tms-beam.exe" = C:\Program Files\Twonky\TwonkyBeam\TMSLite\tms-beam.exe:*:Enabled:TwonkyServerLite -- ()
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03410014-3975-4267-9F39-1DC4745090B7}" = Microsoft Encarta Encyclopedia Standard 2003
"{0A65A3BD-54B5-4d0d-B084-7688507813F5}" = SlideShow
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{15C0AF59-4877-49B6-B8C6-A61CE54515F5}" = cp_OnlineProjectsConfig
"{1AD5F465-8282-4DAD-B957-E09C0B783D18}" = InstantShare
"{1B680FBA-E317-4E93-AF43-3B59798A4BE0}" = Copy
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
"{23B35809-5E4A-4F14-8332-1CDEDDFAC089}" = CP_Package_Variety2
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{26BDE7D8-93F0-4A07-AD47-1707DB417941}" = Camera Support Core Library
"{272EC8BA-5A08-4ea1-A189-684466A06B02}" = cp_dwShrek2Albums1
"{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}" = Logitech SetPoint
"{2F58D60D-2BFD-4467-9B4D-64E7355C329D}" = Sonic_PrimoSDK
"{33BF0960-DBA3-4187-B6CC-C969FCFA2D25}" = SkinsHP1
"{345112D9-0930-4A68-AB71-A831BA5DE7AA}" = Microsoft IntelliType Pro 6.2
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3571A4C6-E0C6-47A7-B587-845CE2A6DEB0}" = Acronis Migrate Easy
"{363790D2-DA98-41DD-9C9F-69FA36B169DE}" = PanoStandAlone
"{369B36BE-3D64-4641-9AEA-808D436FE132}" = Microsoft Picture It! Photo 7.0
"{41E776A5-9B12-416D-9A12-B4F7B044EBED}" = CP_Package_Basic1
"{4462265B-3DC7-44AD-B56D-D09BA67BA422}" = 6300
"{44CDBD1B-89FB-4E02-8319-2A4C550F664A}" = RTC Client API v1.2
"{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EA684E9-5C81-4033-A696-3019EC57AC3A}" = HPProductAssistant
"{4F454B69-4619-44E9-848F-3FC49BC8D9BB}" = Palm VersaMail(tm)
"{522D1D79-9C0A-4361-91F8-2AFF8EC6C2E1}" = CP_Package_Variety1
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5809E7CF-4DCF-11D4-9875-00105ACE7734}" = Logitech MouseWare 9.41 .1
"{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7
"{5F26311C-B135-4F7F-B11E-8E650F83651E}" = DeviceFunctionQFolder
"{5FE545A1-D215-4216-9189-E7B39C9D1CC1}" = Quicken 2011
"{644D04A2-C682-4FD5-977D-03B804C4B9C5}" = CreativeProjects
"{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg
"{6696D9A4-28A8-4F5A-8E9A-2E8974C8C39C}" = RandMap
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.5.8
"{68131B0A-D78D-4aed-B74E-33A6C7324E50}" = WD Anywhere Backup
"{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI
"{68E7E8BD-2233-49BE-81D6-1A1FAF1B5196}" = RAW Image Task 1.1
"{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{724517BD-1DE1-4986-BFCA-C1DFD379E3BC}" = cp_dwShrek2Cards1
"{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}" = Microsoft Works 7.0
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7729C083-48C3-4A0F-9692-30673AC856DB}" = ProSafe Plus Utility
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7AD25C9F-9957-4D1C-95EF-9BCD09F6D31B}" = HPSystemDiagnostics
"{7CC673E7-5271-409D-B196-BB76DA60300B}" = TwonkyMedia Windows Components
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}" = ProductContextNPI
"{7EE9DE0D-9228-4C33-B80E-FDD1773600DF}" = Microsoft Works Suite Add-in for Microsoft Word
"{818ABC3C-635C-4651-8183-D0E9640B7DD1}" = HP Update
"{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status
"{84031A18-BA9A-4156-A74F-E05B52DDFCE2}" = DING!
"{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A4CE7FD-9657-4B06-9943-E1819F3D5D67}" = DocProc
"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{996512CF-F35B-48DE-9291-557FA5316967}" = ScannerCopy
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A29800BA-0BF1-4E63-9F31-DF05A87F4104}" = InstantShareDevices
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}" = Windows Defender Signatures
"{A654A805-41D9-40C7-AA46-4AF04F044D61}" = Adobe® Photoshop® Album Starter Edition 3.2
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
"{B11E71BA-498C-42D4-9F1A-9D7A89D9DA61}" = CP_AtenaShokunin1Config
"{B2157760-AA3C-4E2E-BFE6-D20BC52495D9}" = cp_PosterPrintConfig
"{B34BE30D-A759-4EC2-B58F-19FE2DEBF651}" = Camera Window
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B57F2FF0-5A25-4332-B503-4592B370C02F}" = CP_Package_Variety3
"{B6286A44-7505-471A-A72B-04EC2DB2F442}" = CueTour
"{B69CFE29-FD03-4E0A-87A7-6ED97F98E5B3}" = CP_Panorama1Config
"{BB7DEA41-298E-450B-9C3A-E7B48D9D021B}" = 6300_Help
"{BCE72AED-3332-4863-9567-C5DCB9052CA2}" = Netflix Movie Viewer
"{BD57EA4D-026E-4F08-9B93-080E282B81FE}" = iPod for Windows 2006-06-28
"{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}" = HP Photosmart, Officejet and Deskjet 7.0.A
"{BEF56F2D-56ED-4176-BF72-7B68D4A3B98D}" = Canon PhotoRecord
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1C6767D-B395-43CB-BF99-051B58B86DA6}" = PhotoGallery
"{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}" = Canon Utilities ZoomBrowser EX
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C73CA646-73B3-4AEF-A136-C37505745174}" = iTunes
"{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}" = SolutionCenter
"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CBE0FCA1-4E95-11D4-9875-00105ACE7734}" = Logitech User's Guide
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF2C1A86-5A98-4862-A3AE-9992E3A6427D}" = RemoteCapture Task 1.0.3
"{D03482C5-9AD8-496D-B388-692AE04C93AF}" = Bonjour
"{D61524CF-93FE-4193-91AD-C6E21FEEAA5A}" = Logitech Harmony Remote Software 7
"{D64DCF1C-7A95-49A4-BAFA-C42B5CF6B8B6}" = Works Suite OS Pack
"{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
"{DBC20735-34E6-4E97-A9E5-2066B66B243D}" = TrayApp
"{DBD40476-78A4-4738-86B4-A5FB8807946D}" = NETGEAR GA311 Gigabit Adapter
"{DE286975-ACF1-45B8-9EF7-34E162B2C817}" = MovieEdit Task
"{E75D6968-E023-8BD2-26A7-15B53D07EEF8}" = HCR3 Exercise v1.4
"{ED2C557E-9C18-41FF-B58E-A05EEF0B3B5F}" = CP_CalendarTemplates1
"{EF4C7EB0-D71B-43A3-9552-8053DE4B0401}" = PhotoStitch
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F157460F-720E-482f-8625-AD7843891E5F}" = InstantShareDevicesMFC
"{F2AB49F2-D632-446C-9A6E-5B4A98DFF13B}" = 6300Trb
"{F3760724-B29D-465B-BC53-E5D72095BCC4}" = Scan
"{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA
"{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations
"{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA
"{FC22D020-3005-4715-8DF9-F3EDE81DEB3D}" = CreativeProjectsTemplates
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FE7E1DD7-EBCE-4696-ADE2-22BDBF2372DA}" = DocumentViewer
"{FF24F097-D090-41D2-8E9C-BAFEBBFD938C}" = palmOne
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe® Photoshop® Album Starter Edition 3.2" = Adobe® Photoshop® Album Starter Edition 3.2
"AOL Uninstaller" = AOL Uninstaller
"BCM V.92 56K Modem" = BCM V.92 56K Modem
"dcmsvc_is1" = dcmsvc 1.0
"DivX Setup" = DivX Setup
"DVDFab 8 Qt_is1" = DVDFab 8.1.1.2 (08/08/2011) Qt
"HP Document Viewer" = HP Document Viewer 7.0
"HP Imaging Device Functions" = HP Imaging Device Functions 7.0
"HP Photo & Imaging" = HP Photosmart Premier Software 6.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 7.0
"HPOCR" = OCR Software by I.R.I.S 7.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{26BDE7D8-93F0-4A07-AD47-1707DB417941}" = Canon Camera Support Core Library
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"InstallShield_{68E7E8BD-2233-49BE-81D6-1A1FAF1B5196}" = Canon RAW Image Task for ZoomBrowser EX
"InstallShield_{7729C083-48C3-4A0F-9692-30673AC856DB}" = ProSafe Plus Utility
"InstallShield_{B34BE30D-A759-4EC2-B58F-19FE2DEBF651}" = Canon Camera Window for ZoomBrowser EX
"InstallShield_{BD57EA4D-026E-4F08-9B93-080E282B81FE}" = iPod for Windows 2006-06-28
"InstallShield_{CF2C1A86-5A98-4862-A3AE-9992E3A6427D}" = Canon RemoteCapture Task for ZoomBrowser EX
"InstallShield_{DBD40476-78A4-4738-86B4-A5FB8807946D}" = NETGEAR GA311 Smart Wizard Utility
"InstallShield_{DE286975-ACF1-45B8-9EF7-34E162B2C817}" = Canon MovieEdit Task for ZoomBrowser EX
"InstallShield_{EF4C7EB0-D71B-43A3-9552-8053DE4B0401}" = Canon Utilities PhotoStitch 3.1
"Logitech Resource Center" = Logitech Resource Center
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.0.1400
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 10.0.2 (x86 en-US)" = Mozilla Firefox 10.0.2 (x86 en-US)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSN Music Assistant" = MSN Music Assistant
"N360" = Norton Security Suite
"net.pixelevolution.hcr3" = HCR3 Exercise v1.4
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA" = NVIDIA Windows 2000/XP Display Drivers
"Photo Viewer_is1" = Photo Viewer s2.5
"Pocket Tunes" = Pocket Tunes 5.0.0
"PROSet" = Intel(R) PRO Network Adapters and Drivers
"Q903235" = Internet Explorer Q903235
"QuickLink Mobile Phonebook" = QuickLink Mobile Phonebook
"Shockwave" = Shockwave
"TwonkyBeam for Internet Explorer" = TwonkyBeam for Internet Explorer
"TwonkyManager" = TwonkyManager
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VLC media player 2.0.1
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinX Blu-ray Decrypter_is1" = WinX Blu-ray Decrypter 3.0.0
"WinX DVD Author_is1" = WinX DVD Author 5.9
"WinX DVD Copy Pro_is1" = WinX DVD Copy Pro 2.2.0
"WinZip" = WinZip
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Works2003Setup" = Microsoft Works 2003 Setup Launcher
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"InstallShield_{4F454B69-4619-44E9-848F-3FC49BC8D9BB}" = Palm VersaMail(tm)

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 9/23/2012 5:40:37 AM | Computer Name = DONALD-FDJSU4TP | Source = AntiSpywareService | ID = 0
Description =

Error - 9/24/2012 5:01:10 AM | Computer Name = DONALD-FDJSU4TP | Source = AntiSpywareService | ID = 0
Description =

Error - 9/24/2012 1:27:22 PM | Computer Name = DONALD-FDJSU4TP | Source = AntiSpywareService | ID = 0
Description =

Error - 9/25/2012 2:36:03 AM | Computer Name = DONALD-FDJSU4TP | Source = Microsoft Office 11 | ID = 2001
Description =

Error - 9/26/2012 11:22:59 AM | Computer Name = DONALD-FDJSU4TP | Source = AntiSpywareService | ID = 0
Description =

Error - 10/1/2012 2:35:18 PM | Computer Name = DONALD-FDJSU4TP | Source = AntiSpywareService | ID = 0
Description =

Error - 10/1/2012 2:55:39 PM | Computer Name = DONALD-FDJSU4TP | Source = AntiSpywareService | ID = 0
Description =

Error - 10/1/2012 3:22:02 PM | Computer Name = DONALD-FDJSU4TP | Source = AntiSpywareService | ID = 0
Description =

Error - 10/2/2012 12:03:42 AM | Computer Name = DONALD-FDJSU4TP | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 10.0.2.4428, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 10/2/2012 12:04:23 AM | Computer Name = DONALD-FDJSU4TP | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 10.0.2.4428, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 10/1/2012 2:33:14 PM | Computer Name = DONALD-FDJSU4TP | Source = Service Control Manager | ID = 7023
Description = The HID Input Service service terminated with the following error:
%%126

Error - 10/1/2012 2:53:20 PM | Computer Name = DONALD-FDJSU4TP | Source = Service Control Manager | ID = 7023
Description = The HID Input Service service terminated with the following error:
%%126

Error - 10/1/2012 2:54:07 PM | Computer Name = DONALD-FDJSU4TP | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM
Service service to connect.

Error - 10/1/2012 2:54:07 PM | Computer Name = DONALD-FDJSU4TP | Source = Service Control Manager | ID = 7000
Description = The IMAPI CD-Burning COM Service service failed to start due to the
following error: %%1053

Error - 10/1/2012 2:55:22 PM | Computer Name = DONALD-FDJSU4TP | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Application Layer Gateway
Service service to connect.

Error - 10/1/2012 2:55:39 PM | Computer Name = DONALD-FDJSU4TP | Source = Service Control Manager | ID = 7000
Description = The Application Layer Gateway Service service failed to start due
to the following error: %%1053

Error - 10/1/2012 3:20:23 PM | Computer Name = DONALD-FDJSU4TP | Source = Service Control Manager | ID = 7023
Description = The HID Input Service service terminated with the following error:
%%126

Error - 10/1/2012 3:20:40 PM | Computer Name = DONALD-FDJSU4TP | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM
Service service to connect.

Error - 10/1/2012 3:20:40 PM | Computer Name = DONALD-FDJSU4TP | Source = Service Control Manager | ID = 7000
Description = The IMAPI CD-Burning COM Service service failed to start due to the
following error: %%1053

Error - 10/1/2012 3:22:04 PM | Computer Name = DONALD-FDJSU4TP | Source = DCOM | ID = 10010
Description = The server {0002DF01-0000-0000-C000-000000000046} did not register
with DCOM within the required timeout.


