Jump to content

brianh9999

Members
  • Posts

    13
  • Joined

  • Last visited

Reputation

0 Neutral
  1. No infected files or threats found using ESET (no option provided to "list threats"). Symantec did however find what they classify as a "trojan" imbedded in the OTL.exe file (backdoor.graybird) and deleted the downloaded files. Everything else looks to be running normally. Thanks for your help.
  2. Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Database version: v2012.04.27.10 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 bhershberger :: DFNKC-5JQ35L1 [administrator] 4/27/2012 11:01:25 PM mbam-log-2012-04-27 (23-01-25).txt Scan type: Full scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 363830 Time elapsed: 1 hour(s), 20 minute(s), 34 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
  3. Sorry, missed this... All processes killed ========== OTL ========== File HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{70C385F0-8E41-11E1-826D-B8AC6F996F26}: C:\Documents and Settings\bhershberger.CSC\Local Settings\Application Data\{70C385F0-8E41-11E1-826D-B8AC6F996F26}\ not found. C:\DOCUMENTS AND SETTINGS\BHERSHBERGER.CSC\LOCAL SETTINGS\APPLICATION DATA\{70C385F0-8E41-11E1-826D-B8AC6F996F26} folder moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: Administrator ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: All Users User: bhershberger.CSC ->Temp folder emptied: 161366 bytes ->Temporary Internet Files folder emptied: 214326671 bytes ->Java cache emptied: 435020 bytes ->FireFox cache emptied: 1051302411 bytes ->Flash cache emptied: 14977116 bytes User: bhershberger.DFNKC-5JQ35L1 ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 5984764 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 57482 bytes ->Flash cache emptied: 56466 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 32969 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 32902 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 2577 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 3321 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 67 bytes RecycleBin emptied: 2545296030 bytes Total Files Cleaned = 3,655.00 mb OTL by OldTimer - Version 3.2.42.1 log created on 04272012_120018 Files\Folders moved on Reboot... C:\Documents and Settings\bhershberger.CSC\Local Settings\Temp\ExchangePerflog_8484fa31985e0f7f5b4cdef3.dat moved successfully. File\Folder C:\Documents and Settings\bhershberger.CSC\Local Settings\Temporary Internet Files\Content.Word\~WRS{0EE30124-DAD2-4BF6-A64D-CEF1C7BDA0CF}.tmp not found! File\Folder C:\Documents and Settings\bhershberger.CSC\Local Settings\Temporary Internet Files\Content.Word\~WRS{7184F48E-16FC-466F-9AD1-47F52D32FCA2}.tmp not found! File\Folder C:\Documents and Settings\bhershberger.CSC\Local Settings\Temporary Internet Files\Content.Word\~WRS{7F4AF778-4695-421F-AEDB-1E80C510E88B}.tmp not found! File\Folder C:\Documents and Settings\bhershberger.CSC\Local Settings\Temporary Internet Files\Content.Word\~WRS{BADF4985-0585-445F-BA5D-4E3F728A1CB0}.tmp not found! Registry entries deleted on Reboot...
  4. Everything booted correctly. Disabled the anti-hijacker add-on and ran my redirect tests again. No redirects yet. I had actually just opened that hidden folder, after scanning the OTL log, when your reply popped up. Nice little tool that OTL.
  5. Extras log.... OTL Extras logfile created on: 4/27/2012 11:16:58 AM - Run 1 OTL by OldTimer - Version 3.2.42.1 Folder = C:\Documents and Settings\bhershberger.CSC\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.46 Gb Total Physical Memory | 2.20 Gb Available Physical Memory | 63.71% Memory free 5.29 Gb Paging File | 3.85 Gb Available in Paging File | 72.76% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 148.96 Gb Total Space | 75.68 Gb Free Space | 50.81% Space Free | Partition Type: NTFS Drive V: | 40.00 Gb Total Space | 10.12 Gb Free Space | 25.30% Space Free | Partition Type: NTFS Drive W: | 40.00 Gb Total Space | 4.43 Gb Free Space | 11.07% Space Free | Partition Type: NTFS Drive X: | 836.62 Gb Total Space | 783.00 Gb Free Space | 93.59% Space Free | Partition Type: NTFS Drive Y: | 793.58 Gb Total Space | 492.10 Gb Free Space | 62.01% Space Free | Partition Type: NTFS Drive Z: | 836.62 Gb Total Space | 783.00 Gb Free Space | 93.59% Space Free | Partition Type: NTFS Computer Name: DFNKC-5JQ35L1 | User Name: bhershberger | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l [HKEY_USERS\S-1-5-21-2719337179-821044013-2112406857-1012\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) [HKEY_USERS\S-1-5-21-453876738-3065766259-2469240769-1116\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 "DoNotAllowExceptions" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "2799:UDP" = 2799:UDP:*:Disabled:Altova License Metering Port (UDP) "2799:TCP" = 2799:TCP:*:Disabled:Altova License Metering Port (TCP) "58837:TCP" = 58837:TCP:*:Enabled:Pando Media Booster "58837:UDP" = 58837:UDP:*:Enabled:Pando Media Booster "4500:UDP" = 4500:UDP:LocalSubNet:Enabled:IPsec (IKE NAT-T) "500:UDP" = 500:UDP:LocalSubNet:Enabled:IPsec (IKE) "135:TCP" = 135:TCP:LocalSubNet:Enabled:RPC Endpoint Mapper and DCOM infrastructure "67:UDP" = 67:UDP:*:Enabled:DHCP Server "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "58837:TCP" = 58837:TCP:*:Enabled:Pando Media Booster "58837:UDP" = 58837:UDP:*:Enabled:Pando Media Booster "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe" = C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe:*:Enabled:SMC Service -- (Symantec Corporation) "C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE" = C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE:*:Enabled:SNAC Service -- (Symantec Corporation) "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" = C:\Program Files\Common Files\Symantec Shared\ccApp.exe:*:Enabled:Symantec Email -- (Symantec Corporation) "C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- () "C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe" = C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe:*:Enabled:Microsoft Office Live Meeting 2007 -- (Microsoft Corporation) "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.) "C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console -- (Microsoft Corporation) "C:\Program Files\Google\Google Earth\plugin\geplugin.exe" = C:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth -- (Google) "C:\Program Files\Turbine\The Lord of the Rings Online\lotroclient.exe" = C:\Program Files\Turbine\The Lord of the Rings Online\lotroclient.exe:*:Disabled:lotroclient "C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Disabled:hpoews01.exe -- (Hewlett-Packard Co.) "C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Disabled:hpofxm08.exe -- (Hewlett-Packard Co.) "C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Disabled:hposfx08.exe -- (Hewlett-Packard Co.) "C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Disabled:hposid01.exe -- (Hewlett-Packard Co.) "C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Disabled:hpzwiz01.exe -- (Hewlett-Packard Co.) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.) "C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- () "C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe" = C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe:*:Enabled:Microsoft Office Live Meeting 2007 -- (Microsoft Corporation) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{01C5A10F-AD9B-405B-853A-6659841A1242}" = Microsoft SQL Server 2008 Policies "{044F9133-B8D7-4d11-BF39-803FA20F5C8B}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32 "{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software "{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data "{095D1497-0E3A-4FA5-BFDC-B5B0148F0316}" = Absolute Beginner's Series VB Additional Material "{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE 10.3 "{0A55CDBB-0566-4AA2-A15B-24C7F27C6FF4}" = BPD_Scan "{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager "{0C19D563-5F25-4621-BF10-01F741BD283F}" = Microsoft SQL Server Compact 3.5 SP1 Design Tools English "{10A44844-4465-456E-8C97-80BDD4F68845}" = Windows Live ID Sign-in Assistant "{1111706F-666A-4037-7777-202328764D10}" = JavaFX 2.0.2 "{14237138-900C-4C0A-AF63-1888F2671F9D}" = SO32MMWrapper "{144AF326-87B4-438C-AE8E-AF6F227C3797}" = Absolute Beginner's Series VB Lesson 7 "{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime "{15BD29B2-B341-E88B-C9F4-CFCD48F44B76}" = Digital Edition - Sporting_Match_Day_Volume_2_Issue_4 - 1001694 "{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan "{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer "{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg "{196E77C5-F524-4B50-BD1A-2C21EEE9B8F7}" = Microsoft SQL Server 2008 Common Files "{1E99F5D7-4262-4C7C-9135-F066E7485811}" = System Requirements Lab "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools "{2020045B-8DCF-4449-8D5C-EB5BA37440F1}" = Microsoft SQL Server 2008 Management Studio "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool "{2220CF3A-EBD6-4070-94D0-0C7337B537A7}" = All Day Battery Life Configuration "{2222706F-666A-4037-7777-202328764D10}" = JavaFX 2.0.2 SDK "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{23B9A2D6-A12F-4C7D-ADE5-D3D4FF035FDB}" = Absolute Beginner's Series VB Lesson 4 "{24A494F3-5B5F-4183-9F7D-9CE82812C1FC}" = tsp patch "{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java 6 Update 29 "{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java 6 Update 22 "{26A24AE4-039D-4CA4-87B4-2F83217002FF}" = Java 7 Update 2 "{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in "{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ) "{2D87E961-577B-492B-AD54-1368680FB9A7}" = Bing Maps 3D "{302A1E2E-DD58-4673-BC99-9CC10EC2637A}" = WinPatrol "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager "{32A3A4F4-B792-11D6-A78A-00B0D0170020}" = Java SE Development Kit 7 Update 2 "{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}" = SQL Server System CLR Types "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{35748B06-FCFC-4700-8285-DAD41689E4FE}" = Broadcom TPM Driver Installer "{3872C2B2-1C00-4742-83F5-D0797278E9EF}" = Dell Control Point "{3A6BE9F4-5FC8-44BB-BE7B-32A29607FEF6}" = Preboot Manager "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform "{3C1AE512-3C37-44FA-BA42-ABB721EC5B1D}" = Symantec Endpoint Protection "{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{3C74D5C3-EBB9-408E-972F-B9802F13D5E4}" = 3DVIA Shape for Maps "{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3 "{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support "{4112625F-2D38-49EF-924F-48511BC5CD34}" = Microsoft SQL Server 2008 Database Engine Services "{45EA11B5-874D-480E-89B9-2545505BBE3E}" = Microsoft OpenType Font File Properties Extension "{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR "{4815BD99-96A4-49FE-A885-DCF06E9E4E78}" = Microsoft SQL Server 2008 Database Engine Shared "{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files "{4AE03D1A-93E9-47A6-9F52-85AA9C4676C9}" = Absolute Beginner's Series VB Lesson 2 "{4F44B5AE-82A6-4A8A-A3E3-E24D489728E3}" = Microsoft SQL Server 2008 Native Client "{4FB600F5-C478-4DF7-A2BC-57D3807BAC91}" = BPDSoftware_Ini "{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies "{5104B07C-6A3D-4E7E-8BBB-960B52554BDD}" = BPD_HPSU "{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2}" = Document Manager Lite "{53333479-6A52-4816-8497-5C52B67ED339}" = EMBASSY Security Setup "{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English) "{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features "{59333B51-EA3C-4D7B-9AFE-96AD51B3C266}" = AuthenTec Fingerprint Software "{5BE1E709-30E4-3D6D-A708-96CE8D5E5E8D}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu "{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail "{64CDE8F2-3791-46F5-BAD2-72FFF5252FAB}" = Microsoft SQL Server Compact 3.5 SP1 Query Tools English "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3 "{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder "{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{6B307310-53C1-8F80-465E-E2A96FA5EA5D}" = FlipShare "{6DE6837F-F3A3-40FF-9F5C-A0B95948E32D}" = Dassault Systemes Software Prerequisites x86 "{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder "{6F7F59D5-12F6-4571-9935-A2921AA17F78}" = Microsoft SQL Server 2008 Setup Support Files (English) "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{71F00DA5-D21D-4245-8FC1-85849BBAD00D}" = Dell ControlPoint System Manager "{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio "{75729BD7-F978-4C18-AF98-C0A682BF17D0}" = Broadcom NetXtreme-I Netlink Driver and Management Installer "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7846A661-C268-4CA4-BCDA-21D044DB08CF}" = HighlineXL "{79B520D5-CE72-4661-A054-804BC3412516}" = Wave Infrastructure Installer "{7A7DC702-DEDE-42A8-8722-B3BA724D546F}" = Fax "{7B088773-4913-46E1-813E-CD1A0FA9CB03}" = DCP32MMWrapper "{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials "{842FAF7C-50EF-4463-9B8F-6222E1384D7D}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries "{847AA256-42FA-45D1-BC8B-5C75E6EE6352}" = Microsoft Data Access Application Block for .NET "{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync "{868EA922-5675-4E91-BDA6-BBD0F923C5EF}" = HP Officejet Pro All-In-One Series "{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder "{8868D822-2CBA-46B2-A286-B400B6185769}" = 7500_7600_7700_Help "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86) "{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update "{8CB7F4E6-73AE-4D8F-86A2-EAE39CE72FD1}" = Intel® PROSet/Wireless WiFi API "{8F968232-15C6-4872-84C2-9FCDAA1AEAB6}" = MPM "{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12 "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007 "{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007 "{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007 "{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007 "{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager "{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components "{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007 "{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{937B232D-9776-471E-92BD-D424E514EF14}" = Logitech QuickCam "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch "{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster "{9AE41AF3-FAD1-4A34-8976-747FDC19FE08}" = Intel® PROSet/Wireless WiFi Driver "{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}" = Destinations "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9C875FEA-B49E-49F7-AE62-0F9B91F90982}" = SRS Premium Sound "{9EDA3DD1-130D-4EE1-A3D2-5A3D795CC8C9}" = MFCLOC "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad "{A093D83F-429A-4AB2-A0CD-1F7E9C7B764A}" = Trusted Drive Manager "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter "{A495D4DC-4036-4914-9CB2-0FCF6A3166EF}" = L7500 "{A607B23F-0A31-42BC-930D-0613CA78DF56}" = Absolute Beginner's Series VB Lesson 3 "{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components "{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder "{ABBA2EA4-740E-4052-902B-9CA70B081E3F}" = Dell Embassy Trust Suite by Wave Systems "{AC76BA86-1033-F400-BA7E-000000000004}" = Adobe Acrobat 9 Standard - English, Français, Deutsch "{AC76BA86-1033-F400-BA7E-000000000004}_951" = Adobe Acrobat 9.5.1 - CPSID_83708 "{AC76BA86-1033-F400-BA7E-000000000004}{AC76BA86-1033-F400-BA7E-000000000004}" = Adobe Acrobat 9 Standard - English, Français, Deutsch "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1) "{AE60F600-FD60-40C4-A990-72F9BFEE475C}" = Dell Backup and Recovery Manager "{AF7E4468-E364-4991-BC2A-6E8293E1055B}" = BioAPI Framework "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0 "{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2 "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy "{B857D868-F8B0-43EE-BC2B-D9E5ED21F237}" = Microsoft SQL Server VSS Writer "{B8E9F8A1-9F4D-43D5-ABD6-1DF067FAA469}" = Microsoft SQL Server 2008 Database Engine Services "{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation "{BB93D30B-B395-44BB-A9ED-A0E057F07E53}" = NTRU TCG Software Stack "{BC52E419-B185-488F-9973-049A88E5DCBE}" = Gemalto "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86) "{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client "{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C2E08A6B-864A-4EC5-8C7A-1906CDA5CF1B}" = ZMdesk 3.30.0430 "{C3FA63E2-AFD3-41FD-B48F-1D942CC71943}" = UPEK TouchChip Fingerprint Reader "{C5A2C00E-DC71-47EC-BA28-89B792D5001B}" = ZMdesk 3.45.0524 "{C688457E-03FD-4941-923B-A27F4D42A7DD}" = Microsoft SQL Server 2008 Browser "{C716522C-3731-4667-8579-40B098294500}" = Toolbox "{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1 "{D10A96A1-C3F4-45C3-959E-D0C779DB5CEC}" = Absolute Beginner's Series VB Lesson 5 "{D6AB1F5B-FED6-49A9-9747-327BD28FB3C7}" = COMODO Internet Security "{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery "{D8087907-E255-3A41-A46D-D0F798709C71}" = Microsoft Visual C++ 2008 Express Edition with SP1 - ENU "{DD622B1D-A78E-3FE8-9C8C-246F5764B0D0}" = Microsoft Visual Basic 2008 Express Edition with SP1 - ENU "{DEB9AEF7-3ADA-40a9-9C98-546D54FE9CBD}" = ProductContext "{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport "{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update "{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English "{E64CB9D0-29C2-4E6E-8640-18069875E04C}" = Absolute Beginner's Series VB Lesson 6 "{E738A392-F690-4A9D-808E-7BAF80E0B398}" = ESC Home Page Plugin "{EA710A0A-BF5D-433C-8EB5-D17DC54CC298}" = Microsoft Office Live Meeting 2007 "{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential "{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply "{EC84E3E6-C2D6-4DFB-81E0-448324C8FDF4}" = Security Wizards "{ECAD4F6A-0BF3-4028-9C81-E5D9F9606CBA}" = BPDSoftware "{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE 10.3 "{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F1DC7648-8623-442F-92B7-E118DF61872E}" = Microsoft SQL Server 2008 RsFx Driver "{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer "{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5 "{F4487649-7368-4217-AEA3-1E04DB3E2C5C}" = Dell ControlPoint Security Manager "{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0 "{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call "{F73C08B0-5234-4D73-853C-E2CAE72CA955}" = ZMdesk 3.2.1103 "{FA9C3624-C693-4423-8A8B-2BC2B9F607AB}" = Microsoft SQL Server 2008 Management Studio "{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp "{FF1DDCF4-3A28-4F7F-96D8-E3F4BD1C1702}" = Dell Security Device Driver Pack "3ivx MPEG-4 5.0.3" = 3ivx MPEG-4 5.0.3 (remove only) "7-Zip" = 7-Zip 9.20 "9D57DE505B6D8C710EF3B74BE638DBB936EED8A3" = Windows Driver Package - Dell Inc. PBADRV System (01/07/2008 1.0.1.5) "ActiveTouchMeetingClient" = Cisco WebEx Meetings "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "Android SDK Tools" = Android SDK Tools "BancWare Data Integration 4.1.0.25279" = BancWare Data Integration 4.1.0.25279 "Business Contact Manager" = Business Contact Manager for Outlook 2007 SP2 "com.digitaldm.editions.10016940" = Digital Edition - Sporting_Match_Day_Volume_2_Issue_4 - 10016940 "Comodo Dragon" = Comodo Dragon "D3F88C3864C8C031A7C5D5E63A76571EC1B047DF" = Windows Driver Package - AuthenTec Inc. (ATSwpWDF) Biometric (05/13/2009 8.4.2.0) "ERUNT_is1" = ERUNT 1.1j "FLV Player" = FLV Player 2.0 (build 25) "Google Chrome" = Google Chrome "GoToAssist Express Customer" = GoToAssist Customer 1.5.0.274 "HDMI" = Intel® Graphics Media Accelerator Driver "Highline Financial Excel Addin" = HighlineXL Excel Addin (remove only) "HP Imaging Device Functions" = HP Imaging Device Functions 8.0 "HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0 "HPExtendedCapabilities" = HP Customer Participation Program 8.0 "HPOCR" = HP OCR Software 8.0 "ie8" = Windows Internet Explorer 8 "Insight 3.7" = Insight 3.7 "InstallShield_{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software "InstallShield_{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager "InstallShield_{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2}" = Document Manager Lite "InstallShield_{53333479-6A52-4816-8497-5C52B67ED339}" = EMBASSY Security Setup "InstallShield_{E738A392-F690-4A9D-808E-7BAF80E0B398}" = ESC Home Page Plugin "InstallShield_{EC84E3E6-C2D6-4DFB-81E0-448324C8FDF4}" = Security Wizards "InstallShield_{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center "KONICA MINOLTA C652Series Installer" = KONICA MINOLTA C652Series "LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation) "lvdrivers_11.90" = Logitech QuickCam Driver Package "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400 "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft SQL Server 10" = Microsoft SQL Server 2008 "Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008 "Microsoft SQL Server 2005" = Microsoft SQL Server 2005 "Microsoft Visual Basic 2008 Express Edition with SP1 - ENU" = Microsoft Visual Basic 2008 Express Edition with SP1 - ENU "Microsoft Visual C++ 2008 Express Edition with SP1 - ENU" = Microsoft Visual C++ 2008 Express Edition with SP1 - ENU "Mozilla Firefox 11.0 (x86 en-US)" = Mozilla Firefox 11.0 (x86 en-US) "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "NBRTWizard" = Norton Bootable Recovery Tool Wizard "PROHYBRIDR" = 2007 Microsoft Office system "ProInst" = Intel PROSet Wireless "RealPlayer 12.0" = RealPlayer "Revo Uninstaller" = Revo Uninstaller 1.91 "SpywareBlaster_is1" = SpywareBlaster 4.6 "Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "WinLiveSuite_Wave3" = Windows Live Essentials "Winmail Reader_is1" = Winmail Reader 1.1.11 "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 "XpsEPSC" = XML Paper Specification Shared Components Pack 1.0 "Yahoo! Messenger" = Yahoo! Messenger "Yahoo! Software Update" = Yahoo! Software Update ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-453876738-3065766259-2469240769-1116\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "GoToMeeting" = GoToMeeting 4.8.0.723 ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 4/20/2012 9:59:01 AM | Computer Name = DFNKC-5JQ35L1 | Source = Wave TCG Client Services | ID = 123 Description = The NTRU TSS is not running, Wave Software is unable to communicate to TPM Error - 4/20/2012 3:11:52 PM | Computer Name = DFNKC-5JQ35L1 | Source = Wave TCG Client Services | ID = 123 Description = The NTRU TSS is not running, Wave Software is unable to communicate to TPM Error - 4/23/2012 9:43:24 AM | Computer Name = DFNKC-5JQ35L1 | Source = Wave TCG Client Services | ID = 123 Description = The NTRU TSS is not running, Wave Software is unable to communicate to TPM Error - 4/23/2012 12:30:46 PM | Computer Name = DFNKC-5JQ35L1 | Source = Wave TCG Client Services | ID = 123 Description = The NTRU TSS is not running, Wave Software is unable to communicate to TPM Error - 4/24/2012 9:42:32 AM | Computer Name = DFNKC-5JQ35L1 | Source = Wave TCG Client Services | ID = 123 Description = The NTRU TSS is not running, Wave Software is unable to communicate to TPM Error - 4/24/2012 3:07:18 PM | Computer Name = DFNKC-5JQ35L1 | Source = .NET Runtime 2.0 Error Reporting | ID = 5000 Description = EventType clr20r3, P1 csxomanerw.exe, P2 0.0.0.0, P3 4f8f9fe5, P4 mscorlib, P5 2.0.0.0, P6 4e154d36, P7 f4f, P8 7, P9 n3ctrye2kn3c34sgl4zqyrbfte4m13nb, P10 NIL. Error - 4/25/2012 10:00:43 AM | Computer Name = DFNKC-5JQ35L1 | Source = Wave TCG Client Services | ID = 123 Description = The NTRU TSS is not running, Wave Software is unable to communicate to TPM Error - 4/25/2012 10:03:39 AM | Computer Name = DFNKC-5JQ35L1 | Source = Symantec AntiVirus | ID = 16711731 Description = Security Risk Found!Bloodhound.MalPE in File: C:\Documents and Settings\bhershberger.CSC\Local Settings\temp\DWH7.tmp by: Auto-Protect scan. Action: Clean failed : Quarantine failed : Access denied. Action Description: The file was left unchanged. Error - 4/25/2012 10:20:56 AM | Computer Name = DFNKC-5JQ35L1 | Source = Symantec AntiVirus | ID = 16711731 Description = Security Risk Found!Tracking Cookies in File: Cookie:bhershberger@yieldmanager.net/ by: Manual scan. Action: Quarantine failed : Leave Alone failed. Action Description: The file was deleted successfully. Error - 4/25/2012 12:04:12 PM | Computer Name = DFNKC-5JQ35L1 | Source = Symantec AntiVirus | ID = 16711753 Description = TruScan has generated an error: code 9: description: Heuristic Scan or Load Failure [ OSession Events ] Error - 2/6/2012 5:18:47 PM | Computer Name = DFNKC-5JQ35L1 | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1435 seconds with 0 seconds of active time. This session ended with a crash. Error - 2/7/2012 6:23:11 PM | Computer Name = DFNKC-5JQ35L1 | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6654.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 26540 seconds with 18060 seconds of active time. This session ended with a crash. Error - 2/14/2012 2:06:54 PM | Computer Name = DFNKC-5JQ35L1 | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6654.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 10884 seconds with 7380 seconds of active time. This session ended with a crash. Error - 2/15/2012 4:44:37 PM | Computer Name = DFNKC-5JQ35L1 | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6654.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 6041 seconds with 3120 seconds of active time. This session ended with a crash. Error - 4/11/2012 7:11:01 PM | Computer Name = DFNKC-5JQ35L1 | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6654.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 5675 seconds with 2100 seconds of active time. This session ended with a crash. Error - 4/16/2012 2:38:44 PM | Computer Name = DFNKC-5JQ35L1 | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6654.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 15061 seconds with 3840 seconds of active time. This session ended with a crash. Error - 4/16/2012 7:02:53 PM | Computer Name = DFNKC-5JQ35L1 | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6654.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 13665 seconds with 4260 seconds of active time. This session ended with a crash. Error - 4/16/2012 7:07:40 PM | Computer Name = DFNKC-5JQ35L1 | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6654.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 229 seconds with 120 seconds of active time. This session ended with a crash. Error - 4/16/2012 7:16:13 PM | Computer Name = DFNKC-5JQ35L1 | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6654.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 372 seconds with 240 seconds of active time. This session ended with a crash. Error - 4/25/2012 4:10:21 PM | Computer Name = DFNKC-5JQ35L1 | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6654.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 5523 seconds with 3900 seconds of active time. This session ended with a crash. [ System Events ] Error - 4/25/2012 6:57:33 PM | Computer Name = DFNKC-5JQ35L1 | Source = DCOM | ID = 10005 Description = DCOM got error "%1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} Error - 4/25/2012 6:57:33 PM | Computer Name = DFNKC-5JQ35L1 | Source = DCOM | ID = 10005 Description = DCOM got error "%1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} Error - 4/25/2012 6:57:33 PM | Computer Name = DFNKC-5JQ35L1 | Source = DCOM | ID = 10005 Description = DCOM got error "%1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} Error - 4/25/2012 6:57:33 PM | Computer Name = DFNKC-5JQ35L1 | Source = DCOM | ID = 10005 Description = DCOM got error "%1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} Error - 4/25/2012 6:57:33 PM | Computer Name = DFNKC-5JQ35L1 | Source = DCOM | ID = 10005 Description = DCOM got error "%1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} Error - 4/25/2012 6:57:33 PM | Computer Name = DFNKC-5JQ35L1 | Source = DCOM | ID = 10005 Description = DCOM got error "%1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} Error - 4/25/2012 6:57:33 PM | Computer Name = DFNKC-5JQ35L1 | Source = DCOM | ID = 10005 Description = DCOM got error "%1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} Error - 4/25/2012 6:57:33 PM | Computer Name = DFNKC-5JQ35L1 | Source = DCOM | ID = 10005 Description = DCOM got error "%1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} Error - 4/25/2012 6:57:33 PM | Computer Name = DFNKC-5JQ35L1 | Source = DCOM | ID = 10005 Description = DCOM got error "%1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} Error - 4/25/2012 10:02:17 PM | Computer Name = DFNKC-5JQ35L1 | Source = NETLOGON | ID = 5719 Description = No Domain Controller is available for domain CSC due to the following: %%1311. Make sure that the computer is connected to the network and try again. If the problem persists, please contact your domain administrator. < End of report >
  6. Installed the BrowserProtect add-on for firefox which is supposed to prevent hijacks at the browser level. After numerous attempts to recreate the redirect the add-on seems to be working but like yesterday I'm probably not addressing the underlying problem. OTL log... OTL logfile created on: 4/27/2012 11:16:58 AM - Run 1 OTL by OldTimer - Version 3.2.42.1 Folder = C:\Documents and Settings\bhershberger.CSC\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.46 Gb Total Physical Memory | 2.20 Gb Available Physical Memory | 63.71% Memory free 5.29 Gb Paging File | 3.85 Gb Available in Paging File | 72.76% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 148.96 Gb Total Space | 75.68 Gb Free Space | 50.81% Space Free | Partition Type: NTFS Drive V: | 40.00 Gb Total Space | 10.12 Gb Free Space | 25.30% Space Free | Partition Type: NTFS Drive W: | 40.00 Gb Total Space | 4.43 Gb Free Space | 11.07% Space Free | Partition Type: NTFS Drive X: | 836.62 Gb Total Space | 783.00 Gb Free Space | 93.59% Space Free | Partition Type: NTFS Drive Y: | 793.58 Gb Total Space | 492.10 Gb Free Space | 62.01% Space Free | Partition Type: NTFS Drive Z: | 836.62 Gb Total Space | 783.00 Gb Free Space | 93.59% Space Free | Partition Type: NTFS Computer Name: DFNKC-5JQ35L1 | User Name: bhershberger | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/04/27 11:15:39 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\bhershberger.CSC\Desktop\OTL(1).exe PRC - [2012/04/15 16:04:44 | 000,374,368 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe PRC - [2012/04/13 07:59:46 | 000,409,232 | ---- | M] () -- C:\Program Files\Comodo\Dragon\dragon_updater.exe PRC - [2012/03/20 08:37:33 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2012/03/11 21:13:22 | 001,983,232 | ---- | M] (COMODO) -- C:\Program Files\Comodo\COMODO Internet Security\cmdagent.exe PRC - [2012/03/11 21:13:02 | 006,749,512 | ---- | M] (COMODO) -- C:\Program Files\Comodo\COMODO Internet Security\cfp.exe PRC - [2012/03/07 16:27:25 | 003,905,920 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe PRC - [2012/01/20 10:44:35 | 000,161,664 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe PRC - [2011/09/30 09:28:08 | 000,546,464 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Online Scanner\OnlineScannerApp.exe PRC - [2011/09/30 09:28:06 | 000,884,304 | ---- | M] () -- C:\Program Files\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe PRC - [2011/08/11 18:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe PRC - [2010/06/28 10:17:16 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe PRC - [2010/06/28 10:17:12 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe PRC - [2010/06/28 10:16:45 | 001,459,528 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe PRC - [2010/06/28 10:16:44 | 001,881,368 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe PRC - [2010/06/28 10:16:39 | 001,831,024 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe PRC - [2009/07/16 13:04:56 | 000,376,096 | ---- | M] (Dell Inc.) -- c:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe PRC - [2009/07/05 17:56:34 | 000,015,872 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe PRC - [2009/06/11 22:46:46 | 000,656,384 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe PRC - [2009/06/11 19:43:08 | 001,622,016 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe PRC - [2009/05/18 09:36:00 | 000,145,920 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe PRC - [2009/05/15 18:33:40 | 001,803,512 | ---- | M] (AuthenTec, Inc.) -- C:\Program Files\Fingerprint Sensor\AtService.exe PRC - [2009/04/27 14:40:26 | 000,293,968 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe PRC - [2009/03/16 20:57:38 | 000,483,420 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe PRC - [2009/03/16 20:57:26 | 000,254,034 | ---- | M] (IDT, Inc.) -- c:\drivers\audio\R213367\stacsv.exe PRC - [2009/03/16 20:57:14 | 000,729,088 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\system32\AESTFltr.exe PRC - [2009/02/22 16:51:40 | 000,049,250 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe PRC - [2009/02/22 16:51:24 | 000,200,704 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe PRC - [2009/02/22 16:51:22 | 000,050,472 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe PRC - [2009/02/22 16:51:22 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe PRC - [2009/02/11 18:38:40 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe PRC - [2009/02/11 18:38:38 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2008/10/02 12:26:42 | 000,860,160 | ---- | M] (Intel® Corporation) -- c:\Program Files\Intel\WiFi\bin\EvtEng.exe PRC - [2008/10/02 12:06:56 | 000,905,216 | ---- | M] (Intel® Corporation) -- c:\Program Files\Intel\WiFi\bin\S24EvMon.exe PRC - [2008/10/02 11:56:44 | 000,466,944 | ---- | M] (Intel® Corporation) -- c:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe PRC - [2008/04/14 07:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2008/01/11 18:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe ========== Modules (No Company Name) ========== MOD - [2012/04/27 08:32:02 | 000,065,024 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll MOD - [2012/04/27 08:32:02 | 000,052,736 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll MOD - [2012/04/25 09:43:07 | 000,117,760 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL MOD - [2012/04/25 09:43:07 | 000,052,224 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll MOD - [2012/04/13 07:59:46 | 000,409,232 | ---- | M] () -- C:\Program Files\Comodo\Dragon\dragon_updater.exe MOD - [2012/04/11 16:09:30 | 002,359,808 