< End of report >


aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-10-02 01:57:23
-----------------------------
01:57:23.171 OS Version: Windows 5.1.2600 Service Pack 3
01:57:23.171 Number of processors: 1 586 0x209
01:57:23.171 ComputerName: DONALD-FDJSU4TP UserName: Donald
01:57:24.125 Initialize success
02:01:01.906 AVAST engine defs: 12100101
02:02:09.812 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
02:02:09.812 Disk 0 Vendor: ST380011A 8.16 Size: 76293MB BusType: 3
02:02:09.828 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-c
02:02:09.828 Disk 1 Vendor: WDC_WD2500BB-00GUA0 08.02D08 Size: 238475MB BusType: 3
02:02:09.843 Disk 0 MBR read successfully
02:02:09.843 Disk 0 MBR scan
02:02:09.890 Disk 0 Windows XP default MBR code
02:02:09.890 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 76285 MB offset 63
02:02:09.906 Disk 0 scanning sectors +156232125
02:02:10.000 Disk 0 scanning C:\WINDOWS\system32\drivers
02:02:32.875 Service scanning
02:03:06.968 Modules scanning
02:03:25.421 Disk 0 trace - called modules:
02:03:25.421 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
02:03:25.421 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8adfbab8]
02:03:25.437 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x8add1d98]
02:03:25.890 AVAST engine scan C:\WINDOWS
02:03:53.390 AVAST engine scan C:\WINDOWS\system32
02:11:47.078 AVAST engine scan C:\WINDOWS\system32\drivers
02:13:24.265 AVAST engine scan C:\Documents and Settings\Donald
02:22:44.265 File: C:\Documents and Settings\Donald\Application Data\nmiscm.dll **INFECTED** Win32:Medfos [Trj]
02:43:57.906 AVAST engine scan C:\Documents and Settings\All Users
02:54:00.250 Scan finished successfully
10:36:56.671 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Donald\Desktop\MBR.dat"
10:36:56.703 The log file has been saved successfully to "C:\Documents and Settings\Donald\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-10-02 01:57:23
-----------------------------
01:57:23.171 OS Version: Windows 5.1.2600 Service Pack 3
01:57:23.171 Number of processors: 1 586 0x209
01:57:23.171 ComputerName: DONALD-FDJSU4TP UserName: Donald
01:57:24.125 Initialize success
02:01:01.906 AVAST engine defs: 12100101
02:02:09.812 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
02:02:09.812 Disk 0 Vendor: ST380011A 8.16 Size: 76293MB BusType: 3
02:02:09.828 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-c
02:02:09.828 Disk 1 Vendor: WDC_WD2500BB-00GUA0 08.02D08 Size: 238475MB BusType: 3
02:02:09.843 Disk 0 MBR read successfully
02:02:09.843 Disk 0 MBR scan
02:02:09.890 Disk 0 Windows XP default MBR code
02:02:09.890 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 76285 MB offset 63
02:02:09.906 Disk 0 scanning sectors +156232125
02:02:10.000 Disk 0 scanning C:\WINDOWS\system32\drivers
02:02:32.875 Service scanning
02:03:06.968 Modules scanning
02:03:25.421 Disk 0 trace - called modules:
02:03:25.421 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
02:03:25.421 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8adfbab8]
02:03:25.437 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x8add1d98]
02:03:25.890 AVAST engine scan C:\WINDOWS
02:03:53.390 AVAST engine scan C:\WINDOWS\system32
02:11:47.078 AVAST engine scan C:\WINDOWS\system32\drivers
02:13:24.265 AVAST engine scan C:\Documents and Settings\Donald
02:22:44.265 File: C:\Documents and Settings\Donald\Application Data\nmiscm.dll **INFECTED** Win32:Medfos [Trj]
02:43:57.906 AVAST engine scan C:\Documents and Settings\All Users
02:54:00.250 Scan finished successfully
10:36:56.671 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Donald\Desktop\MBR.dat"
10:36:56.703 The log file has been saved successfully to "C:\Documents and Settings\Donald\Desktop\aswMBR.txt"
10:38:42.781 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Donald\Desktop\MBR.dat"
10:38:42.796 The log file has been saved successfully to "C:\Documents and Settings\Donald\Desktop\aswMBR.txt"
Technot
Active Member
 
Posts: 7
Joined: September 27th, 2012, 2:46 am

Re: Malware removal help needed

Unread postby Cypher » October 2nd, 2012, 2:16 pm

Hi Technot.
Give do following then give me an update on your computers performance.

We need to run an OTL Fix

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Image textbox. Do not include the word Code
    Code: Select all
    :commands
    [createrestorepoint]
    
    :processes
    killallprocesses
    
    :otl
    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKCU\..\URLSearchHook: {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - SOFTWARE\Classes\CLSID\{EA756889-2338-43DB-8F07-D1CA6FB9C90D}\InprocServer32 File not found
    IE - HKCU\..\SearchScopes,DefaultScope = {077EB44A-E3F6-4E11-ACB5-BFF9C7515E88}
    FF - prefs.js..extensions.enabledAddons: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:2.0.3
    FF - prefs.js..extensions.enabledAddons: {F029FFC6-E676-11E1-8270-B8AC6F996F26}:2.0.14
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
    FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
    FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
    FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.7
    FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.126
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}:6.0.30
    [2011/06/04 11:11:51 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Documents and Settings\Donald\Application Data\Mozilla\Firefox\Profiles\mxgkytql.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
    [2011/06/04 11:11:53 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Documents and Settings\Donald\Application Data\Mozilla\Firefox\Profiles\mxgkytql.default\extensions\engine@conduit.com
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (AOL Toolbar BHO) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - Reg Error: Value error. File not found
    O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - Reg Error: Value error. File not found
    O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - Reg Error: Value error. File not found
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [nmiscm] C:\Documents and Settings\Donald\Application Data\nmiscm.dll (BitTorrent, Inc.)
    O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
    O15 - HKCU\..Trusted Domains: closetmaid.com ([vsp] http in Trusted sites)
    O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)
    O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)
    O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)
    [2012/09/25 22:23:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Donald\Local Settings\Application Data\AskToolbar
    [2012/08/14 18:17:14 | 000,458,752 | ---- | C] (BitTorrent, Inc.) -- C:\Documents and Settings\Donald\Application Data\nmiscm.dll
    [2012/10/02 01:49:00 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
    [2010/12/22 11:18:51 | 000,117,100 | ---- | C] () -- C:\WINDOWS\hpoins11.dat.temp
    [2010/12/22 11:18:51 | 000,011,634 | ---- | C] () -- C:\WINDOWS\hpomdl11.dat.temp
    @Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
    
    :files
    C:\Documents and Settings\Donald\Application Data\nmiscm.dll 
    ipconfig /flushdns /c
    
    :commands
    [emptytemp]
    [resethosts]
    
    
  • Then click the Run Fix button at the top.
  • Click Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Next.

Please download TDSSKiller and save it to your Desktop.

  • Doubleclick TDSSKiller.exe to run it.
  • Under Additional Options check Verify file digital signatures
  • IMPORTANT: Ensure Detect TDLFS file system remains UNchecked.
  • Click Start scan and allow it to scan for Malicious objects.

    • If Malicious objects are detected, the default action will be Cure, ensure Cure is selected then click Continue
    • If suspicious objects are detected, the default action will be Skip, ensure Skip is selected then click Continue
    • If Unsigned files are detected, the default action will be Skip, ensure Skip is selected then click Continue

    DO NOT change the default actions.

  • It may ask you to reboot the computer to complete the process. Click on Reboot Now and allow the computer to reboot.
  • A log will be created on your root (usually C:) drive. The log is like UtilityName.Version_Date_Time_log.txt.
    for example, C:\TDSSKiller.2.4.1.2_20.04.2010_15.31.43_log.txt.
  • If no reboot is required, click on Report. A log file should appear.
  • Please post the contents in your next reply

Logs/Information to Post in your Next Reply

  • OTL fix log.
  • TDSSKiller log.
  • Please give me an update on your computers performance.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Malware removal help needed

Unread postby Technot » October 2nd, 2012, 3:19 pm

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== PROCESSES ==========
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{EA756889-2338-43DB-8F07-D1CA6FB9C90D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EA756889-2338-43DB-8F07-D1CA6FB9C90D}\ deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Prefs.js: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:2.0.3 removed from extensions.enabledAddons
Prefs.js: {F029FFC6-E676-11E1-8270-B8AC6F996F26}:2.0.14 removed from extensions.enabledAddons
Prefs.js: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 removed from extensions.enabledItems
Prefs.js: jqs@sun.com:1.0 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 removed from extensions.enabledItems
Prefs.js: engine@conduit.com:3.3.3.2 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 removed from extensions.enabledItems
Prefs.js: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.7 removed from extensions.enabledItems
Prefs.js: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.126 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}:6.0.30 removed from extensions.enabledItems
C:\Documents and Settings\Donald\Application Data\Mozilla\Firefox\Profiles\mxgkytql.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\searchplugin folder moved successfully.
C:\Documents and Settings\Donald\Application Data\Mozilla\Firefox\Profiles\mxgkytql.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\META-INF folder moved successfully.
C:\Documents and Settings\Donald\Application Data\Mozilla\Firefox\Profiles\mxgkytql.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\lib folder moved successfully.
C:\Documents and Settings\Donald\Application Data\Mozilla\Firefox\Profiles\mxgkytql.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\defaults folder moved successfully.
C:\Documents and Settings\Donald\Application Data\Mozilla\Firefox\Profiles\mxgkytql.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components folder moved successfully.
C:\Documents and Settings\Donald\Application Data\Mozilla\Firefox\Profiles\mxgkytql.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\chrome folder moved successfully.
C:\Documents and Settings\Donald\Application Data\Mozilla\Firefox\Profiles\mxgkytql.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} folder moved successfully.
C:\Documents and Settings\Donald\Application Data\Mozilla\Firefox\Profiles\mxgkytql.default\extensions\engine@conduit.com\searchplugin folder moved successfully.
C:\Documents and Settings\Donald\Application Data\Mozilla\Firefox\Profiles\mxgkytql.default\extensions\engine@conduit.com\META-INF folder moved successfully.
C:\Documents and Settings\Donald\Application Data\Mozilla\Firefox\Profiles\mxgkytql.default\extensions\engine@conduit.com\lib folder moved successfully.
C:\Documents and Settings\Donald\Application Data\Mozilla\Firefox\Profiles\mxgkytql.default\extensions\engine@conduit.com\DualPackage folder moved successfully.
C:\Documents and Settings\Donald\Application Data\Mozilla\Firefox\Profiles\mxgkytql.default\extensions\engine@conduit.com\defaults folder moved successfully.
C:\Documents and Settings\Donald\Application Data\Mozilla\Firefox\Profiles\mxgkytql.default\extensions\engine@conduit.com\components folder moved successfully.
C:\Documents and Settings\Donald\Application Data\Mozilla\Firefox\Profiles\mxgkytql.default\extensions\engine@conduit.com\chrome folder moved successfully.
C:\Documents and Settings\Donald\Application Data\Mozilla\Firefox\Profiles\mxgkytql.default\extensions\engine@conduit.com folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7C554162-8CB7-45A4-B8F4-8EA1C75885F9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C554162-8CB7-45A4-B8F4-8EA1C75885F9}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{DE9C389F-3316-41A7-809B-AA305ED9D922} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DE9C389F-3316-41A7-809B-AA305ED9D922}\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4069E3A-68F1-403E-B40E-20066696354B}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4982D40A-C53B-4615-B15B-B5B5E98D167C}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{DE9C389F-3316-41A7-809B-AA305ED9D922} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DE9C389F-3316-41A7-809B-AA305ED9D922}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\nmiscm deleted successfully.
C:\Documents and Settings\Donald\Application Data\nmiscm.dll moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\aol.com\objects\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\closetmaid.com\vsp\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\internet\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\intuit.com\ttlc\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mcafee.com\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mcafee.com\ not found.
C:\Documents and Settings\Donald\Local Settings\Application Data\AskToolbar folder moved successfully.
File C:\Documents and Settings\Donald\Application Data\nmiscm.dll not found.
C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job moved successfully.
C:\WINDOWS\hpoins11.dat.temp moved successfully.
C:\WINDOWS\hpomdl11.dat.temp moved successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1 deleted successfully.
========== FILES ==========
File\Folder C:\Documents and Settings\Donald\Application Data\nmiscm.dll not found.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Donald\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Donald\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users
->Temporary Internet Files folder emptied: 32768 bytes

User: Donald
->Temp folder emptied: 815419397 bytes
->Temporary Internet Files folder emptied: 78058058 bytes
->Java cache emptied: 53351067 bytes
->FireFox cache emptied: 356898501 bytes
->Google Chrome cache emptied: 13340200 bytes
->Apple Safari cache emptied: 6242304 bytes
->Flash cache emptied: 1533367 bytes

User: LocalService
->Temp folder emptied: 65984 bytes
->Temporary Internet Files folder emptied: 40015 bytes

User: Melissa
->Temp folder emptied: 1458244 bytes
->Temporary Internet Files folder emptied: 458663 bytes
->Flash cache emptied: 300 bytes

User: NetworkService
->Temp folder emptied: 2877159 bytes
->Temporary Internet Files folder emptied: 116687994 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1145933 bytes
%systemroot%\System32 .tmp files removed: 3032081 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 15841589 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 23947280 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 911766 bytes
RecycleBin emptied: 4288643982 bytes

Total Files Cleaned = 5,512.00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.70.1 log created on 10022012_120115

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Donald\Local Settings\Temp\~DF7946.tmp not found!
File\Folder C:\Documents and Settings\Donald\Local Settings\Temp\~DFA0A6.tmp not found!
File\Folder C:\Documents and Settings\Donald\Local Settings\Temp\~DFA8E9.tmp not found!
C:\Documents and Settings\Donald\Local Settings\Temp\~WRD4065.doc moved successfully.
C:\Documents and Settings\Donald\Local Settings\Temporary Internet Files\Content.Word\~WRF0001.tmp moved successfully.
C:\Documents and Settings\Donald\Local Settings\Temporary Internet Files\Content.Word\~WRS0000.tmp moved successfully.
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_7c8.dat not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
Technot
Active Member
 
Posts: 7
Joined: September 27th, 2012, 2:46 am

Re: Malware removal help needed

Unread postby Technot » October 2nd, 2012, 3:29 pm

12:22:04.0812 2592 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
12:22:05.0500 2592 ============================================================
12:22:05.0500 2592 Current date / time: 2012/10/02 12:22:05.0500
12:22:05.0500 2592 SystemInfo:
12:22:05.0500 2592
12:22:05.0500 2592 OS Version: 5.1.2600 ServicePack: 3.0
12:22:05.0500 2592 Product type: Workstation
12:22:05.0500 2592 ComputerName: DONALD-FDJSU4TP
12:22:05.0500 2592 UserName: Donald
12:22:05.0500 2592 Windows directory: C:\WINDOWS
12:22:05.0500 2592 System windows directory: C:\WINDOWS
12:22:05.0500 2592 Processor architecture: Intel x86
12:22:05.0500 2592 Number of processors: 1
12:22:05.0500 2592 Page size: 0x1000
12:22:05.0500 2592 Boot type: Normal boot
12:22:05.0500 2592 ============================================================
12:22:07.0640 2592 Drive \Device\Harddisk0\DR0 - Size: 0x12A05F2000 (74.51 Gb), SectorSize: 0x200, Cylinders: 0x25FE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
12:22:07.0656 2592 Drive \Device\Harddisk1\DR1 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
12:22:07.0671 2592 ============================================================
12:22:07.0671 2592 \Device\Harddisk0\DR0:
12:22:07.0671 2592 MBR partitions:
12:22:07.0671 2592 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x94FE97E
12:22:07.0671 2592 \Device\Harddisk1\DR1:
12:22:07.0671 2592 MBR partitions:
12:22:07.0671 2592 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1C0681
12:22:07.0671 2592 ============================================================
12:22:07.0703 2592 C: <-> \Device\Harddisk0\DR0\Partition1
12:22:07.0734 2592 F: <-> \Device\Harddisk1\DR1\Partition1
12:22:07.0750 2592 ============================================================
12:22:07.0750 2592 Initialize success
12:22:07.0750 2592 ============================================================
12:22:12.0015 2416 ============================================================
12:22:12.0015 2416 Scan started
12:22:12.0015 2416 Mode: Manual;
12:22:12.0015 2416 ============================================================
12:22:13.0984 2416 ================ Scan system memory ========================
12:22:13.0984 2416 System memory - ok
12:22:14.0000 2416 ================ Scan services =============================
12:22:14.0140 2416 Abiosdsk - ok
12:22:14.0140 2416 abp480n5 - ok
12:22:14.0203 2416 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
12:22:14.0218 2416 ACPI - ok
12:22:14.0265 2416 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
12:22:14.0296 2416 ACPIEC - ok
12:22:14.0406 2416 [ E12CFCF1DDBFC50948A75E6E38793225 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
12:22:14.0406 2416 AdobeFlashPlayerUpdateSvc - ok
12:22:14.0421 2416 adpu160m - ok
12:22:14.0484 2416 [ 11C04B17ED2ABBB4833694BCD644AC90 ] aeaudio C:\WINDOWS\system32\drivers\aeaudio.sys
12:22:14.0500 2416 aeaudio - ok
12:22:14.0562 2416 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
12:22:14.0578 2416 aec - ok
12:22:14.0640 2416 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
12:22:14.0640 2416 AFD - ok
12:22:14.0703 2416 [ C685CC27A2E637F0DCB5A45E67CC6F74 ] AFS2K C:\WINDOWS\system32\drivers\AFS2K.sys
12:22:14.0718 2416 AFS2K - ok
12:22:14.0765 2416 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
12:22:14.0781 2416 agp440 - ok
12:22:14.0812 2416 Aha154x - ok
12:22:14.0828 2416 aic78u2 - ok
12:22:14.0843 2416 aic78xx - ok
12:22:14.0875 2416 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
12:22:14.0906 2416 Alerter - ok
12:22:14.0953 2416 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
12:22:14.0953 2416 ALG - ok
12:22:14.0968 2416 AliIde - ok
12:22:14.0984 2416 amsint - ok
12:22:15.0093 2416 [ F9DAC844B1D370DA4C984D4C22F5E696 ] AntiSpywareService C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe
12:22:15.0109 2416 AntiSpywareService - ok
12:22:15.0203 2416 [ 7FB54900AA9792AB6307C699EC1859D4 ] AOL TopSpeedMonitor C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
12:22:15.0203 2416 AOL TopSpeedMonitor - ok
12:22:15.0296 2416 [ 20F6F19FE9E753F2780DC2FA083AD597 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
12:22:15.0296 2416 Apple Mobile Device - ok
12:22:15.0343 2416 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
12:22:15.0375 2416 AppMgmt - ok
12:22:15.0390 2416 asc - ok
12:22:15.0406 2416 asc3350p - ok
12:22:15.0421 2416 asc3550 - ok
12:22:15.0562 2416 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
12:22:15.0656 2416 aspnet_state - ok
12:22:15.0703 2416 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
12:22:15.0734 2416 AsyncMac - ok
12:22:15.0765 2416 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
12:22:15.0765 2416 atapi - ok
12:22:15.0796 2416 Atdisk - ok
12:22:15.0828 2416 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
12:22:15.0859 2416 Atmarpc - ok
12:22:15.0890 2416 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
12:22:15.0890 2416 AudioSrv - ok
12:22:15.0937 2416 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
12:22:15.0968 2416 audstub - ok
12:22:16.0078 2416 [ 41347688046D49CDE0F6D138A534F73D ] BCMModem C:\WINDOWS\system32\DRIVERS\BCMSM.sys
12:22:16.0140 2416 BCMModem - ok
12:22:16.0171 2416 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
12:22:16.0171 2416 Beep - ok
12:22:16.0437 2416 [ C364F02969E9A842321DD91BCFF749D4 ] BHDrvx86 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20120919.001\BHDrvx86.sys
12:22:16.0437 2416 BHDrvx86 - ok
12:22:16.0500 2416 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
12:22:16.0640 2416 BITS - ok
12:22:16.0656 2416 BlueletAudio - ok
12:22:16.0671 2416 BlueletSCOAudio - ok
12:22:16.0765 2416 [ 1C87705CCB2F60172B0FC86B5D82F00D ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
12:22:16.0796 2416 Bonjour Service - ok
12:22:16.0843 2416 [ A06CE3399D16DB864F55FAEB1F1927A9 ] Browser C:\WINDOWS\System32\browser.dll
12:22:16.0843 2416 Browser - ok
12:22:16.0875 2416 BT - ok
12:22:16.0875 2416 Btcsrusb - ok
12:22:16.0906 2416 BTHidEnum - ok
12:22:16.0921 2416 BTHidMgr - ok
12:22:17.0000 2416 [ 248DFA5762DDE38DFDDBBD44149E9D7A ] BVRPMPR5 C:\WINDOWS\system32\drivers\BVRPMPR5.SYS
12:22:17.0031 2416 BVRPMPR5 - ok
12:22:17.0078 2416 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
12:22:17.0109 2416 cbidf2k - ok
12:22:17.0156 2416 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
12:22:17.0187 2416 CCDECODE - ok
12:22:17.0312 2416 [ 1FA1C0E73ECA849BED29A47C508F7F17 ] ccHP C:\WINDOWS\system32\drivers\N360\0404000.00C\ccHPx86.sys
12:22:17.0312 2416 ccHP - ok
12:22:17.0328 2416 cd20xrnt - ok
12:22:17.0375 2416 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
12:22:17.0375 2416 Cdaudio - ok
12:22:17.0437 2416 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
12:22:17.0437 2416 Cdfs - ok
12:22:17.0484 2416 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
12:22:17.0515 2416 Cdrom - ok
12:22:17.0531 2416 Changer - ok
12:22:17.0578 2416 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
12:22:17.0593 2416 CiSvc - ok
12:22:17.0640 2416 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
12:22:17.0671 2416 ClipSrv - ok
12:22:17.0718 2416 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:22:17.0843 2416 clr_optimization_v2.0.50727_32 - ok
12:22:17.0859 2416 CmdIde - ok
12:22:17.0875 2416 COMSysApp - ok
12:22:17.0906 2416 Cpqarray - ok
12:22:17.0968 2416 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
12:22:17.0968 2416 CryptSvc - ok
12:22:17.0984 2416 dac2w2k - ok
12:22:18.0000 2416 dac960nt - ok
12:22:18.0062 2416 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
12:22:18.0109 2416 DcomLaunch - ok
12:22:18.0156 2416 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
12:22:18.0156 2416 Dhcp - ok
12:22:18.0203 2416 [ 9AFD0211790BB60CA4453E95E2FCFA34 ] Diag69xp C:\WINDOWS\system32\Drivers\Diag69xp.sys
12:22:18.0250 2416 Diag69xp - ok
12:22:18.0296 2416 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
12:22:18.0343 2416 Disk - ok
12:22:18.0359 2416 dmadmin - ok
12:22:18.0421 2416 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
12:22:18.0515 2416 dmboot - ok
12:22:18.0562 2416 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
12:22:18.0578 2416 dmio - ok
12:22:18.0593 2416 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
12:22:18.0609 2416 dmload - ok
12:22:18.0656 2416 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
12:22:18.0656 2416 dmserver - ok
12:22:18.0718 2416 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
12:22:18.0718 2416 DMusic - ok
12:22:18.0765 2416 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
12:22:18.0765 2416 Dnscache - ok
12:22:18.0828 2416 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
12:22:18.0875 2416 Dot3svc - ok
12:22:18.0890 2416 dpti2o - ok
12:22:18.0937 2416 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
12:22:18.0937 2416 drmkaud - ok
12:22:19.0015 2416 [ 98B46B331404A951CABAD8B4877E1276 ] E100B C:\WINDOWS\system32\DRIVERS\e100b325.sys
12:22:19.0031 2416 E100B - ok
12:22:19.0125 2416 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
12:22:19.0140 2416 EapHost - ok
12:22:19.0265 2416 [ 85B8B4032A895A746D46A288A9B30DED ] eeCtrl C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
12:22:19.0265 2416 eeCtrl - ok
12:22:19.0328 2416 [ B5A8A04A6E5B4E86B95B1553AA918F5F ] EraserUtilRebootDrv C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
12:22:19.0328 2416 EraserUtilRebootDrv - ok
12:22:19.0375 2416 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
12:22:19.0375 2416 ERSvc - ok
12:22:19.0421 2416 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
12:22:19.0437 2416 Eventlog - ok
12:22:19.0500 2416 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\System32\es.dll
12:22:19.0500 2416 EventSystem - ok
12:22:19.0562 2416 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
12:22:19.0593 2416 Fastfat - ok
12:22:19.0640 2416 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
12:22:19.0640 2416 FastUserSwitchingCompatibility - ok
12:22:19.0687 2416 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
12:22:19.0718 2416 Fdc - ok
12:22:19.0765 2416 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
12:22:19.0765 2416 Fips - ok
12:22:19.0812 2416 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
12:22:19.0843 2416 Flpydisk - ok
12:22:19.0890 2416 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
12:22:19.0890 2416 FltMgr - ok
12:22:19.0984 2416 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
12:22:20.0015 2416 FontCache3.0.0.0 - ok
12:22:20.0046 2416 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
12:22:20.0046 2416 Fs_Rec - ok
12:22:20.0093 2416 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
12:22:20.0125 2416 Ftdisk - ok
12:22:20.0171 2416 [ B69CC457199BEE996B8EDDB6830CD638 ] G311N6 C:\WINDOWS\system32\DRIVERS\G311N6.sys
12:22:20.0218 2416 G311N6 - ok
12:22:20.0265 2416 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
12:22:20.0281 2416 GEARAspiWDM - ok
12:22:20.0328 2416 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
12:22:20.0359 2416 Gpc - ok
12:22:20.0468 2416 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
12:22:20.0468 2416 helpsvc - ok
12:22:20.0484 2416 HidServ - ok
12:22:20.0531 2416 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
12:22:20.0562 2416 HidUsb - ok
12:22:20.0625 2416 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
12:22:20.0656 2416 hkmsvc - ok
12:22:20.0671 2416 hpn - ok
12:22:20.0734 2416 [ D03D10F7DED688FECF50F8FBF1EA9B8A ] HPZid412 C:\WINDOWS\system32\DRIVERS\HPZid412.sys
12:22:20.0750 2416 HPZid412 - ok
12:22:20.0796 2416 [ 89F41658929393487B6B7D13C8528CE3 ] HPZipr12 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
12:22:20.0812 2416 HPZipr12 - ok
12:22:20.0859 2416 [ ABCB05CCDBF03000354B9553820E39F8 ] HPZius12 C:\WINDOWS\system32\DRIVERS\HPZius12.sys
12:22:20.0890 2416 HPZius12 - ok
12:22:20.0953 2416 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
12:22:20.0968 2416 HTTP - ok
12:22:21.0015 2416 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
12:22:21.0015 2416 HTTPFilter - ok
12:22:21.0031 2416 i2omgmt - ok
12:22:21.0046 2416 i2omp - ok
12:22:21.0109 2416 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
12:22:21.0125 2416 i8042prt - ok
12:22:21.0250 2416 [ DAF66902F08796F9C694901660E5A64A ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
12:22:21.0265 2416 IDriverT - ok
12:22:21.0390 2416 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
12:22:21.0484 2416 idsvc - ok
12:22:21.0609 2416 [ C19BF2A07BE972A110220DF6B1E89D14 ] IDSxpx86 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20120928.001\IDSxpx86.sys
12:22:21.0609 2416 IDSxpx86 - ok
12:22:21.0671 2416 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
12:22:21.0703 2416 Imapi - ok
12:22:21.0734 2416 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\System32\imapi.exe
12:22:21.0750 2416 ImapiService - ok
12:22:21.0765 2416 ini910u - ok
12:22:21.0796 2416 IntelIde - ok
12:22:21.0859 2416 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
12:22:21.0875 2416 intelppm - ok
12:22:21.0906 2416 [ 3BB22519A194418D5FEC05D800A19AD0 ] ip6fw C:\WINDOWS\system32\drivers\ip6fw.sys
12:22:21.0937 2416 ip6fw - ok
12:22:21.0984 2416 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
12:22:22.0015 2416 IpFilterDriver - ok
12:22:22.0062 2416 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
12:22:22.0093 2416 IpInIp - ok
12:22:22.0140 2416 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
12:22:22.0140 2416 IpNat - ok
12:22:22.0234 2416 [ 3A6D4D8ABACF64292D060C9E06D2050D ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
12:22:22.0328 2416 iPod Service - ok
12:22:22.0375 2416 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
12:22:22.0375 2416 IPSec - ok
12:22:22.0406 2416 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
12:22:22.0421 2416 IRENUM - ok
12:22:22.0453 2416 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
12:22:22.0468 2416 isapnp - ok
12:22:22.0593 2416 [ A12175F063302CD68F8FC6D572D7E5FD ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
12:22:22.0593 2416 JavaQuickStarterService - ok
12:22:22.0656 2416 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
12:22:22.0687 2416 Kbdclass - ok
12:22:22.0734 2416 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
12:22:22.0750 2416 kmixer - ok
12:22:22.0812 2416 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
12:22:22.0812 2416 KSecDD - ok
12:22:22.0859 2416 [ EFCC6D56FE8BA50BB7ECF300B60A66A3 ] L8042mou C:\WINDOWS\system32\DRIVERS\L8042mou.Sys
12:22:22.0890 2416 L8042mou - ok
12:22:22.0953 2416 [ AF262D172FAFDF78B3EFEE1B8A5B10DD ] l8042pr2 C:\WINDOWS\system32\DRIVERS\L8042Pr2.sys
12:22:23.0062 2416 l8042pr2 - ok
12:22:23.0109 2416 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
12:22:23.0109 2416 lanmanserver - ok
12:22:23.0171 2416 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
12:22:23.0203 2416 lanmanworkstation - ok
12:22:23.0250 2416 [ 8BBFBF256493035AE6105B334FCE99DF ] LANPkt C:\WINDOWS\system32\DRIVERS\LANPkt.sys
12:22:23.0250 2416 LANPkt - ok
12:22:23.0265 2416 lbrtfdc - ok
12:22:23.0312 2416 [ C872D410FB5B0D75658124B197BA1B96 ] LHidFlt2 C:\WINDOWS\system32\DRIVERS\LHidFlt2.sys
12:22:23.0406 2416 LHidFlt2 - ok