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.BusinessS#\fb15ea43309da95f2ad525edd0b2b258\Microsoft.BusinessSolutions.eCRM.OutlookAddIn.ni.dll MOD - [2012/04/11 16:09:25 | 004,466,688 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.BusinessS#\f9b9607d3dcc58ce953aa6217a607a92\Microsoft.BusinessSolutions.eCRM.OutlookAddIn.CSUtils.ni.dll MOD - [2012/04/11 16:09:22 | 001,712,128 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\3ec4a3f74cb80c9b9581d778e8645b2c\Microsoft.VisualBasic.ni.dll MOD - [2012/04/11 16:09:19 | 000,391,168 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Iris.Mapi.MessageSt#\266a0723d8e88a12ff4dba5c0607be7a\Iris.Mapi.MessageStore.ni.dll MOD - [2012/04/11 16:09:18 | 000,462,336 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.BusinessS#\e0ebc8cc3e2541c2c24c8d1d83521359\Microsoft.BusinessSolutions.eCRM.DataSync.ni.dll MOD - [2012/04/11 16:09:15 | 003,826,176 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\BusinessLayer\0e1da55e310125471d0f726ba4f338b4\BusinessLayer.ni.dll MOD - [2012/04/11 16:09:09 | 001,039,872 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Interop.M#\99c5f05fec424a6f34f19eda882a2f6d\Microsoft.Interop.Mapi.Impl.ni.dll MOD - [2012/04/11 16:09:08 | 001,526,272 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\BCMRes\5887ad6ee72e304efdfcccb62cefc9c7\BCMRes.ni.dll MOD - [2012/04/11 15:07:22 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\56e433394df8d44e43690a855e403555\System.ServiceProcess.ni.dll MOD - [2012/04/11 15:06:20 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d96906db18e87ffe2e08f6cda7e2be0f\System.Windows.Forms.ni.dll MOD - [2012/04/11 15:06:10 | 001,591,808 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\8d886cdc2ca5f0ff97cd1afe8773bb6e\System.Drawing.ni.dll MOD - [2012/04/11 15:04:59 | 000,069,120 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll MOD - [2012/04/11 15:04:56 | 000,372,736 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll MOD - [2012/03/26 08:39:03 | 002,666,496 | ---- | M] () -- C:\Program Files\Adobe\Acrobat 9.0\PDFMaker\Common\AdobePDFMakerX.dll MOD - [2012/03/20 08:37:32 | 001,969,080 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll MOD - [2012/02/21 09:47:45 | 000,484,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\BCMCommon\d15f9a0db4361af008e88b6439902c1c\BCMCommon.ni.dll MOD - [2012/02/21 09:47:39 | 000,998,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\a2a14380e8c9149d5b212d0100ef588a\System.Management.ni.dll MOD - [2012/02/21 09:44:30 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\77e1279cbf4eecfb0284b63316fe43fe\System.Xml.ni.dll MOD - [2012/02/21 09:44:23 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\94a40f415bfa947e251888bbe88bb973\System.Configuration.ni.dll MOD - [2012/02/21 09:44:11 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\9e3803cd2a11f056291862e306a8e2b2\System.ni.dll MOD - [2011/10/13 11:24:50 | 000,220,672 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\3e6deccf191ab943d3a0812a38ab5c97\CustomMarshalers.ni.dll MOD - [2011/10/13 10:13:23 | 000,014,336 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Extensibility\8e52c5321a132fde4236c5f17929a733\Extensibility.ni.dll MOD - [2011/10/13 10:13:02 | 002,267,648 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.In#\a9942828767c5549849c82accbdbcedc\Microsoft.Office.Interop.Outlook.ni.dll MOD - [2011/10/13 10:13:00 | 000,177,664 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Interop.M#\07021d10c3bc8a0ea378435a258f7b1b\Microsoft.Interop.Mapi.PropTags.ni.dll MOD - [2011/10/13 10:12:58 | 000,963,072 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\office\e004a967869320dece615cb985e09ea5\office.ni.dll MOD - [2011/10/13 10:12:58 | 000,044,032 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\stdole\f7080b25913a525c5a0c561c57864d17\stdole.ni.dll MOD - [2011/10/13 10:12:57 | 000,152,064 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Interop.M#\daa68c80020eb582452ec3173450505d\Microsoft.Interop.Mapi.Interfaces.ni.dll MOD - [2011/10/13 10:12:57 | 000,062,976 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Interop.e#\00cc95b92fb21663d07f94e15cab3be0\Microsoft.Interop.eCRM.Ole.ni.dll MOD - [2011/10/12 18:25:26 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll MOD - [2011/10/05 04:52:30 | 000,756,048 | ---- | M] () -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL MOD - [2011/09/30 09:28:06 | 000,884,304 | ---- | M] () -- C:\Program Files\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe MOD - [2011/06/22 12:46:12 | 000,434,016 | ---- | M] () -- C:\Program Files\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll MOD - [2011/04/14 20:01:33 | 000,548,854 | ---- | M] () -- C:\Program Files\BillP Studios\WinPatrol\sqlite3.dll MOD - [2009/12/01 16:48:45 | 000,310,720 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\BCMCommon\3.0.0.0__31bf3856ad364e35\BCMCommon.dll MOD - [2009/12/01 15:16:38 | 000,591,976 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\Microsoft.Interop.Mapi.Impl\3.0.0.0__31bf3856ad364e35\Microsoft.Interop.Mapi.Impl.dll MOD - [2009/11/02 23:04:04 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Status Lib\1.6.320.13950__f25c74fcad379103\Status Lib.dll MOD - [2009/11/02 23:04:04 | 000,008,192 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\StatusInterfaces\1.6.320.13949__4ca2a925deedf37d\StatusInterfaces.dll MOD - [2009/06/03 13:07:50 | 000,010,752 | ---- | M] () -- C:\WINDOWS\system32\Wavx_ESC_Logging.dll MOD - [2009/05/18 09:34:04 | 000,249,856 | ---- | M] () -- C:\WINDOWS\system32\wxvault.dll MOD - [2009/02/26 14:46:56 | 000,064,344 | ---- | M] () -- C:\Program Files\Microsoft Office\Office12\ADDINS\ColleagueImport.dll MOD - [2008/11/12 14:24:40 | 000,004,608 | ---- | M] () -- C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\TspPopup_ENU.dll MOD - [2008/10/02 11:59:30 | 000,200,704 | ---- | M] () -- c:\Program Files\Intel\WiFi\bin\iWMSProv.dll MOD - [2008/01/11 18:50:32 | 000,529,512 | ---- | M] () -- C:\Program Files\Microsoft Small Business\Business Contact Manager\en-US\BCMRes.resources.dll ========== Win32 Services (SafeList) ========== SRV - [2012/04/13 13:56:07 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/04/13 07:59:46 | 000,409,232 | ---- | M] () [Auto | Running] -- C:\Program Files\Comodo\Dragon\dragon_updater.exe -- (DragonUpdater) SRV - [2012/03/11 21:13:22 | 001,983,232 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\Comodo\COMODO Internet Security\cmdagent.exe -- (cmdAgent) SRV - [2012/01/20 10:44:35 | 000,161,664 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService) SRV - [2011/08/11 18:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE) SRV - [2011/03/01 11:09:14 | 000,161,144 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist Express Customer\274\g2ax_service.exe -- (GoToAssist Express Customer) SRV - [2010/06/28 10:17:16 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr) SRV - [2010/06/28 10:17:16 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr) SRV - [2010/06/28 10:16:44 | 001,881,368 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService) SRV - [2010/06/28 10:16:40 | 000,349,512 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -- (SNAC) SRV - [2010/06/28 10:16:39 | 001,831,024 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus) SRV - [2010/02/17 10:53:18 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate) SRV - [2009/11/02 23:10:36 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2009/08/19 10:09:40 | 000,451,904 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe -- (FlipShare Service) SRV - [2009/07/16 13:04:56 | 000,376,096 | ---- | M] (Dell Inc.) [Auto | Running] -- c:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe -- (dcpsysmgrsvc) SRV - [2009/06/11 19:43:08 | 001,622,016 | ---- | M] (Wave Systems Corp.) [Auto | Running] -- C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe -- (TdmService) SRV - [2009/06/03 13:15:24 | 001,019,904 | ---- | M] (Wave Systems Corp.) [On_Demand | Stopped] -- C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe -- (SecureStorageService) SRV - [2009/05/15 18:33:40 | 001,803,512 | ---- | M] (AuthenTec, Inc.) [Auto | Running] -- C:\Program Files\Fingerprint Sensor\AtService.exe -- (ATService) SRV - [2009/04/27 14:40:26 | 000,293,968 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe -- (buttonsvc32) SRV - [2009/03/16 20:57:26 | 000,254,034 | ---- | M] (IDT, Inc.) [Auto | Running] -- c:\drivers\audio\R213367\stacsv.exe -- (STacSV) SRV - [2009/02/11 18:38:40 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel® SRV - [2008/12/16 22:59:50 | 000,150,040 | ---- | M] (Logitech Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv) SRV - [2008/11/12 14:25:48 | 001,273,856 | ---- | M] () [Auto | Stopped] -- C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe -- (tcsd_win32.exe) SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Disabled | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService) SRV - [2008/10/02 12:26:42 | 000,860,160 | ---- | M] (Intel® Corporation) [Auto | Running] -- c:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) SRV - [2008/10/02 12:06:56 | 000,905,216 | ---- | M] (Intel® Corporation) [Auto | Running] -- c:\Program Files\Intel\WiFi\bin\S24EvMon.exe -- (S24EventMonitor) SRV - [2008/10/02 11:56:44 | 000,466,944 | ---- | M] (Intel® Corporation) [Auto | Running] -- c:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) SRV - [2008/01/11 18:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\NvtSp50.sys -- (NvtSp50) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\BHERSH~1.CSC\LOCALS~1\Temp\catchme.sys -- (catchme) DRV - [2012/04/23 08:51:05 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20120426.032\NAVEX15.SYS -- (NAVEX15) DRV - [2012/04/23 08:51:05 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20120426.032\NAVENG.SYS -- (NAVENG) DRV - [2012/03/11 21:13:48 | 000,097,760 | ---- | M] (COMODO) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\inspect.sys -- (Inspect) DRV - [2012/03/11 21:13:46 | 000,494,968 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\cmdGuard.sys -- (cmdGuard) DRV - [2012/03/11 21:13:46 | 000,031,704 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cmdhlp.sys -- (cmdHlp) DRV - [2012/02/21 09:48:17 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl) DRV - [2012/02/21 09:48:17 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2011/07/22 11:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV) DRV - [2011/07/12 16:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL) DRV - [2010/06/28 10:21:02 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent) DRV - [2010/06/28 10:17:18 | 000,320,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\srtspl.sys -- (SRTSPL) DRV - [2010/06/28 10:17:18 | 000,283,184 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\srtsp.sys -- (SRTSP) DRV - [2010/06/28 10:17:18 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srtspx.sys -- (SRTSPX) DRV - [2010/06/28 10:16:28 | 000,421,424 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv) DRV - [2009/10/28 11:52:14 | 000,023,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\COH_Mon.sys -- (COH_Mon) DRV - [2009/06/12 16:51:00 | 000,208,824 | ---- | M] (Wave Systems Corp.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\WavxDMgr.sys -- (WavxDMgr) DRV - [2009/04/02 23:25:50 | 000,048,128 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk) DRV - [2009/03/31 23:22:34 | 000,187,392 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k) DRV - [2009/03/24 16:33:38 | 000,232,744 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SRS_PremiumSound_i386.sys -- (SRS_PremiumSound_Service) DRV - [2009/03/16 20:57:30 | 001,545,795 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA) DRV - [2009/03/16 20:57:12 | 000,112,512 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AESTAud.sys -- (AESTAud) DRV - [2009/02/26 16:08:52 | 000,109,568 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel® DRV - [2009/02/22 16:51:20 | 000,170,032 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService) DRV - [2008/12/17 01:02:08 | 000,023,832 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService) DRV - [2008/12/17 01:01:44 | 006,364,440 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) Logitech QuickCam Pro 9000(UVC) DRV - [2008/12/17 01:01:22 | 000,041,752 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta) DRV - [2008/12/17 01:00:14 | 000,768,024 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS) DRV - [2008/12/16 22:58:54 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon) DRV - [2008/10/28 16:39:44 | 000,089,600 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\baspxp32.sys -- (Blfp) DRV - [2008/09/25 08:22:02 | 003,634,688 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) Intel® DRV - [2008/08/04 12:32:26 | 000,011,904 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans) DRV - [2008/07/10 02:49:14 | 000,242,712 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\RsFx0102.sys -- (RsFx0102) DRV - [2008/06/04 15:14:00 | 000,026,608 | ---- | M] (Dell Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PBADRV.sys -- (PBADRV) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://g.msn.com/USREL/1 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://g.msn.com/USREL/1 IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USREL/1 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USREL/1 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2719337179-821044013-2112406857-1012\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USREL/1 IE - HKU\S-1-5-21-2719337179-821044013-2112406857-1012\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/sphome.aspx IE - HKU\S-1-5-21-2719337179-821044013-2112406857-1012\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.live.com IE - HKU\S-1-5-21-2719337179-821044013-2112406857-1012\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USREL/1 IE - HKU\S-1-5-21-2719337179-821044013-2112406857-1012\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-2719337179-821044013-2112406857-1012\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC IE - HKU\S-1-5-21-2719337179-821044013-2112406857-1012\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-453876738-3065766259-2469240769-1116\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ IE - HKU\S-1-5-21-453876738-3065766259-2469240769-1116\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-453876738-3065766259-2469240769-1116\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-453876738-3065766259-2469240769-1116\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.update: false FF - prefs.js..browser.startup.homepage: "www.google.com" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.5 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: testpilot@labs.mozilla.com:1.1.3 FF - prefs.js..extensions.enabledItems: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.15.1 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.9 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.2.1: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.2.1: C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\new_plugin\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files\Virtual Earth 3D\ [2009/11/23 18:10:38 | 000,000,000 | ---D | M] FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\bhershberger\Application Data\Move Networks\plugins\npqmp071705000014.dll File not found FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.775: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.775: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=1.0.0.0: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.775: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/07/20 13:52:41 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/20 08:37:34 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/04/18 08:46:14 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{70C385F0-8E41-11E1-826D-B8AC6F996F26}: C:\Documents and Settings\bhershberger.CSC\Local Settings\Application Data\{70C385F0-8E41-11E1-826D-B8AC6F996F26}\ [2012/04/24 14:07:46 | 000,000,000 | ---D | M] [2011/02/04 09:50:21 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\bhershberger.CSC\Application Data\Mozilla\Extensions [2012/04/27 10:18:33 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\bhershberger.CSC\Application Data\Mozilla\Firefox\Profiles\kmptt6fy.default\extensions [2011/03/03 13:25:57 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\bhershberger.CSC\Application Data\Mozilla\Firefox\Profiles\kmptt6fy.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011/09/22 08:52:28 | 000,000,000 | ---D | M] (Flashblock) -- C:\Documents and Settings\bhershberger.CSC\Application Data\Mozilla\Firefox\Profiles\kmptt6fy.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2012/03/05 12:41:17 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\bhershberger.CSC\Application Data\Mozilla\Firefox\Profiles\kmptt6fy.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2012/02/15 09:17:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions () (No name found) -- C:\DOCUMENTS AND SETTINGS\BHERSHBERGER.CSC\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMPTT6FY.