12:22:23.0468 2416 [ 452ECFC32A4B5D9A761E113F149E1B9E ] LHidKe C:\WINDOWS\system32\DRIVERS\LHidKE.Sys
12:22:23.0484 2416 LHidKe - ok
12:22:23.0562 2416 [ 700A45BD71713EAE1D5F00188CEC1BCE ] LHidUsb C:\WINDOWS\system32\drivers\LHidUsb.Sys
12:22:23.0578 2416 LHidUsb - ok
12:22:23.0625 2416 [ 9C92312DD1AB42E627710FB89BBBCD1E ] LHidUsbK C:\WINDOWS\system32\Drivers\LHidUsbK.Sys
12:22:23.0640 2416 LHidUsbK - ok
12:22:23.0687 2416 [ 8764D6C21164383A4EB54D0768BF74FA ] LKbdFlt2 C:\WINDOWS\system32\DRIVERS\LKbdFlt2.sys
12:22:23.0703 2416 LKbdFlt2 - ok
12:22:23.0765 2416 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
12:22:23.0765 2416 LmHosts - ok
12:22:23.0796 2416 [ 9879AA615C331E98C5774E70BBCCB8D3 ] LMouFlt2 C:\WINDOWS\system32\DRIVERS\LMouFlt2.sys
12:22:23.0828 2416 LMouFlt2 - ok
12:22:23.0890 2416 [ 95871E8C4AECFED95F884D2D10B8BCFB ] LMouKE C:\WINDOWS\system32\DRIVERS\LMouKE.Sys
12:22:23.0906 2416 LMouKE - ok
12:22:24.0015 2416 [ ED6235C93981D8658FA433092A809303 ] MemeoBackgroundService C:\Program Files\WD\WD Anywhere Backup\MemeoBackgroundService.exe
12:22:24.0015 2416 MemeoBackgroundService - ok
12:22:24.0078 2416 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
12:22:24.0109 2416 Messenger - ok
12:22:24.0140 2416 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
12:22:24.0156 2416 mnmdd - ok
12:22:24.0203 2416 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\System32\mnmsrvc.exe
12:22:24.0234 2416 mnmsrvc - ok
12:22:24.0281 2416 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
12:22:24.0296 2416 Modem - ok
12:22:24.0328 2416 [ 1992E0D143B09653AB0F9C5E04B0FD65 ] MODEMCSA C:\WINDOWS\system32\drivers\MODEMCSA.sys
12:22:24.0359 2416 MODEMCSA - ok
12:22:24.0421 2416 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
12:22:24.0437 2416 Mouclass - ok
12:22:24.0484 2416 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
12:22:24.0515 2416 mouhid - ok
12:22:24.0593 2416 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
12:22:24.0609 2416 MountMgr - ok
12:22:24.0625 2416 mraid35x - ok
12:22:24.0671 2416 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
12:22:24.0671 2416 MRxDAV - ok
12:22:24.0750 2416 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
12:22:24.0765 2416 MRxSmb - ok
12:22:24.0828 2416 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\System32\msdtc.exe
12:22:24.0859 2416 MSDTC - ok
12:22:24.0921 2416 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
12:22:24.0921 2416 Msfs - ok
12:22:24.0937 2416 MSIServer - ok
12:22:24.0968 2416 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
12:22:24.0984 2416 MSKSSRV - ok
12:22:25.0015 2416 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
12:22:25.0046 2416 MSPCLOCK - ok
12:22:25.0078 2416 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
12:22:25.0109 2416 MSPQM - ok
12:22:25.0156 2416 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
12:22:25.0156 2416 mssmbios - ok
12:22:25.0250 2416 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
12:22:25.0265 2416 MSTEE - ok
12:22:25.0312 2416 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
12:22:25.0328 2416 Mup - ok
12:22:25.0421 2416 [ B4187346F54E362DAFFE647B25A58D50 ] N360 C:\Program Files\Norton Security Suite\Engine\4.4.0.12\ccSvcHst.exe
12:22:25.0421 2416 N360 - ok
12:22:25.0468 2416 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
12:22:25.0500 2416 NABTSFEC - ok
12:22:25.0593 2416 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
12:22:25.0656 2416 napagent - ok
12:22:25.0765 2416 [ 8E4C77AD9BB279900C00F870CC0C674B ] NAVENG C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20121001.004\NAVENG.SYS
12:22:25.0781 2416 NAVENG - ok
12:22:25.0890 2416 [ 826F699B69E88A3920C70F344DD42D88 ] NAVEX15 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20121001.004\NAVEX15.SYS
12:22:25.0906 2416 NAVEX15 - ok
12:22:25.0968 2416 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
12:22:25.0968 2416 NDIS - ok
12:22:26.0031 2416 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
12:22:26.0046 2416 NdisIP - ok
12:22:26.0109 2416 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
12:22:26.0109 2416 NdisTapi - ok
12:22:26.0187 2416 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
12:22:26.0187 2416 Ndisuio - ok
12:22:26.0250 2416 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
12:22:26.0281 2416 NdisWan - ok
12:22:26.0328 2416 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
12:22:26.0328 2416 NDProxy - ok
12:22:26.0375 2416 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
12:22:26.0375 2416 NetBIOS - ok
12:22:26.0437 2416 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
12:22:26.0437 2416 NetBT - ok
12:22:26.0500 2416 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
12:22:26.0531 2416 NetDDE - ok
12:22:26.0546 2416 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
12:22:26.0546 2416 NetDDEdsdm - ok
12:22:26.0578 2416 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\System32\lsass.exe
12:22:26.0593 2416 Netlogon - ok
12:22:26.0656 2416 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
12:22:26.0656 2416 Netman - ok
12:22:26.0703 2416 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:22:26.0734 2416 NetTcpPortSharing - ok
12:22:26.0781 2416 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
12:22:26.0796 2416 Nla - ok
12:22:26.0859 2416 [ 1E421A6BCF2203CC61B821ADA9DE878B ] nm C:\WINDOWS\system32\DRIVERS\NMnt.sys
12:22:26.0890 2416 nm - ok
12:22:27.0000 2416 [ 7AEA4DF1CA68FD45DD4BBE1F0243CE7F ] NMSAccess C:\Program Files\CDBurnerXP\NMSAccessU.exe
12:22:27.0000 2416 NMSAccess - ok
12:22:27.0046 2416 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
12:22:27.0046 2416 Npfs - ok
12:22:27.0125 2416 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
12:22:27.0203 2416 Ntfs - ok
12:22:27.0250 2416 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\System32\lsass.exe
12:22:27.0250 2416 NtLmSsp - ok
12:22:27.0328 2416 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
12:22:27.0390 2416 NtmsSvc - ok
12:22:27.0437 2416 [ CF7E041663119E09D2E118521ADA9300 ] NuidFltr C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
12:22:27.0468 2416 NuidFltr - ok
12:22:27.0500 2416 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
12:22:27.0500 2416 Null - ok
12:22:27.0609 2416 [ 1685A86CE8DC5A70D307DCA625FB50E7 ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
12:22:27.0656 2416 nv - ok
12:22:27.0687 2416 [ 697A09635E30D3722E1124EC33FACE15 ] NVSvc C:\WINDOWS\system32\nvsvc32.exe
12:22:27.0703 2416 NVSvc - ok
12:22:27.0750 2416 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
12:22:27.0765 2416 NwlnkFlt - ok
12:22:27.0812 2416 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
12:22:27.0812 2416 NwlnkFwd - ok
12:22:27.0859 2416 [ CEC7E2C6C1FA00C7AB2F5434F848AE51 ] OMCI C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS
12:22:27.0859 2416 OMCI - ok
12:22:27.0937 2416 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:22:27.0953 2416 ose - ok
12:22:28.0046 2416 [ 240C0D4049A833B16B63B636ACF01672 ] PalmUSBD C:\WINDOWS\system32\drivers\PalmUSBD.sys
12:22:28.0078 2416 PalmUSBD - ok
12:22:28.0125 2416 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
12:22:28.0156 2416 Parport - ok
12:22:28.0218 2416 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
12:22:28.0250 2416 PartMgr - ok
12:22:28.0296 2416 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
12:22:28.0296 2416 ParVdm - ok
12:22:28.0328 2416 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
12:22:28.0359 2416 PCI - ok
12:22:28.0375 2416 PCIDump - ok
12:22:28.0406 2416 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
12:22:28.0406 2416 PCIIde - ok
12:22:28.0468 2416 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
12:22:28.0500 2416 Pcmcia - ok
12:22:28.0515 2416 PDCOMP - ok
12:22:28.0531 2416 PDFRAME - ok
12:22:28.0546 2416 PDRELI - ok
12:22:28.0562 2416 PDRFRAME - ok
12:22:28.0578 2416 perc2 - ok
12:22:28.0593 2416 perc2hib - ok
12:22:28.0671 2416 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
12:22:28.0671 2416 PlugPlay - ok
12:22:28.0718 2416 [ 2D091A99624FB9E7EEF0A86D872EC0C3 ] Pml Driver HPZ12 C:\WINDOWS\System32\HPZipm12.exe
12:22:28.0718 2416 Pml Driver HPZ12 - ok
12:22:28.0734 2416 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\System32\lsass.exe
12:22:28.0750 2416 PolicyAgent - ok
12:22:28.0796 2416 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
12:22:28.0812 2416 PptpMiniport - ok
12:22:28.0859 2416 [ A32BEBAF723557681BFC6BD93E98BD26 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
12:22:28.0859 2416 Processor - ok
12:22:28.0906 2416 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
12:22:28.0906 2416 ProtectedStorage - ok
12:22:28.0984 2416 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
12:22:29.0000 2416 PSched - ok
12:22:29.0046 2416 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
12:22:29.0078 2416 Ptilink - ok
12:22:29.0140 2416 [ E42E3433DBB4CFFE8FDD91EAB29AEA8E ] PxHelp20 C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
12:22:29.0140 2416 PxHelp20 - ok
12:22:29.0156 2416 ql1080 - ok
12:22:29.0171 2416 Ql10wnt - ok
12:22:29.0187 2416 ql12160 - ok
12:22:29.0203 2416 ql1240 - ok
12:22:29.0218 2416 ql1280 - ok
12:22:29.0265 2416 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
12:22:29.0265 2416 RasAcd - ok
12:22:29.0312 2416 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
12:22:29.0359 2416 RasAuto - ok
12:22:29.0421 2416 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
12:22:29.0437 2416 Rasl2tp - ok
12:22:29.0500 2416 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
12:22:29.0515 2416 RasMan - ok
12:22:29.0562 2416 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
12:22:29.0593 2416 RasPppoe - ok
12:22:29.0625 2416 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
12:22:29.0656 2416 Raspti - ok
12:22:29.0703 2416 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
12:22:29.0718 2416 Rdbss - ok
12:22:29.0750 2416 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
12:22:29.0750 2416 RDPCDD - ok
12:22:29.0828 2416 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
12:22:29.0890 2416 rdpdr - ok
12:22:29.0968 2416 [ FC105DD312ED64EB66BFF111E8EC6EAC ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
12:22:29.0968 2416 RDPWD - ok
12:22:30.0031 2416 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
12:22:30.0062 2416 RDSessMgr - ok
12:22:30.0109 2416 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
12:22:30.0125 2416 redbook - ok
12:22:30.0171 2416 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
12:22:30.0218 2416 RemoteAccess - ok
12:22:30.0250 2416 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
12:22:30.0265 2416 RemoteRegistry - ok
12:22:30.0296 2416 [ 8B5B8A11306190C6963D3473F052D3C8 ] Revoflt C:\WINDOWS\system32\DRIVERS\revoflt.sys
12:22:30.0343 2416 Revoflt - ok
12:22:30.0375 2416 [ D8B0B4ADE32574B2D9C5CC34DC0DBBE7 ] ROOTMODEM C:\WINDOWS\system32\Drivers\RootMdm.sys
12:22:30.0406 2416 ROOTMODEM - ok
12:22:30.0421 2416 Roxio UPnP Renderer 11 - ok
12:22:30.0468 2416 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\System32\locator.exe
12:22:30.0484 2416 RpcLocator - ok
12:22:30.0531 2416 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll
12:22:30.0546 2416 RpcSs - ok
12:22:30.0593 2416 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\System32\rsvp.exe
12:22:30.0625 2416 RSVP - ok
12:22:30.0671 2416 [ 471E91C38BD05CB024F9C02017235424 ] RTL8023 C:\WINDOWS\system32\DRIVERS\GA311ND5.SYS
12:22:30.0703 2416 RTL8023 - ok
12:22:30.0734 2416 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
12:22:30.0734 2416 SamSs - ok
12:22:30.0796 2416 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
12:22:30.0828 2416 SCardSvr - ok
12:22:30.0875 2416 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
12:22:30.0890 2416 Schedule - ok
12:22:30.0953 2416 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
12:22:30.0984 2416 Secdrv - ok
12:22:31.0031 2416 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
12:22:31.0031 2416 seclogon - ok
12:22:31.0109 2416 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
12:22:31.0109 2416 SENS - ok
12:22:31.0156 2416 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
12:22:31.0187 2416 serenum - ok
12:22:31.0218 2416 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
12:22:31.0265 2416 Serial - ok
12:22:31.0359 2416 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
12:22:31.0375 2416 Sfloppy - ok
12:22:31.0437 2416 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
12:22:31.0453 2416 SharedAccess - ok
12:22:31.0500 2416 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
12:22:31.0500 2416 ShellHWDetection - ok
12:22:31.0515 2416 Simbad - ok
12:22:31.0578 2416 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
12:22:31.0609 2416 SLIP - ok
12:22:31.0625 2416 SMNDIS5 - ok
12:22:31.0703 2416 [ 5018A9DB5EB62E3EDB3110F82F556285 ] smwdm C:\WINDOWS\system32\drivers\smwdm.sys
12:22:31.0750 2416 smwdm - ok
12:22:31.0796 2416 [ E78C98378A071CE4D48A7C514FA98FA1 ] snapman C:\WINDOWS\system32\DRIVERS\snapman.sys
12:22:31.0828 2416 snapman - ok
12:22:31.0843 2416 Sparrow - ok
12:22:31.0890 2416 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
12:22:31.0890 2416 splitter - ok
12:22:31.0953 2416 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
12:22:31.0953 2416 Spooler - ok
12:22:32.0000 2416 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
12:22:32.0000 2416 sr - ok
12:22:32.0046 2416 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\System32\srsvc.dll
12:22:32.0062 2416 srservice - ok
12:22:32.0156 2416 [ EC5C3C6260F4019B03DFAA03EC8CBF6A ] SRTSP C:\WINDOWS\System32\Drivers\N360\0404000.00C\SRTSP.SYS
12:22:32.0187 2416 SRTSP - ok
12:22:32.0234 2416 [ 55D5C37ED41231E3AC2063D16DF50840 ] SRTSPX C:\WINDOWS\system32\drivers\N360\0404000.00C\SRTSPX.SYS
12:22:32.0250 2416 SRTSPX - ok
12:22:32.0296 2416 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
12:22:32.0359 2416 Srv - ok
12:22:32.0421 2416 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
12:22:32.0437 2416 SSDPSRV - ok
12:22:32.0484 2416 [ E57B778208C783D8DEBAB320C16A1B82 ] StarOpen C:\WINDOWS\system32\drivers\StarOpen.sys
12:22:32.0484 2416 StarOpen - ok
12:22:32.0546 2416 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
12:22:32.0562 2416 stisvc - ok
12:22:32.0625 2416 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
12:22:32.0656 2416 streamip - ok
12:22:32.0703 2416 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
12:22:32.0734 2416 swenum - ok
12:22:32.0781 2416 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
12:22:32.0781 2416 swmidi - ok
12:22:32.0796 2416 SwPrv - ok
12:22:32.0812 2416 symc810 - ok
12:22:32.0843 2416 symc8xx - ok
12:22:32.0906 2416 [ 56890BF9D9204B93042089D4B45AE671 ] SymDS C:\WINDOWS\system32\drivers\N360\0404000.00C\SYMDS.SYS
12:22:32.0968 2416 SymDS - ok
12:22:33.0031 2416 [ 10BA64273FEFF4DF0A7CCB0FF3B9B26B ] SymEFA C:\WINDOWS\system32\drivers\N360\0404000.00C\SYMEFA.SYS
12:22:33.0093 2416 SymEFA - ok
12:22:33.0140 2416 [ 961B48B86F94D4CC8CEB483F8AA89374 ] SymEvent C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
12:22:33.0171 2416 SymEvent - ok
12:22:33.0218 2416 [ DC80FBF0A348E54853EF82EED4E11E35 ] SymIRON C:\WINDOWS\system32\drivers\N360\0404000.00C\Ironx86.SYS
12:22:33.0234 2416 SymIRON - ok
12:22:33.0328 2416 [ BE6DE8FBF2DF9F13A90B8B6E943871B7 ] SYMTDI C:\WINDOWS\System32\Drivers\N360\0404000.00C\SYMTDI.SYS
12:22:33.0328 2416 SYMTDI - ok
12:22:33.0343 2416 sym_hi - ok
12:22:33.0359 2416 sym_u3 - ok
12:22:33.0406 2416 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
12:22:33.0421 2416 sysaudio - ok
12:22:33.0468 2416 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
12:22:33.0500 2416 SysmonLog - ok
12:22:33.0546 2416 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
12:22:33.0562 2416 TapiSrv - ok
12:22:33.0640 2416 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
12:22:33.0656 2416 Tcpip - ok
12:22:33.0687 2416 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
12:22:33.0718 2416 TDPIPE - ok
12:22:33.0765 2416 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
12:22:33.0812 2416 TDTCP - ok
12:22:33.0859 2416 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
12:22:33.0890 2416 TermDD - ok
12:22:33.0937 2416 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
12:22:33.0953 2416 TermService - ok
12:22:34.0000 2416 [ 9D4BBD6E27B5562AEA8295DE7134E386 ] thdudf C:\WINDOWS\system32\DRIVERS\thdudf.sys
12:22:34.0000 2416 thdudf - ok
12:22:34.0046 2416 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
12:22:34.0046 2416 Themes - ok
12:22:34.0093 2416 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\System32\tlntsvr.exe
12:22:34.0125 2416 TlntSvr - ok
12:22:34.0140 2416 TosIde - ok
12:22:34.0203 2416 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
12:22:34.0203 2416 TrkWks - ok
12:22:34.0281 2416 TwonkyMedia - ok
12:22:34.0296 2416 TwonkyWebDav - ok
12:22:34.0359 2416 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
12:22:34.0375 2416 Udfs - ok
12:22:34.0390 2416 ultra - ok
12:22:34.0453 2416 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
12:22:34.0500 2416 Update - ok
12:22:34.0562 2416 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
12:22:34.0593 2416 upnphost - ok
12:22:34.0640 2416 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
12:22:34.0671 2416 UPS - ok
12:22:34.0718 2416 [ 4B8A9C16B6D9258ED99C512AECB8C555 ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys
12:22:34.0734 2416 USBAAPL - ok
12:22:34.0781 2416 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
12:22:34.0812 2416 usbccgp - ok
12:22:34.0843 2416 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
12:22:34.0875 2416 usbehci - ok
12:22:34.0937 2416 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
12:22:34.0968 2416 usbhub - ok
12:22:35.0015 2416 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
12:22:35.0031 2416 usbprint - ok
12:22:35.0078 2416 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
12:22:35.0093 2416 usbscan - ok
12:22:35.0140 2416 [ 1C888B000C2F9492F4B15B5B6B84873E ] usbser C:\WINDOWS\system32\DRIVERS\usbser.sys
12:22:35.0156 2416 usbser - ok
12:22:35.0203 2416 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
12:22:35.0218 2416 USBSTOR - ok
12:22:35.0265 2416 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
12:22:35.0281 2416 usbuhci - ok
12:22:35.0312 2416 VComm - ok
12:22:35.0328 2416 VcommMgr - ok
12:22:35.0375 2416 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
12:22:35.0375 2416 VgaSave - ok
12:22:35.0390 2416 ViaIde - ok
12:22:35.0437 2416 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
12:22:35.0453 2416 VolSnap - ok
12:22:35.0515 2416 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
12:22:35.0562 2416 VSS - ok
12:22:35.0625 2416 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\System32\w32time.dll
12:22:35.0625 2416 W32Time - ok
12:22:35.0687 2416 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
12:22:35.0687 2416 Wanarp - ok
12:22:35.0734 2416 [ 0A716C08CB13C3A8F4F51E882DBF7416 ] wanatw C:\WINDOWS\system32\DRIVERS\wanatw4.sys
12:22:35.0765 2416 wanatw - ok
12:22:35.0828 2416 [ FD47474BD21794508AF449D9D91AF6E6 ] Wdf01000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
12:22:35.0890 2416 Wdf01000 - ok
12:22:35.0906 2416 WDICA - ok
12:22:35.0953 2416 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
12:22:35.0968 2416 wdmaud - ok
12:22:36.0015 2416 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
12:22:36.0031 2416 WebClient - ok
12:22:36.0140 2416 [ F45DD1E1365D857DD08BC23563370D0E ] WinDefend C:\Program Files\Windows Defender\MsMpEng.exe
12:22:36.0140 2416 WinDefend - ok
12:22:36.0234 2416 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
12:22:36.0234 2416 winmgmt - ok
12:22:36.0312 2416 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
12:22:36.0328 2416 WmdmPmSN - ok
12:22:36.0406 2416 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
12:22:36.0406 2416 Wmi - ok
12:22:36.0468 2416 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\System32\wbem\wmiapsrv.exe
12:22:36.0515 2416 WmiApSrv - ok
12:22:36.0625 2416 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
12:22:36.0718 2416 WMPNetworkSvc - ok
12:22:36.0781 2416 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys
12:22:36.0812 2416 WpdUsb - ok
12:22:36.0859 2416 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
12:22:36.0859 2416 WS2IFSL - ok
12:22:36.0906 2416 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
12:22:36.0921 2416 wscsvc - ok
12:22:37.0000 2416 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
12:22:37.0015 2416 WSTCODEC - ok
12:22:37.0062 2416 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
12:22:37.0093 2416 wuauserv - ok
12:22:37.0140 2416 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
12:22:37.0171 2416 WudfPf - ok
12:22:37.0203 2416 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
12:22:37.0250 2416 WudfRd - ok
12:22:37.0296 2416 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
12:22:37.0296 2416 WudfSvc - ok
12:22:37.0375 2416 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
12:22:37.0453 2416 WZCSVC - ok
12:22:37.0515 2416 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
12:22:37.0546 2416 xmlprov - ok
12:22:37.0578 2416 ================ Scan global ===============================
12:22:37.0640 2416 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
12:22:37.0687 2416 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
12:22:37.0718 2416 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
12:22:37.0750 2416 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
12:22:37.0750 2416 [Global] - ok
12:22:37.0750 2416 ================ Scan MBR ==================================
12:22:37.0781 2416 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
12:22:38.0125 2416 \Device\Harddisk0\DR0 - ok
12:22:38.0156 2416 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
12:22:38.0593 2416 \Device\Harddisk1\DR1 - ok
12:22:38.0609 2416 ================ Scan VBR ==================================
12:22:38.0640 2416 [ E8F443532B6F3393FF7FCAC0FBBCBC66 ] \Device\Harddisk0\DR0\Partition1
12:22:38.0640 2416 \Device\Harddisk0\DR0\Partition1 - ok
12:22:38.0656 2416 [ 72664896037D6061A5AB5210A21CDFFF ] \Device\Harddisk1\DR1\Partition1
12:22:38.0656 2416 \Device\Harddisk1\DR1\Partition1 - ok
12:22:38.0656 2416 ============================================================
12:22:38.0656 2416 Scan finished
12:22:38.0656 2416 ============================================================
12:22:38.0687 2740 Detected object count: 0
12:22:38.0687 2740 Actual detected object count: 0
12:24:57.0578 1396 ============================================================
12:24:57.0578 1396 Scan started
12:24:57.0578 1396 Mode: Manual; SigCheck;
12:24:57.0578 1396 ============================================================
12:24:58.0187 1396 ================ Scan system memory ========================
12:24:58.0187 1396 System memory - ok
12:24:58.0187 1396 ================ Scan services =============================
12:24:58.0343 1396 Abiosdsk - ok
12:24:58.0359 1396 abp480n5 - ok
12:24:58.0406 1396 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
12:25:01.0437 1396 ACPI - ok
12:25:01.0484 1396 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
12:25:01.0750 1396 ACPIEC - ok
12:25:01.0843 1396 [ E12CFCF1DDBFC50948A75E6E38793225 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
12:25:01.0937 1396 AdobeFlashPlayerUpdateSvc - ok
12:25:01.0953 1396 adpu160m - ok
12:25:02.0000 1396 [ 11C04B17ED2ABBB4833694BCD644AC90 ] aeaudio C:\WINDOWS\system32\drivers\aeaudio.sys
12:25:02.0093 1396 aeaudio - ok
12:25:02.0156 1396 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
12:25:02.0390 1396 aec - ok
12:25:02.0453 1396 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
12:25:02.0546 1396 AFD - ok
12:25:02.0609 1396 [ C685CC27A2E637F0DCB5A45E67CC6F74 ] AFS2K C:\WINDOWS\system32\drivers\AFS2K.sys
12:25:02.0640 1396 AFS2K - ok
12:25:02.0687 1396 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
12:25:02.0906 1396 agp440 - ok
12:25:02.0937 1396 Aha154x - ok
12:25:02.0953 1396 aic78u2 - ok
12:25:02.0968 1396 aic78xx - ok
12:25:03.0015 1396 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
12:25:03.0250 1396 Alerter - ok
12:25:03.0281 1396 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
12:25:03.0531 1396 ALG - ok
12:25:03.0546 1396 AliIde - ok
12:25:03.0562 1396 amsint - ok
12:25:03.0671 1396 [ F9DAC844B1D370DA4C984D4C22F5E696 ] AntiSpywareService C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe
12:25:03.0781 1396 AntiSpywareService - ok
12:25:03.0859 1396 [ 7FB54900AA9792AB6307C699EC1859D4 ] AOL TopSpeedMonitor C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
12:25:03.0906 1396 AOL TopSpeedMonitor - ok
12:25:03.0984 1396 [ 20F6F19FE9E753F2780DC2FA083AD597 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
12:25:04.0031 1396 Apple Mobile Device - ok
12:25:04.0093 1396 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
12:25:04.0343 1396 AppMgmt - ok
12:25:04.0359 1396 asc - ok
12:25:04.0375 1396 asc3350p - ok
12:25:04.0390 1396 asc3550 - ok
12:25:04.0546 1396 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
12:25:04.0640 1396 aspnet_state - ok
12:25:04.0687 1396 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
12:25:04.0906 1396 AsyncMac - ok
12:25:04.0953 1396 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
12:25:05.0203 1396 atapi - ok
12:25:05.0218 1396 Atdisk - ok
12:25:05.0281 1396 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
12:25:05.0515 1396 Atmarpc - ok
12:25:05.0562 1396 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
12:25:05.0781 1396 AudioSrv - ok
12:25:05.0812 1396 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
12:25:06.0062 1396 audstub - ok
12:25:06.0171 1396 [ 41347688046D49CDE0F6D138A534F73D ] BCMModem C:\WINDOWS\system32\DRIVERS\BCMSM.sys
12:25:06.0296 1396 BCMModem - ok
12:25:06.0343 1396 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
12:25:06.0593 1396 Beep - ok
12:25:06.0859 1396 [ C364F02969E9A842321DD91BCFF749D4 ] BHDrvx86 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20120919.001\BHDrvx86.sys
12:25:07.0015 1396 BHDrvx86 - ok
12:25:07.0093 1396 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
12:25:07.0343 1396 BITS - ok
12:25:07.0359 1396 BlueletAudio - ok
12:25:07.0375 1396 BlueletSCOAudio - ok
12:25:07.0468 1396 [ 1C87705CCB2F60172B0FC86B5D82F00D ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
12:25:07.0531 1396 Bonjour Service - ok
12:25:07.0578 1396 [ A06CE3399D16DB864F55FAEB1F1927A9 ] Browser C:\WINDOWS\System32\browser.dll
12:25:07.0812 1396 Browser - ok
12:25:07.0828 1396 BT - ok
12:25:07.0843 1396 Btcsrusb - ok
12:25:07.0859 1396 BTHidEnum - ok
12:25:07.0875 1396 BTHidMgr - ok
12:25:07.0921 1396 [ 248DFA5762DDE38DFDDBBD44149E9D7A ] BVRPMPR5 C:\WINDOWS\system32\drivers\BVRPMPR5.SYS
12:25:07.0968 1396 BVRPMPR5 ( UnsignedFile.Multi.Generic ) - warning
12:25:07.0968 1396 BVRPMPR5 - detected UnsignedFile.Multi.Generic (1)
12:25:08.0000 1396 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
12:25:08.0250 1396 cbidf2k - ok
12:25:08.0296 1396 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
12:25:08.0515 1396 CCDECODE - ok
12:25:08.0640 1396 [ 1FA1C0E73ECA849BED29A47C508F7F17 ] ccHP C:\WINDOWS\system32\drivers\N360\0404000.00C\ccHPx86.sys
12:25:08.0687 1396 ccHP - ok
12:25:08.0703 1396 cd20xrnt - ok
12:25:08.0734 1396 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
12:25:09.0000 1396 Cdaudio - ok
12:25:09.0046 1396 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
12:25:09.0265 1396 Cdfs - ok
12:25:09.0281 1396 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
12:25:09.0515 1396 Cdrom - ok
12:25:09.0531 1396 Changer - ok
12:25:09.0593 1396 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
12:25:09.0781 1396 CiSvc - ok
12:25:09.0843 1396 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
12:25:10.0046 1396 ClipSrv - ok
12:25:10.0109 1396 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:25:10.0171 1396 clr_optimization_v2.0.50727_32 - ok
12:25:10.0187 1396 CmdIde - ok
12:25:10.0203 1396 COMSysApp - ok
12:25:10.0234 1396 Cpqarray - ok
12:25:10.0296 1396 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
12:25:10.0515 1396 CryptSvc - ok
12:25:10.0531 1396 dac2w2k - ok
12:25:10.0546 1396 dac960nt - ok
12:25:10.0625 1396 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
12:25:10.0796 1396 DcomLaunch - ok
12:25:10.0859 1396 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
12:25:11.0046 1396 Dhcp - ok
12:25:11.0093 1396 [ 9AFD0211790BB60CA4453E95E2FCFA34 ] Diag69xp C:\WINDOWS\system32\Drivers\Diag69xp.sys
12:25:11.0140 1396 Diag69xp ( UnsignedFile.Multi.Generic ) - warning
12:25:11.0140 1396 Diag69xp - detected UnsignedFile.Multi.Generic (1)
12:25:11.0187 1396 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
12:25:11.0406 1396 Disk - ok
12:25:11.0421 1396 dmadmin - ok
12:25:11.0515 1396 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
12:25:11.0750 1396 dmboot - ok
12:25:11.0796 1396 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
12:25:11.0984 1396 dmio - ok
12:25:12.0031 1396 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
12:25:12.0265 1396 dmload - ok
12:25:12.0328 1396 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
12:25:12.0531 1396 dmserver - ok
12:25:12.0593 1396 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
12:25:12.0796 1396 DMusic - ok
12:25:12.0843 1396 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
12:25:12.0953 1396 Dnscache - ok
12:25:13.0015 1396 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
12:25:13.0218 1396 Dot3svc - ok
12:25:13.0234 1396 dpti2o - ok
12:25:13.0296 1396 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
12:25:13.0484 1396 drmkaud - ok
12:25:13.0562 1396 [ 98B46B331404A951CABAD8B4877E1276 ] E100B C:\WINDOWS\system32\DRIVERS\e100b325.sys
12:25:13.0625 1396 E100B - ok
12:25:13.0687 1396 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
12:25:13.0890 1396 EapHost - ok
12:25:14.0015 1396 [ 85B8B4032A895A746D46A288A9B30DED ] eeCtrl C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
12:25:14.0093 1396 eeCtrl - ok
12:25:14.0156 1396 [ B5A8A04A6E5B4E86B95B1553AA918F5F ] EraserUtilRebootDrv C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
12:25:14.0171 1396 EraserUtilRebootDrv - ok
12:25:14.0234 1396 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
12:25:14.0453 1396 ERSvc - ok
12:25:14.0515 1396 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
12:25:14.0625 1396 Eventlog - ok
12:25:14.0687 1396 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\System32\es.dll
12:25:14.0781 1396 EventSystem - ok