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI () (No name found) -- C:\DOCUMENTS AND SETTINGS\BHERSHBERGER.CSC\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMPTT6FY.DEFAULT\EXTENSIONS\BROWSERPROTECT@BROWSERPROTECT.COM.XPI [2012/04/24 14:07:46 | 000,000,000 | ---D | M] (Mozilla Safe Browsing) -- C:\DOCUMENTS AND SETTINGS\BHERSHBERGER.CSC\LOCAL SETTINGS\APPLICATION DATA\{70C385F0-8E41-11E1-826D-B8AC6F996F26} [2012/03/20 08:37:33 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012/01/09 09:40:59 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012/01/09 09:40:59 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml O1 HOSTS File: ([2012/04/26 09:05:50 | 000,000,021 | RHS- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found. O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKU\S-1-5-21-2719337179-821044013-2112406857-1012\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O3 - HKU\S-1-5-21-2719337179-821044013-2112406857-1012\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKU\S-1-5-21-453876738-3065766259-2469240769-1116\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O3 - HKU\S-1-5-21-453876738-3065766259-2469240769-1116\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AESTFltr] C:\WINDOWS\System32\AESTFltr.exe (Andrea Electronics Corporation) O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.) O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation) O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO) O4 - HKLM..\Run: [DellControlPoint] c:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe (Dell Inc.) O4 - HKLM..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4 - HKLM..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.) O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [uSCService] C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe (Broadcom Corporation) O4 - HKLM..\Run: [WavXMgr] C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe (Wave Systems Corp.) O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios) O4 - HKU\S-1-5-21-2719337179-821044013-2112406857-1012..\Run: [skype] rundll32.exe "C:\Documents and Settings\bhershberger.CSC\Local Settings\Application Data\Skype\bbtpezrp.dll",DllMain File not found O4 - HKU\S-1-5-21-453876738-3065766259-2469240769-1116..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com) O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation) O4 - HKU\S-1-5-18..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-2719337179-821044013-2112406857-1012\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2719337179-821044013-2112406857-1012\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-453876738-3065766259-2469240769-1116\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-453876738-3065766259-2469240769-1116\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-21-453876738-3065766259-2469240769-1116\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-21-453876738-3065766259-2469240769-1116\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} http://srtest-cdn.systemrequirementslab.com.s3.amazonaws.com/bin/sysreqlabdetect.cab (Reg Error: Key error.) O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bitdefender.com/qsax/qsax.cab (Bitdefender QuickScan Control) O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (Symantec RuFSI Utility Class) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1259696327182 (MUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.7.0_02) O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://zone.msn.com/bingame/popcaploader_v10.cab (PopCapLoader Object) O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://zmfs.webex.com/client/T27L/sales/ieatgpc.cab (GpcContainer Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.100.200 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = csc.server.local O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{211DBFCA-464A-43D9-B010-4F99BC718F5D}: DhcpNameServer = 10.1.100.200 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A7541705-6C9B-4A97-BD45-A8B23253D65D}: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - AppInit_DLLs: (C:\WINDOWS\system32\guard32.dll) - C:\WINDOWS\system32\guard32.dll (COMODO) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com) O20 - Winlogon\Notify\GoToAssist Express Customer: DllName - (C:\Program Files\Citrix\GoToAssist Express Customer\274\g2ax_winlogon.dll) - C:\Program Files\Citrix\GoToAssist Express Customer\274\g2ax_winlogon.dll (Citrix Online, a division of Citrix Systems, Inc.) O24 - Desktop WallPaper: C:\Documents and Settings\bhershberger.CSC\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\bhershberger.CSC\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) O30 - LSA: Authentication Packages - (wvauth) - C:\WINDOWS\System32\wvauth.dll (Wave Systems Corp.) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008/04/25 16:29:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2011/08/31 11:40:37 | 000,000,750 | RHS- | M] () - X:\autorun.inf2 -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012/04/27 11:15:32 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\bhershberger.CSC\Desktop\OTL(1).exe [2012/04/27 09:01:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bhershberger.CSC\Application Data\WinPatrol [2012/04/27 09:01:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinPatrol [2012/04/27 09:01:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\InstallMate [2012/04/27 09:01:35 | 000,000,000 | ---D | C] -- C:\Program Files\BillP Studios [2012/04/27 08:41:10 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2012/04/27 08:39:47 | 002,322,184 | ---- | C] (ESET) -- C:\Documents and Settings\bhershberger.CSC\Desktop\esetsmartinstaller_enu.exe [2012/04/26 10:38:58 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2012/04/26 09:53:53 | 000,000,000 | --SD | C] -- C:\ComboFix [2012/04/26 07:34:36 | 000,106,928 | ---- | C] (GEAR Software Inc.) -- C:\WINDOWS\System32\GEARAspi.dll [2012/04/26 07:34:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NBRTWizard [2012/04/26 07:34:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NBRTWizard\0405000.022 [2012/04/26 07:34:16 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Bootable Recovery Tool Wizard [2012/04/26 07:34:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Norton Bootable Recovery Tool Wizard [2012/04/26 07:33:17 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller [2012/04/26 07:33:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller [2012/04/26 07:28:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bhershberger.CSC\Start Menu\Programs\Norton [2012/04/26 07:28:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Norton [2012/04/26 07:19:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bhershberger.CSC\Application Data\FixZeroAccess [2012/04/25 19:13:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bhershberger.CSC\Application Data\QuickScan [2012/04/25 18:49:33 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro [2012/04/25 18:49:33 | 000,000,000 | ---D | C] -- C:\rsit [2012/04/25 18:46:46 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT [2012/04/25 18:46:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT [2012/04/25 17:46:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp [2012/04/25 17:12:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bhershberger.CSC\Application Data\Anvisoft [2012/04/25 17:08:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bhershberger.CSC\Start Menu\Programs\Anvisoft [2012/04/25 17:07:45 | 000,000,000 | ---D | C] -- C:\Program Files\Anvisoft [2012/04/25 10:11:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\COMODO [2012/04/25 09:42:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bhershberger.CSC\Application Data\SUPERAntiSpyware.com [2012/04/25 09:42:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware [2012/04/25 09:42:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com [2012/04/25 09:42:15 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware [2012/04/24 19:30:58 | 000,000,000 | RHSD | C] -- C:\cmdcons [2012/04/24 19:24:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [2012/04/24 19:20:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\setup.pss [2012/04/24 19:20:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\setupupd [2012/04/24 19:06:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\CPA_VA [2012/04/24 19:04:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\COMODO [2012/04/24 18:59:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Comodo [2012/04/24 18:59:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Comodo [2012/04/24 18:59:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bhershberger.CSC\Local Settings\Application Data\COMODO [2012/04/24 18:59:02 | 000,042,760 | ---- | C] (COMODO CA Limited) -- C:\WINDOWS\System32\certsentry.dll [2012/04/24 18:58:56 | 000,000,000 | ---D | C] -- C:\Program Files\Comodo [2012/04/24 18:51:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SpywareBlaster [2012/04/24 18:51:10 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster [2012/04/24 14:07:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bhershberger.CSC\Local Settings\Application Data\{70C385F0-8E41-11E1-826D-B8AC6F996F26} [2012/04/19 15:44:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bhershberger.CSC\Desktop\2012_03 [2012/04/18 08:49:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office Live Add-in [2012/04/13 17:26:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bhershberger.CSC\Desktop\MarionNationalBank [2012/04/13 12:56:05 | 004,139,680 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerInstaller.exe [2012/04/11 19:26:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bhershberger.CSC\Application Data\com.digitaldm.editions.10016940 [2012/04/11 19:26:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Digital Editions [2012/04/11 19:26:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR [2012/04/11 19:26:19 | 000,000,000 | ---D | C] -- C:\Program Files\DigitalDM [2012/04/04 09:08:24 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe [6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/04/27 11:15:39 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\bhershberger.CSC\Desktop\OTL(1).exe [2012/04/27 11:08:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA1cc08f6ec402688.job [2012/04/27 10:56:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2012/04/27 09:51:47 | 000,000,300 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-453876738-3065766259-2469240769-1116.job [2012/04/27 09:51:47 | 000,000,292 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-453876738-3065766259-2469240769-1116.job [2012/04/27 08:39:51 | 002,322,184 | ---- | M] (ESET) -- C:\Documents and Settings\bhershberger.CSC\Desktop\esetsmartinstaller_enu.exe [2012/04/27 08:31:27 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012/04/27 08:31:15 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\bhershberger.CSC\Local Settings\Application Data\WavXMapDrive.bat [2012/04/27 08:30:31 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cc08f6ec31d842.job [2012/04/27 08:30:31 | 000,000,292 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-823518204-1770027372-839522115-3159.job [2012/04/27 08:30:31 | 000,000,292 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2719337179-821044013-2112406857-1012.job [2012/04/27 08:29:57 | 000,001,024 | ---- | M] () -- C:\.rnd [2012/04/27 08:29:51 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012/04/27 08:29:30 | 3711,082,496 | -HS- | M] () -- C:\hiberfil.sys [2012/04/26 09:05:50 | 000,000,021 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2012/04/26 07:29:01 | 000,001,042 | ---- | M] () -- C:\Documents and Settings\bhershberger.CSC\Desktop\Norton Installation Files.lnk [2012/04/25 21:43:10 | 000,000,327 | RHS- | M] () -- C:\boot.ini [2012/04/25 21:37:23 | 000,581,842 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012/04/25 21:37:23 | 000,124,438 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012/04/25 18:46:46 | 000,000,594 | ---- | M] () -- C:\Documents and Settings\bhershberger.CSC\Desktop\ERUNT.lnk [2012/04/24 19:20:46 | 000,000,282 | ---- | M] () -- C:\Boot.bak [2012/04/24 18:59:02 | 000,042,760 | ---- | M] (COMODO CA Limited) -- C:\WINDOWS\System32\certsentry.dll [2012/04/24 18:04:22 | 000,001,919 | ---- | M] () -- C:\WINDOWS\epplauncher.mif [2012/04/23 10:37:46 | 000,001,732 | -H-- | M] () -- C:\Documents and Settings\bhershberger.CSC\My Documents\Default.rdp [2012/04/13 13:56:07 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe [2012/04/13 13:56:07 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [2012/04/13 13:56:05 | 004,139,680 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerInstaller.exe [2012/04/11 15:00:48 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2012/04/10 16:53:05 | 000,269,617 | ---- | M] () -- C:\Documents and Settings\bhershberger.CSC\Desktop\BAF Feb Mar 2008 Risky Business.pdf [2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2012/04/03 09:49:21 | 000,996,678 | ---- | M] () -- C:\Documents and Settings\bhershberger.CSC\Desktop\keen-steve-berlin-paper.pdf [6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/04/27 08:29:57 | 000,001,024 | ---- | C] () -- C:\.rnd [2012/04/26 07:34:19 | 000,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\NBRTWizard\0405000.022\isolate.ini [2012/04/26 07:28:59 | 000,001,042 | ---- | C] () -- C:\Documents and Settings\bhershberger.CSC\Desktop\Norton Installation Files.lnk [2012/04/25 18:46:46 | 000,000,594 | ---- | C] () -- C:\Documents and Settings\bhershberger.CSC\Desktop\ERUNT.lnk [2012/04/25 18:12:44 | 3711,082,496 | -HS- | C] () -- C:\hiberfil.sys [2012/04/24 19:20:45 | 000,000,282 | ---- | C] () -- C:\Boot.bak [2012/04/24 19:20:44 | 000,260,288 | RHS- | C] () -- C:\cmldr [2012/04/24 18:04:22 | 000,001,919 | ---- | C] () -- C:\WINDOWS\epplauncher.mif [2012/04/10 16:53:05 | 000,269,617 | ---- | C] () -- C:\Documents and Settings\bhershberger.CSC\Desktop\BAF Feb Mar 2008 Risky Business.pdf [2012/04/04 09:08:25 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2012/04/03 09:49:21 | 000,996,678 | ---- | C] () -- C:\Documents and Settings\bhershberger.CSC\Desktop\keen-steve-berlin-paper.pdf [2012/02/15 16:10:56 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2011/03/24 16:59:54 | 000,159,680 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat [2011/02/28 21:43:22 | 000,011,264 | ---- | C] () -- C:\WINDOWS\System32\KOAZCS_L.DLL [2011/02/28 21:37:18 | 000,011,264 | ---- | C] () -- C:\WINDOWS\System32\KOAZCA_L.DLL [2011/02/23 17:03:43 | 000,005,632 | ---- | C] () -- C:\Documents and Settings\bhershberger.CSC\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011/02/21 10:48:53 | 000,000,139 | ---- | C] () -- C:\Documents and Settings\bhershberger.CSC\Local Settings\Application Data\fusioncache.dat [2011/01/30 21:12:16 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\bhershberger.CSC\Local Settings\Application Data\WavXMapDrive.bat [2010/08/31 15:51:55 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI [2010/06/24 14:17:30 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat < End of report >
  7. ESET scan C:\Documents and Settings\bhershberger.CSC\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\19\33c334d3-5ef9f19e Java/Exploit.CVE-2012-0507.Y trojan cleaned by deleting - quarantined C:\Documents and Settings\bhershberger.CSC\My Documents\Downloads\cnet_FCTBSetup_exe.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined C:\Documents and Settings\bhershberger.CSC\My Documents\Downloads\FCTBSetup.exe Win32/OpenCandy application deleted - quarantined C:\Documents and Settings\bhershberger.CSC\My Documents\Downloads\winzip155.exe Win32/OpenCandy application deleted - quarantined C:\Documents and Settings\bhershberger.CSC\My Documents\Downloads\winzip160.exe Win32/OpenCandy application deleted - quarantined
  8. Scanning now. ESET found 5 problems and is only half way finished. I'll post the log when it is done. Did a quick test to see if the redirect would occur again, and it did. If I search for "happili" using google and firefox it redirects the first security site link I click on. I tried the exact same thing in IE and the redirect doesn't occur. I could use the flush.bat again but it seems like the problem is tied to firefox. What if I uninstall those the program and try a fresh install? Looks like I have more work to do on this.
  9. Thanks for your help on this. I will certainly seek out qualified assistance first if I get any reoccurences as opposed to blindly installing and running utilities for multiple days hoping for a solution. My lack of patience and frustration got the best of me this time.
  10. Used the following code on recommendation of a coworker who had a similar problem: ================ Copy and paste these lines in Note pad. @Echo on pushd\windows\system32\drivers\etc attrib -h -s -r hosts echo 127.0.0.1 localhost>HOSTS attrib +r +h +s hosts popd ipconfig /release ipconfig /renew ipconfig /flushdns netsh winsock reset all netsh int ip reset all shutdown -r -t 1 del %0 Save as flush.bat to your desktop. =========================== Can't get the redirect to occur now. Not sure I've taken care of any underlying problems that may be on my computer but at least firefox isn't redirecting my searches (for now). That said, I'll keep running scans if you think I should.