12:25:14.0828 1396 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
12:25:15.0046 1396 Fastfat - ok
12:25:15.0093 1396 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
12:25:15.0187 1396 FastUserSwitchingCompatibility - ok
12:25:15.0234 1396 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
12:25:15.0437 1396 Fdc - ok
12:25:15.0484 1396 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
12:25:15.0687 1396 Fips - ok
12:25:15.0734 1396 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
12:25:15.0937 1396 Flpydisk - ok
12:25:15.0984 1396 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
12:25:16.0203 1396 FltMgr - ok
12:25:16.0312 1396 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
12:25:16.0343 1396 FontCache3.0.0.0 - ok
12:25:16.0375 1396 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
12:25:16.0609 1396 Fs_Rec - ok
12:25:16.0656 1396 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
12:25:16.0921 1396 Ftdisk - ok
12:25:16.0984 1396 [ B69CC457199BEE996B8EDDB6830CD638 ] G311N6 C:\WINDOWS\system32\DRIVERS\G311N6.sys
12:25:17.0031 1396 G311N6 ( UnsignedFile.Multi.Generic ) - warning
12:25:17.0031 1396 G311N6 - detected UnsignedFile.Multi.Generic (1)
12:25:17.0078 1396 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
12:25:17.0109 1396 GEARAspiWDM - ok
12:25:17.0156 1396 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
12:25:17.0359 1396 Gpc - ok
12:25:17.0453 1396 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
12:25:17.0671 1396 helpsvc - ok
12:25:17.0687 1396 HidServ - ok
12:25:17.0734 1396 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
12:25:17.0906 1396 HidUsb - ok
12:25:17.0937 1396 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
12:25:18.0156 1396 hkmsvc - ok
12:25:18.0171 1396 hpn - ok
12:25:18.0218 1396 [ D03D10F7DED688FECF50F8FBF1EA9B8A ] HPZid412 C:\WINDOWS\system32\DRIVERS\HPZid412.sys
12:25:18.0421 1396 HPZid412 - ok
12:25:18.0468 1396 [ 89F41658929393487B6B7D13C8528CE3 ] HPZipr12 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
12:25:18.0515 1396 HPZipr12 - ok
12:25:18.0562 1396 [ ABCB05CCDBF03000354B9553820E39F8 ] HPZius12 C:\WINDOWS\system32\DRIVERS\HPZius12.sys
12:25:18.0625 1396 HPZius12 - ok
12:25:18.0687 1396 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
12:25:18.0750 1396 HTTP - ok
12:25:18.0812 1396 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
12:25:19.0031 1396 HTTPFilter - ok
12:25:19.0046 1396 i2omgmt - ok
12:25:19.0062 1396 i2omp - ok
12:25:19.0109 1396 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
12:25:19.0328 1396 i8042prt - ok
12:25:19.0421 1396 [ DAF66902F08796F9C694901660E5A64A ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
12:25:19.0484 1396 IDriverT ( UnsignedFile.Multi.Generic ) - warning
12:25:19.0484 1396 IDriverT - detected UnsignedFile.Multi.Generic (1)
12:25:19.0625 1396 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
12:25:19.0718 1396 idsvc - ok
12:25:19.0843 1396 [ C19BF2A07BE972A110220DF6B1E89D14 ] IDSxpx86 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20120928.001\IDSxpx86.sys
12:25:19.0890 1396 IDSxpx86 - ok
12:25:19.0937 1396 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
12:25:20.0140 1396 Imapi - ok
12:25:20.0203 1396 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\System32\imapi.exe
12:25:20.0421 1396 ImapiService - ok
12:25:20.0437 1396 ini910u - ok
12:25:20.0468 1396 IntelIde - ok
12:25:20.0531 1396 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
12:25:20.0750 1396 intelppm - ok
12:25:20.0781 1396 [ 3BB22519A194418D5FEC05D800A19AD0 ] ip6fw C:\WINDOWS\system32\drivers\ip6fw.sys
12:25:20.0968 1396 ip6fw - ok
12:25:21.0015 1396 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
12:25:21.0265 1396 IpFilterDriver - ok
12:25:21.0312 1396 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
12:25:21.0500 1396 IpInIp - ok
12:25:21.0578 1396 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
12:25:21.0828 1396 IpNat - ok
12:25:21.0921 1396 [ 3A6D4D8ABACF64292D060C9E06D2050D ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
12:25:22.0015 1396 iPod Service - ok
12:25:22.0078 1396 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
12:25:22.0281 1396 IPSec - ok
12:25:22.0312 1396 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
12:25:22.0500 1396 IRENUM - ok
12:25:22.0546 1396 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
12:25:22.0750 1396 isapnp - ok
12:25:22.0875 1396 [ A12175F063302CD68F8FC6D572D7E5FD ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
12:25:22.0953 1396 JavaQuickStarterService - ok
12:25:23.0015 1396 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
12:25:23.0203 1396 Kbdclass - ok
12:25:23.0265 1396 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
12:25:23.0484 1396 kmixer - ok
12:25:23.0531 1396 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
12:25:23.0671 1396 KSecDD - ok
12:25:23.0718 1396 [ EFCC6D56FE8BA50BB7ECF300B60A66A3 ] L8042mou C:\WINDOWS\system32\DRIVERS\L8042mou.Sys
12:25:23.0828 1396 L8042mou - ok
12:25:23.0890 1396 [ AF262D172FAFDF78B3EFEE1B8A5B10DD ] l8042pr2 C:\WINDOWS\system32\DRIVERS\L8042Pr2.sys
12:25:23.0953 1396 l8042pr2 - ok
12:25:24.0015 1396 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
12:25:24.0093 1396 lanmanserver - ok
12:25:24.0156 1396 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
12:25:24.0218 1396 lanmanworkstation - ok
12:25:24.0281 1396 [ 8BBFBF256493035AE6105B334FCE99DF ] LANPkt C:\WINDOWS\system32\DRIVERS\LANPkt.sys
12:25:24.0312 1396 LANPkt ( UnsignedFile.Multi.Generic ) - warning
12:25:24.0312 1396 LANPkt - detected UnsignedFile.Multi.Generic (1)
12:25:24.0328 1396 lbrtfdc - ok
12:25:24.0390 1396 [ C872D410FB5B0D75658124B197BA1B96 ] LHidFlt2 C:\WINDOWS\system32\DRIVERS\LHidFlt2.sys
12:25:24.0437 1396 LHidFlt2 - ok
12:25:24.0484 1396 [ 452ECFC32A4B5D9A761E113F149E1B9E ] LHidKe C:\WINDOWS\system32\DRIVERS\LHidKE.Sys
12:25:24.0531 1396 LHidKe - ok
12:25:24.0593 1396 [ 700A45BD71713EAE1D5F00188CEC1BCE ] LHidUsb C:\WINDOWS\system32\drivers\LHidUsb.Sys
12:25:24.0718 1396 LHidUsb - ok
12:25:24.0765 1396 [ 9C92312DD1AB42E627710FB89BBBCD1E ] LHidUsbK C:\WINDOWS\system32\Drivers\LHidUsbK.Sys
12:25:24.0828 1396 LHidUsbK - ok
12:25:24.0890 1396 [ 8764D6C21164383A4EB54D0768BF74FA ] LKbdFlt2 C:\WINDOWS\system32\DRIVERS\LKbdFlt2.sys
12:25:24.0921 1396 LKbdFlt2 - ok
12:25:24.0984 1396 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
12:25:25.0187 1396 LmHosts - ok
12:25:25.0218 1396 [ 9879AA615C331E98C5774E70BBCCB8D3 ] LMouFlt2 C:\WINDOWS\system32\DRIVERS\LMouFlt2.sys
12:25:25.0265 1396 LMouFlt2 - ok
12:25:25.0312 1396 [ 95871E8C4AECFED95F884D2D10B8BCFB ] LMouKE C:\WINDOWS\system32\DRIVERS\LMouKE.Sys
12:25:25.0359 1396 LMouKE - ok
12:25:25.0453 1396 [ ED6235C93981D8658FA433092A809303 ] MemeoBackgroundService C:\Program Files\WD\WD Anywhere Backup\MemeoBackgroundService.exe
12:25:25.0484 1396 MemeoBackgroundService - ok
12:25:25.0531 1396 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
12:25:25.0734 1396 Messenger - ok
12:25:25.0765 1396 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
12:25:26.0000 1396 mnmdd - ok
12:25:26.0046 1396 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\System32\mnmsrvc.exe
12:25:26.0250 1396 mnmsrvc - ok
12:25:26.0312 1396 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
12:25:26.0515 1396 Modem - ok
12:25:26.0546 1396 [ 1992E0D143B09653AB0F9C5E04B0FD65 ] MODEMCSA C:\WINDOWS\system32\drivers\MODEMCSA.sys
12:25:26.0781 1396 MODEMCSA - ok
12:25:26.0843 1396 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
12:25:27.0031 1396 Mouclass - ok
12:25:27.0062 1396 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
12:25:27.0312 1396 mouhid - ok
12:25:27.0359 1396 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
12:25:27.0546 1396 MountMgr - ok
12:25:27.0562 1396 mraid35x - ok
12:25:27.0609 1396 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
12:25:27.0812 1396 MRxDAV - ok
12:25:27.0890 1396 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
12:25:28.0015 1396 MRxSmb - ok
12:25:28.0062 1396 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\System32\msdtc.exe
12:25:28.0250 1396 MSDTC - ok
12:25:28.0312 1396 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
12:25:28.0500 1396 Msfs - ok
12:25:28.0515 1396 MSIServer - ok
12:25:28.0546 1396 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
12:25:28.0718 1396 MSKSSRV - ok
12:25:28.0781 1396 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
12:25:28.0984 1396 MSPCLOCK - ok
12:25:29.0031 1396 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
12:25:29.0218 1396 MSPQM - ok
12:25:29.0265 1396 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
12:25:29.0453 1396 mssmbios - ok
12:25:29.0515 1396 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
12:25:29.0718 1396 MSTEE - ok
12:25:29.0765 1396 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
12:25:29.0859 1396 Mup - ok
12:25:29.0953 1396 [ B4187346F54E362DAFFE647B25A58D50 ] N360 C:\Program Files\Norton Security Suite\Engine\4.4.0.12\ccSvcHst.exe
12:25:30.0015 1396 N360 - ok
12:25:30.0062 1396 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
12:25:30.0265 1396 NABTSFEC - ok
12:25:30.0328 1396 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
12:25:30.0531 1396 napagent - ok
12:25:30.0656 1396 [ 8E4C77AD9BB279900C00F870CC0C674B ] NAVENG C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20121001.004\NAVENG.SYS
12:25:30.0687 1396 NAVENG - ok
12:25:30.0765 1396 [ 826F699B69E88A3920C70F344DD42D88 ] NAVEX15 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20121001.004\NAVEX15.SYS
12:25:30.0890 1396 NAVEX15 - ok
12:25:30.0953 1396 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
12:25:31.0156 1396 NDIS - ok
12:25:31.0203 1396 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
12:25:31.0406 1396 NdisIP - ok
12:25:31.0453 1396 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
12:25:31.0531 1396 NdisTapi - ok
12:25:31.0578 1396 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
12:25:31.0781 1396 Ndisuio - ok
12:25:31.0812 1396 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
12:25:32.0015 1396 NdisWan - ok
12:25:32.0062 1396 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
12:25:32.0156 1396 NDProxy - ok
12:25:32.0203 1396 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
12:25:32.0390 1396 NetBIOS - ok
12:25:32.0437 1396 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
12:25:32.0640 1396 NetBT - ok
12:25:32.0703 1396 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
12:25:32.0906 1396 NetDDE - ok
12:25:32.0921 1396 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
12:25:33.0125 1396 NetDDEdsdm - ok
12:25:33.0171 1396 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\System32\lsass.exe
12:25:33.0359 1396 Netlogon - ok
12:25:33.0421 1396 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
12:25:33.0640 1396 Netman - ok
12:25:33.0687 1396 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:25:33.0734 1396 NetTcpPortSharing - ok
12:25:33.0781 1396 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
12:25:33.0859 1396 Nla - ok
12:25:33.0921 1396 [ 1E421A6BCF2203CC61B821ADA9DE878B ] nm C:\WINDOWS\system32\DRIVERS\NMnt.sys
12:25:34.0109 1396 nm - ok
12:25:34.0187 1396 [ 7AEA4DF1CA68FD45DD4BBE1F0243CE7F ] NMSAccess C:\Program Files\CDBurnerXP\NMSAccessU.exe
12:25:34.0234 1396 NMSAccess - ok
12:25:34.0296 1396 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
12:25:34.0484 1396 Npfs - ok
12:25:34.0562 1396 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
12:25:34.0781 1396 Ntfs - ok
12:25:34.0828 1396 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\System32\lsass.exe
12:25:35.0000 1396 NtLmSsp - ok
12:25:35.0078 1396 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
12:25:35.0312 1396 NtmsSvc - ok
12:25:35.0359 1396 [ CF7E041663119E09D2E118521ADA9300 ] NuidFltr C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
12:25:35.0390 1396 NuidFltr - ok
12:25:35.0421 1396 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
12:25:35.0656 1396 Null - ok
12:25:35.0765 1396 [ 1685A86CE8DC5A70D307DCA625FB50E7 ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
12:25:35.0921 1396 nv - ok
12:25:35.0968 1396 [ 697A09635E30D3722E1124EC33FACE15 ] NVSvc C:\WINDOWS\system32\nvsvc32.exe
12:25:36.0015 1396 NVSvc - ok
12:25:36.0062 1396 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
12:25:36.0296 1396 NwlnkFlt - ok
12:25:36.0343 1396 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
12:25:36.0546 1396 NwlnkFwd - ok
12:25:36.0593 1396 [ CEC7E2C6C1FA00C7AB2F5434F848AE51 ] OMCI C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS
12:25:36.0609 1396 OMCI ( UnsignedFile.Multi.Generic ) - warning
12:25:36.0609 1396 OMCI - detected UnsignedFile.Multi.Generic (1)
12:25:36.0687 1396 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:25:36.0718 1396 ose - ok
12:25:36.0765 1396 [ 240C0D4049A833B16B63B636ACF01672 ] PalmUSBD C:\WINDOWS\system32\drivers\PalmUSBD.sys
12:25:36.0859 1396 PalmUSBD - ok
12:25:36.0937 1396 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
12:25:37.0125 1396 Parport - ok
12:25:37.0187 1396 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
12:25:37.0390 1396 PartMgr - ok
12:25:37.0421 1396 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
12:25:37.0640 1396 ParVdm - ok
12:25:37.0687 1396 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
12:25:37.0890 1396 PCI - ok
12:25:37.0906 1396 PCIDump - ok
12:25:37.0937 1396 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
12:25:38.0171 1396 PCIIde - ok
12:25:38.0234 1396 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
12:25:38.0421 1396 Pcmcia - ok
12:25:38.0437 1396 PDCOMP - ok
12:25:38.0453 1396 PDFRAME - ok
12:25:38.0468 1396 PDRELI - ok
12:25:38.0484 1396 PDRFRAME - ok
12:25:38.0500 1396 perc2 - ok
12:25:38.0515 1396 perc2hib - ok
12:25:38.0593 1396 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
12:25:38.0671 1396 PlugPlay - ok
12:25:38.0734 1396 [ 2D091A99624FB9E7EEF0A86D872EC0C3 ] Pml Driver HPZ12 C:\WINDOWS\System32\HPZipm12.exe
12:25:38.0781 1396 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
12:25:38.0781 1396 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
12:25:38.0812 1396 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\System32\lsass.exe
12:25:39.0000 1396 PolicyAgent - ok
12:25:39.0046 1396 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
12:25:39.0250 1396 PptpMiniport - ok
12:25:39.0312 1396 [ A32BEBAF723557681BFC6BD93E98BD26 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
12:25:39.0500 1396 Processor - ok
12:25:39.0546 1396 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
12:25:39.0734 1396 ProtectedStorage - ok
12:25:39.0781 1396 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
12:25:39.0968 1396 PSched - ok
12:25:40.0000 1396 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
12:25:40.0250 1396 Ptilink - ok
12:25:40.0296 1396 [ E42E3433DBB4CFFE8FDD91EAB29AEA8E ] PxHelp20 C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
12:25:40.0328 1396 PxHelp20 - ok
12:25:40.0343 1396 ql1080 - ok
12:25:40.0359 1396 Ql10wnt - ok
12:25:40.0375 1396 ql12160 - ok
12:25:40.0390 1396 ql1240 - ok
12:25:40.0406 1396 ql1280 - ok
12:25:40.0453 1396 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
12:25:40.0656 1396 RasAcd - ok
12:25:40.0703 1396 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