  11. The TDSS log... 09:56:21.0125 3292 TDSS rootkit removing tool 2.7.33.0 Apr 24 2012 18:43:43 09:56:21.0406 3292 ============================================================ 09:56:21.0406 3292 Current date / time: 2012/04/26 09:56:21.0406 09:56:21.0406 3292 SystemInfo: 09:56:21.0406 3292 09:56:21.0406 3292 OS Version: 5.1.2600 ServicePack: 3.0 09:56:21.0406 3292 Product type: Workstation 09:56:21.0406 3292 ComputerName: DFNKC-5JQ35L1 09:56:21.0406 3292 UserName: bhershberger 09:56:21.0406 3292 Windows directory: C:\WINDOWS 09:56:21.0406 3292 System windows directory: C:\WINDOWS 09:56:21.0406 3292 Processor architecture: Intel x86 09:56:21.0406 3292 Number of processors: 2 09:56:21.0406 3292 Page size: 0x1000 09:56:21.0406 3292 Boot type: Normal boot 09:56:21.0406 3292 ============================================================ 09:56:21.0687 3292 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050 09:56:21.0703 3292 ============================================================ 09:56:21.0703 3292 \Device\Harddisk0\DR0: 09:56:21.0703 3292 MBR partitions: 09:56:21.0703 3292 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2B24B, BlocksNum 0x129ED876 09:56:21.0703 3292 ============================================================ 09:56:21.0734 3292 C: <-> \Device\Harddisk0\DR0\Partition0 09:56:21.0734 3292 ============================================================ 09:56:21.0734 3292 Initialize success 09:56:21.0734 3292 ============================================================ 09:56:45.0500 0692 ============================================================ 09:56:45.0500 0692 Scan started 09:56:45.0500 0692 Mode: Manual; 09:56:45.0500 0692 ============================================================ 09:56:45.0937 0692 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE 09:56:45.0937 0692 !SASCORE - ok 09:56:46.0062 0692 Abiosdsk - ok 09:56:46.0078 0692 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS 09:56:46.0093 0692 abp480n5 - ok 09:56:46.0109 0692 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys 09:56:46.0109 0692 ACPI - ok 09:56:46.0109 0692 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys 09:56:46.0109 0692 ACPIEC - ok 09:56:46.0187 0692 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe 09:56:46.0187 0692 AdobeFlashPlayerUpdateSvc - ok 09:56:46.0218 0692 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys 09:56:46.0218 0692 adpu160m - ok 09:56:46.0250 0692 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 09:56:46.0250 0692 aec - ok 09:56:46.0265 0692 AESTAud (f21d5e93a94514be9f5b6ebf74a696b2) C:\WINDOWS\system32\drivers\AESTAud.sys 09:56:46.0281 0692 AESTAud - ok 09:56:46.0312 0692 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys 09:56:46.0312 0692 AFD - ok 09:56:46.0328 0692 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys 09:56:46.0328 0692 agp440 - ok 09:56:46.0343 0692 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys 09:56:46.0343 0692 agpCPQ - ok 09:56:46.0343 0692 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys 09:56:46.0343 0692 Aha154x - ok 09:56:46.0343 0692 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys 09:56:46.0359 0692 aic78u2 - ok 09:56:46.0359 0692 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys 09:56:46.0359 0692 aic78xx - ok 09:56:46.0390 0692 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll 09:56:46.0390 0692 Alerter - ok 09:56:46.0421 0692 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe 09:56:46.0421 0692 ALG - ok 09:56:46.0437 0692 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys 09:56:46.0437 0692 AliIde - ok 09:56:46.0437 0692 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys 09:56:46.0437 0692 alim1541 - ok 09:56:46.0453 0692 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys 09:56:46.0453 0692 amdagp - ok 09:56:46.0453 0692 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys 09:56:46.0453 0692 amsint - ok 09:56:46.0500 0692 ApfiltrService (b83f9da84f7079451c1c6a4a2f140920) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys 09:56:46.0500 0692 ApfiltrService - ok 09:56:46.0546 0692 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll 09:56:46.0546 0692 AppMgmt - ok 09:56:46.0562 0692 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys 09:56:46.0578 0692 Arp1394 - ok 09:56:46.0578 0692 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys 09:56:46.0578 0692 asc - ok 09:56:46.0593 0692 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys 09:56:46.0593 0692 asc3350p - ok 09:56:46.0593 0692 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys 09:56:46.0593 0692 asc3550 - ok 09:56:46.0687 0692 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe 09:56:46.0687 0692 aspnet_state - ok 09:56:46.0703 0692 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 09:56:46.0703 0692 AsyncMac - ok 09:56:46.0734 0692 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 09:56:46.0734 0692 atapi - ok 09:56:46.0734 0692 Atdisk - ok 09:56:46.0750 0692 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 09:56:46.0765 0692 Atmarpc - ok 09:56:47.0046 0692 ATService (f6e8ccf14b84507497d3108518dbb4cc) C:\Program Files\Fingerprint Sensor\AtService.exe 09:56:47.0062 0692 ATService - ok 09:56:47.0156 0692 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll 09:56:47.0156 0692 AudioSrv - ok 09:56:47.0187 0692 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 09:56:47.0187 0692 audstub - ok 09:56:47.0234 0692 b57w2k (ea377a8e8e1000877210259750cbbf5f) C:\WINDOWS\system32\DRIVERS\b57xp32.sys 09:56:47.0234 0692 b57w2k - ok 09:56:47.0328 0692 BcmSqlStartupSvc (6163664c7e9cd110af70180c126c3fdc) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe 09:56:47.0328 0692 BcmSqlStartupSvc - ok 09:56:47.0343 0692 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 09:56:47.0343 0692 Beep - ok 09:56:47.0421 0692 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll 09:56:47.0437 0692 BITS - ok 09:56:47.0468 0692 Blfp (a341cdb0beb6880f11678944f292dd16) C:\WINDOWS\system32\DRIVERS\baspxp32.sys 09:56:47.0468 0692 Blfp - ok 09:56:47.0500 0692 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll 09:56:47.0500 0692 Browser - ok 09:56:47.0578 0692 buttonsvc32 (9aad3fea7c3efa529ca40057428edc9c) C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe 09:56:47.0578 0692 buttonsvc32 - ok 09:56:47.0656 0692 catchme - ok 09:56:47.0687 0692 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys 09:56:47.0687 0692 cbidf - ok 09:56:47.0703 0692 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 09:56:47.0703 0692 cbidf2k - ok 09:56:47.0718 0692 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys 09:56:47.0734 0692 CCDECODE - ok 09:56:47.0781 0692 ccEvtMgr (260a069f403da226d18c058ad14fd3a3) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe 09:56:47.0781 0692 ccEvtMgr - ok 09:56:47.0796 0692 ccSetMgr (260a069f403da226d18c058ad14fd3a3) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe 09:56:47.0796 0692 ccSetMgr - ok 09:56:47.0796 0692 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys 09:56:47.0812 0692 cd20xrnt - ok 09:56:47.0828 0692 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 09:56:47.0828 0692 Cdaudio - ok 09:56:47.0843 0692 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 09:56:47.0843 0692 Cdfs - ok 09:56:47.0890 0692 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys 09:56:47.0890 0692 Cdrom - ok 09:56:47.0906 0692 Changer - ok 09:56:47.0921 0692 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe 09:56:47.0921 0692 CiSvc - ok 09:56:47.0937 0692 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe 09:56:47.0937 0692 ClipSrv - ok 09:56:47.0984 0692 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 09:56:47.0984 0692 clr_optimization_v2.0.50727_32 - ok 09:56:48.0031 0692 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys 09:56:48.0031 0692 CmBatt - ok 09:56:48.0281 0692 cmdAgent (907324001ae25ac5959c91eaa34cabae) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe 09:56:48.0312 0692 cmdAgent - ok 09:56:48.0453 0692 cmdGuard (bee235831f8e3f0baaca18b39d285cf5) C:\WINDOWS\system32\DRIVERS\cmdguard.sys 09:56:48.0453 0692 cmdGuard - ok 09:56:48.0484 0692 cmdHlp (de548946f36cab62fec2e6aa0149a619) C:\WINDOWS\system32\DRIVERS\cmdhlp.sys 09:56:48.0484 0692 cmdHlp - ok 09:56:48.0484 0692 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys 09:56:48.0484 0692 CmdIde - ok 09:56:48.0531 0692 COH_Mon (86a22dff16e8ca67601044efe6825537) C:\WINDOWS\system32\Drivers\COH_Mon.sys 09:56:48.0531 0692 COH_Mon - ok 09:56:48.0546 0692 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys 09:56:48.0546 0692 Compbatt - ok 09:56:48.0546 0692 COMSysApp - ok 09:56:48.0578 0692 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys 09:56:48.0578 0692 Cpqarray - ok 09:56:48.0609 0692 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll 09:56:48.0625 0692 CryptSvc - ok 09:56:48.0640 0692 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys 09:56:48.0640 0692 dac2w2k - ok 09:56:48.0640 0692 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys 09:56:48.0640 0692 dac960nt - ok 09:56:48.0703 0692 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll 09:56:48.0718 0692 DcomLaunch - ok 09:56:48.0859 0692 dcpsysmgrsvc (0324175c7c824a69d3240484d492b11b) c:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe 09:56:48.0875 0692 dcpsysmgrsvc - ok 09:56:48.0890 0692 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll 09:56:48.0890 0692 Dhcp - ok 09:56:48.0921 0692 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 09:56:48.0921 0692 Disk - ok 09:56:48.0937 0692 dmadmin - ok 09:56:49.0000 0692 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys 09:56:49.0015 0692 dmboot - ok 09:56:49.0031 0692 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys 09:56:49.0031 0692 dmio - ok 09:56:49.0046 0692 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 09:56:49.0046 0692 dmload - ok 09:56:49.0062 0692 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll 09:56:49.0062 0692 dmserver - ok 09:56:49.0093 0692 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 09:56:49.0109 0692 DMusic - ok 09:56:49.0125 0692 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll 09:56:49.0125 0692 Dnscache - ok 09:56:49.0156 0692 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll 09:56:49.0156 0692 Dot3svc - ok 09:56:49.0171 0692 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys 09:56:49.0171 0692 dpti2o - ok 09:56:49.0234 0692 DragonUpdater (0036e686ca66bd1b005776ac8064640b) C:\Program Files\Comodo\Dragon\dragon_updater.exe 09:56:49.0234 0692 DragonUpdater - ok 09:56:49.0234 0692 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 09:56:49.0234 0692 drmkaud - ok 09:56:49.0265 0692 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll 09:56:49.0265 0692 EapHost - ok 09:56:49.0343 0692 eeCtrl (579a6b6135d32b857faf0e3a974535d8) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys 09:56:49.0359 0692 eeCtrl - ok 09:56:49.0390 0692 EraserUtilRebootDrv (028d50f059bd0d2ccb209e9011b9a9a4) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 09:56:49.0390 0692 EraserUtilRebootDrv - ok 09:56:49.0406 0692 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll 09:56:49.0406 0692 ERSvc - ok 09:56:49.0453 0692 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe 09:56:49.0453 0692 Eventlog - ok 09:56:49.0515 0692 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll 09:56:49.0515 0692 EventSystem - ok 09:56:49.0671 0692 EvtEng (87a32636c84555525700e623662e34d9) c:\Program Files\Intel\WiFi\bin\EvtEng.exe 09:56:49.0687 0692 EvtEng - ok 09:56:49.0781 0692 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 09:56:49.0781 0692 Fastfat - ok 09:56:49.0812 0692 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll 09:56:49.0812 0692 FastUserSwitchingCompatibility - ok 09:56:49.0875 0692 Fax (e97d6a8684466df94ff3bc24fb787a07) C:\WINDOWS\system32\fxssvc.exe 09:56:49.0890 0692 Fax - ok 09:56:49.0906 0692 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys 09:56:49.0906 0692 Fdc - ok 09:56:49.0937 0692 FilterService (1edc0df2da14e04504dd3bac21aa32cd) C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys 09:56:49.0937 0692 FilterService - ok 09:56:49.0953 0692 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys 09:56:49.0953 0692 Fips - ok 09:56:50.0062 0692 FLEXnet Licensing Service (f76d04f7413b07daa029f6520b64b4e8) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe 09:56:50.0078 0692 FLEXnet Licensing Service - ok 09:56:50.0187 0692 FlipShare Service (e6ba1ceb107ad2663554942a3b090b43) C:\Program Files\Flip Video\FlipShare\FlipShareService.exe 09:56:50.0187 0692 FlipShare Service - ok 09:56:50.0203 0692 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys 09:56:50.0218 0692 Flpydisk - ok 09:56:50.0250 0692 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys 09:56:50.0250 0692 FltMgr - ok 09:56:50.0328 0692 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe 09:56:50.0328 0692 FontCache3.0.0.0 - ok 09:56:50.0359 0692 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 09:56:50.0359 0692 Fs_Rec - ok 09:56:50.0406 0692 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 09:56:50.0406 0692 Ftdisk - ok 09:56:50.0437 0692 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 09:56:50.0437 0692 GEARAspiWDM - ok 09:56:50.0515 0692 GoToAssist Express Customer (d080a3d550ed79f8ea1ec79d47131478) C:\Program Files\Citrix\GoToAssist Express Customer\274\g2ax_service.exe 09:56:50.0531 0692 GoToAssist Express Customer - ok 09:56:50.0546 0692 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 09:56:50.0546 0692 Gpc - ok 09:56:50.0609 0692 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe 09:56:50.0609 0692 gupdate - ok 09:56:50.0609 0692 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe 09:56:50.0625 0692 gupdatem - ok 09:56:50.0671 0692 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 09:56:50.0671 0692 HDAudBus - ok 09:56:50.0734 0692 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll 09:56:50.0734 0692 helpsvc - ok 09:56:50.0765 0692 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll 09:56:50.0765 0692 HidServ - ok 09:56:50.0796 0692 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 09:56:50.0796 0692 hidusb - ok 09:56:50.0828 0692 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll 09:56:50.0843 0692 hkmsvc - ok 09:56:50.0859 0692 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys 09:56:50.0859 0692 hpn - ok 09:56:50.0984 0692 hpqcxs08 (af81f7ba6a09119006fe041a2f2f3ece) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll 09:56:50.0984 0692 hpqcxs08 - ok 09:56:51.0015 0692 hpqddsvc (7244f63db8ea883b3dc8e730c645d073) C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll 09:56:51.0015 0692 hpqddsvc - ok 09:56:51.0062 0692 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys 09:56:51.0062 0692 HPZid412 - ok 09:56:51.0093 0692 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys 09:56:51.0093 0692 HPZipr12 - ok 09:56:51.0125 0692 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys 09:56:51.0125 0692 HPZius12 - ok 09:56:51.0203 0692 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 09:56:51.0203 0692 HTTP - ok 09:56:51.0234 0692 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll 09:56:51.0250 0692 HTTPFilter - ok 09:56:51.0281 0692 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys 09:56:51.0281 0692 i2omgmt - ok 09:56:51.0296 0692 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys 09:56:51.0296 0692 i2omp - ok 09:56:51.0328 0692 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 09:56:51.0328 0692 i8042prt - ok 09:56:51.0437 0692 IAANTMON (52e8a3cc8269adb27d25182284c5e650) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe 09:56:51.0453 0692 IAANTMON - ok 09:56:51.0937 0692 ialm (3b743262b6456167888d15f1121b3bf7) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys 09:56:51.0984 0692 ialm - ok 09:56:52.0156 0692 iaStor (71ecc07bc7c5e24c3dd01d8a29a24054) C:\WINDOWS\system32\drivers\iaStor.sys 09:56:52.0156 0692 iaStor - ok 09:56:52.0359 0692 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 09:56:52.0359 0692 idsvc - ok 09:56:52.0390 0692 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 09:56:52.0390 0692 Imapi - ok 09:56:52.0437 0692 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe 09:56:52.0437 0692 ImapiService - ok 09:56:52.0468 0692 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys 09:56:52.0468 0692 ini910u - ok 09:56:52.0500 0692 Inspect (f89849cf13805ef49da64a8a63193af7) C:\WINDOWS\system32\DRIVERS\inspect.sys 09:56:52.0500 0692 Inspect - ok 09:56:52.0546 0692 IntcHdmiAddService (f32a62c765885bd8e4352a1565f702a6) C:\WINDOWS\system32\drivers\IntcHdmi.sys 09:56:52.0546 0692 IntcHdmiAddService - ok 09:56:52.0562 0692 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys 09:56:52.0562 0692 IntelIde - ok 09:56:52.0593 0692 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys 09:56:52.0593 0692 intelppm - ok 09:56:52.0625 0692 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys 09:56:52.0625 0692 Ip6Fw - ok 09:56:52.0656 0692 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 09:56:52.0656 0692 IpFilterDriver - ok 09:56:52.0687 0692 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 09:56:52.0687 0692 IpInIp - ok 09:56:52.0718 0692 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 09:56:52.0718 0692 IpNat - ok 09:56:52.0734 0692 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 09:56:52.0734 0692 IPSec - ok 09:56:52.0765 0692 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 09:56:52.0765 0692 IRENUM - ok 09:56:52.0781 0692 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys 09:56:52.0781 0692 isapnp - ok 09:56:52.0921 0692 JavaQuickStarterService (973db7ac74c554c546f8b0b7b98fb855) C:\Program Files\Java\jre7\bin\jqs.exe 09:56:52.0921 0692 JavaQuickStarterService - ok 09:56:52.0937 0692 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 09:56:52.0937 0692 Kbdclass - ok 09:56:52.0968 0692 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys 09:56:52.0968 0692 kbdhid - ok 09:56:53.0000 0692 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 09:56:53.0000 0692 kmixer - ok 09:56:53.0031 0692 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 09:56:53.0031 0692 KSecDD - ok 09:56:53.0078 0692 LanmanServer (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll 09:56:53.0078 0692 LanmanServer - ok 09:56:53.0125 0692 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll 09:56:53.0140 0692 lanmanworkstation - ok 09:56:53.0140 0692 lbrtfdc - ok 09:56:53.0421 0692 LiveUpdate (6105b28f5d03c4affa7197b228768849) C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE 09:56:53.0468 0692 LiveUpdate - ok 09:56:53.0609 0692 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll 09:56:53.0609 0692 LmHosts - ok 09:56:53.0671 0692 LVPr2Mon (f96cfb47903854f228baaf3e2d41a0a3) C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys 09:56:53.0671 0692 LVPr2Mon - ok 09:56:53.0781 0692 LVPrcSrv (ff23862146a682fcc3dbaa002e22f958) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe 09:56:53.0781 0692 LVPrcSrv - ok 09:56:53.0890 0692 LVRS (e22fd7852e74f04cceb6b8a684a51f3e) C:\WINDOWS\system32\DRIVERS\lvrs.sys 09:56:53.0906 0692 LVRS - ok 09:56:53.0937 0692 LVUSBSta (5f987fc1aad215ec2c60cf07719b1cce) C:\WINDOWS\system32\DRIVERS\LVUSBSta.sys 09:56:53.0937 0692 LVUSBSta - ok 09:56:54.0359 0692 LVUVC (e89df2b88ee659954de79827ddf46dc9) C:\WINDOWS\system32\DRIVERS\lvuvc.sys 09:56:54.0453 0692 LVUVC - ok 09:56:54.0531 0692 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll 09:56:54.0531 0692 Messenger - ok 09:56:54.0578 0692 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 09:56:54.0578 0692 mnmdd - ok 09:56:54.0609 0692 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe 09:56:54.0609 0692 mnmsrvc - ok 09:56:54.0640 0692 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys 09:56:54.0640 0692 Modem - ok 09:56:54.0671 0692 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys 09:56:54.0671 0692 Mouclass - ok 09:56:54.0687 0692 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys 09:56:54.0687 0692 mouhid - ok 09:56:54.0703 0692 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 09:56:54.0703 0692 MountMgr - ok 09:56:54.0734 0692 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys 09:56:54.0734 0692 mraid35x - ok 09:56:54.0750 0692 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 09:56:54.0750 0692 MRxDAV - ok 09:56:54.0812 0692 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 09:56:54.0812 0692 MRxSmb - ok 09:56:54.0828 0692 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe 09:56:54.0828 0692 MSDTC - ok 09:56:54.0843 0692 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 09:56:54.0843 0692 Msfs - ok 09:56:54.0843 0692 MSIServer - ok 09:56:54.0859 0692 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 09:56:54.0859 0692 MSKSSRV - ok 09:56:54.0875 0692 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 09:56:54.0875 0692 MSPCLOCK - ok 09:56:54.0906 0692 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 09:56:54.0906 0692 MSPQM - ok 09:56:54.0906 0692 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 09:56:54.0906 0692 mssmbios - ok 09:56:55.0015 0692 MSSQL$MSSMLBIZ - ok 09:56:55.0062 0692 MSSQL$SQLEXPRESS - ok 09:56:55.0125 0692 MSSQLServerADHelper (1d89eb4e2a99cabd4e81225f4f4c4b25) c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe 09:56:55.0125 0692 MSSQLServerADHelper - ok 09:56:55.0171 0692 MSSQLServerADHelper100 (f1761c8fb2b25a32c6d63e36bb88c3ae) c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE 09:56:55.0171 0692 MSSQLServerADHelper100 - ok 09:56:55.0203 0692 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys 09:56:55.0203 0692 MSTEE - ok 09:56:55.0234 0692 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys 09:56:55.0234 0692 Mup - ok 09:56:55.0281 0692 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys 09:56:55.0281 0692 NABTSFEC - ok 09:56:55.0343 0692 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll 09:56:55.0343 0692 napagent - ok 09:56:55.0437 0692 NAVENG (862f55824ac81295837b0ab63f91071f) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20120425.032\NAVENG.SYS 09:56:55.0453 0692 NAVENG - ok 09:56:55.0625 0692 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20120425.032\NAVEX15.SYS 09:56:55.0640 0692 NAVEX15 - ok 09:56:55.0843 0692 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 09:56:55.0843 0692 NDIS - ok 09:56:55.0859 0692 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys 09:56:55.0859 0692 NdisIP - ok 09:56:55.0875 0692 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 09:56:55.0875 0692 NdisTapi - ok 09:56:55.0890 0692 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 09:56:55.0890 0692 Ndisuio - ok 09:56:55.0921 0692 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 09:56:55.0921 0692 NdisWan - ok 09:56:55.0953 0692 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys 09:56:55.0968 0692 NDProxy - ok 09:56:56.0000 0692 Net Driver HPZ12 (51c6d8bfbd4ea5b62a1ba7f4469250d3) C:\WINDOWS\system32\HPZinw12.dll 09:56:56.0000 0692 Net Driver HPZ12 - ok 09:56:56.0015 0692 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 09:56:56.0015 0692 NetBIOS - ok 09:56:56.0062 0692 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 09:56:56.0062 0692 NetBT - ok 09:56:56.0093 0692 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe 09:56:56.0093 0692 NetDDE - ok 09:56:56.0093 0692 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe 09:56:56.0093 0692 NetDDEdsdm - ok 09:56:56.0125 0692 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe 09:56:56.0125 0692 Netlogon - ok 09:56:56.0156 0692 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll 09:56:56.0156 0692 Netman - ok 09:56:56.0265 0692 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe 09:56:56.0265 0692 NetTcpPortSharing - ok 09:56:56.0515 0692 NETw5x32 (a3b69acd14051ae87ab9e1823a508b6d) C:\WINDOWS\system32\DRIVERS\NETw5x32.sys 09:56:56.0546 0692 NETw5x32 - ok 09:56:56.0687 0692 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys 09:56:56.0687 0692 NIC1394 - ok 09:56:56.0750 0692 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll 09:56:56.0750 0692 Nla - ok 09:56:56.0765 0692 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 09:56:56.0765 0692 Npfs - ok 09:56:56.0812 0692 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 09:56:56.0812 0692 Ntfs - ok 09:56:56.0828 0692 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe 09:56:56.0828 0692 NtLmSsp - ok 09:56:56.0875 0692 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll 09:56:56.0875 0692 NtmsSvc - ok 09:56:56.0890 0692 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 09:56:56.0890 0692 Null - ok 09:56:56.0890 0692 NvtSp50 - ok 09:56:56.0921 0692 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 09:56:56.0921 0692 NwlnkFlt - ok 09:56:56.0937 0692 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 09:56:56.0937 0692 NwlnkFwd - ok 09:56:57.0062 0692 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE 09:56:57.0062 0692 odserv - ok 09:56:57.0093 0692 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys 09:56:57.0093 0692 ohci1394 - ok 09:56:57.0140 0692 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE 09:56:57.0140 0692 ose - ok 09:56:57.0171 0692 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys 09:56:57.0171 0692 Parport - ok 09:56:57.0171 0692 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 09:56:57.0171 0692 PartMgr - ok 09:56:57.0187 0692 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 09:56:57.0187 0692 ParVdm - ok 09:56:57.0203 0692 PBADRV (4088c1ecd1f54281a92fa663b0fdc36f) C:\WINDOWS\system32\DRIVERS\PBADRV.sys 09:56:57.0203 0692 PBADRV - ok 09:56:57.0218 0692 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys 09:56:57.0218 0692 PCI - ok 09:56:57.0218 0692 PCIDump - ok 09:56:57.0234 0692 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys 09:56:57.0234 0692 PCIIde - ok 09:56:57.0250 0692 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys 09:56:57.0250 0692 Pcmcia - ok 09:56:57.0250 0692 PDCOMP - ok 09:56:57.0250 0692 PDFRAME - ok 09:56:57.0265 0692 PDRELI - ok 09:56:57.0265 0692 PDRFRAME - ok 09:56:57.0265 0692 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys 09:56:57.0265 0692 perc2 - ok 09:56:57.0281 0692 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys 09:56:57.0296 0692 perc2hib - ok 09:56:57.0312 0692 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe 09:56:57.0312 0692 PlugPlay - ok 09:56:57.0359 0692 Pml Driver HPZ12 (79834aa2fbf9fe81eebb229024f6f7fc) C:\WINDOWS\system32\HPZipm12.dll 09:56:57.0359 0692 Pml Driver HPZ12 - ok 09:56:57.0359 0692 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe 09:56:57.0359 0692 PolicyAgent - ok 09:56:57.0375 0692 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 09:56:57.0375 0692 PptpMiniport - ok 09:56:57.0375 0692 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe 09:56:57.0375 0692 ProtectedStorage - ok 09:56:57.0406 0692 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 09:56:57.0406 0692 PSched - ok 09:56:57.0421 0692 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 09:56:57.0421 0692 Ptilink - ok 09:56:57.0437 0692 PxHelp20 (03e0fe281823ba64b3782f5b38950e73) C:\WINDOWS\system32\Drivers\PxHelp20.sys 09:56:57.0437 0692 PxHelp20 - ok 09:56:57.0453 0692 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys 09:56:57.0453 0692 ql1080 - ok 09:56:57.0468 0692 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys 09:56:57.0468 0692 Ql10wnt - ok 09:56:57.0484 0692 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys 09:56:57.0484 0692 ql12160 - ok 09:56:57.0484 0692 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys 09:56:57.0484 0692 ql1240 - ok 09:56:57.0500 0692 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys 09:56:57.0515 0692 ql1280 - ok 09:56:57.0515 0692 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 09:56:57.0515 0692 RasAcd - ok 09:56:57.0546 0692 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll 09:56:57.0546 0692 RasAuto - ok 09:56:57.0562 0692 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 09:56:57.0562 0692 Rasl2tp - ok 09:56:57.0593 0692 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll 09:56:57.0593 0692 RasMan - ok 09:56:57.0625 0692 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 09:56:57.0625 0692 RasPppoe - ok 09:56:57.0625 0692 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 09:56:57.0625 0692 Raspti - ok 09:56:57.0656 0692 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 09:56:57.0656 0692 Rdbss - ok 09:56:57.0671 0692 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 09:56:57.0671 0692 RDPCDD - ok 09:56:57.0687 0692 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 09:56:57.0687 0692 rdpdr - ok 09:56:57.0718 0692 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys 09:56:57.0718 0692 RDPWD - ok 09:56:57.0765 0692 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe 09:56:57.0765 0692 RDSessMgr - ok 09:56:57.0796 0692 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys 09:56:57.0796 0692 redbook - ok 09:56:57.0921 0692 RegSrvc (d1875727d04eae948f139022dcad3d47) c:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe 09:56:57.0921 0692 RegSrvc - ok 09:56:57.0953 0692 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll 09:56:57.0953 0692 RemoteAccess - ok 09:56:57.0968 0692 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll 09:56:57.0968 0692 RemoteRegistry - ok 09:56:58.0015 0692 rimmptsk (ea885e7a56f1be1f14c372337c42fe48) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys 09:56:58.0015 0692 rimmptsk - ok 09:56:58.0046 0692 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe 09:56:58.0046 0692 RpcLocator - ok 09:56:58.0078 0692 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll 09:56:58.0093 0692 RpcSs - ok 09:56:58.0125 0692 RsFx0102 (fedd2710b75be3ecf078adace790c423) C:\WINDOWS\system32\DRIVERS\RsFx0102.sys 09:56:58.0125 0692 RsFx0102 - ok 09:56:58.0156 0692 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe 09:56:58.0156 0692 RSVP - ok 09:56:58.0296 0692 S24EventMonitor (8b4459365c254196f498a3cbc2898dbb) c:\Program Files\Intel\WiFi\bin\S24EvMon.exe 09:56:58.0312 0692 S24EventMonitor - ok 09:56:58.0328 0692 s24trans (87940243ea2ad3ebe274f5409c5e9072) C:\WINDOWS\system32\DRIVERS\s24trans.sys 09:56:58.0328 0692 s24trans - ok 09:56:58.0343 0692 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe 09:56:58.0343 0692 SamSs - ok 09:56:58.0406 0692 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 09:56:58.0406 0692 SASDIFSV - ok 09:56:58.0421 0692 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS 09:56:58.0421 0692 SASKUTIL - ok 09:56:58.0453 0692 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe 09:56:58.0453 0692 SCardSvr - ok 09:56:58.0500 0692 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll 09:56:58.0500 0692 Schedule - ok 09:56:58.0515 0692 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys 09:56:58.0515 0692 sdbus - ok 09:56:58.0531 0692 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 09:56:58.0531 0692 Secdrv - ok 09:56:58.0546 0692 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll 09:56:58.0546 0692 seclogon - ok 09:56:58.0703 0692 SecureStorageService (d7f978c1b6387544fe132eb5b915ed1a) C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe 09:56:58.0703 0692 SecureStorageService - ok 09:56:58.0718 0692 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll 09:56:58.0718 0692 SENS - ok 09:56:58.0734 0692 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys 09:56:58.0734 0692 Serenum - ok 09:56:58.0750 0692 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys 09:56:58.0750 0692 Serial - ok 09:56:58.0765 0692 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 09:56:58.0765 0692 Sfloppy - ok 09:56:58.0812 0692 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll 09:56:58.0812 0692 SharedAccess - ok 09:56:58.0859 0692 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll 09:56:58.0859 0692 ShellHWDetection - ok 09:56:58.0859 0692 Simbad - ok 09:56:58.0875 0692 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys 09:56:58.0875 0692 sisagp - ok 09:56:58.0906 0692 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys 09:56:58.0906 0692 SLIP - ok 09:56:59.0109 0692 SmcService (0dc94380be7d36ae241029c72807692e) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe 09:56:59.0109 0692 SmcService - ok 09:56:59.0156 0692 SNAC (65e1ebf379856b677979802c8d5bcd87) C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE 09:56:59.0156 0692 SNAC - ok 09:56:59.0296 0692 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys 09:56:59.0296 0692 Sparrow - ok 09:56:59.0343 0692 SPBBCDrv (e87cf104f12c92401c4d33c50a3d5dc8) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys 09:56:59.0343 0692 SPBBCDrv - ok 09:56:59.0375 0692 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 09:56:59.0375 0692 splitter - ok 09:56:59.0406 0692 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe 09:56:59.0421 0692 Spooler - ok 09:56:59.0515 0692 SQLAgent$SQLEXPRESS (eb2fd937449b7aceb39372f875eb8e78) c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE 09:56:59.0515 0692 SQLAgent$SQLEXPRESS - ok 09:56:59.0593 0692 SQLBrowser (b54b48f6d92423440c264e91225c5ff1) c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe 09:56:59.0593 0692 SQLBrowser - ok 09:56:59.0625 0692 SQLWriter (637a0f23f9012358e92e6f99835494d1) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe 09:56:59.0625 0692 SQLWriter - ok 09:56:59.0671 0692 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys 09:56:59.0671 0692 sr - ok 09:56:59.0718 0692 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll 09:56:59.0718 0692 srservice - ok 09:56:59.0765 0692 SRS_PremiumSound_Service (584477fdfa731af4635f5875c6b52531) C:\WINDOWS\system32\drivers\srs_PremiumSound_i386.sys 09:56:59.0765 0692 SRS_PremiumSound_Service - ok 09:56:59.0781 0692 SRTSP (5a293729e1f9fce3a2106d1f5dc5e98a) C:\WINDOWS\system32\Drivers\SRTSP.SYS 09:56:59.0781 0692 SRTSP - ok 09:56:59.0828 0692 SRTSPL (0ddb7fba32be09d8057063c0cee24137) C:\WINDOWS\system32\Drivers\SRTSPL.SYS 09:56:59.0828 0692 SRTSPL - ok 09:56:59.0843 0692 SRTSPX (a99719dfb61b61aa5026341bbb733c0a) C:\WINDOWS\system32\Drivers\SRTSPX.SYS 09:56:59.0843 0692 SRTSPX - ok 09:56:59.0890 0692 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys 09:56:59.0890 0692 Srv - ok 09:56:59.0921 0692 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll 09:56:59.0921 0692 SSDPSRV - ok 09:56:59.0968 0692 STacSV (3603f3db9fba2a8fa91829681ba25afa) c:\drivers\audio\r213367\stacsv.exe 09:56:59.0968 0692 STacSV - ok 09:57:00.0093 0692 STHDA (1b76479b80ff0f6e245ba590a64102be) C:\WINDOWS\system32\drivers\sthda.sys 09:57:00.0093 0692 STHDA - ok 09:57:00.0218 0692 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll 09:57:00.0218 0692 stisvc - ok 09:57:00.0296 0692 stllssvr (e476c66713c842f58e61a95826ed1d57) c:\Program Files\Common Files\SureThing Shared\stllssvr.exe 09:57:00.0296 0692 stllssvr - ok 09:57:00.0343 0692 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys 09:57:00.0343 0692 streamip - ok 09:57:00.0375 0692 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 09:57:00.0375 0692 swenum - ok 09:57:00.0421 0692 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 09:57:00.0421 0692 swmidi - ok 09:57:00.0421 0692 SwPrv - ok 09:57:00.0593 0692 Symantec AntiVirus (f3a4ead0b3946e439f0397f7a4d09952) C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe 09:57:00.0609 0692 Symantec AntiVirus - ok 09:57:00.0656 0692 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys 09:57:00.0656 0692 symc810 - ok 09:57:00.0671 0692 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys 09:57:00.0671 0692 symc8xx - ok 09:57:00.0718 0692 SymEvent (a54ff04bd6e75dc4d8cb6f3e352635e0) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS 09:57:00.0718 0692 SymEvent - ok 09:57:00.0734 0692 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys 09:57:00.0734 0692 sym_hi - ok 09:57:00.0734 0692 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys 09:57:00.0734 0692 sym_u3 - ok 09:57:00.0765 0692 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 09:57:00.0765 0692 sysaudio - ok 09:57:00.0796 0692 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe 09:57:00.0796 0692 SysmonLog - ok 09:57:00.0828 0692 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll 09:57:00.0828 0692 TapiSrv - ok 09:57:00.0890 0692 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 09:57:00.0890 0692 Tcpip - ok 09:57:01.0015 0692 tcsd_win32.exe (69f1a38a6dbfe682491cb61a596662e3) C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe 09:57:01.0015 0692 tcsd_win32.exe - ok 09:57:01.0140 0692 TdmService (a62f1de032e59c4bb35557a2219cb160) C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe 09:57:01.0156 0692 TdmService - ok 09:57:01.0203 0692 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 09:57:01.0203 0692 TDPIPE - ok 09:57:01.0234 0692 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 09:57:01.0234 0692 TDTCP - ok 09:57:01.0250 0692 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 09:57:01.0250 0692 TermDD - ok 09:57:01.0281 0692 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll 09:57:01.0281 0692 TermService - ok 09:57:01.0328 0692 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll 09:57:01.0328 0692 Themes - ok 09:57:01.0343 0692 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe 09:57:01.0343 0692 TlntSvr - ok 09:57:01.0359 0692 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys 09:57:01.0359 0692 TosIde - ok 09:57:01.0390 0692 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll 09:57:01.0390 0692 TrkWks - ok 09:57:01.0421 0692 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 09:57:01.0421 0692 Udfs - ok 09:57:01.0437 0692 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys 09:57:01.0437 0692 ultra - ok 09:57:01.0468 0692 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 09:57:01.0468 0692 Update - ok 09:57:01.0500 0692 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll 09:57:01.0500 0692 upnphost - ok 09:57:01.0515 0692 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe 09:57:01.0515 0692 UPS - ok 09:57:01.0546 0692 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys 09:57:01.0546 0692 usbaudio - ok 09:57:01.0578 0692 usbccgp (c18d6c74953621346df6b0a11f80c1cc) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 09:57:01.0578 0692 usbccgp - ok 09:57:01.0593 0692 usbehci (4bac8df07f1d8434fc640e677a62204e) C:\WINDOWS\system32\DRIVERS\usbehci.sys 09:57:01.0593 0692 usbehci - ok 09:57:01.0609 0692 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 09:57:01.0609 0692 usbhub - ok 09:57:01.0656 0692 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys 09:57:01.0656 0692 usbprint - ok 09:57:01.0703 0692 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys 09:57:01.0703 0692 usbscan - ok 09:57:01.0718 0692 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 09:57:01.0718 0692 USBSTOR - ok 09:57:01.0750 0692 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 09:57:01.0750 0692 usbuhci - ok 09:57:01.0781 0692 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys 09:57:01.0781 0692 usbvideo - ok 09:57:01.0781 0692 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 09:57:01.0781 0692 VgaSave - ok 09:57:01.0812 0692 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys 09:57:01.0812 0692 viaagp - ok 09:57:01.0828 0692 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys 09:57:01.0828 0692 ViaIde - ok 09:57:01.0843 0692 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys 09:57:01.0843 0692 VolSnap - ok 09:57:01.0890 0692 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe 09:57:01.0890 0692 VSS - ok 09:57:01.0937 0692 w32time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll 09:57:01.0937 0692 w32time - ok 09:57:01.0968 0692 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 09:57:01.0968 0692 Wanarp - ok 09:57:02.0000 0692 WavxDMgr (e1369c7a53c76eb681afd0eba348b45a) C:\WINDOWS\system32\DRIVERS\WavxDMgr.sys 09:57:02.0000 0692 WavxDMgr - ok 09:57:02.0046 0692 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys 09:57:02.0062 0692 Wdf01000 - ok 09:57:02.0062 0692 WDICA - ok 09:57:02.0078 0692 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 09:57:02.0078 0692 wdmaud - ok 09:57:02.0109 0692 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll 09:57:02.0109 0692 WebClient - ok 09:57:02.0171 0692 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll 09:57:02.0171 0692 winmgmt - ok 09:57:02.0328 0692 wlidsvc (d9250b31b353ee3322c1cad411997e38) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 09:57:02.0343 0692 wlidsvc - ok 09:57:02.0453 0692 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll 09:57:02.0453 0692 WmdmPmSN - ok 09:57:02.0531 0692 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll 09:57:02.0531 0692 Wmi - ok 09:57:02.0593 0692 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys 09:57:02.0593 0692 WmiAcpi - ok 09:57:02.0625 0692 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe 09:57:02.0625 0692 WmiApSrv - ok 09:57:02.0718 0692 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe 09:57:02.0734 0692 WMPNetworkSvc - ok 09:57:02.0750 0692 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys 09:57:02.0750 0692 WS2IFSL - ok 09:57:02.0781 0692 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll 09:57:02.0781 0692 wscsvc - ok 09:57:02.0781 0692 WSearch - ok 09:57:02.0828 0692 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS 09:57:02.0828 0692 WSTCODEC - ok 09:57:02.0843 0692 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll 09:57:02.0843 0692 wuauserv - ok 09:57:02.0875 0692 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys 09:57:02.0875 0692 WudfPf - ok 09:57:02.0906 0692 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys 09:57:02.0906 0692 WudfRd - ok 09:57:02.0921 0692 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll 09:57:02.0937 0692 WudfSvc - ok 09:57:02.0968 0692 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll 09:57:02.0968 0692 WZCSVC - ok 09:57:03.0015 0692 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll 09:57:03.0015 0692 xmlprov - ok 09:57:03.0109 0692 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe 09:57:03.0109 0692 YahooAUService - ok 09:57:03.0156 0692 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0 09:57:03.0203 0692 \Device\Harddisk0\DR0 - ok 09:57:03.0203 0692 Boot (0x1200) (8ff7ec3d9758ae9c2cec3216b369c762) \Device\Harddisk0\DR0\Partition0 09:57:03.0203 0692 \Device\Harddisk0\DR0\Partition0 - ok 09:57:03.0203 0692 ============================================================ 09:57:03.0203 0692 Scan finished 09:57:03.0203 0692 ============================================================ 09:57:03.0218 1464 Detected object count: 0 09:57:03.0218 1464 Actual detected object count: 0 09:57:06.0671 4624 Deinitialize success
  12. I've run ComboFix twice, it appeared to take care of everything the first time but then the redirect started again and endpoint protection started catching trojan.Dowiex!inf corrupted files in the temp directory. The first time the recurring virus was bloodhound.MALpe. Here is the combofix log... ComboFix 12-04-25.02 - bhershberger 04/25/2012 17:40:34.2.2 - x86 NETWORK Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3539.2935 [GMT -5:00] Running from: c:\documents and settings\bhershberger.CSC\Desktop\ComboFix.exe AV: Symantec Endpoint Protection *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C} FW: COMODO Firewall *Enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\All Users\Application Data\TEMP c:\documents and settings\bhershberger.CSC\Application Data\Mozilla\Firefox\Profiles\kmptt6fy.default\weave\toFetch c:\documents and settings\bhershberger.CSC\Local Settings\Application Data\assembly\tmp c:\windows\Downloaded Program Files\popcaploader.dll c:\windows\Downloaded Program Files\popcaploader.inf c:\windows\EventSystem.log . . ((((((((((((((((((((((((( Files Created from 2012-03-25 to 2012-04-25 ))))))))))))))))))))))))))))))) . . 2012-04-25 22:12 . 2012-04-25 22:12 -------- d-----w- c:\documents and settings\bhershberger.CSC\Application Data\Anvisoft 2012-04-25 22:08 . 2012-01-09 08:26 23848 ----a-w- c:\windows\system32\drivers\avhips.sys 2012-04-25 22:08 . 2012-01-09 08:26 17704 ----a-w- c:\windows\system32\drivers\avfsmn.sys 2012-04-25 22:07 . 2012-04-25 22:07 -------- d-----w- c:\program files\Anvisoft 2012-04-25 15:11 . 2012-04-25 15:11 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\COMODO 2012-04-25 14:42 . 2012-04-25 14:42 -------- d-----w- c:\documents and settings\bhershberger.CSC\Application Data\SUPERAntiSpyware.com 2012-04-25 14:42 . 2012-04-25 14:42 -------- d-----w- c:\program files\SUPERAntiSpyware 2012-04-25 14:42 . 2012-04-25 14:42 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com 2012-04-25 00:06 . 2012-04-25 01:52 -------- d-----w- c:\documents and settings\All Users\Application Data\CPA_VA 2012-04-24 23:59 . 2012-04-25 00:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Comodo 2012-04-24 23:59 . 2012-04-24 23:59 -------- d-----w- c:\documents and settings\bhershberger.CSC\Local Settings\Application Data\COMODO 2012-04-24 23:59 . 2012-04-24 23:59 42760 ----a-w- c:\windows\system32\certsentry.dll 2012-04-24 23:58 . 2012-04-25 01:52 -------- d-----w- c:\program files\Comodo 2012-04-24 23:51 . 2012-04-24 23:56 -------- d-----w- c:\program files\SpywareBlaster 2012-04-24 19:07 . 2012-04-24 19:07 -------- d-----w- c:\documents and settings\bhershberger.CSC\Local Settings\Application Data\{70C385F0-8E41-11E1-826D-B8AC6F996F26} 2012-04-18 13:46 . 2012-03-26 13:41 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll 2012-04-13 17:56 . 2012-04-13 18:56 4139680 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe 2012-04-12 00:26 . 2012-04-12 00:26 -------- d-----w- c:\documents and settings\bhershberger.CSC\Application Data\com.digitaldm.editions.10016940 2012-04-12 00:26 . 2012-04-12 00:26 -------- d-----w- c:\program files\Common Files\Adobe AIR 2012-04-12 00:26 . 2012-04-12 00:26 -------- d-----w- c:\program files\DigitalDM 2012-04-04 14:08 . 2012-04-13 18:56 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-04-25 17:20 . 2011-01-31 02:12 0 ----a-w- c:\documents and settings\bhershberger.CSC\Local Settings\Application Data\WavXMapDrive.bat 2012-04-13 18:56 . 2011-05-18 13:37 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-04-04 20:56 . 2011-09-02 14:04 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-03-12 02:13 . 2012-03-12 02:13 97760 ----a-w- c:\windows\system32\drivers\inspect.sys 2012-03-12 02:13 . 2012-03-12 02:13 494968 ----a-w- c:\windows\system32\drivers\cmdGuard.sys 2012-03-12 02:13 . 2012-03-12 02:13 31704 ----a-w- c:\windows\system32\drivers\cmdhlp.sys 2012-03-12 02:13 . 2012-03-12 02:13 18056 ----a-w- c:\windows\system32\drivers\cmderd.sys 2012-03-12 02:13 . 2012-03-12 02:13 33984 ----a-w- c:\windows\system32\cmdcsr.dll 2012-03-12 02:13 . 2012-03-12 02:13 301224 ----a-w- c:\windows\system32\guard32.dll 2012-03-01 11:01 . 2008-04-25 16:16 916992 ----a-w- c:\windows\system32\wininet.dll 2012-03-01 11:01 . 2008-04-25 16:16 43520 ----a-w- c:\windows\system32\licmgr10.dll 2012-03-01 11:01 . 2008-04-25 16:16 1469440 ------w- c:\windows\system32\inetcpl.cpl 2012-02-29 14:10 . 2008-04-25 16:16 177664 ----a-w- c:\windows\system32\wintrust.dll 2012-02-29 14:10 . 2008-04-25 16:16 148480 ----a-w- c:\windows\system32\imagehlp.dll 2012-02-29 12:17 . 2008-04-25 16:16 385024 ----a-w- c:\windows\system32\html.iec 2012-02-03 09:26 . 2008-04-25 16:16 1869184 ----a-w- c:\windows\system32\win32k.sys 2012-03-20 13:37 . 2012-01-09 14:41 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay] @="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}" [HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}] 2009-06-12 00:41 49152 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay] @="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}" [HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}] 2009-06-12 00:41 49152 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-03-07 3905920] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-02-22 200704] "SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-03-17 483420] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-02-26 134656] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-02-26 166912] "Persistence"="c:\windows\system32\igfxpers.exe" [2009-02-26 134656] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-02-11 186904] "DellControlPoint"="c:\program files\Dell\Dell ControlPoint\Dell.ControlPoint.exe" [2009-06-12 656384] "ChangeTPMAuth"="c:\program files\Wave Systems Corp\Common\ChangeTPMAuth.exe" [2009-06-03 184320] "WavXMgr"="c:\program files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe" [2009-05-18 145920] "USCService"="c:\program files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe" [2009-07-05 15872] "Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2012-03-27 40376] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2010-06-28 115560] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-11 49152] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-07-20 202256] "Synchronization Manager"="c:\windows\system32\mobsync.exe" [2008-04-14 143360] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-09-30 252296] "AESTFltr"="c:\windows\system32\AESTFltr.exe" [2009-03-17 729088] "COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-03-12 6749512] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2011-07-27 434080] "Anvi Smart Defender"="c:\program files\Anvisoft\Anvi Smart Defender\ASDTray.exe" [2012-04-20 625024] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "RunNarrator"="Narrator.exe" [2008-04-14 53760] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist Express Customer] 2011-03-01 16:09 147832 ----a-w- c:\program files\Citrix\GoToAssist Express Customer\274\g2ax_winlogon.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\system32\guard32.dll . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ msv1_0 wvauth . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\srv15EC] @="service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"= "c:\\Program Files\\Microsoft Office\\Live Meeting 8\\Console\\PWConsole.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "58837:TCP"= 58837:TCP:Pando Media Booster "58837:UDP"= 58837:UDP:Pando Media Booster . R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [3/11/2012 9:13 PM 31704] R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 6:38 PM 116608] S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [3/11/2012 9:13 PM 494968] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 11:27 AM 12880] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 4:55 PM 67664] S2 asdsrv;Anvi Smart Defender Realtime Guard Service;c:\program files\Anvisoft\Anvi Smart Defender\ASDSrv.exe [4/19/2012 10:23 PM 643880] S2 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\AtService.exe [5/15/2009 6:33 PM 1803512] S2 avhips;AntiMalware Host-based Intrusion Prevention System;c:\windows\system32\drivers\avhips.sys [4/25/2012 5:08 PM 23848] S2 buttonsvc32;Dell ControlPoint Button Service;c:\program files\Dell\Dell ControlPoint\DCPButtonSvc.exe [4/27/2009 2:40 PM 293968] S2 dcpsysmgrsvc;Dell ControlPoint System Manager;c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe [7/16/2009 1:04 PM 376096] S2 DragonUpdater;COMODO Dragon Update Service;c:\program files\Comodo\Dragon\dragon_updater.exe [4/13/2012 7:59 AM 409232] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [9/23/2010 2:33 PM 136176] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/4/2012 9:08 AM 253088] S3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [11/3/2009 12:18 AM 112512] S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [10/28/2009 11:52 AM 23888] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2/21/2012 9:48 AM 106104] S3 GoToAssist Express Customer;GoToAssist Express Customer;c:\program files\Citrix\GoToAssist Express Customer\274\g2ax_service.exe [3/1/2011 11:09 AM 161144] S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [9/23/2010 2:33 PM 136176] S3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [11/3/2009 12:19 AM 109568] S3 NvtSp50;NvtSp50 NDIS Protocol Driver;c:\windows\system32\Drivers\NvtSp50.sys --> c:\windows\system32\Drivers\NvtSp50.sys [?] S3 SRS_PremiumSound_Service;SRS Labs Premium Sound;c:\windows\system32\drivers\SRS_PremiumSound_i386.sys [11/2/2009 10:57 PM 232744] S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [8/15/2008 2:47 PM 47128] S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [7/10/2008 2:49 AM 242712] S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [8/15/2008 2:47 PM 369688] . --- Other Services/Drivers In Memory --- . *NewlyCreated* - ASDSRV *NewlyCreated* - AVHIPS *NewlyCreated* - SRTSPL . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs srv15EC . Contents of the 'Scheduled Tasks' folder . 2012-04-25 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 18:56] . 2012-04-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cc08f6ec31d842.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-09-23 19:33] . 2012-04-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA1cc08f6ec402688.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-09-23 19:33] . 2012-04-25 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2719337179-821044013-2112406857-1012.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 08:02] . 2012-04-25 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-453876738-3065766259-2469240769-1116.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 08:02] . 2012-04-25 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-823518204-1770027372-839522115-3159.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 08:02] . 2011-11-04 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2719337179-821044013-2112406857-1012.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 08:02] . 2012-04-25 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-453876738-3065766259-2469240769-1116.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 08:02] . 2011-01-30 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-823518204-1770027372-839522115-3159.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 08:02] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ mStart Page = hxxp://www.yahoo.com IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 Trusted Zone: prmia.org\smweb TCP: DhcpNameServer = 10.1.100.200 TCP: Interfaces\{211DBFCA-464A-43D9-B010-4F99BC718F5D}: NameServer = 10.1.100.200 FF - ProfilePath - c:\documents and settings\bhershberger.CSC\Application Data\Mozilla\Firefox\Profiles\kmptt6fy.default\ FF - prefs.js: browser.startup.homepage - www.google.com . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-04-25 17:44 Windows 5.1.2600 Service Pack 3 NTFS . detected NTDLL code modification: ZwClose . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(856) c:\windows\system32\guard32.dll c:\program files\SUPERAntiSpyware\SASWINLO.DLL c:\windows\system32\WININET.dll c:\program files\Citrix\GoToAssist Express Customer\274\g2ax_winlogon.dll c:\windows\system32\NetProvCredMan.dll . - - - - - - - > 'lsass.exe'(912) c:\windows\system32\guard32.dll c:\windows\system32\wvauth.dll c:\windows\system32\WININET.dll . Completion time: 2012-04-25 17:46:35 ComboFix-quarantined-files.txt 2012-04-25 22:46 ComboFix2.txt 2012-04-25 00:42 . Pre-Run: 86,503,170,048 bytes free Post-Run: 86,497,017,856 bytes free . - - End Of File - - 1B88B601F688DEF8603BCC98B852686F
  13. Firefox is being hijacked by the Happili redirect. I've tried following the directions from prior posts but having no luck getting rid of this problem. A number of other malware/adware issues have been identified and resolved but this happili thing continues to return. Here is my DDS log and Attach.txt is attached. . DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.2.1 Run by bhershberger at 17:54:23 on 2012-04-25 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3539.2911 [GMT -5:00] . AV: Symantec Endpoint Protection *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C} FW: COMODO Firewall *Enabled* . ============== Running Processes =============== . C:\WINDOWS\system32\svchost.exe -k DcomLaunch svchost.exe C:\WINDOWS\system32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\SUPERAntiSpyware\SASCORE.EXE C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe C:\WINDOWS\system32\notepad.exe C:\WINDOWS\explorer.exe C:\Program Files\Mozilla Firefox\firefox.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ mStart Page = hxxp://www.yahoo.com BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe mRun: [Apoint] c:\program files\delltpad\Apoint.exe mRun: [sysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [iAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe mRun: [DellControlPoint] "c:\program files\dell\dell controlpoint\Dell.ControlPoint.exe" mRun: [ChangeTPMAuth] c:\program files\wave systems corp\common\ChangeTPMAuth.exe /T:NTRU12 mRun: [WavXMgr] c:\program files\wave systems corp\services manager\docmgr\bin\WavXDocMgr.exe mRun: [uSCService] c:\program files\dell\dell controlpoint\security manager\BcmDeviceAndTaskStatusService.exe mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe" mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot mRun: [synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [AESTFltr] "c:\windows\system32\AESTFltr.exe" /NoDlg mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h mRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t mRun: [Anvi Smart Defender] c:\program files\anvisoft\anvi smart defender\ASDTray.exe dRunOnce: [RunNarrator] Narrator.exe IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL Trusted Zone: prmia.org\smweb DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} - hxxp://srtest-cdn.systemrequirementslab.com.s3.amazonaws.com/bin/sysreqlabdetect.cab DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1259696327182 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://zone.msn.com/bingame/popcaploader_v10.cab DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://zmfs.webex.com/client/T27L/sales/ieatgpc.cab TCP: DhcpNameServer = 10.1.100.200 TCP: Interfaces\{211DBFCA-464A-43D9-B010-4F99BC718F5D} : NameServer = 10.1.100.200 TCP: Interfaces\{211DBFCA-464A-43D9-B010-4F99BC718F5D} : DhcpNameServer = 10.1.100.200 TCP: Interfaces\{A7541705-6C9B-4A97-BD45-A8B23253D65D} : DhcpNameServer = 192.168.0.1 Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL Notify: GoToAssist Express Customer - c:\program files\citrix\gotoassist express customer\274\g2ax_winlogon.dll Notify: igfxcui - igfxdev.dll AppInit_DLLs: c:\windows\system32\guard32.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL LSA: Authentication Packages = msv1_0 wvauth . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\bhershberger.csc\application data\mozilla\firefox\profiles\kmptt6fy.default\ FF - prefs.js: browser.startup.homepage - www.google.com FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll FF - plugin: c:\documents and settings\bhershberger.csc\application data\mozilla\plugins\npatgpc.dll FF - plugin: c:\documents and settings\bhershberger\application data\move networks\plugins\npqmp071705000014.dll FF - plugin: c:\program files\adobe\acrobat 9.0\acrobat\air\nppdf32.dll FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\java\jre7\bin\new_plugin\npjp2.dll FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll FF - plugin: c:\program files\microsoft\office live\npOLW.dll FF - plugin: c:\program files\oracle\javafx 2.0 runtime\bin\new_plugin\npjp2.dll FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll FF - plugin: c:\program files\virtual earth 3d\npVE3D.dll FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_233.dll FF - plugin: c:\windows\system32\npdeployJava1.dll FF - plugin: c:\windows\system32\npptools.dll . ============= SERVICES / DRIVERS =============== . R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2012-3-11 31704] R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608] R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2010-6-28 108392] R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2010-6-28 108392] R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2010-6-28 1831024] S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2012-3-11 494968] S1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880] S1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664] S2 asdsrv;Anvi Smart Defender Realtime Guard Service;c:\program files\anvisoft\anvi smart defender\ASDSrv.exe [2012-4-19 643880] S2 ATService;AuthenTec Fingerprint Service;c:\program files\fingerprint sensor\AtService.exe [2009-5-15 1803512] S2 avhips;AntiMalware Host-based Intrusion Prevention System;c:\windows\system32\drivers\avhips.sys [2012-4-25 23848] S2 buttonsvc32;Dell ControlPoint Button Service;c:\program files\dell\dell controlpoint\DCPButtonSvc.exe [2009-4-27 293968] S2 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\comodo internet security\cmdagent.exe [2012-3-11 1983232] S2 dcpsysmgrsvc;Dell ControlPoint System Manager;c:\program files\dell\dell controlpoint\system manager\DCPSysMgrSvc.exe [2009-7-16 376096] S2 DragonUpdater;COMODO Dragon Update Service;c:\program files\comodo\dragon\dragon_updater.exe [2012-4-13 409232] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-9-23 136176] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-4 253088] S3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2009-11-3 112512] S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2009-10-28 23888] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-2-21 106104] S3 GoToAssist Express Customer;GoToAssist Express Customer;c:\program files\citrix\gotoassist express customer\274\g2ax_service.exe [2011-3-1 161144] S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-9-23 136176] S3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2009-11-3 109568] S3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20120425.002\NAVENG.SYS [2012-4-25 86136] S3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20120425.002\NAVEX15.SYS [2012-4-25 1576312] S3 NvtSp50;NvtSp50 NDIS Protocol Driver;c:\windows\system32\drivers\nvtsp50.sys --> c:\windows\system32\drivers\NvtSp50.sys [?] S3 SRS_PremiumSound_Service;SRS Labs Premium Sound;c:\windows\system32\drivers\SRS_PremiumSound_i386.sys [2009-11-2 232744] S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2008-8-15 47128] S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [2008-7-10 242712] S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2008-8-15 369688] . =============== Created Last 30 ================ . 2012-04-25 22:38:54 98816 ----a-w- c:\windows\sed.exe 2012-04-25 22:38:54 518144 ----a-w- c:\windows\SWREG.exe 2012-04-25 22:38:54 256000 ----a-w- c:\windows\PEV.exe 2012-04-25 22:38:54 208896 ----a-w- c:\windows\MBR.exe 2012-04-25 22:12:44 -------- d-----w- c:\documents and settings\bhershberger.csc\application data\Anvisoft 2012-04-25 22:08:06 23848 ----a-w- c:\windows\system32\drivers\avhips.sys 2012-04-25 22:08:06 17704 ----a-w- c:\windows\system32\drivers\avfsmn.sys 2012-04-25 22:07:45 -------- d-----w- c:\program files\Anvisoft 2012-04-25 14:42:55 -------- d-----w- c:\documents and settings\bhershberger.csc\application data\SUPERAntiSpyware.com 2012-04-25 14:42:15 -------- d-----w- c:\program files\SUPERAntiSpyware 2012-04-25 14:42:15 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com 2012-04-25 00:30:58 -------- d-sha-r- C:\cmdcons 2012-04-25 00:20:40 -------- d-----w- c:\windows\setup.pss 2012-04-25 00:20:17 -------- d-----w- c:\windows\setupupd 2012-04-25 00:06:36 -------- d-----w- c:\documents and settings\all users\application data\CPA_VA 2012-04-24 23:59:18 -------- d-----w- c:\documents and settings\all users\application data\Comodo 2012-04-24 23:59:04 -------- d-----w- c:\documents and settings\bhershberger.csc\local settings\application data\COMODO 2012-04-24 23:59:02 42760 ----a-w- c:\windows\system32\certsentry.dll 2012-04-24 23:58:56 -------- d-----w- c:\program files\Comodo 2012-04-24 23:51:10 -------- d-----w- c:\program files\SpywareBlaster 2012-04-24 19:07:46 -------- d-----w- c:\documents and settings\bhershberger.csc\local settings\application data\{70C385F0-8E41-11E1-826D-B8AC6F996F26} 2012-04-18 13:46:13 103864 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll 2012-04-13 17:56:05 4139680 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe 2012-04-12 00:26:33 -------- d-----w- c:\documents and settings\bhershberger.csc\application data\com.digitaldm.editions.10016940 2012-04-12 00:26:19 -------- d-----w- c:\program files\DigitalDM 2012-04-04 14:08:24 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe . ==================== Find3M ==================== . 2012-04-13 18:56:07 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-04-04 20:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-03-12 02:13:46 494968 ----a-w- c:\windows\system32\drivers\cmdGuard.sys 2012-03-12 02:13:46 31704 ----a-w- c:\windows\system32\drivers\cmdhlp.sys 2012-03-12 02:13:44 18056 ----a-w- c:\windows\system32\drivers\cmderd.sys 2012-03-12 02:13:20 33984 ----a-w- c:\windows\system32\cmdcsr.dll 2012-03-12 02:13:20 301224 ----a-w- c:\windows\system32\guard32.dll 2012-03-01 11:01:32 916992 ----a-w- c:\windows\system32\wininet.dll 2012-03-01 11:01:32 43520 ----a-w- c:\windows\system32\licmgr10.dll 2012-03-01 11:01:32 1469440 ------w- c:\windows\system32\inetcpl.cpl 2012-02-29 14:10:16 177664 ----a-w- c:\windows\system32\wintrust.dll 2012-02-29 14:10:16 148480 ----a-w- c:\windows\system32\imagehlp.dll 2012-02-29 12:17:40 385024 ----a-w- c:\windows\system32\html.iec 2012-02-03 09:26:17 1869184 ----a-w- c:\windows\system32\win32k.sys . ============= FINISH: 17:54:41.20 =============== attach.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.