12:25:40.0906 1396 RasAuto - ok
12:25:40.0968 1396 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
12:25:41.0156 1396 Rasl2tp - ok
12:25:41.0218 1396 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
12:25:41.0437 1396 RasMan - ok
12:25:41.0500 1396 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
12:25:41.0703 1396 RasPppoe - ok
12:25:41.0734 1396 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
12:25:41.0953 1396 Raspti - ok
12:25:42.0000 1396 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
12:25:42.0203 1396 Rdbss - ok
12:25:42.0234 1396 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
12:25:42.0468 1396 RDPCDD - ok
12:25:42.0546 1396 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
12:25:42.0750 1396 rdpdr - ok
12:25:42.0812 1396 [ FC105DD312ED64EB66BFF111E8EC6EAC ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
12:25:42.0875 1396 RDPWD - ok
12:25:42.0921 1396 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
12:25:43.0140 1396 RDSessMgr - ok
12:25:43.0187 1396 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
12:25:43.0375 1396 redbook - ok
12:25:43.0453 1396 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
12:25:43.0640 1396 RemoteAccess - ok
12:25:43.0703 1396 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
12:25:43.0906 1396 RemoteRegistry - ok
12:25:43.0953 1396 [ 8B5B8A11306190C6963D3473F052D3C8 ] Revoflt C:\WINDOWS\system32\DRIVERS\revoflt.sys
12:25:43.0984 1396 Revoflt - ok
12:25:44.0015 1396 [ D8B0B4ADE32574B2D9C5CC34DC0DBBE7 ] ROOTMODEM C:\WINDOWS\system32\Drivers\RootMdm.sys
12:25:44.0234 1396 ROOTMODEM - ok
12:25:44.0250 1396 Roxio UPnP Renderer 11 - ok
12:25:44.0296 1396 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\System32\locator.exe
12:25:44.0484 1396 RpcLocator - ok
12:25:44.0546 1396 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll
12:25:44.0640 1396 RpcSs - ok
12:25:44.0671 1396 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\System32\rsvp.exe
12:25:44.0906 1396 RSVP - ok
12:25:44.0953 1396 [ 471E91C38BD05CB024F9C02017235424 ] RTL8023 C:\WINDOWS\system32\DRIVERS\GA311ND5.SYS
12:25:44.0984 1396 RTL8023 ( UnsignedFile.Multi.Generic ) - warning
12:25:44.0984 1396 RTL8023 - detected UnsignedFile.Multi.Generic (1)
12:25:45.0031 1396 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
12:25:45.0203 1396 SamSs - ok
12:25:45.0265 1396 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
12:25:45.0468 1396 SCardSvr - ok
12:25:45.0531 1396 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
12:25:45.0750 1396 Schedule - ok
12:25:45.0812 1396 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
12:25:46.0000 1396 Secdrv - ok
12:25:46.0046 1396 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
12:25:46.0234 1396 seclogon - ok
12:25:46.0265 1396 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
12:25:46.0468 1396 SENS - ok
12:25:46.0531 1396 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
12:25:46.0734 1396 serenum - ok
12:25:46.0765 1396 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
12:25:46.0968 1396 Serial - ok
12:25:47.0046 1396 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
12:25:47.0250 1396 Sfloppy - ok
12:25:47.0312 1396 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
12:25:47.0531 1396 SharedAccess - ok
12:25:47.0578 1396 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
12:25:47.0625 1396 ShellHWDetection - ok
12:25:47.0640 1396 Simbad - ok
12:25:47.0687 1396 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
12:25:47.0890 1396 SLIP - ok
12:25:47.0906 1396 SMNDIS5 - ok
12:25:47.0984 1396 [ 5018A9DB5EB62E3EDB3110F82F556285 ] smwdm C:\WINDOWS\system32\drivers\smwdm.sys
12:25:48.0062 1396 smwdm - ok
12:25:48.0109 1396 [ E78C98378A071CE4D48A7C514FA98FA1 ] snapman C:\WINDOWS\system32\DRIVERS\snapman.sys
12:25:48.0156 1396 snapman - ok
12:25:48.0171 1396 Sparrow - ok
12:25:48.0218 1396 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
12:25:48.0421 1396 splitter - ok
12:25:48.0468 1396 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
12:25:48.0546 1396 Spooler - ok
12:25:48.0625 1396 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
12:25:48.0828 1396 sr - ok
12:25:48.0875 1396 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\System32\srsvc.dll
12:25:49.0093 1396 srservice - ok
12:25:49.0203 1396 [ EC5C3C6260F4019B03DFAA03EC8CBF6A ] SRTSP C:\WINDOWS\System32\Drivers\N360\0404000.00C\SRTSP.SYS
12:25:49.0250 1396 SRTSP - ok
12:25:49.0281 1396 [ 55D5C37ED41231E3AC2063D16DF50840 ] SRTSPX C:\WINDOWS\system32\drivers\N360\0404000.00C\SRTSPX.SYS
12:25:49.0312 1396 SRTSPX - ok
12:25:49.0375 1396 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
12:25:49.0468 1396 Srv - ok
12:25:49.0531 1396 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
12:25:49.0734 1396 SSDPSRV - ok
12:25:49.0796 1396 [ E57B778208C783D8DEBAB320C16A1B82 ] StarOpen C:\WINDOWS\system32\drivers\StarOpen.sys
12:25:49.0828 1396 StarOpen ( UnsignedFile.Multi.Generic ) - warning
12:25:49.0828 1396 StarOpen - detected UnsignedFile.Multi.Generic (1)
12:25:49.0890 1396 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
12:25:50.0125 1396 stisvc - ok
12:25:50.0171 1396 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
12:25:50.0375 1396 streamip - ok
12:25:50.0437 1396 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
12:25:50.0625 1396 swenum - ok
12:25:50.0687 1396 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
12:25:50.0890 1396 swmidi - ok
12:25:50.0906 1396 SwPrv - ok
12:25:50.0921 1396 symc810 - ok
12:25:50.0937 1396 symc8xx - ok
12:25:51.0000 1396 [ 56890BF9D9204B93042089D4B45AE671 ] SymDS C:\WINDOWS\system32\drivers\N360\0404000.00C\SYMDS.SYS
12:25:51.0062 1396 SymDS - ok
12:25:51.0125 1396 [ 10BA64273FEFF4DF0A7CCB0FF3B9B26B ] SymEFA C:\WINDOWS\system32\drivers\N360\0404000.00C\SYMEFA.SYS
12:25:51.0156 1396 SymEFA - ok
12:25:51.0203 1396 [ 961B48B86F94D4CC8CEB483F8AA89374 ] SymEvent C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
12:25:51.0234 1396 SymEvent - ok
12:25:51.0296 1396 [ DC80FBF0A348E54853EF82EED4E11E35 ] SymIRON C:\WINDOWS\system32\drivers\N360\0404000.00C\Ironx86.SYS
12:25:51.0328 1396 SymIRON - ok
12:25:51.0390 1396 [ BE6DE8FBF2DF9F13A90B8B6E943871B7 ] SYMTDI C:\WINDOWS\System32\Drivers\N360\0404000.00C\SYMTDI.SYS
12:25:51.0437 1396 SYMTDI - ok
12:25:51.0453 1396 sym_hi - ok
12:25:51.0468 1396 sym_u3 - ok
12:25:51.0531 1396 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
12:25:51.0718 1396 sysaudio - ok
12:25:51.0781 1396 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
12:25:51.0984 1396 SysmonLog - ok
12:25:52.0046 1396 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
12:25:52.0250 1396 TapiSrv - ok
12:25:52.0328 1396 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
12:25:52.0390 1396 Tcpip - ok
12:25:52.0437 1396 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
12:25:52.0625 1396 TDPIPE - ok
12:25:52.0671 1396 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
12:25:52.0859 1396 TDTCP - ok
12:25:52.0906 1396 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
12:25:53.0109 1396 TermDD - ok
12:25:53.0171 1396 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
12:25:53.0406 1396 TermService - ok
12:25:53.0453 1396 [ 9D4BBD6E27B5562AEA8295DE7134E386 ] thdudf C:\WINDOWS\system32\DRIVERS\thdudf.sys
12:25:53.0515 1396 thdudf ( UnsignedFile.Multi.Generic ) - warning
12:25:53.0515 1396 thdudf - detected UnsignedFile.Multi.Generic (1)
12:25:53.0562 1396 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
12:25:53.0609 1396 Themes - ok
12:25:53.0656 1396 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\System32\tlntsvr.exe
12:25:53.0875 1396 TlntSvr - ok
12:25:53.0890 1396 TosIde - ok
12:25:53.0937 1396 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
12:25:54.0156 1396 TrkWks - ok
12:25:54.0218 1396 TwonkyMedia - ok
12:25:54.0234 1396 TwonkyWebDav - ok
12:25:54.0296 1396 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
12:25:54.0500 1396 Udfs - ok
12:25:54.0515 1396 ultra - ok
12:25:54.0578 1396 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
12:25:54.0812 1396 Update - ok
12:25:54.0875 1396 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
12:25:55.0078 1396 upnphost - ok
12:25:55.0109 1396 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
12:25:55.0312 1396 UPS - ok
12:25:55.0359 1396 [ 4B8A9C16B6D9258ED99C512AECB8C555 ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys
12:25:55.0390 1396 USBAAPL ( UnsignedFile.Multi.Generic ) - warning
12:25:55.0390 1396 USBAAPL - detected UnsignedFile.Multi.Generic (1)
12:25:55.0437 1396 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
12:25:55.0625 1396 usbccgp - ok
12:25:55.0687 1396 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
12:25:55.0890 1396 usbehci - ok
12:25:55.0937 1396 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
12:25:56.0140 1396 usbhub - ok
12:25:56.0187 1396 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
12:25:56.0375 1396 usbprint - ok
12:25:56.0406 1396 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
12:25:56.0593 1396 usbscan - ok
12:25:56.0640 1396 [ 1C888B000C2F9492F4B15B5B6B84873E ] usbser C:\WINDOWS\system32\DRIVERS\usbser.sys
12:25:56.0828 1396 usbser - ok
12:25:56.0875 1396 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
12:25:57.0062 1396 USBSTOR - ok
12:25:57.0109 1396 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
12:25:57.0296 1396 usbuhci - ok
12:25:57.0312 1396 VComm - ok
12:25:57.0328 1396 VcommMgr - ok
12:25:57.0375 1396 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
12:25:57.0562 1396 VgaSave - ok
12:25:57.0578 1396 ViaIde - ok
12:25:57.0625 1396 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
12:25:57.0812 1396 VolSnap - ok
12:25:57.0890 1396 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
12:25:58.0078 1396 VSS - ok
12:25:58.0140 1396 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\System32\w32time.dll
12:25:58.0343 1396 W32Time - ok
12:25:58.0406 1396 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
12:25:58.0593 1396 Wanarp - ok
12:25:58.0640 1396 [ 0A716C08CB13C3A8F4F51E882DBF7416 ] wanatw C:\WINDOWS\system32\DRIVERS\wanatw4.sys
12:25:58.0718 1396 wanatw - ok
12:25:58.0796 1396 [ FD47474BD21794508AF449D9D91AF6E6 ] Wdf01000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
12:25:58.0843 1396 Wdf01000 - ok
12:25:58.0859 1396 WDICA - ok
12:25:58.0906 1396 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
12:25:59.0109 1396 wdmaud - ok
12:25:59.0171 1396 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
12:25:59.0359 1396 WebClient - ok
12:25:59.0468 1396 [ F45DD1E1365D857DD08BC23563370D0E ] WinDefend C:\Program Files\Windows Defender\MsMpEng.exe
12:25:59.0500 1396 WinDefend - ok
12:25:59.0593 1396 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
12:25:59.0812 1396 winmgmt - ok
12:25:59.0890 1396 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
12:25:59.0984 1396 WmdmPmSN - ok
12:26:00.0062 1396 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
12:26:00.0203 1396 Wmi - ok
12:26:00.0281 1396 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\System32\wbem\wmiapsrv.exe
12:26:00.0484 1396 WmiApSrv - ok
12:26:00.0593 1396 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
12:26:00.0718 1396 WMPNetworkSvc - ok
12:26:00.0765 1396 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys
12:26:00.0796 1396 WpdUsb - ok
12:26:00.0828 1396 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
12:26:01.0062 1396 WS2IFSL - ok
12:26:01.0125 1396 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
12:26:01.0328 1396 wscsvc - ok
12:26:01.0375 1396 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
12:26:01.0562 1396 WSTCODEC - ok
12:26:01.0609 1396 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
12:26:01.0812 1396 wuauserv - ok
12:26:01.0875 1396 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
12:26:01.0968 1396 WudfPf - ok
12:26:02.0000 1396 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
12:26:02.0046 1396 WudfRd - ok
12:26:02.0078 1396 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
12:26:02.0125 1396 WudfSvc - ok
12:26:02.0218 1396 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
12:26:02.0453 1396 WZCSVC - ok
12:26:02.0515 1396 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
12:26:02.0718 1396 xmlprov - ok
12:26:02.0734 1396 ================ Scan global ===============================
12:26:02.0781 1396 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
12:26:02.0843 1396 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
12:26:02.0875 1396 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
12:26:02.0906 1396 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
12:26:02.0906 1396 [Global] - ok
12:26:02.0921 1396 ================ Scan MBR ==================================
12:26:02.0953 1396 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
12:26:03.0156 1396 \Device\Harddisk0\DR0 - ok
12:26:03.0203 1396 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
12:26:03.0609 1396 \Device\Harddisk1\DR1 - ok
12:26:03.0625 1396 ================ Scan VBR ==================================
12:26:03.0625 1396 [ E8F443532B6F3393FF7FCAC0FBBCBC66 ] \Device\Harddisk0\DR0\Partition1
12:26:03.0625 1396 \Device\Harddisk0\DR0\Partition1 - ok
12:26:03.0640 1396 [ 72664896037D6061A5AB5210A21CDFFF ] \Device\Harddisk1\DR1\Partition1
12:26:03.0656 1396 \Device\Harddisk1\DR1\Partition1 - ok
12:26:03.0656 1396 ============================================================
12:26:03.0656 1396 Scan finished
12:26:03.0656 1396 ============================================================
12:26:03.0781 1452 Detected object count: 11
12:26:03.0781 1452 Actual detected object count: 11
12:27:22.0203 1452 BVRPMPR5 ( UnsignedFile.Multi.Generic ) - skipped by user
12:27:22.0203 1452 BVRPMPR5 ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:27:22.0218 1452 Diag69xp ( UnsignedFile.Multi.Generic ) - skipped by user
12:27:22.0218 1452 Diag69xp ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:27:22.0234 1452 G311N6 ( UnsignedFile.Multi.Generic ) - skipped by user
12:27:22.0234 1452 G311N6 ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:27:22.0234 1452 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
12:27:22.0234 1452 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:27:22.0234 1452 LANPkt ( UnsignedFile.Multi.Generic ) - skipped by user
12:27:22.0234 1452 LANPkt ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:27:22.0250 1452 OMCI ( UnsignedFile.Multi.Generic ) - skipped by user
12:27:22.0250 1452 OMCI ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:27:22.0250 1452 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
12:27:22.0250 1452 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:27:22.0250 1452 RTL8023 ( UnsignedFile.Multi.Generic ) - skipped by user
12:27:22.0250 1452 RTL8023 ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:27:22.0265 1452 StarOpen ( UnsignedFile.Multi.Generic ) - skipped by user
12:27:22.0265 1452 StarOpen ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:27:22.0265 1452 thdudf ( UnsignedFile.Multi.Generic ) - skipped by user
12:27:22.0265 1452 thdudf ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:27:22.0265 1452 USBAAPL ( UnsignedFile.Multi.Generic ) - skipped by user
12:27:22.0265 1452 USBAAPL ( UnsignedFile.Multi.Generic ) - User select action: Skip
Technot
Active Member
 
Posts: 7
Joined: September 27th, 2012, 2:46 am

Re: Malware removal help needed

Unread postby Technot » October 2nd, 2012, 3:51 pm

Computer performance seems to be pretty good. I've tried about 10 google searches, and none of them were redirected like before. So far so good!!

Thanks for your help. I appreciate it

Don
Technot
Active Member
 
Posts: 7
Joined: September 27th, 2012, 2:46 am

Re: Malware removal help needed

Unread postby Cypher » October 3rd, 2012, 6:03 am

Hi Don,
Thanks for your help. I appreciate it

You're most welcome.
Computer performance seems to be pretty good. I've tried about 10 google searches, and none of them were redirected like before. So far so good!!

Excellent but stay with me, i need you to run another scan.

ESET online scannner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan.

Note: If you are using Windows Vista or Windows 7, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.
  • First please Disable any Antivirus you have active, as shown in This topic.
  • Note: Don't forget to re-enable it after the scan.
  • Next hold down Control then click on the following link to open a new window to ESET online scannner
  • Select the option YES, I accept the Terms of Use then click on Start.
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on Start.
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on Finish.
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Malware removal help needed

Unread postby Technot » October 4th, 2012, 12:19 pm

C:\Documents and Settings\Donald\Local Settings\Application Data\{F029FFC6-E676-11E1-8270-B8AC6F996F26}\chrome\content\browser.xul JS/Redirector.NIQ trojan
C:\Documents and Settings\Donald\My Documents\cnet_cdbxp_setup_4_3_8_2568_exe.exe a variant of Win32/InstallCore.D application
C:\Documents and Settings\Donald\My Documents\cnet_HandBrake-0_9_5-Win_GUI_exe.exe a variant of Win32/InstallCore.D application
C:\Documents and Settings\Donald\My Documents\regacesetup.exe multiple threats
C:\Documents and Settings\Donald\My Documents\SoftonicDownloader_for_virtual-piano.exe Win32/SoftonicDownloader.D application
C:\Documents and Settings\Donald\My Documents\VLC_32.exe probably a variant of Win32/InstallIQ application
C:\Documents and Settings\Donald\My Documents\Downloads\cdbxp_setup_4.3.8.2568.exe Win32/OpenCandy application
C:\_OTL\MovedFiles\10022012_120115\C_Documents and Settings\Donald\Application Data\nmiscm.dll a variant of Win32/Medfos.CN trojan
Technot
Active Member
 
Posts: 7
Joined: September 27th, 2012, 2:46 am

Re: Malware removal help needed

Unread postby Cypher » October 4th, 2012, 1:19 pm

Hi Don,
Good work.
Do the following, then give me one more update on how your computer is performing.
Then if you're having no further problems i can give you final instructions.

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Image textbox. Do not include the word Code
    Code: Select all
    :processes
    killallprocesses
    
    :files
    C:\Documents and Settings\Donald\Local Settings\Application Data\{F029FFC6-E676-11E1-8270-B8AC6F996F26}\chrome\content\browser.xul
    C:\Documents and Settings\Donald\My Documents\cnet_cdbxp_setup_4_3_8_2568_exe.exe
    C:\Documents and Settings\Donald\My Documents\cnet_HandBrake-0_9_5-Win_GUI_exe.exe
    C:\Documents and Settings\Donald\My Documents\regacesetup.exe 
    C:\Documents and Settings\Donald\My Documents\SoftonicDownloader_for_virtual-piano.exe
    C:\Documents and Settings\Donald\My Documents\VLC_32.exe
    C:\Documents and Settings\Donald\My Documents\Downloads\cdbxp_setup_4.3.8.2568.exe 
    ipconfig /flushdns /c
    
    :commands
    [emptytemp]
    [clearallrestorepoints]
    
    
  • Then click the Run Fix button at the top.
  • Click Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Logs/Information to Post in your Next Reply

  • OTL Fix log.
  • Please give me an update on your computers performance.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Malware removal help needed

Unread postby Cypher » October 7th, 2012, 1:34 pm

Due to a lack of response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 92 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware