rrr10
-
Posts
21 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by rrr10
-
-
Hi MrC,
I've been surfing for a few hours today, and haven't seen any redirects yet. Probably should watch it for a while more before we claim victory ;-)
Do you think FRST was the tool that fixed it?
How do I reduce the chance that I get this 'bug' again. I hate to have to call you guys every few months to fix this problem...
thanks again
-
No problems yet... but it's only been a few minutes ;-)
Let me surf for another 24hrs and I'll report back again... thanks again
-
Hi MrC,
Here's the fixlog.txt....thanks again
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 28-10-2013
Ran by Rod at 2013-10-28 16:25:12 Run:1
Running from C:\Users\Rod\Desktop
Boot Mode: Normal
==============================================Content of fixlist:
*****************
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp...lts/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
FF SelectedSearchEngine: Bing
FF DefaultSearchEngine: Bing
CHR DefaultSearchURL: (Bing) - http://www.google.com
CHR DefaultSuggestURL: (Bing) - "suggest_url": ""
*****************HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Bar => Value deleted successfully.
Firefox SelectedSearchEngine deleted successfully.
Firefox DefaultSearchEngine deleted successfully.
CHR DefaultSearchURL: (Bing) - http://www.google.com ==> The Chrome "Settings" can be used to fix the entry.
CHR DefaultSuggestURL: (Bing) - "suggest_url": "" ==> The Chrome "Settings" can be used to fix the entry.==== End of Fixlog ====
-
... and here's the Addition.txt:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-10-2013 01
Ran by Rod at 2013-10-27 14:44:20
Running from C:\Users\Rod\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Norton Internet Security (Disabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Internet Security (Enabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security (Disabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
==================== Installed Programs ======================
1999 TurboTax Deluxe (x32)
Acrobat.com (x32 Version: 2.0.0)
Acrobat.com (x32 Version: 2.0.0.0)
ActiveHome Pro (x32)
Adobe AIR (x32 Version: 3.3.0.3670)
Adobe Community Help (x32 Version: 3.4.980)
Adobe Download Assistant (x32 Version: 1.2.1)
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.117)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.117)
Adobe Reader XI (11.0.05) (x32 Version: 11.0.05)
AnswerWorks 5.0 English Runtime (x32 Version: 008.000.0003)
Apple Application Support (x32 Version: 2.2.2)
Apple Mobile Device Support (Version: 6.0.0.59)
Apple Software Update (x32 Version: 2.1.3.127)
ArcSoft VideoStabilizer (x32)
AstroViewer 3.1.6 (x32)
ATI Catalyst Install Manager (Version: 3.0.765.0)
AutoHotkey 1.0.48.05 (x32 Version: 1.0.48.05)
Bonjour (Version: 3.0.0.10)
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center Core Implementation (x32 Version: 2010.0310.1824.32984)
Catalyst Control Center Graphics Full Existing (x32 Version: 2010.0310.1824.32984)
Catalyst Control Center Graphics Full New (x32 Version: 2010.0310.1824.32984)
Catalyst Control Center Graphics Light (x32 Version: 2010.0310.1824.32984)
Catalyst Control Center Graphics Previews Common (x32 Version: 2010.0310.1824.32984)
Catalyst Control Center Graphics Previews Vista (x32 Version: 2010.0310.1824.32984)
Catalyst Control Center HydraVision Full (x32 Version: 2010.0310.1824.32984)
Catalyst Control Center InstallProxy (x32 Version: 2009.0908.2225.38429)
Catalyst Control Center InstallProxy (x32 Version: 2010.0310.1824.32984)
Catalyst Control Center Localization All (x32 Version: 2010.0310.1824.32984)
CCC Help Chinese Standard (x32 Version: 2010.0310.1823.32984)
CCC Help Chinese Traditional (x32 Version: 2010.0310.1823.32984)
CCC Help Czech (x32 Version: 2010.0310.1823.32984)
CCC Help Danish (x32 Version: 2010.0310.1823.32984)
CCC Help Dutch (x32 Version: 2010.0310.1823.32984)
CCC Help English (x32 Version: 2010.0310.1823.32984)
CCC Help Finnish (x32 Version: 2010.0310.1823.32984)
CCC Help French (x32 Version: 2010.0310.1823.32984)
CCC Help German (x32 Version: 2010.0310.1823.32984)
CCC Help Greek (x32 Version: 2010.0310.1823.32984)
CCC Help Hungarian (x32 Version: 2010.0310.1823.32984)
CCC Help Italian (x32 Version: 2010.0310.1823.32984)
CCC Help Japanese (x32 Version: 2010.0310.1823.32984)
CCC Help Korean (x32 Version: 2010.0310.1823.32984)
CCC Help Norwegian (x32 Version: 2010.0310.1823.32984)
CCC Help Polish (x32 Version: 2010.0310.1823.32984)
CCC Help Portuguese (x32 Version: 2010.0310.1823.32984)
CCC Help Russian (x32 Version: 2010.0310.1823.32984)
CCC Help Spanish (x32 Version: 2010.0310.1823.32984)
CCC Help Swedish (x32 Version: 2010.0310.1823.32984)
CCC Help Thai (x32 Version: 2010.0310.1823.32984)
CCC Help Turkish (x32 Version: 2010.0310.1823.32984)
ccc-core-static (x32 Version: 2010.0310.1824.32984)
ccc-utility64 (Version: 2010.0310.1824.32984)
Cisco Connect (x32 Version: 1.4.11299.0)
Compatibility Pack for the 2007 Office system (x32 Version: 12.0.6612.1000)
CyberLink DVD Suite Deluxe (x32 Version: 7.0.2115)
D3DX10 (x32 Version: 15.4.2368.0902)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32)
DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904)
DVD Flick 1.3.0.7 (x32 Version: 1.3.0.7)
DVD Menu Pack for HP MediaSmart Video (x32 Version: 3.1.3224)
EPSON Printer Software (x32)
EPSON Scan (x32)
EZ AVI TO WMV Converter 3.00 (x32)
Free Audio Editor (x32)
Freemake Video Converter version 4.0.2 (x32 Version: 4.0.2)
Garmin Communicator Plugin (x32 Version: 2.9.3)
Garmin USB Drivers (x32 Version: 2.3.0.0)
GIMP 2.6.11 (x32 Version: 2.6.11)
Google Chrome (HKCU Version: 30.0.1599.101)
Google Drive (x32 Version: 1.12.5329.1887)
Google Earth (x32 Version: 7.1.1.1888)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0)
Google Toolbar for Internet Explorer (x32 Version: 7.5.4601.54)
Google Update Helper (x32 Version: 1.3.21.165)
Greetings Workshop Deluxe (x32)
Hardware Diagnostic Tools (Version: 6.0.5247.34)
Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000)
HP Advisor (x32 Version: 3.3.9512.3162)
HP Customer Experience Enhancements (x32 Version: 6.0.1.7)
HP Games (x32 Version: 1.0.0.71)
HP MediaSmart Demo (x32 Version: 1.00.0000)
HP MediaSmart DVD (x32 Version: 3.1.3317)
HP MediaSmart Music/Photo/Video (x32 Version: 3.1.3601)
HP MediaSmart SmartMenu (Version: 3.1.0.1)
HP MediaSmart/TouchSmart Netflix (x32 Version: 1.0.2.0)
HP Odometer (x32 Version: 2.10.0000)
HP Product Detection (x32 Version: 11.14.0001)
HP Remote Solution (x32 Version: 1.1.11.0)
HP Remote Solution (x32 Version: 1.1.12.0)
HP Setup (x32 Version: 1.2.3560.3170)
HP Support Assistant (x32 Version: 7.0.39.15)
HP Support Information (x32 Version: 10.1.0002)
HP Update (x32 Version: 5.001.000.014)
HydraVision (x32 Version: 4.2.162.0)
Intel® Rapid Storage Technology (x32 Version: 0.0.0.0000)
iTunes (Version: 10.7.0.21)
Java 7 Update 25 (x32 Version: 7.0.250)
Java Auto Updater (x32 Version: 2.1.9.5)
Java 6 Update 24 (x32 Version: 6.0.240)
Junk Mail filter update (x32 Version: 15.4.3502.0922)
LabelPrint (x32 Version: 2.5.2017)
LightScribe System Software (x32 Version: 1.18.9.1)
LoiLoFit for Everio (x32 Version: 1.1.0.4)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Mesh Runtime (x32 Version: 15.4.5722.2)
Messenger Companion (x32 Version: 15.4.3502.0922)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Live Search Toolbar (x32 Version: 3.0.566.0)
Microsoft Money Plus (x32 Version: 17)
Microsoft Money Shared Libraries (x32 Version: 17.0.0.3817)
Microsoft Office 2010 Service Pack 1 (SP1) (x32)
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Groove MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Home and Student 60 day trial
Microsoft Office InfoPath MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Outlook Connector (x32 Version: 14.0.5118.5000)
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office PowerPoint Viewer 2007 (English) (x32 Version: 12.0.6612.1000)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (x32 Version: 14.0.5120.5000)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft SkyDrive (HKCU Version: 17.0.2015.0811)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft SQL Server Compact 3.5 SP2 ENU (x32 Version: 3.5.8080.0)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (Version: 3.5.8080.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (Version: 8.0.51011)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (x32 Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft Works (x32 Version: 9.7.0621)
Microsoft_VC80_ATL_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053)
Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_MFCLOC_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_MFCLOC_x86_x64 (Version: 1.00.0000)
MobileMe Control Panel (Version: 3.1.6.0)
Movie Theme Pack for HP MediaSmart Video (x32 Version: 3.1.3310)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
Norton Internet Security (x32 Version: 20.4.0.40)
Norton PC Checkup (x32 Version: 2.0.8.13)
Picasa 3 (x32 Version: 3.9)
PictureMover (x32 Version: 3.3.1.19)
PL-2303 USB-to-Serial (x32 Version: 1.6.1)
PL-2303 Vista Driver Installer (x32 Version: 3.2.0.0)
PlayReady PC Runtime amd64 (Version: 1.3.0)
Power2Go (x32 Version: 6.0.3304)
PowerDirector (x32 Version: 7.0.3503)
QuickTime (x32 Version: 7.72.80.56)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.5938)
Recovery Manager (x32 Version: 5.5.2216)
Safari (x32 Version: 5.34.57.2)
Speckie (Version: 4.6.1)
State CD Installer (x32)
TurboTax 2008 (x32)
TurboTax 2008 wcaiper (x32 Version: 008.000.0141)
TurboTax 2008 WinPerFedFormset (x32 Version: 008.000.0341)
TurboTax 2008 WinPerProgramHelp (x32 Version: 008.000.0219)
TurboTax 2008 WinPerReleaseEngine (x32 Version: 008.000.0197)
TurboTax 2008 WinPerTaxSupport (x32 Version: 008.000.1007)
TurboTax 2008 WinPerUserEducation (x32 Version: 008.000.0433)
TurboTax 2008 wrapper (x32 Version: 008.000.0065)
TurboTax 2009 (x32)
TurboTax 2009 wcaiper (x32 Version: 009.000.0862)
TurboTax 2009 WinPerFedFormset (x32 Version: 009.000.2068)
TurboTax 2009 WinPerReleaseEngine (x32 Version: 009.000.0328)
TurboTax 2009 WinPerTaxSupport (x32 Version: 009.000.0238)
TurboTax 2009 wrapper (x32 Version: 009.000.0145)
TurboTax 2010 (x32)
TurboTax 2010 wcaiper (x32 Version: 010.000.1291)
TurboTax 2010 WinPerFedFormset (x32 Version: 010.000.4012)
TurboTax 2010 WinPerReleaseEngine (x32 Version: 010.000.0457)
TurboTax 2010 WinPerTaxSupport (x32 Version: 010.000.0213)
TurboTax 2010 wrapper (x32 Version: 010.000.0157)
TurboTax 2011 (x32)
TurboTax 2011 wcaiper (x32 Version: 011.000.1647)
TurboTax 2011 WinPerFedFormset (x32 Version: 011.000.2999)
TurboTax 2011 WinPerReleaseEngine (x32 Version: 011.000.0474)
TurboTax 2011 WinPerTaxSupport (x32 Version: 011.000.0214)
TurboTax 2011 wrapper (x32 Version: 011.000.0121)
TurboTax 2012 (x32 Version: 2012.0)
TurboTax 2012 wcaiper (x32 Version: 012.000.1430)
TurboTax 2012 WinPerFedFormset (x32 Version: 012.000.2083)
TurboTax 2012 WinPerReleaseEngine (x32 Version: 012.000.0451)
TurboTax 2012 WinPerTaxSupport (x32 Version: 012.000.0179)
TurboTax 2012 wrapper (x32 Version: 012.000.0127)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (x32)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2494150) (x32)
Update for Microsoft Office 2010 (KB2553065) (x32)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2566458) (x32)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition (x32)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (x32)
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition (x32)
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition (x32)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (x32)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (x32)
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (x32)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (x32)
Update for Microsoft Word 2010 (KB2827323) 32-Bit Edition (x32)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0) (Version: 06/03/2009 2.3.0.0)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3508.1109)
Windows Live Family Safety (Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3508.1109)
Windows Live Mail (x32 Version: 15.4.3502.0922)
Windows Live Mesh (x32 Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2)
Windows Live Messenger (x32 Version: 15.4.3502.0922)
Windows Live Messenger Companion Core (x32 Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live Sync (x32 Version: 14.0.8117.416)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)
WinHTTrack Website Copier 3.47-25 (x32 Version: 3.47.25)
==================== Restore Points =========================
11-10-2013 02:03:24 Windows Backup
11-10-2013 16:21:45 Windows Backup
17-10-2013 23:56:17 Windows Backup
24-10-2013 22:00:21 Windows Backup
26-10-2013 19:45:51 ComboFix created restore point
==================== Hosts content: ==========================
2009-07-13 19:34 - 2013-10-26 13:02 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
Task: {12C2C225-3674-4718-933F-9E7BCA5A23CC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-01-27] (Google Inc.)
Task: {1F50D571-634F-437F-95D4-B92461F38F94} - System32\Tasks\HPCeeScheduleForRod => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard)
Task: {20A724DF-8C72-44E7-A910-1775B5312033} - System32\Tasks\ServicePlan => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2009-10-20] ()
Task: {266EF29C-4EA0-4B55-B365-73C4C2344C0C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {28D4650C-1ECA-4B3B-941B-6ACA980747F5} - System32\Tasks\RMCreator => C:\Program Files (x86)\Hewlett-Packard\Recovery\Reminder.exe [2009-10-16] (CyberLink)
Task: {46B5C39B-2249-456E-BFA2-CDB7F4E3D52E} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\WSCStub.exe [2013-06-03] (Symantec Corporation)
Task: {5351CDC0-6F88-4E37-8035-BCAB4863B153} - System32\Tasks\RecoveryCDWin7 => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2009-10-20] ()
Task: {5C9B4931-C807-4A69-9776-F61168E208A9} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-258491159-1904954851-485267930-1000UA => C:\Users\Rod\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-11] (Google Inc.)
Task: {5E0BDD27-C4AC-40AF-A3D7-7ABA7A6C366F} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\symerr.exe [2013-06-03] (Symantec Corporation)
Task: {667114E1-700F-42C8-A727-D31F34217CE3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2013-08-09] (Hewlett-Packard)
Task: {687E08AC-BA3A-46D5-AB3C-7EF07B47F834} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-258491159-1904954851-485267930-1000Core => C:\Users\Rod\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-11] (Google Inc.)
Task: {717DC58D-35A4-4528-8F56-A6073E6C4074} - System32\Tasks\{E64FD8D5-CD50-48A9-BDA7-7730DBF1BD52} => C:\Program Files (x86)\Greetings Workshop\GWORKSHP.EXE [1997-09-04] (Microsoft Corporation)
Task: {800EB260-4DFB-4CA3-AC13-4C1EE1EC9947} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-09] (Adobe Systems Incorporated)
Task: {854E48CF-A87A-45F5-B0DC-65146F4B2B07} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\symerr.exe [2013-06-03] (Symantec Corporation)
Task: {89816AB0-1A6C-4E71-A02D-011B369D2692} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {8ED1838F-E835-4CC5-B639-624A4C35D83F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-01-27] (Google Inc.)
Task: {A053A87A-D841-4807-B5E5-7BC84454A304} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {A9871C55-1BC7-4D51-A75C-265679FDC169} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {AB71AA2A-17DC-48D3-AC00-6280912AF2C6} - System32\Tasks\{3D877E01-1DA1-4B63-983F-AFA50BADAB21} => C:\Program Files (x86)\Greetings Workshop\GWORKSHP.EXE [1997-09-04] (Microsoft Corporation)
Task: {B76C6C11-C1B8-47D9-B6D5-DD4509C9F3B2} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2013-04-01] (Hewlett-Packard Company)
Task: {BCE4181E-5510-4744-8B26-DE04B57422C7} - System32\Tasks\Wake from sleep to allow backup to run => C:\Windows\System32\cmd.exe [2010-11-20] (Microsoft Corporation)
Task: {C088419A-D34E-46D4-8122-179B6993C472} - System32\Tasks\ExtendedServicePlan => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2009-10-20] ()
Task: {C55CF134-69A3-438D-B620-A71042F32DEB} - System32\Tasks\CLMLSvc => C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [2009-12-01] (CyberLink)
Task: {D28DAEA8-FA4D-4FDC-B575-52C43E30846E} - System32\Tasks\DVDAgent => c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
Task: {D8EA9286-5E81-43EA-8DD5-A5EE9958EB4E} - System32\Tasks\PCDRScheduledMaintenance => C:\Program Files\PC-Doctor for Windows\pcdrcui.exe [2009-09-18] (PC-Doctor, Inc.)
Task: {E2C0C30D-DCDB-4C81-B922-FF0AADA05DB8} - System32\Tasks\0 => Iexplore.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-258491159-1904954851-485267930-1000Core.job => C:\Users\Rod\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-258491159-1904954851-485267930-1000UA.job => C:\Users\Rod\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForRod.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\PCDRScheduledMaintenance.job => C:\Program Files\PC-Doctor for Windows\pcdrcui.exe
==================== Loaded Modules (whitelisted) =============
2010-01-12 12:49 - 2010-01-12 12:49 - 00098304 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2010-04-19 16:28 - 2010-04-19 16:28 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2011-03-17 01:07 - 2011-03-17 01:07 - 04297568 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 16:23 - 2010-10-20 16:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2012-05-30 20:06 - 2012-05-30 20:06 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-05-30 20:06 - 2012-05-30 20:06 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2010-01-25 20:49 - 2009-10-02 14:18 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2013-08-03 13:53 - 2012-05-30 07:51 - 00699280 ____R () C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\20.4.0.40\wincfi39.dll
2011-03-17 01:11 - 2011-03-17 01:11 - 04297568 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 16:45 - 2010-10-20 16:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2009-09-29 16:25 - 2009-09-29 16:25 - 00061440 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
2009-09-29 16:25 - 2009-09-29 16:25 - 00131072 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll
2009-09-29 16:25 - 2009-09-29 16:25 - 00040960 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingServer.dll
2009-09-29 16:25 - 2009-09-29 16:25 - 00005632 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingInterface.dll
2009-09-29 16:25 - 2009-09-29 16:25 - 00018944 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingMessages.dll
2009-09-29 16:25 - 2009-09-29 16:25 - 00036864 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingClients.dll
2009-09-29 16:25 - 2009-09-29 16:25 - 00028672 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll
2009-09-29 16:25 - 2009-09-29 16:25 - 00007680 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\RemotingClient.dll
2013-10-26 16:26 - 2013-10-26 16:26 - 00098816 _____ () C:\Users\Rod\AppData\Local\Temp\_MEI34362\win32api.pyd
2013-10-26 16:26 - 2013-10-26 16:26 - 00110080 _____ () C:\Users\Rod\AppData\Local\Temp\_MEI34362\pywintypes27.dll
2013-10-26 16:26 - 2013-10-26 16:26 - 00364544 _____ () C:\Users\Rod\AppData\Local\Temp\_MEI34362\pythoncom27.dll
2013-10-26 16:26 - 2013-10-26 16:26 - 00044032 _____ () C:\Users\Rod\AppData\Local\Temp\_MEI34362\_socket.pyd
2013-10-26 16:26 - 2013-10-26 16:26 - 01153024 _____ () C:\Users\Rod\AppData\Local\Temp\_MEI34362\_ssl.pyd
2013-10-26 16:26 - 2013-10-26 16:26 - 00320512 _____ () C:\Users\Rod\AppData\Local\Temp\_MEI34362\win32com.shell.shell.pyd
2013-10-26 16:26 - 2013-10-26 16:26 - 00711680 _____ () C:\Users\Rod\AppData\Local\Temp\_MEI34362\_hashlib.pyd
2013-10-26 16:26 - 2013-10-26 16:26 - 01175040 _____ () C:\Users\Rod\AppData\Local\Temp\_MEI34362\wx._core_.pyd
2013-10-26 16:26 - 2013-10-26 16:26 - 00805888 _____ () C:\Users\Rod\AppData\Local\Temp\_MEI34362\wx._gdi_.pyd
2013-10-26 16:26 - 2013-10-26 16:26 - 00811008 _____ () C:\Users\Rod\AppData\Local\Temp\_MEI34362\wx._windows_.pyd
2013-10-26 16:26 - 2013-10-26 16:26 - 01062400 _____ () C:\Users\Rod\AppData\Local\Temp\_MEI34362\wx._controls_.pyd
2013-10-26 16:26 - 2013-10-26 16:26 - 00735232 _____ () C:\Users\Rod\AppData\Local\Temp\_MEI34362\wx._misc_.pyd
2013-10-26 16:26 - 2013-10-26 16:26 - 00128512 _____ () C:\Users\Rod\AppData\Local\Temp\_MEI34362\_elementtree.pyd
2013-10-26 16:26 - 2013-10-26 16:26 - 00127488 _____ () C:\Users\Rod\AppData\Local\Temp\_MEI34362\pyexpat.pyd
2013-10-26 16:26 - 2013-10-26 16:26 - 00557056 _____ () C:\Users\Rod\AppData\Local\Temp\_MEI34362\pysqlite2._sqlite.pyd
2013-10-26 16:26 - 2013-10-26 16:26 - 00087040 _____ () C:\Users\Rod\AppData\Local\Temp\_MEI34362\_ctypes.pyd
2013-10-26 16:26 - 2013-10-26 16:26 - 00119808 _____ () C:\Users\Rod\AppData\Local\Temp\_MEI34362\win32file.pyd
2013-10-26 16:26 - 2013-10-26 16:26 - 00108544 _____ () C:\Users\Rod\AppData\Local\Temp\_MEI34362\win32security.pyd
2013-10-26 16:26 - 2013-10-26 16:26 - 00018432 _____ () C:\Users\Rod\AppData\Local\Temp\_MEI34362\win32event.pyd
2013-10-26 16:26 - 2013-10-26 16:26 - 00038912 _____ () C:\Users\Rod\AppData\Local\Temp\_MEI34362\win32inet.pyd
2013-10-26 16:26 - 2013-10-26 16:26 - 00122368 _____ () C:\Users\Rod\AppData\Local\Temp\_MEI34362\wx._wizard.pyd
2013-10-26 16:26 - 2013-10-26 16:26 - 00686080 _____ () C:\Users\Rod\AppData\Local\Temp\_MEI34362\unicodedata.pyd
2013-10-26 16:26 - 2013-10-26 16:26 - 00026624 _____ () C:\Users\Rod\AppData\Local\Temp\_MEI34362\_multiprocessing.pyd
2013-10-26 16:26 - 2013-10-26 16:26 - 00070656 _____ () C:\Users\Rod\AppData\Local\Temp\_MEI34362\wx._html2.pyd
2013-10-26 16:26 - 2013-10-26 16:26 - 00010240 _____ () C:\Users\Rod\AppData\Local\Temp\_MEI34362\select.pyd
2013-10-26 16:26 - 2013-10-26 16:26 - 00025600 _____ () C:\Users\Rod\AppData\Local\Temp\_MEI34362\win32pdh.pyd
2013-10-26 16:26 - 2013-10-26 16:26 - 00504832 _____ () C:\Users\Rod\AppData\Local\Temp\_MEI34362\windows._cacheinvalidation.pyd
2013-10-26 16:26 - 2013-10-26 16:26 - 00011264 _____ () C:\Users\Rod\AppData\Local\Temp\_MEI34362\win32crypt.pyd
2013-10-26 16:26 - 2013-10-26 16:26 - 00035840 _____ () C:\Users\Rod\AppData\Local\Temp\_MEI34362\win32process.pyd
2013-10-26 16:26 - 2013-10-26 16:26 - 00017408 _____ () C:\Users\Rod\AppData\Local\Temp\_MEI34362\win32profile.pyd
2013-10-26 16:26 - 2013-10-26 16:26 - 00022528 _____ () C:\Users\Rod\AppData\Local\Temp\_MEI34362\win32ts.pyd
2013-04-30 14:17 - 2012-12-03 15:15 - 00098816 _____ () C:\Program Files (x86)\LoiLo\LoiLoFit\utilities.dll
2013-04-30 14:17 - 2012-12-03 15:14 - 01232896 _____ () C:\Program Files (x86)\LoiLo\LoiLoFit\engine.dll
2013-04-30 14:17 - 2012-12-03 15:15 - 00944640 _____ () C:\Program Files (x86)\LoiLo\LoiLoFit\dshowclr.dll
2013-04-30 14:17 - 2012-12-03 15:12 - 00068608 _____ () C:\Program Files (x86)\LoiLo\LoiLoFit\libfaac.dll
2009-12-01 20:49 - 2009-12-01 20:49 - 00931112 ____N () c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll
2010-03-28 20:27 - 2010-03-28 20:27 - 00755712 _____ () C:\Windows\assembly\GAC_32\System.Data.SQLite\1.0.56.0__28c9bcd4dddc48a1\System.Data.SQLite.dll
2010-03-28 20:33 - 2010-03-28 20:33 - 00471040 _____ () C:\Windows\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\4.0.114.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll
2010-01-29 22:13 - 2010-01-29 22:13 - 00854016 _____ () C:\Windows\assembly\GAC_32\System.Data.SQLite\1.0.61.0__db937bc2d44ff139\System.Data.SQLite.dll
2010-01-29 22:13 - 2010-01-29 22:13 - 00471040 _____ () C:\Windows\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.104.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll
2011-02-24 16:47 - 2011-02-24 16:47 - 00476520 _____ () C:\Windows\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\Users\Rod\Desktop\Slickdeals.net.website:DESTICON_favicon-1199024146
AlternateDataStreams: C:\Users\Rod\Desktop\Slickdeals.net.website:DESTICON_favicon-1281883083
AlternateDataStreams: C:\Users\Rod\Desktop\Slickdeals.net.website:DESTICON_favicon-1311186388
AlternateDataStreams: C:\Users\Rod\Desktop\Slickdeals.net.website:DESTICON_favicon-1466045147
AlternateDataStreams: C:\Users\Rod\Desktop\Slickdeals.net.website:DESTICON_favicon-1685777236
AlternateDataStreams: C:\Users\Rod\Desktop\Slickdeals.net.website:DESTICON_favicon-1720082124
AlternateDataStreams: C:\Users\Rod\Desktop\Slickdeals.net.website:DESTICON_favicon-1869029213
AlternateDataStreams: C:\Users\Rod\Desktop\Slickdeals.net.website:DESTICON_favicon-1906245416
AlternateDataStreams: C:\Users\Rod\Desktop\Slickdeals.net.website:DESTICON_favicon-192533794
AlternateDataStreams: C:\Users\Rod\Desktop\Slickdeals.net.website:DESTICON_favicon-1982198405
AlternateDataStreams: C:\Users\Rod\Desktop\Slickdeals.net.website:DESTICON_favicon-2017081152
AlternateDataStreams: C:\Users\Rod\Desktop\Slickdeals.net.website:DESTICON_favicon-2037786822
AlternateDataStreams: C:\Users\Rod\Desktop\Slickdeals.net.website:DESTICON_favicon-2048273700
AlternateDataStreams: C:\Users\Rod\Desktop\Slickdeals.net.website:DESTICON_favicon-38676482
AlternateDataStreams: C:\Users\Rod\Desktop\Slickdeals.net.website:DESTICON_favicon-421526977
AlternateDataStreams: C:\Users\Rod\Desktop\Slickdeals.net.website:DESTICON_favicon-439897091
AlternateDataStreams: C:\Users\Rod\Desktop\Slickdeals.net.website:DESTICON_favicon-554076300
AlternateDataStreams: C:\Users\Rod\Desktop\Slickdeals.net.website:DESTICON_favicon-621745151
AlternateDataStreams: C:\Users\Rod\Desktop\Slickdeals.net.website:DESTICON_favicon-855272957
AlternateDataStreams: C:\Users\Rod\Desktop\Slickdeals.net.website:DESTICON_favicon-930550220
AlternateDataStreams: C:\Users\Rod\Desktop\Slickdeals.net.website:DESTICON_favicon1011927409
AlternateDataStreams: C:\Users\Rod\Desktop\Slickdeals.net.website:DESTICON_favicon1072496595
AlternateDataStreams: C:\Users\Rod\Desktop\Slickdeals.net.website:DESTICON_favicon1176049765
AlternateDataStreams: C:\Users\Rod\Desktop\Slickdeals.net.website:DESTICON_favicon1229667437
AlternateDataStreams: C:\Users\Rod\Desktop\Slickdeals.net.website:DESTICON_favicon1234290272
AlternateDataStreams: C:\Users\Rod\Desktop\Slickdeals.net.website:DESTICON_favicon1312209046
AlternateDataStreams: C:\Users\Rod\Desktop\Slickdeals.net.website:DESTICON_favicon136752147
AlternateDataStreams: C:\Users\Rod\Desktop\Slickdeals.net.website:DESTICON_favicon1426825318
AlternateDataStreams: C:\Users\Rod\Desktop\Slickdeals.net.website:DESTICON_favicon1445086109
AlternateDataStreams: C:\Users\Rod\Desktop\Slickdeals.net.website:DESTICON_favicon1521100236
AlternateDataStreams: C:\Users\Rod\Desktop\Slickdeals.net.website:DESTICON_favicon1541856723
AlternateDataStreams: C:\Users\Rod\Desktop\Slickdeals.net.website:DESTICON_favicon1754125435
AlternateDataStreams: C:\Users\Rod\Desktop\Slickdeals.net.website:DESTICON_favicon1842706869
AlternateDataStreams: C:\Users\Rod\Desktop\Slickdeals.net.website:DESTICON_favicon1966160405
AlternateDataStreams: C:\Users\Rod\Desktop\Slickdeals.net.website:DESTICON_favicon2018853945
AlternateDataStreams: C:\Users\Rod\Desktop\Slickdeals.net.website:DESTICON_favicon2030952181
AlternateDataStreams: C:\Users\Rod\Desktop\Slickdeals.net.website:DESTICON_favicon285004404
AlternateDataStreams: C:\Users\Rod\Desktop\Slickdeals.net.website:DESTICON_favicon295755063
AlternateDataStreams: C:\Users\Rod\Desktop\Slickdeals.net.website:DESTICON_favicon475311918
AlternateDataStreams: C:\Users\Rod\Desktop\Slickdeals.net.website:DESTICON_favicon495669110
AlternateDataStreams: C:\Users\Rod\Desktop\Slickdeals.net.website:DESTICON_favicon527236506
AlternateDataStreams: C:\Users\Rod\Desktop\Slickdeals.net.website:DESTICON_favicon538427941
AlternateDataStreams: C:\Users\Rod\Desktop\Slickdeals.net.website:DESTICON_favicon673004040
AlternateDataStreams: C:\Users\Rod\Desktop\Slickdeals.net.website:DESTICON_favicon705215877
AlternateDataStreams: C:\Users\Rod\Desktop\Slickdeals.net.website:DESTICON_favicon709783530
AlternateDataStreams: C:\Users\Rod\Desktop\Slickdeals.net.website:DESTICON_favicon868748329
AlternateDataStreams: C:\Users\Rod\Desktop\Slickdeals.net.website:DESTICON_favicon937242754
AlternateDataStreams: C:\Users\Rod\Desktop\Slickdeals.net.website:TASKICON_0favicon1754125435
AlternateDataStreams: C:\Users\Rod\Desktop\Slickdeals.net.website:TASKICON_1favicon-1262590054
AlternateDataStreams: C:\Users\Rod\Desktop\Slickdeals.net.website:TASKICON_2favicon-6677892
AlternateDataStreams: C:\Users\Rod\Desktop\Slickdeals.net.website:TASKICON_3favicon-1230576159
AlternateDataStreams: C:\Users\Rod\Desktop\Slickdeals.net.website:TASKICON_4favicon332028261
==================== Safe Mode (whitelisted) ===================
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
System errors:
=============
Microsoft Office Sessions:
=========================
CodeIntegrity Errors:
===================================
Date: 2013-10-26 12:59:36.997
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2013-10-26 12:59:36.826
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2013-10-26 12:59:36.670
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2013-10-26 12:59:36.498
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2012-06-29 10:33:31.317
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2012-06-29 10:33:31.270
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
==================== Memory info ===========================
Percentage of memory in use: 25%
Total physical RAM: 8151.08 MB
Available physical RAM: 6089.3 MB
Total Pagefile: 16300.34 MB
Available Pagefile: 13335.77 MB
Total Virtual: 8192 MB
Available Virtual: 8191.79 MB
==================== Drives ================================
Drive c: (HP) (Fixed) (Total:585.11 GB) (Free:421.83 GB) NTFS
Drive d: (FACTORY_IMAGE) (Fixed) (Total:10.96 GB) (Free:1.59 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive e: (GREETINGSWP) (CDROM) (Total:0.42 GB) (Free:0 GB) CDFS
Drive k: (Seagate Expansion Drive) (Fixed) (Total:931.51 GB) (Free:432.43 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 596 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=585 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=11 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (Size: 932 GB) (Disk ID: D801BC14)
Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS)
==================== End Of Log ============================
-
Hi MrC,
Ran Junkware and Farbar... below are the log files requested. These programs are deleting lots of stuff every time I run them.... eventually will have an empty disk? ;-)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.7 (10.15.2013:3)
OS: Windows 7 Home Premium x64
Ran by Rod on Sun 10/27/2013 at 14:33:40.16
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-258491159-1904954851-485267930-1000\Software\SweetIM
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\msntask_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\msntask_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\msntask_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\msntask_RASMANCS
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{304C37D7-8F7F-467E-A258-D9E2F6532F09}
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\Users\Rod\appdata\local\cre"
Successfully deleted: [Folder] "C:\Program Files (x86)\blekkotb_soc"
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{0132476F-BD32-4361-9F6C-118DB8D0DC4F}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{02903055-4759-4721-99B6-0F3B831499C6}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{04A732C9-2F8F-4264-8BD3-5CF3D8B7F973}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{05EAAC1A-F551-4A28-BF6C-0F3F20261CCF}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{0891D2EB-C51D-4153-BB9C-72F1D276EDA3}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{0B438A1B-E9CD-4E25-B97D-57A4791EB24C}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{0B6E9CF0-3D81-4DD9-A6DC-4D5C4615AC54}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{0BFCEEBE-9F1E-406E-84DE-C2791658649F}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{0C803BE5-FF42-47DB-9400-D7477AE4F048}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{0D1F95D7-EBAA-4EDA-8A71-40F04F244A78}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{0D8C4599-2DA3-416F-A964-78323EA78D83}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{0EA69A6C-68C7-437B-9C7D-86D90505A49B}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{0F7EA539-31AA-4A1B-AD3D-20C700660FC6}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{1010FF76-ACCC-4117-95CE-4680BC325468}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{10504BBF-E7B6-4FBE-B184-3DCDDF066818}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{1085BA11-F4DF-43DF-AB57-628922CBAFF0}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{1108F550-2EA1-43B6-9DD5-CFF0A211B09A}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{118C348B-1AC9-4915-9391-C228C5E657E4}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{12207147-EA4F-43C4-A5A6-6622F8569B9E}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{128511F5-F927-4D3D-B4CC-62DD7DFDA83A}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{156C3FC0-E910-49BF-A0F9-37C5142AD31B}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{16F063B7-0D6D-4332-97A7-A4A2D2E688CB}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{179FC270-EF2F-4E21-9436-80E7BCD08699}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{1885A28B-F880-4CB3-9955-F29EC52D672E}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{190CBEAA-B769-4B08-A477-84CB73B6EE06}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{1970D9CC-85D6-4162-8DAF-6E2D6A2A2883}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{19B3287B-B3E2-4F74-BF74-5917E7E4BFE6}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{19E4BE97-1344-4EF1-B154-25879D02BF59}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{1AAC006B-F75D-406D-84C2-2659B9C38AEE}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{1B34BFA9-5F91-4288-B342-2D4C5CA48059}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{1E30B820-5E42-4983-A051-F9A3ACA1C2BA}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{1E933123-79F0-4C33-A549-23BC7B971CDD}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{1E9DBCF5-ADB6-4C7F-A12D-3FC6B3EE0D42}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{1EF89541-05A8-47BF-8EFD-963944B1981F}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{1F36441A-084A-4D0A-8D74-982AA0A880D4}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{22CBC1DD-CE8A-4622-A6C4-FB2B258A22FC}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{2349BD81-102C-4183-AD8F-B8B82F33CB72}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{2397BA29-9095-4874-87E4-5902C923DFB7}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{24CD50F7-68E2-460E-B085-BDFA31E9C180}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{2521C232-5B9C-4064-A4F0-02E6330C635D}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{26998F56-0B9D-4549-9648-7FAF51DE6E85}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{26FCAB85-0112-4021-A654-9A774837D623}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{28F135B4-D17F-4D80-B85A-090BDE3ACB94}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{294A917D-9638-47D1-B055-37699061C9DB}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{29D18CE8-551B-4A96-86A3-3BC6C43106F6}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{2AC08D9D-F8D8-4E20-8D7A-17100A44A0F4}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{2C1E430F-8B92-48FC-A7E7-90B994F37FEE}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{2C37DE4F-D2A2-4E34-BC0C-396205FB5D60}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{2C70149C-2444-444E-8EC9-E10C8A5CE895}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{3045836A-0433-499D-AE76-5D8022F7D41D}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{30CF9A46-FE59-46DA-8BDD-1DF915CD6276}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{320F834E-AA73-4CEE-98FF-B1AC585FB7CF}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{321B26B6-0521-43BF-A360-67F5D6366DB3}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{35B828D6-E75C-4CC3-983E-EEC4F9C97C58}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{38B2BF0A-B7C8-437C-A100-43B0300F0BC7}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{3934EB3B-CAC5-4ACE-8C05-81275558442F}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{3A0A92F4-EF95-40B6-9423-F01C26D9D4E7}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{3A3FE5B1-3F25-410E-949B-693330B06A4D}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{3CB9CFF2-F9FE-4A19-B9FB-58C4D821CFC8}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{3CC121B2-18C1-4B23-9261-DC224DD7610C}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{3D056EF2-3116-4BDB-83E2-4855B32B4772}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{3FD044F5-6819-4C05-9128-87D56E675255}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{426F7113-E4F7-4D3E-8AE9-1A9FEC7143C7}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{42C9A654-5969-4ACE-B8D6-27AA23381788}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{43751ABB-F461-479D-ACB8-F3216CCE1614}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{43A03238-021A-4E71-A3AB-BC6A74988FCE}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{4589A85A-45C1-4904-92AB-0694B6DCFDE2}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{462CE750-3AF1-4724-A98E-003DD429529B}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{46B66A5D-8AF2-440B-9E7F-F4287B2E52EB}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{47B36D44-36CB-424A-B929-C3DA19C3DC94}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{47E96FCE-785D-4FE2-A22A-4094E79CB455}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{4833CE9C-E79B-4D27-88E6-161E986C73FF}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{499E37F8-9D77-47DA-A95F-313FB404233C}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{4A689ABF-2FAD-4DFA-82A0-F1ACE9BF5951}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{4BAD59AC-F390-46F7-979B-171E4A7BE04B}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{4D0F1BD0-036B-4AEA-B134-DAE14295FED5}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{4D1FBD1B-F05D-4349-A9EF-F32DAC724434}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{4D9816CE-2D90-4976-A62F-1A09F2A3E627}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{4DA4A2C9-D684-4068-8CC6-8F1D8DD668E2}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{4DF65B4B-3DFD-4E32-BE2D-0E11A7FC94AE}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{4E72136C-B3DE-4564-BA30-864360D759CF}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{4E8EF5D7-E5E7-4B15-83DC-F81312D6CB09}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{4EC5880F-B8D7-4AB0-A741-21DFDF987A32}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{4F626357-02A0-4242-800D-6D381284180B}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{4FBFEF82-FB6F-4A8C-B576-36CD2BA897E1}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{5033AFDE-8145-4E17-A085-FECCA85B9EC4}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{510BE715-063F-4734-8FFA-4033239068F5}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{5182F327-A593-4B8A-88D1-07D47AD88E0D}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{534705A5-DF42-49C9-A82E-69D2207295B0}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{551D3FB6-0948-484A-8847-23A0FADEDDB1}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{5634543B-A43C-49F3-A902-D1066F2B84F5}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{58E6E4FC-7EB1-46E0-A43E-785108826DEB}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{5995E44F-C2B2-4C30-8284-83043ECD13EC}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{5AE53548-B85A-451A-8A7B-2E1E5397AF02}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{5EC01AEC-D640-4F4E-9417-F04A965EFF86}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{5F2A0EB8-74BC-45EF-914F-2518C36C279D}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{606A0A96-DCF2-405E-84D7-1237AA5AE45C}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{61089489-A70C-4167-8C7A-521D38770FBE}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{611DEBF5-43ED-40BA-80A6-3C9BA65FEA66}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{62652E11-0741-4306-A3CB-DB1FCCDEDD06}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{62C38279-1A9F-40B3-9597-4C61E58842D0}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{633B27FD-D015-4923-97DA-0B78A0402176}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{63558679-392A-4978-91C6-D02A4A2B5CD5}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{637D989C-179E-4D95-B357-25F3BB384E81}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{653B6E03-388B-4D71-BC2B-28340B519954}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{6565A4A4-9B7D-40B3-9E5F-10AF2F6822AF}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{6667A3F6-4099-41AC-94F1-59525B2508D5}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{680C79E8-5D20-463C-97C6-498F96AA8D2A}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{68C5D4E7-1BBD-43F8-84BE-CBE166165BE3}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{690BA7F9-D65A-4BF2-9120-5DA8853D0727}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{69708CE5-A05F-4A32-9391-91826A6B1226}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{69A9883E-ABAE-435E-86B5-6479D44580A9}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{6ADAA0A2-4F02-4A8B-8F86-7D936A2350FB}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{6BF6F890-85AE-48BC-9CAA-AB9803233811}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{6C79E2B2-3AC8-40F9-8973-572F5FA14272}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{6DF061D8-FDC1-44DC-BFFA-0F7EDB528355}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{6E26D64D-C24D-40FF-A81C-8209D946AD93}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{6EDD33C7-238C-4AD6-9ABB-85CEF771485A}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{6F7A380E-93EE-4DB4-9A95-313E0CE73B67}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{702840BB-4F31-4511-8685-C67C26B7E4E6}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{7077BEAF-03D3-4831-BEA3-AA52E222C027}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{714B2844-5F86-40EE-94C8-153D3906991A}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{7170AA21-6EC9-4123-B1F0-9328DA59EF84}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{717F83C7-3587-4823-811F-195398B91D10}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{7234CF76-A631-4C7B-AC11-96A667E9DF29}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{725EE5F6-F06C-45D9-AECD-C52178D58473}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{73BCF4A9-0689-4DB4-A628-373942D66B0B}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{76999D6F-F330-4C7C-A3FC-056A7999DA3A}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{773DE077-9A8F-4E08-AE3A-344A6D9A724E}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{7864F14D-7DCF-4CAD-9A4F-F61A0C6E5371}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{7872357B-F91A-4F5F-BED4-9FBB8ABEF313}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{7A5FBBC7-92C0-40C2-818D-2EA3085F82BC}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{7A93D2D6-8D05-4110-B254-1DD69B468335}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{7AC25824-B218-494C-9BE6-2DAB0C02F7E5}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{7B0761DA-3ED5-4EEA-8191-3E08B64AAB8A}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{7CA85AE4-65D2-42AE-864E-92D46E7F625C}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{8024B156-FA93-4DAA-BE3D-65BB422EF91B}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{8070170D-5274-4B2A-A75C-454DEE96CDD4}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{80BDE78C-F2FA-48D5-B3F7-F6D7E79742D3}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{824DD9A1-E59F-4518-B14A-8BDFF7D78DAF}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{85E599D0-44A3-4AB6-9443-3CF757A74F1B}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{8663C72C-D101-4A0B-9CE1-66506A2F8495}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{86992090-B79D-40E7-AACC-64A5AD6E5E71}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{86C82073-7D8A-458B-A7C5-06E4C0F9756B}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{87C8703C-7B09-4A75-8EC6-F2F0BC7D0C00}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{880CA162-4B2F-4673-93BA-9ACD9CF2AA60}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{88F45DC3-6517-4F7B-93DA-688968C64823}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{8D660505-FF00-48E1-AAC2-0916D46E92AF}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{8E2EB1EF-6620-4D86-8EB3-5E71880E72A9}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{8F7ABC8C-8DF2-44DA-992A-D1D06ED0972B}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{90246D95-DCC5-4E0E-BBF4-6AD90A1C3E32}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{940683AF-422F-430A-9605-3D699E4FD9F4}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{95A6559B-60CF-4AF5-9EE7-A47F08489FBE}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{97C41076-0FA6-4E66-9D2B-5C767F79CBB7}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{9A9A2D6F-7064-4589-9F97-38325FEE31DB}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{9B5061CE-D4EB-4FE4-A5FE-722D5BEA9284}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{9D02072C-8764-4966-A7DB-F5D7DE10567B}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{9E5D10CD-60C9-4607-A833-03078D6A9889}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{A2386F52-DBE9-4CE5-8D87-BFDAB23A5B74}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{A3812BE8-607E-40F6-9797-F820441B6ECF}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{A3EB9C81-45B2-4E8C-9AFF-A95212AB85E0}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{A4CDC9D2-003D-41D3-AC74-7579DCB649EA}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{A58FD94A-F1BD-4820-B20F-5A1EDE345541}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{A62B1FFF-5E1F-472F-95D3-D962A4F50B5A}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{A74E48FC-E537-423F-B55F-4BE5BAE119FA}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{A7A69878-5D9F-4F1B-8F65-0BB02C29A019}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{A7E3C68A-7236-4F57-9BFB-D10F23EE1673}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{A8ADA1C2-1E62-4BE1-A9D6-5714ACA9FACE}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{AAD48490-6BD1-47DD-AA86-38E33047FF85}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{ACB3A9EF-415E-4CE8-B2D0-B187EE6BD11A}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{AD752904-3D95-4363-90D6-9A81E552DE9D}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{AE065EE4-F3B2-4300-8BA8-7E0622300BE2}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{AE1C369A-9592-4728-AEB5-798118A56644}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{AFBD84F5-CCE7-4E4F-8A96-4FA62F03B4D3}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{AFD3F717-9A62-44CC-A895-C98D57D25E48}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{B04B2EE9-1923-4FFC-A622-9F37C004EB92}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{B0FF49C7-F087-4090-8206-8DCAD5FFE28C}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{B2B391F4-0C3A-4363-94C0-094C0BB3F17C}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{B65E783E-76F3-4DB4-BE7B-C036A3CA987E}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{B6C87DAE-D3FD-4ECD-BD20-D77CF7A1965E}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{B9B4D4CF-3083-4356-94AE-07B6B2F202B4}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{B9FF2858-04C1-4735-A2B3-DB9111F004DB}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{BB54A0D5-25BA-4554-94E8-C03B84F611B2}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{BDB398F7-66A3-49CB-B30E-365F9BE9D1E3}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{BE065D13-3F08-43D2-B107-E02CA31125F4}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{BF9FD2DA-74E8-4261-B599-5338668AC398}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{C228A794-3FEA-493F-B610-914423FF23C5}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{C26AACA6-AF4A-4E63-B23D-0D751F59FBB2}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{C45A6E4A-C9CA-43A2-986A-10E70680FF8F}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{C6995E60-2D7E-4AE0-B499-A037EFAEE6DC}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{C6F9512F-FDBB-4F7D-85F5-7061F167F61F}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{C70A0BF9-0F51-4312-9ECB-DC6008F20016}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{C7205AF5-D9DF-4EB3-9A47-82CA19B6DCB9}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{C76A700A-8811-44E8-B2A9-71BE43157111}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{C858C2C2-2BF4-4839-BEB2-D491B5D4972D}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{C9E7477E-8D35-4D1F-99CA-8B30D8D01C47}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{CA7EFEC0-E0D2-4E44-B887-D719C9EB4995}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{CBC2BC0B-BF11-4C5B-BE6A-3EC2FB3AC622}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{CCDEB23D-9661-4DF5-BB9C-62196BCF65FA}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{CD7737F7-E542-4FD8-B231-AEC69CB61753}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{CE5F9371-176F-49EF-9C5F-A9F2E5C2DCC0}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{CEA05E90-7126-4A9E-B942-E037572EEA74}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{CF1EF994-C4DA-42D2-97A4-AB48349E3067}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{CF5BBF03-AB78-4F76-8EC9-ADE3CDC393E1}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{D193CB00-E35E-4F58-BC20-5A317052D13F}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{D287EFC0-FE81-4A9F-B63D-64352C4854A4}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{D2CCCFE2-7241-4C41-BFE3-605FD1EE4B50}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{D31443CA-15CC-40EF-B853-FCDFFF553C15}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{D33D71AA-3289-4D7D-B25D-38F7726C04B8}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{D6B15EA1-B24D-4244-B115-01DE2748104C}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{D8E37565-CBEE-407E-A1E4-34FD232B6EC4}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{D942F228-DDF6-41F9-9D80-C8F8EBA487A6}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{D96E121B-6A6B-432A-BEE8-1EC68CA63A91}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{D990E0F9-2FF6-425D-9294-84F8B507BBE1}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{DA61376B-193A-45B8-8C45-870772F393FC}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{DCF312AF-C0EB-44DD-A6AA-E4D753C59D43}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{DF5F015D-7A51-4150-A6BF-0DE96C7D51AB}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{E0275985-992A-49D6-A34C-5E66F21321FC}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{E09274CB-F9D1-425F-BACE-DBC940AA4478}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{E0AD11AD-E6C2-4CB6-8272-5D25F0A6D843}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{E16915C9-CD0C-4968-89B9-6D479E5CD02D}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{E34A4FB3-3603-4260-A4CA-7F38F00750A4}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{E3B11394-43B3-44BF-8250-BB454A811C10}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{E46CB90F-505C-469A-A1A0-2C4D80228252}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{E5566B2B-189B-447A-AFB3-94AD1D6D7875}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{E5A39662-AD93-4224-99F5-B6E07999DB25}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{E5A83C6A-1D1F-4A93-9EE1-5004ADFDA29D}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{E6C210BA-9CA1-46FB-B15B-CEFE87D9499C}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{E8EDD0F3-A5F6-4976-B5C1-394FF2D5B1A6}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{E9437F96-E4A0-4AA9-AFEA-87F3FB2962D5}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{E9A915F6-DA82-4812-90CF-8B8326EFE097}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{EAE78E46-5AF9-4EEF-941E-9E9B70ADF50C}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{EAF9946B-84FE-444D-B345-1D632CF9D47D}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{EBBF6015-125B-4E58-A307-8C10852F1A3E}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{EBE7FF93-B514-46E3-88BA-643129E95D95}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{EDEF6EC9-B051-4297-A620-891975B04141}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{EE84E5F9-07FF-436F-883B-5EFE793914F3}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{EE861835-688A-45F6-9556-B4951BC7AB51}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{EEB667A0-86C0-470B-96AD-992FAB7B4344}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{EED320AA-E8FD-4662-80E4-EFE9593F5347}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{EF784EF1-79B6-4713-8F9D-C3049ACFC944}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{F10C51C5-D5AB-4967-A264-63C044D8ECE7}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{F48F28E1-79E5-4228-8D5A-BB93E9B74230}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{F4B3F9AF-D6B2-4B29-A278-85ABCD5130EC}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{F4C07802-454A-44AC-801E-EB8EFBF798E3}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{F4E12255-4A63-40EC-95D5-9D36B4F3113C}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{F67EB8E3-7D48-459D-B6F9-7137CA17D7CC}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{F85BA75A-19EA-4153-BAE4-6909983E9D41}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{FA05D937-883E-48A7-A190-F97558E52A81}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{FC1FCFAE-5F32-4A65-B947-3B29593786B5}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{FCDADD6C-AD76-4147-BC74-6432F3F33EA5}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{FDD02793-44FB-43E8-B863-7624848D3EF6}
Successfully deleted: [Empty Folder] C:\Users\Rod\appdata\local\{FDDF2865-47B0-4311-9711-AA5EBA829855}
~~~ Chrome
Successfully deleted: [Folder] C:\Users\Rod\appdata\local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 10/27/2013 at 14:39:41.82
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-10-2013 01
Ran by Rod (administrator) on ROD-PC on 27-10-2013 14:43:52
Running from C:\Users\Rod\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Freemake) C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
(Hewlett-Packard Company) c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler64.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.8.13\ccSvcHst.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(X10) C:\PROGRA~2\COMMON~1\X10\Common\X10nets.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.8.13\ccSvcHst.exe
() C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Microsoft Corporation) C:\Users\Rod\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Hewlett-Packard) C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(LoiLo inc) C:\Program Files (x86)\LoiLo\LoiLoFit\CameraWatcher.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(CyberLink) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.8.13\SymcPCCULaunchSvc.exe
() C:\Program Files (x86)\AutoHotkey\AutoHotkey.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [smartMenu] - C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [610360 2009-09-14] ()
HKLM\...\Run: [PC-Doctor for Windows localizer] - C:\Program Files\PC-Doctor for Windows\localizer.exe [95728 2009-09-16] (PC-Doctor, Inc.)
HKCU\...\Run: [HPADVISOR] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1685048 2009-09-29] (Hewlett-Packard)
HKCU\...\Run: [GoogleDriveSync] - C:\Program Files (x86)\Google\Drive\googledrivesync.exe [20133824 2013-09-25] (Google)
HKCU\...\Run: [skyDrive] - C:\Users\Rod\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [257136 2013-08-14] (Microsoft Corporation)
HKCU\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-01-27] (Google Inc.)
HKLM-x32\...\Run: [hpsysdrv] - C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM-x32\...\Run: [HP Remote Solution] - C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe [656896 2009-08-24] (Hewlett-Packard)
HKLM-x32\...\Run: [iAStorIcon] - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2009-10-02] (Intel Corporation)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe [54576 2008-12-08] (Hewlett-Packard)
HKLM-x32\...\Run: [startCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-03-10] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [bCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [AppleSyncNotifier] - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [58656 2011-04-20] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-08-27] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-04-18] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [421776 2012-09-09] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [CameraWatcher] - C:\Program Files (x86)\LoiLo\LoiLoFit\CameraWatcher.exe [127616 2012-12-03] (LoiLo inc)
HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKU\Default\...\Run: [HPADVISOR] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1685048 2009-09-29] (Hewlett-Packard)
Startup: C:\Users\Rod\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKLM - {22AD3E2D-4355-4482-A5C4-A77F5762B79D} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKLM-x32 - {22AD3E2D-4355-4482-A5C4-A77F5762B79D} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKCU - {22AD3E2D-4355-4482-A5C4-A77F5762B79D} URL =
SearchScopes: HKCU - {A149123D-8E6D-4971-AA25-7C7C9C0E9895} URL = http://search.yahoo.com/search?p={searchTerms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20130414,19890,0,18,0
SearchScopes: HKCU - {F96EB706-85D5-4933-85D8-A5D48E85422A} URL =
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Speckie - {8CE7F568-67FA-4432-BA39-F5AFD68E7B8B} - C:\Users\Rod\AppData\Roaming\Speckie\bin64\Speckie64.dll (Versoworks Pty Ltd)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\IPS\ipsbho.dll (Symantec Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Speckie - {8CE7F568-67FA-4432-BA39-F5AFD68E7B8B} - C:\Users\Rod\AppData\Roaming\Speckie\bin32\Speckie32.dll (Versoworks Pty Ltd)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft Live Search Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: HKLM-x32 {11260943-421B-11D0-8EAC-0000C07D88CF} http://www.ipix.com/download/ipixx.cab
DPF: HKLM-x32 {BEA7310D-06C4-4339-A784-DC3804819809} http://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Tcpip\Parameters: [DhcpNameServer] 68.94.156.1 68.94.157.1 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Rod\AppData\Roaming\Mozilla\Firefox\Profiles\pxw97tka.default
FF SelectedSearchEngine: Bing
FF DefaultSearchEngine: Bing
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @garmin.com/GpsControl - C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.21.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Rod\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Rod\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Extension: Autofill Forms - C:\Users\Rod\AppData\Roaming\Mozilla\Firefox\Profiles\pxw97tka.default\Extensions\autofillForms@blueimp.net
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Rod\AppData\Roaming\Mozilla\Firefox\Profiles\pxw97tka.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\IPSFF
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\coFFPlgn\
Chrome:
=======
CHR DefaultSearchURL: (Bing) - http://www.google.com
CHR DefaultSuggestURL: (Bing) - "suggest_url": ""
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Rod\AppData\Local\Google\Chrome\Application\30.0.1599.69\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Rod\AppData\Local\Google\Chrome\Application\30.0.1599.69\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\Rod\AppData\Local\Google\Chrome\Application\30.0.1599.69\gcswf32.dll No File
CHR Plugin: (Norton Confidential) - C:\Users\Rod\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.3.7_0\npcoplgn.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.240.7) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java Platform SE 6 U24) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Garmin Communicator Plug-In) - C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Live? Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Extension: (Google Drive) - C:\Users\Rod\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\Rod\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Rod\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Norton Identity Protection) - C:\Users\Rod\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.11.8_0
CHR Extension: (Gmail) - C:\Users\Rod\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
CHR HKLM-x32\...\Chrome\Extension: [mfchmfgdaabgdjbcaophikcobddojjoe] - C:\Users\Rod\AppData\Local\CRE\mfchmfgdaabgdjbcaophikcobddojjoe.crx
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\Exts\Chrome.crx
==================== Services (Whitelisted) =================
R2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [101888 2013-07-05] (Freemake)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe [144368 2013-05-20] (Symantec Corporation)
R2 Norton PC Checkup Application Launcher; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.8.13\SymcPCCULaunchSvc.exe [177080 2011-12-16] (Symantec Corporation)
R2 PCCUJobMgr; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.8.13\ccSvcHst.exe [126392 2009-08-24] (Symantec Corporation)
R2 x10nets; C:\PROGRA~2\COMMON~1\X10\Common\X10nets.exe [20480 2010-11-01] (X10)
==================== Drivers (Whitelisted) ====================
R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\Definitions\BASHDefs\20131022.001\BHDrvx64.sys [1524824 2013-10-22] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1404000.028\ccSetx64.sys [169048 2013-04-15] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-08-26] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [140376 2013-08-26] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\Definitions\IPSDefs\20131025.001\IDSvia64.sys [521816 2013-10-17] (Symantec Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\Definitions\VirusDefs\20131026.007\ENG64.SYS [126040 2013-08-28] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\Definitions\VirusDefs\20131026.007\EX64.SYS [2099288 2013-08-28] (Symantec Corporation)
R3 SRTSP; C:\Windows\System32\Drivers\NISx64\1404000.028\SRTSP64.SYS [796760 2013-05-15] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1404000.028\SRTSPX64.SYS [36952 2013-03-04] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1404000.028\SYMDS64.SYS [493656 2013-05-20] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1404000.028\SYMEFA64.SYS [1139800 2013-05-22] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-08-03] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1404000.028\Ironx64.SYS [224416 2013-03-04] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1404000.028\SYMNETS.SYS [433752 2013-04-24] (Symantec Corporation)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-10-27 14:43 - 2013-10-27 14:43 - 00000000 ____D C:\FRST
2013-10-27 14:42 - 2013-10-27 14:43 - 01956442 _____ (Farbar) C:\Users\Rod\Desktop\FRST64.exe
2013-10-27 14:39 - 2013-10-27 14:39 - 00028064 _____ C:\Users\Rod\Desktop\JRT.txt
2013-10-27 14:33 - 2013-10-27 14:33 - 00000000 ____D C:\Windows\ERUNT
2013-10-27 14:32 - 2013-10-27 14:33 - 01033335 _____ (Thisisu) C:\Users\Rod\Desktop\JRT.exe
2013-10-26 13:06 - 2013-10-26 13:06 - 00032899 _____ C:\ComboFix.txt
2013-10-26 12:45 - 2011-06-25 23:45 - 00256000 _____ C:\Windows\PEV.exe
2013-10-26 12:45 - 2010-11-07 10:20 - 00208896 _____ C:\Windows\MBR.exe
2013-10-26 12:45 - 2009-04-19 21:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-10-26 12:45 - 2000-08-30 17:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-10-26 12:45 - 2000-08-30 17:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-10-26 12:45 - 2000-08-30 17:00 - 00098816 _____ C:\Windows\sed.exe
2013-10-26 12:45 - 2000-08-30 17:00 - 00080412 _____ C:\Windows\grep.exe
2013-10-26 12:45 - 2000-08-30 17:00 - 00068096 _____ C:\Windows\zip.exe
2013-10-26 12:36 - 2013-10-26 13:06 - 00000000 ____D C:\Qoobox
2013-10-26 12:34 - 2013-10-26 12:35 - 05136694 ____R (Swearware) C:\Users\Rod\Desktop\ComboFix.exe
2013-10-24 16:24 - 2013-10-24 16:27 - 00000000 ____D C:\AdwCleaner
2013-10-24 16:22 - 2013-10-24 16:22 - 00002947 _____ C:\Users\Rod\Desktop\RKreport[0]_D_10242013_162241.txt
2013-10-24 16:20 - 2013-10-24 16:20 - 00002840 _____ C:\Users\Rod\Desktop\RKreport[0]_S_10242013_162038.txt
2013-10-24 16:19 - 2013-10-24 16:22 - 00000000 ____D C:\Users\Rod\Desktop\RK_Quarantine
2013-10-23 17:23 - 2013-10-27 14:40 - 00000594 _____ C:\Users\Rod\Desktop\Redirects from Google to Bing... how to remove - Malware Removal Help - Malwarebytes Forum.website
2013-10-23 16:57 - 2013-10-23 16:57 - 00001001 _____ C:\Windows\IE11_main.log
2013-10-21 16:48 - 2013-10-21 16:48 - 00000413 _____ C:\Users\Rod\Desktop\Utah Ski & Snow Report OnTheSnow.com.website
2013-10-10 10:33 - 2013-09-22 16:28 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-10-10 10:33 - 2013-09-22 16:28 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-10-10 10:33 - 2013-09-22 16:27 - 14335488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-10-10 10:33 - 2013-09-22 16:27 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-10-10 10:33 - 2013-09-22 16:27 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-10-10 10:33 - 2013-09-22 16:27 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-10-10 10:33 - 2013-09-22 16:27 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-10-10 10:33 - 2013-09-22 16:27 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-10-10 10:33 - 2013-09-22 16:27 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-10-10 10:33 - 2013-09-22 16:27 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-10-10 10:33 - 2013-09-22 16:27 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-10-10 10:33 - 2013-09-22 16:27 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-10-10 10:33 - 2013-09-22 16:27 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-10-10 10:33 - 2013-09-22 15:55 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-10-10 10:33 - 2013-09-22 15:55 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-10-10 10:33 - 2013-09-22 15:55 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-10-10 10:33 - 2013-09-22 15:54 - 19252224 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-10-10 10:33 - 2013-09-22 15:54 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-10-10 10:33 - 2013-09-22 15:54 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-10-10 10:33 - 2013-09-22 15:54 - 02647552 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-10-10 10:33 - 2013-09-22 15:54 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-10-10 10:33 - 2013-09-22 15:54 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-10-10 10:33 - 2013-09-22 15:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-10-10 10:33 - 2013-09-22 15:54 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-10-10 10:33 - 2013-09-22 15:54 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-10-10 10:33 - 2013-09-22 15:54 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-10-10 10:33 - 2013-09-22 15:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-10-10 10:33 - 2013-09-20 20:38 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-10-10 10:33 - 2013-09-20 20:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-10-10 10:33 - 2013-09-20 19:48 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-10-10 10:33 - 2013-09-20 19:39 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-10-09 21:11 - 2013-07-04 05:50 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2013-10-09 21:11 - 2013-07-04 04:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2013-10-09 21:10 - 2013-06-05 22:50 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2013-10-09 21:10 - 2013-06-05 22:49 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2013-10-09 21:10 - 2013-06-05 22:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2013-10-09 21:10 - 2013-06-05 22:47 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-10-09 21:10 - 2013-06-05 21:57 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2013-10-09 21:10 - 2013-06-05 21:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2013-10-09 21:10 - 2013-06-05 21:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2013-10-09 21:10 - 2013-06-05 20:30 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-10-09 21:10 - 2013-06-05 20:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2013-10-09 21:10 - 2013-06-05 20:01 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2013-10-09 21:05 - 2013-06-25 15:55 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-10-09 21:04 - 2013-07-12 03:41 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2013-10-09 21:04 - 2013-07-02 21:40 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbscan.sys
2013-10-09 21:04 - 2013-07-02 21:05 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2013-10-09 21:04 - 2013-07-02 21:05 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2013-10-09 20:59 - 2013-09-13 18:10 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-10-09 20:59 - 2013-09-07 19:30 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-10-09 20:59 - 2013-09-07 19:27 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2013-10-09 20:59 - 2013-09-07 19:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2013-10-09 20:59 - 2013-07-04 05:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2013-10-09 20:59 - 2013-07-04 05:50 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2013-10-09 20:59 - 2013-07-04 04:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2013-10-09 20:59 - 2013-07-04 04:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2013-10-09 20:59 - 2013-07-04 03:11 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2013-10-09 20:58 - 2013-08-28 19:17 - 05549504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-10-09 20:58 - 2013-08-28 19:16 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-10-09 20:58 - 2013-08-28 19:16 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2013-10-09 20:58 - 2013-08-28 19:16 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-10-09 20:58 - 2013-08-28 19:13 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2013-10-09 20:58 - 2013-08-28 18:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-10-09 20:58 - 2013-08-28 18:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-10-09 20:58 - 2013-08-28 18:50 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-10-09 20:58 - 2013-08-28 18:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2013-10-09 20:58 - 2013-08-28 18:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-10-09 20:58 - 2013-08-28 18:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2013-10-09 20:58 - 2013-08-28 17:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-10-09 20:58 - 2013-08-28 17:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-10-09 20:58 - 2013-08-28 17:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-10-09 20:58 - 2013-08-28 17:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-10-09 20:58 - 2013-08-27 18:21 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-10-09 20:56 - 2013-08-27 18:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2013-10-09 20:56 - 2013-08-01 05:09 - 00983488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-10-09 20:56 - 2013-07-20 03:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-09 20:56 - 2013-07-20 03:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2013-10-09 13:51 - 2013-10-09 13:51 - 00000451 _____ C:\Users\Rod\Desktop\Recessed Lights Are Evil Structure Tech Home Inspections.website
2013-10-06 20:42 - 2013-10-23 16:14 - 00003174 _____ C:\Windows\System32\Tasks\HPCeeScheduleForRod
2013-10-06 20:42 - 2013-10-23 16:14 - 00000324 _____ C:\Windows\Tasks\HPCeeScheduleForRod.job
2013-09-29 21:46 - 2013-09-29 22:47 - 00000000 ____D C:\jexepackres
2013-09-29 21:46 - 2013-09-29 21:46 - 00000042 _____ C:\Users\Rod\AstroViewer 3.1.6-Path
2013-09-29 21:46 - 2013-09-29 21:46 - 00000000 ____D C:\Program Files (x86)\AstroViewer 3.1.6
==================== One Month Modified Files and Folders =======
2013-10-27 14:43 - 2013-10-27 14:43 - 00000000 ____D C:\FRST
2013-10-27 14:43 - 2013-10-27 14:42 - 01956442 _____ (Farbar) C:\Users\Rod\Desktop\FRST64.exe
2013-10-27 14:43 - 2012-05-11 11:04 - 00000848 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-258491159-1904954851-485267930-1000Core.job
2013-10-27 14:40 - 2013-10-23 17:23 - 00000594 _____ C:\Users\Rod\Desktop\Redirects from Google to Bing... how to remove - Malware Removal Help - Malwarebytes Forum.website
2013-10-27 14:40 - 2010-01-25 20:46 - 01839612 _____ C:\Windows\WindowsUpdate.log
2013-10-27 14:39 - 2013-10-27 14:39 - 00028064 _____ C:\Users\Rod\Desktop\JRT.txt
2013-10-27 14:35 - 2012-01-27 15:07 - 00000892 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-27 14:35 - 2012-01-27 15:07 - 00000888 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-27 14:33 - 2013-10-27 14:33 - 00000000 ____D C:\Windows\ERUNT
2013-10-27 14:33 - 2013-10-27 14:32 - 01033335 _____ (Thisisu) C:\Users\Rod\Desktop\JRT.exe
2013-10-27 14:32 - 2012-08-13 13:14 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-27 14:30 - 2012-05-11 11:04 - 00000900 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-258491159-1904954851-485267930-1000UA.job
2013-10-26 16:33 - 2009-07-13 21:45 - 00015984 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-26 16:33 - 2009-07-13 21:45 - 00015984 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-26 16:26 - 2013-07-31 21:09 - 00000000 ___RD C:\Users\Rod\SkyDrive
2013-10-26 16:25 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-26 16:25 - 2009-07-13 21:51 - 00061258 _____ C:\Windows\setupact.log
2013-10-26 13:07 - 2010-01-29 18:18 - 00003910 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{23DA1583-211A-4322-84B9-9F42DF081FB5}
2013-10-26 13:06 - 2013-10-26 13:06 - 00032899 _____ C:\ComboFix.txt
2013-10-26 13:06 - 2013-10-26 12:36 - 00000000 ____D C:\Qoobox
2013-10-26 13:02 - 2009-07-13 19:34 - 00000215 _____ C:\Windows\system.ini
2013-10-26 13:01 - 2010-01-29 20:17 - 01152234 _____ C:\Windows\PFRO.log
2013-10-26 13:00 - 2012-06-29 10:26 - 00000000 ____D C:\Windows\erdnt
2013-10-26 12:35 - 2013-10-26 12:34 - 05136694 ____R (Swearware) C:\Users\Rod\Desktop\ComboFix.exe
2013-10-24 16:27 - 2013-10-24 16:24 - 00000000 ____D C:\AdwCleaner
2013-10-24 16:22 - 2013-10-24 16:22 - 00002947 _____ C:\Users\Rod\Desktop\RKreport[0]_D_10242013_162241.txt
2013-10-24 16:22 - 2013-10-24 16:19 - 00000000 ____D C:\Users\Rod\Desktop\RK_Quarantine
2013-10-24 16:20 - 2013-10-24 16:20 - 00002840 _____ C:\Users\Rod\Desktop\RKreport[0]_S_10242013_162038.txt
2013-10-23 16:57 - 2013-10-23 16:57 - 00001001 _____ C:\Windows\IE11_main.log
2013-10-23 16:31 - 2013-06-11 23:12 - 00001649 _____ C:\Users\Rod\Desktop\Slickdeals.net.website
2013-10-23 16:14 - 2013-10-06 20:42 - 00003174 _____ C:\Windows\System32\Tasks\HPCeeScheduleForRod
2013-10-23 16:14 - 2013-10-06 20:42 - 00000324 _____ C:\Windows\Tasks\HPCeeScheduleForRod.job
2013-10-21 16:48 - 2013-10-21 16:48 - 00000413 _____ C:\Users\Rod\Desktop\Utah Ski & Snow Report OnTheSnow.com.website
2013-10-20 16:37 - 2007-12-10 08:46 - 00000000 ____D C:\Users\Rod\Documents\receipts
2013-10-16 16:42 - 2011-08-16 11:56 - 00000000 ____D C:\Program Files (x86)\Greetings Workshop
2013-10-14 17:41 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\rescache
2013-10-11 14:30 - 2012-01-27 15:07 - 00003888 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-10-11 14:30 - 2012-01-27 15:07 - 00003636 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-10-10 11:21 - 2009-07-13 22:13 - 00726444 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-10 11:15 - 2009-07-13 21:45 - 05046688 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-10 11:14 - 2012-05-15 22:38 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-10-10 11:14 - 2012-05-15 22:38 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-10-10 10:29 - 2013-08-14 06:12 - 00000000 ____D C:\Windows\system32\MRT
2013-10-10 10:27 - 2010-03-14 08:26 - 80541720 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-10-09 19:49 - 2012-10-22 19:18 - 00000000 ____D C:\Users\Rod\Documents\olives
2013-10-09 19:20 - 2010-01-31 10:02 - 00032480 _____ C:\Users\Rod\AppData\Roaming\wklnhst.dat
2013-10-09 19:18 - 2009-07-13 22:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2013-10-09 13:51 - 2013-10-09 13:51 - 00000451 _____ C:\Users\Rod\Desktop\Recessed Lights Are Evil Structure Tech Home Inspections.website
2013-10-09 11:30 - 2012-08-13 13:14 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-10-09 11:30 - 2012-08-13 13:14 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-10-09 11:30 - 2012-08-13 13:14 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-10-09 08:50 - 2012-05-11 11:04 - 00003866 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-258491159-1904954851-485267930-1000UA
2013-10-09 08:50 - 2012-05-11 11:04 - 00003470 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-258491159-1904954851-485267930-1000Core
2013-10-07 20:44 - 2013-09-26 10:28 - 00000537 _____ C:\Users\Rod\Desktop\El Dorado County Fire Safe Council Chipper Program.website
2013-10-06 20:38 - 2011-10-31 08:59 - 00000000 _____ C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2013-10-06 20:38 - 2010-02-06 11:13 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log
2013-10-06 20:36 - 2010-02-06 11:12 - 00000000 ____D C:\Users\Rod\AppData\Roaming\HpUpdate
2013-10-06 20:36 - 2010-02-06 11:12 - 00000000 ____D C:\Users\Rod\AppData\Roaming\HP Support Assistant
2013-10-06 13:26 - 2013-02-13 17:27 - 00222208 ___SH C:\Users\Rod\Desktop\Thumbs.db
2013-09-30 10:43 - 2010-01-29 20:20 - 00000544 _____ C:\Windows\Tasks\PCDRScheduledMaintenance.job
2013-09-29 22:47 - 2013-09-29 21:46 - 00000000 ____D C:\jexepackres
2013-09-29 21:46 - 2013-09-29 21:46 - 00000042 _____ C:\Users\Rod\AstroViewer 3.1.6-Path
2013-09-29 21:46 - 2013-09-29 21:46 - 00000000 ____D C:\Program Files (x86)\AstroViewer 3.1.6
2013-09-29 21:46 - 2010-01-29 17:50 - 00000000 ____D C:\Users\Rod
2013-09-28 20:51 - 2006-10-13 11:54 - 00000000 ____D C:\Users\Rod\Documents\TurboTax
2013-09-28 17:50 - 2013-03-14 22:25 - 00000584 _____ C:\Users\Rod\Desktop\bA.website
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-10-14 17:34
==================== End Of Log ============================
-
Hi MrC,
After running ComboFix, I rebooted and while surfing again was sent to Bing. Ugh :-(
thoughts?
-
I'm running IE rev10 (the only browser I use).
I'm using Norton IS. I disabled the Antivirus Auto Protect and the Smart Firewall before running ComboFix, but I still got an error msg from ComboFix saying that Norton IS anti-virus was still active. I ignored that msg and continued running ComboFix.
Here's the ComboFix log file:
ComboFix 13-10-26.01 - Rod 10/26/2013 12:47:37.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8151.6322 [GMT -7:00]
Running from: c:\users\Rod\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Rod\AppData\Local\Temp\_MEI18042\_ctypes.pyd
c:\users\Rod\AppData\Local\Temp\_MEI18042\_elementtree.pyd
c:\users\Rod\AppData\Local\Temp\_MEI18042\_hashlib.pyd
c:\users\Rod\AppData\Local\Temp\_MEI18042\_multiprocessing.pyd
c:\users\Rod\AppData\Local\Temp\_MEI18042\_socket.pyd
c:\users\Rod\AppData\Local\Temp\_MEI18042\_ssl.pyd
c:\users\Rod\AppData\Local\Temp\_MEI18042\msvcp100.dll
c:\users\Rod\AppData\Local\Temp\_MEI18042\msvcr100.dll
c:\users\Rod\AppData\Local\Temp\_MEI18042\pyexpat.pyd
c:\users\Rod\AppData\Local\Temp\_MEI18042\pysqlite2._sqlite.pyd
c:\users\Rod\AppData\Local\Temp\_MEI18042\python27.dll
c:\users\Rod\AppData\Local\Temp\_MEI18042\pythoncom27.dll
c:\users\Rod\AppData\Local\Temp\_MEI18042\PyWinTypes27.dll
c:\users\Rod\AppData\Local\Temp\_MEI18042\select.pyd
c:\users\Rod\AppData\Local\Temp\_MEI18042\unicodedata.pyd
c:\users\Rod\AppData\Local\Temp\_MEI18042\win32api.pyd
c:\users\Rod\AppData\Local\Temp\_MEI18042\win32com.shell.shell.pyd
c:\users\Rod\AppData\Local\Temp\_MEI18042\win32crypt.pyd
c:\users\Rod\AppData\Local\Temp\_MEI18042\win32event.pyd
c:\users\Rod\AppData\Local\Temp\_MEI18042\win32file.pyd
c:\users\Rod\AppData\Local\Temp\_MEI18042\win32inet.pyd
c:\users\Rod\AppData\Local\Temp\_MEI18042\win32pdh.pyd
c:\users\Rod\AppData\Local\Temp\_MEI18042\win32process.pyd
c:\users\Rod\AppData\Local\Temp\_MEI18042\win32profile.pyd
c:\users\Rod\AppData\Local\Temp\_MEI18042\win32security.pyd
c:\users\Rod\AppData\Local\Temp\_MEI18042\win32ts.pyd
c:\users\Rod\AppData\Local\Temp\_MEI18042\windows._cacheinvalidation.pyd
c:\users\Rod\AppData\Local\Temp\_MEI18042\wx._controls_.pyd
c:\users\Rod\AppData\Local\Temp\_MEI18042\wx._core_.pyd
c:\users\Rod\AppData\Local\Temp\_MEI18042\wx._gdi_.pyd
c:\users\Rod\AppData\Local\Temp\_MEI18042\wx._html2.pyd
c:\users\Rod\AppData\Local\Temp\_MEI18042\wx._misc_.pyd
c:\users\Rod\AppData\Local\Temp\_MEI18042\wx._windows_.pyd
c:\users\Rod\AppData\Local\Temp\_MEI18042\wx._wizard.pyd
c:\users\Rod\AppData\Local\Temp\_MEI18042\wxbase294u_net_vc90.dll
c:\users\Rod\AppData\Local\Temp\_MEI18042\wxbase294u_vc90.dll
c:\users\Rod\AppData\Local\Temp\_MEI18042\wxmsw294u_adv_vc90.dll
c:\users\Rod\AppData\Local\Temp\_MEI18042\wxmsw294u_core_vc90.dll
c:\users\Rod\AppData\Local\Temp\_MEI18042\wxmsw294u_html_vc90.dll
c:\users\Rod\AppData\Local\Temp\_MEI18042\wxmsw294u_webview_vc90.dll
K:\Autorun.inf
K:\Setup.exe
.
.
((((((((((((((((((((((((( Files Created from 2013-09-26 to 2013-10-26 )))))))))))))))))))))))))))))))
.
.
2013-10-24 23:24 . 2013-10-24 23:27 -------- d-----w- C:\AdwCleaner
2013-10-10 04:11 . 2013-07-04 12:50 633856 ----a-w- c:\windows\system32\comctl32.dll
2013-10-10 04:11 . 2013-07-04 11:50 530432 ----a-w- c:\windows\SysWow64\comctl32.dll
2013-10-10 04:10 . 2013-06-06 03:30 368128 ----a-w- c:\windows\system32\atmfd.dll
2013-10-10 04:10 . 2013-06-06 03:01 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2013-10-10 04:10 . 2013-06-06 05:50 41472 ----a-w- c:\windows\system32\lpk.dll
2013-10-10 04:10 . 2013-06-06 05:49 100864 ----a-w- c:\windows\system32\fontsub.dll
2013-10-10 04:10 . 2013-06-06 05:49 14336 ----a-w- c:\windows\system32\dciman32.dll
2013-10-10 04:10 . 2013-06-06 05:47 46080 ----a-w- c:\windows\system32\atmlib.dll
2013-10-10 04:10 . 2013-06-06 04:57 25600 ----a-w- c:\windows\SysWow64\lpk.dll
2013-10-10 04:10 . 2013-06-06 04:51 70656 ----a-w- c:\windows\SysWow64\fontsub.dll
2013-10-10 04:10 . 2013-06-06 04:50 10240 ----a-w- c:\windows\SysWow64\dciman32.dll
2013-10-10 04:10 . 2013-06-06 03:01 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2013-10-10 04:05 . 2013-06-25 22:55 785624 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2013-10-10 04:04 . 2013-07-12 10:41 100864 ----a-w- c:\windows\system32\drivers\usbcir.sys
2013-10-10 04:04 . 2013-07-03 04:40 42496 ----a-w- c:\windows\system32\drivers\usbscan.sys
2013-10-10 04:04 . 2013-07-03 04:05 76800 ----a-w- c:\windows\system32\drivers\hidclass.sys
2013-10-10 04:04 . 2013-07-03 04:05 32896 ----a-w- c:\windows\system32\drivers\hidparse.sys
2013-10-10 03:59 . 2013-07-04 12:57 259584 ----a-w- c:\windows\system32\WebClnt.dll
2013-10-10 03:59 . 2013-07-04 12:50 102400 ----a-w- c:\windows\system32\davclnt.dll
2013-10-10 03:59 . 2013-07-04 11:57 205824 ----a-w- c:\windows\SysWow64\WebClnt.dll
2013-10-10 03:59 . 2013-07-04 11:51 81920 ----a-w- c:\windows\SysWow64\davclnt.dll
2013-10-10 03:59 . 2013-07-04 10:11 140800 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2013-10-10 03:59 . 2013-09-14 01:10 497152 ----a-w- c:\windows\system32\drivers\afd.sys
2013-10-10 03:59 . 2013-09-08 02:30 1903552 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-10-10 03:59 . 2013-09-08 02:27 327168 ----a-w- c:\windows\system32\mswsock.dll
2013-10-10 03:59 . 2013-09-08 02:03 231424 ----a-w- c:\windows\SysWow64\mswsock.dll
2013-10-10 03:56 . 2013-07-20 10:33 102608 ----a-w- c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2013-10-10 03:56 . 2013-07-20 10:33 124112 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-10 03:56 . 2013-08-01 12:09 983488 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-10-10 03:56 . 2013-08-28 01:12 461312 ----a-w- c:\windows\system32\scavengeui.dll
2013-09-30 04:46 . 2013-09-30 04:46 -------- d-----w- c:\program files (x86)\AstroViewer 3.1.6
2013-09-30 04:46 . 2013-09-30 04:46 -------- d-----w- c:\users\Rod\applogs
2013-09-30 04:46 . 2013-09-30 05:47 -------- d-----w- C:\jexepackres
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-10 17:27 . 2010-03-14 15:26 80541720 ----a-w- c:\windows\system32\MRT.exe
2013-10-09 18:30 . 2012-08-13 20:14 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-10-09 18:30 . 2012-08-13 20:14 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-08-29 01:48 . 2013-10-10 03:58 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-08-05 02:25 . 2013-09-11 18:02 155584 ----a-w- c:\windows\system32\drivers\ataport.sys
2013-08-03 20:54 . 2011-04-28 02:55 177312 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2013-08-02 02:14 . 2013-09-11 17:59 215040 ----a-w- c:\windows\system32\winsrv.dll
2013-08-02 02:13 . 2013-09-11 17:59 424448 ----a-w- c:\windows\system32\KernelBase.dll
2013-08-02 02:13 . 2013-09-11 17:59 1161216 ----a-w- c:\windows\system32\kernel32.dll
2013-08-02 02:12 . 2013-09-11 17:59 43520 ----a-w- c:\windows\system32\csrsrv.dll
2013-08-02 02:12 . 2013-09-11 17:59 6656 ----a-w- c:\windows\system32\apisetschema.dll
2013-08-02 02:12 . 2013-09-11 17:59 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 17:59 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 17:59 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 17:59 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 17:59 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 17:59 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 17:59 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 17:59 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 17:59 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 17:59 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 17:59 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 17:59 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 17:59 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 17:59 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 17:59 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 17:59 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 17:59 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 17:59 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 17:59 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 17:59 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 17:59 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 17:59 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 17:59 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 17:59 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 17:59 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 17:59 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 17:59 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 17:59 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-08-02 01:50 . 2013-09-11 17:59 274944 ----a-w- c:\windows\SysWow64\KernelBase.dll
2013-08-02 01:48 . 2013-09-11 17:59 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
2013-08-02 01:48 . 2013-09-11 17:59 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 17:59 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 17:59 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 17:59 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 17:59 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 17:59 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 17:59 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 17:59 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 17:59 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 17:59 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 17:59 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 17:59 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 17:59 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 17:59 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 17:59 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 17:59 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 17:59 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 17:59 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 17:59 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 17:59 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 17:59 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 17:59 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 17:59 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 17:59 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
2013-08-02 01:09 . 2013-09-11 17:59 338432 ----a-w- c:\windows\system32\conhost.exe
2013-08-02 00:59 . 2013-09-11 17:59 112640 ----a-w- c:\windows\system32\smss.exe
2013-08-02 00:43 . 2013-09-11 17:59 6144 ---ha-w- c:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2013-08-02 00:43 . 2013-09-11 17:59 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2013-08-02 00:43 . 2013-09-11 17:59 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2013-08-02 00:43 . 2013-09-11 17:59 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPADVISOR"="c:\program files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2009-09-29 1685048]
"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2013-09-26 20133824]
"SkyDrive"="c:\users\Rod\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" [2013-08-14 257136]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-01-27 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"HP Remote Solution"="c:\program files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe" [2009-08-25 656896]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2009-10-02 284696]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-03-11 98304]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"CameraWatcher"="c:\program files (x86)\LoiLo\LoiLoFit\CameraWatcher.exe" [2012-12-03 127616]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
c:\users\Rod\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE /tsr [2013-6-25 228552]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe -det [2009-6-3 430080]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1404000.028\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1404000.028\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1404000.028\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1404000.028\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\Definitions\BASHDefs\20131022.001\BHDrvx64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\Definitions\BASHDefs\20131022.001\BHDrvx64.sys [x]
S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1404000.028\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\NISx64\1404000.028\ccSetx64.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\Definitions\IPSDefs\20131025.001\IDSvia64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\Definitions\IPSDefs\20131025.001\IDSvia64.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1404000.028\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1404000.028\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1404000.028\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\NISx64\1404000.028\SYMNETS.SYS [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 Freemake Improver;Freemake Improver;c:\programdata\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe;c:\programdata\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe;c:\program files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe [x]
S2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files (x86)\Norton PC Checkup\Engine\2.0.8.13\SymcPCCULaunchSvc.exe;c:\program files (x86)\Norton PC Checkup\Engine\2.0.8.13\SymcPCCULaunchSvc.exe [x]
S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.8.13\ccSvcHst.exe;c:\program files (x86)\Norton PC Checkup\Engine\2.0.8.13\ccSvcHst.exe [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-10-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-13 18:30]
.
2013-10-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-27 22:07]
.
2013-10-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-27 22:07]
.
2013-10-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-258491159-1904954851-485267930-1000Core.job
- c:\users\Rod\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-11 18:04]
.
2013-10-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-258491159-1904954851-485267930-1000UA.job
- c:\users\Rod\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-11 18:04]
.
2013-10-23 c:\windows\Tasks\HPCeeScheduleForRod.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
2013-09-30 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdrcui.exe [2009-09-18 07:11]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-09-26 00:37 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-09-26 00:37 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-09-26 00:37 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2013-09-26 00:37 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-09-26 00:37 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-09-26 00:37 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-09-15 610360]
"PC-Doctor for Windows localizer"="c:\program files\PC-Doctor for Windows\localizer.exe" [2009-09-17 95728]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: DhcpNameServer = 68.94.156.1 68.94.157.1 192.168.2.1
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file)
Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\20.4.0.40\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCCUJobMgr]
"ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.8.13\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.8.13\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
c:\progra~2\COMMON~1\X10\Common\X10nets.exe
c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
c:\program files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
.
**************************************************************************
.
Completion time: 2013-10-26 13:06:51 - machine was rebooted
ComboFix-quarantined-files.txt 2013-10-26 20:06
.
Pre-Run: 446,072,623,104 bytes free
Post-Run: 453,368,717,312 bytes free
.
- - End Of File - - 1A8582EEFE5682412FF706A578C02362
-
Hi MrC,
While surfing on Google I just now got a redirect over to Bing...looks like we didn't fix it. Any suggestions?
thanks again,
Rod
-
Ran the anti-malware and got 0 issues to fix. Here's the log:
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.orgDatabase version: v2013.10.24.07
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16721
Rod :: ROD-PC [administrator]10/24/2013 4:43:34 PM
mbam-log-2013-10-24 (16-43-34).txtScan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 229378
Time elapsed: 7 minute(s), 8 second(s)Memory Processes Detected: 0
(No malicious items detected)Memory Modules Detected: 0
(No malicious items detected)Registry Keys Detected: 0
(No malicious items detected)Registry Values Detected: 0
(No malicious items detected)Registry Data Items Detected: 0
(No malicious items detected)Folders Detected: 0
(No malicious items detected)Files Detected: 0
(No malicious items detected)(end)
I'll see how the computer acts for a day or so and report back.
Thank you MrC!
-
Here's the AdwCleaner.txt file:
# AdwCleaner v3.010 - Report created 24/10/2013 at 16:27:11
# Updated 20/10/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Rod - ROD-PC
# Running from : C:\Users\Rod\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FJ3LD591\AdwCleaner.exe
# Option : Clean***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : C:\ProgramData\Anti-phishing Domain Advisor
Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\blekko toolbars
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Users\Rod\AppData\Local\Conduit
Folder Deleted : C:\Users\Rod\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Rod\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Rod\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmcmflmkceipgecmhoddphflfndnfbbe
File Deleted : C:\END
File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
File Deleted : C:\Users\Rod\AppData\Roaming\Mozilla\Firefox\Profiles\pxw97tka.default\searchplugins\SweetIm.xml***** [ Shortcuts ] *****
***** [ Registry ] *****
Value Deleted : [x64] HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}]
Key Deleted : HKCU\Software\Google\Chrome\Extensions\pmcmflmkceipgecmhoddphflfndnfbbe
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pmcmflmkceipgecmhoddphflfndnfbbe
Key Deleted : HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\NCTAudioCompress3.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\NCTAudioFormatSettings3.DLL
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\I Want This_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\I Want This_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASMANCS
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Anti-phishing Domain Advisor]
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2737658
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{F54A0D21-6A53-460C-8301-C694EC9E1033}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{F7BCCFD4-2FA6-477D-A1B0-EF7500B3C49E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F14321-8FED-4CBC-B01A-4B57FC199062}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2C6F7E96-73BC-47A5-9F51-B67F0BAFE24D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4C58EB04-7B72-4D3D-A36E-66167A99BC31}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4EE0B011-604C-47F3-8F2B-39F79640B85E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5EB0259D-AB79-4AE6-A6E6-24FFE21C3DA4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0AFD55C8-ADF8-4A33-A6E1-DEDB7A36AEB4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6C9945B7-1D19-46CB-88C0-45A24DF6CD6E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{84B9B044-17C0-48FB-A300-C9747D5DF29C}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EEE6C35B-6118-11DC-9C72-001320C79847}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Cr_Installer
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\smartbar
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\InstallIQ
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Anti-phishing Domain Advisor
Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer
Key Deleted : [x64] HKLM\SOFTWARE\Updater By Sweetpacks***** [ Browsers ] *****
-\\ Internet Explorer v10.0.9200.16720
-\\ Mozilla Firefox v
[ File : C:\Users\Rod\AppData\Roaming\Mozilla\Firefox\Profiles\pxw97tka.default\prefs.js ]
Line Deleted : user_pref("extensions.crossriderapp2258.adsOldValue", -1);
Line Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");
Line Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");
Line Deleted : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "eBay");
Line Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", "");-\\ Google Chrome v
[ File : C:\Users\Rod\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Deleted : homepage
Deleted : urls_to_restore_on_startup
Deleted : icon_url
Deleted : search_url
Deleted : keyword*************************
AdwCleaner[R0].txt - [9091 octets] - [24/10/2013 16:24:58]
AdwCleaner[s0].txt - [8559 octets] - [24/10/2013 16:27:11]########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [8619 octets] ##########
I'm running the next steps now...
thanks again
-
Here's the roguekiller log:
RogueKiller V8.7.5 [Oct 22 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Rod [Admin rights]
Mode : Scan -- Date : 10/24/2013 15:05:43
| ARK || FAK || MBR |¤¤¤ Bad processes : 1 ¤¤¤
[sUSP PATH] visicom_antiphishing.exe -- C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe [7] -> KILLED [TermProc]¤¤¤ Registry Entries : 10 ¤¤¤
[RUN][sUSP PATH] HKLM\[...]\Wow6432Node\[...]\Run : Anti-phishing Domain Advisor ("C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe" [7]) -> FOUND
[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ DESK][PUM] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND¤¤¤ Scheduled tasks : 1 ¤¤¤
[V2][ROGUE ST] 4474 : wscript.exe - C:\Users\Rod\AppData\Local\Temp\launchie.vbs //B -> FOUND¤¤¤ Startup Entries : 0 ¤¤¤
¤¤¤ Web browsers : 0 ¤¤¤
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
¤¤¤ External Hives: ¤¤¤
¤¤¤ Infection : ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts127.0.0.1 localhost
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ SCSI) WDC WD6400AAKS-65A7B2 +++++
--- User ---
[MBR] 7315dbd11841a5dc85f64cbe3df995a4
[bSP] 8ae862a0b6374b1e6fda923e1cdc1aa5 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 599154 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1227274240 | Size: 11224 Mo
User = LL1 ... OK!
User = LL2 ... OK!+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ USB) Seagate Expansion USB Device +++++
--- User ---
[MBR] e589a1f85fcf1299813034176481fdda
[bSP] 519f8ecaf09809bc9d258d3ab4cdf7db : Empty MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 953867 Mo
User = LL1 ... OK!
Error reading LL2 MBR!Finished : << RKreport[0]_S_10242013_150543.txt >>
thanks
-
Here's dds.txt:
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16720 BrowserJavaVersion: 1.6.0_24
Run by Rod at 14:56:26 on 2013-10-24
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8151.6539 [GMT -7:00]
.
AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler.exe
c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler64.exe
C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.8.13\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\PROGRA~2\COMMON~1\X10\Common\X10nets.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.8.13\ccSvcHst.exe
C:\Windows\system32\taskeng.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Users\Rod\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\LoiLo\LoiLoFit\CameraWatcher.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.8.13\SymcPCCULaunchSvc.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil64_11_9_900_117_ActiveX.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\AutoHotkey\AutoHotkey.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
uProxyOverride = 127.0.0.1;*.local
uURLSearchHooks: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - <orphaned>
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\IPS\ipsbho.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Speckie: {8CE7F568-67FA-4432-BA39-F5AFD68E7B8B} - C:\Users\Rod\AppData\Roaming\Speckie\bin32\Speckie32.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW
uRun: [Google Update] "C:\Users\Rod\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
uRun: [skyDrive] "C:\Users\Rod\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /background
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
mRun: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
mRun: [HP Remote Solution] C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [Anti-phishing Domain Advisor] "C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [CameraWatcher] C:\Program Files (x86)\LoiLo\LoiLoFit\CameraWatcher.exe
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
dRunOnce: [sPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
StartupFolder: C:\Users\Rod\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PICTUR~1.LNK - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {E6846530-6088-4AA3-932F-C6245CE59A4C} - {8CE7F568-67FA-4432-BA39-F5AFD68E7B8B} - C:\Users\Rod\AppData\Roaming\Speckie\bin32\Speckie32.dll
TCP: NameServer = 68.94.156.1 68.94.157.1 192.168.2.1
TCP: Interfaces\{8D748199-6B6D-4285-9BE6-539F745BAC0B} : DHCPNameServer = 68.94.156.1 68.94.157.1 192.168.2.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
x64-mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Speckie: {8CE7F568-67FA-4432-BA39-F5AFD68E7B8B} - C:\Users\Rod\AppData\Roaming\Speckie\bin64\Speckie64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [smartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background
x64-Run: [PC-Doctor for Windows localizer] C:\Program Files\PC-Doctor for Windows\localizer.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {E6846530-6088-4AA3-932F-C6245CE59A4C} - {8CE7F568-67FA-4432-BA39-F5AFD68E7B8B} - C:\Users\Rod\AppData\Roaming\Speckie\bin64\Speckie64.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NISx64\1404000.028\SymDS64.sys [2013-8-3 493656]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NISx64\1404000.028\SymEFA64.sys [2013-8-3 1139800]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\Definitions\BASHDefs\20131022.001\BHDrvx64.sys [2013-10-22 1524824]
R1 ccSet_NIS;Norton Internet Security Settings Manager;C:\Windows\System32\drivers\NISx64\1404000.028\ccSetx64.sys [2013-8-3 169048]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\Definitions\IPSDefs\20131023.001\IDSviA64.sys [2013-10-23 521816]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NISx64\1404000.028\Ironx64.sys [2013-8-3 224416]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\NISx64\1404000.028\symnets.sys [2013-8-3 433752]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-4-19 202752]
R2 Freemake Improver;Freemake Improver;C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [2013-7-9 101888]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-1-25 13336]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2012-8-23 13672]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-9-12 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-9-12 701512]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe [2013-8-3 144368]
R2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.8.13\SymcPCCULaunchSvc.exe [2011-4-29 177080]
R2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.8.13\ccSvcHst.exe [2011-4-29 126392]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-10-20 140376]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-1-25 56344]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-6-25 25928]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-1-25 239616]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2011-3-15 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-7-8 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-5-5 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2013-10-10 04:11:03 633856 ----a-w- C:\Windows\System32\comctl32.dll
2013-10-10 04:11:03 530432 ----a-w- C:\Windows\SysWow64\comctl32.dll
2013-10-10 04:10:18 368128 ----a-w- C:\Windows\System32\atmfd.dll
2013-10-10 04:10:18 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
2013-10-10 04:10:17 70656 ----a-w- C:\Windows\SysWow64\fontsub.dll
2013-10-10 04:10:17 46080 ----a-w- C:\Windows\System32\atmlib.dll
2013-10-10 04:10:17 41472 ----a-w- C:\Windows\System32\lpk.dll
2013-10-10 04:10:17 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2013-10-10 04:10:17 25600 ----a-w- C:\Windows\SysWow64\lpk.dll
2013-10-10 04:10:17 14336 ----a-w- C:\Windows\System32\dciman32.dll
2013-10-10 04:10:17 10240 ----a-w- C:\Windows\SysWow64\dciman32.dll
2013-10-10 04:10:17 100864 ----a-w- C:\Windows\System32\fontsub.dll
2013-10-10 04:05:15 785624 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys
2013-10-10 04:04:13 100864 ----a-w- C:\Windows\System32\drivers\usbcir.sys
2013-10-10 04:04:11 76800 ----a-w- C:\Windows\System32\drivers\hidclass.sys
2013-10-10 04:04:11 42496 ----a-w- C:\Windows\System32\drivers\usbscan.sys
2013-10-10 04:04:11 32896 ----a-w- C:\Windows\System32\drivers\hidparse.sys
2013-10-10 03:59:11 81920 ----a-w- C:\Windows\SysWow64\davclnt.dll
2013-10-10 03:59:11 259584 ----a-w- C:\Windows\System32\WebClnt.dll
2013-10-10 03:59:11 205824 ----a-w- C:\Windows\SysWow64\WebClnt.dll
2013-10-10 03:59:11 140800 ----a-w- C:\Windows\System32\drivers\mrxdav.sys
2013-10-10 03:59:11 102400 ----a-w- C:\Windows\System32\davclnt.dll
2013-10-10 03:59:07 497152 ----a-w- C:\Windows\System32\drivers\afd.sys
2013-10-10 03:59:07 327168 ----a-w- C:\Windows\System32\mswsock.dll
2013-10-10 03:59:07 231424 ----a-w- C:\Windows\SysWow64\mswsock.dll
2013-10-10 03:59:07 1903552 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-10-10 03:56:45 124112 ----a-w- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
2013-10-10 03:56:45 102608 ----a-w- C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2013-10-10 03:56:44 983488 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2013-10-10 03:56:43 461312 ----a-w- C:\Windows\System32\scavengeui.dll
2013-09-30 04:46:26 -------- d-----w- C:\Program Files (x86)\AstroViewer 3.1.6
2013-09-30 04:46:22 -------- d-----w- C:\Users\Rod\applogs
2013-09-30 04:46:21 -------- d--h--w- C:\jexepackres
.
==================== Find3M ====================
.
2013-10-09 18:30:19 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-10-09 18:30:19 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-09-22 23:28:06 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-09-22 23:27:49 2876928 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-09-22 23:27:48 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-09-22 23:27:48 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-09-22 22:55:10 2241024 ----a-w- C:\Windows\System32\wininet.dll
2013-09-22 22:54:51 3959296 ----a-w- C:\Windows\System32\jscript9.dll
2013-09-22 22:54:50 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-09-22 22:54:50 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-09-21 03:38:39 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-09-21 03:30:24 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-09-21 02:48:36 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-09-21 02:39:47 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-08-29 02:17:48 5549504 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-08-29 02:16:35 1732032 ----a-w- C:\Windows\System32\ntdll.dll
2013-08-29 02:16:28 243712 ----a-w- C:\Windows\System32\wow64.dll
2013-08-29 02:16:14 859648 ----a-w- C:\Windows\System32\tdh.dll
2013-08-29 02:13:28 878080 ----a-w- C:\Windows\System32\advapi32.dll
2013-08-29 01:51:45 3969472 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-08-29 01:51:45 3914176 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-08-29 01:50:31 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2013-08-29 01:50:30 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll
2013-08-29 01:50:16 619520 ----a-w- C:\Windows\SysWow64\tdh.dll
2013-08-29 01:48:17 640512 ----a-w- C:\Windows\SysWow64\advapi32.dll
2013-08-29 01:48:15 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2013-08-29 00:49:53 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2013-08-29 00:49:52 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2013-08-29 00:49:52 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2013-08-29 00:49:49 2048 ----a-w- C:\Windows\SysWow64\user.exe
2013-08-28 01:21:06 3155968 ----a-w- C:\Windows\System32\win32k.sys
2013-08-05 02:25:45 155584 ----a-w- C:\Windows\System32\drivers\ataport.sys
2013-08-03 20:54:25 177312 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2013-08-02 02:14:57 215040 ----a-w- C:\Windows\System32\winsrv.dll
2013-08-02 02:13:34 424448 ----a-w- C:\Windows\System32\KernelBase.dll
2013-08-02 01:50:42 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2013-08-02 01:09:17 338432 ----a-w- C:\Windows\System32\conhost.exe
2013-08-02 00:59:09 112640 ----a-w- C:\Windows\System32\smss.exe
2013-08-02 00:43:05 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2013-08-02 00:43:05 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2013-08-02 00:43:05 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2013-08-02 00:43:05 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
.
============= FINISH: 14:56:53.02 ===============Here's attach.txt:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 1/29/2010 4:50:46 PM
System Uptime: 10/24/2013 11:20:28 AM (3 hours ago)
.
Motherboard: MSI | | IONA
Processor: Intel® Core i5 CPU 750 @ 2.67GHz | CPU 1 | 2241/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 585 GiB total, 414.242 GiB free.
D: is FIXED (NTFS) - 11 GiB total, 1.588 GiB free.
E: is CDROM (CDFS)
F: is Removable
G: is Removable
H: is Removable
I: is Removable
J: is Removable
K: is FIXED (NTFS) - 932 GiB total, 412.654 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP411: 10/10/2013 10:23:48 AM - Windows Update
RP412: 10/10/2013 7:03:24 PM - Windows Backup
RP413: 10/11/2013 9:21:45 AM - Windows Backup
RP414: 10/17/2013 4:56:17 PM - Windows Backup
.
==== Installed Programs ======================
.
1999 TurboTax Deluxe
Acrobat.com
ActiveHome Pro
Adobe AIR
Adobe Community Help
Adobe Download Assistant
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader XI (11.0.05)
AnswerWorks 5.0 English Runtime
Anti-phishing Domain Advisor
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft VideoStabilizer
AstroViewer 3.1.6
ATI Catalyst Install Manager
AutoHotkey 1.0.48.05
Bonjour
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center HydraVision Full
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Cisco Connect
Compatibility Pack for the 2007 Office system
CyberLink DVD Suite Deluxe
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
DirectX for Managed Code Update (Summer 2004)
DVD Flick 1.3.0.7
DVD Menu Pack for HP MediaSmart Video
EPSON Printer Software
EPSON Scan
EZ AVI TO WMV Converter 3.00
Free Audio Editor
Freemake Video Converter version 4.0.2
Garmin Communicator Plugin
Garmin USB Drivers
GIMP 2.6.11
Google Chrome
Google Drive
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
Greetings Workshop Deluxe
Hardware Diagnostic Tools
Hewlett-Packard ACLM.NET v1.2.1.1
HP Advisor
HP Customer Experience Enhancements
HP Games
HP MediaSmart Demo
HP MediaSmart DVD
HP MediaSmart Music/Photo/Video
HP MediaSmart SmartMenu
HP MediaSmart/TouchSmart Netflix
HP Odometer
HP Product Detection
HP Remote Solution
HP Setup
HP Support Assistant
HP Support Information
HP Update
HydraVision
Intel® Rapid Storage Technology
iTunes
Java 7 Update 25
Java Auto Updater
Java 6 Update 24
Junk Mail filter update
LabelPrint
LightScribe System Software
LoiLoFit for Everio
Malwarebytes Anti-Malware version 1.75.0.1300
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Live Search Toolbar
Microsoft Money Plus
Microsoft Money Shared Libraries
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office Home and Student 60 day trial
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
Microsoft Silverlight
Microsoft SkyDrive
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft SQL Server Compact 3.5 SP2 x64 ENU
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Works
Microsoft_VC80_ATL_x86
Microsoft_VC80_ATL_x86_x64
Microsoft_VC80_CRT_x86
Microsoft_VC80_CRT_x86_x64
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFC_x86_x64
Microsoft_VC80_MFCLOC_x86
Microsoft_VC80_MFCLOC_x86_x64
Microsoft_VC90_ATL_x86
Microsoft_VC90_ATL_x86_x64
Microsoft_VC90_CRT_x86
Microsoft_VC90_CRT_x86_x64
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFC_x86_x64
Microsoft_VC90_MFCLOC_x86
Microsoft_VC90_MFCLOC_x86_x64
MobileMe Control Panel
Movie Theme Pack for HP MediaSmart Video
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Norton Internet Security
Norton PC Checkup
Picasa 3
PictureMover
PL-2303 USB-to-Serial
PL-2303 Vista Driver Installer
PlayReady PC Runtime amd64
Power2Go
PowerDirector
QuickTime
Realtek High Definition Audio Driver
Recovery Manager
Safari
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft Excel 2010 (KB2826033) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687422) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2760406) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687276) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826023) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826035) 32-Bit Edition
Security Update for Microsoft Outlook 2010 (KB2794707) 32-Bit Edition
Security Update for Microsoft Publisher 2010 (KB2553147) 32-Bit Edition
Security Update for Microsoft Visio 2010 (KB2810068) 32-Bit Edition
Speckie
State CD Installer
TurboTax 2008
TurboTax 2008 wcaiper
TurboTax 2008 WinPerFedFormset
TurboTax 2008 WinPerProgramHelp
TurboTax 2008 WinPerReleaseEngine
TurboTax 2008 WinPerTaxSupport
TurboTax 2008 WinPerUserEducation
TurboTax 2008 wrapper
TurboTax 2009
TurboTax 2009 wcaiper
TurboTax 2009 WinPerFedFormset
TurboTax 2009 WinPerReleaseEngine
TurboTax 2009 WinPerTaxSupport
TurboTax 2009 wrapper
TurboTax 2010
TurboTax 2010 wcaiper
TurboTax 2010 WinPerFedFormset
TurboTax 2010 WinPerReleaseEngine
TurboTax 2010 WinPerTaxSupport
TurboTax 2010 wrapper
TurboTax 2011
TurboTax 2011 wcaiper
TurboTax 2011 WinPerFedFormset
TurboTax 2011 WinPerReleaseEngine
TurboTax 2011 WinPerTaxSupport
TurboTax 2011 wrapper
TurboTax 2012
TurboTax 2012 wcaiper
TurboTax 2012 WinPerFedFormset
TurboTax 2012 WinPerReleaseEngine
TurboTax 2012 WinPerTaxSupport
TurboTax 2012 wrapper
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition
Update for Microsoft Word 2010 (KB2827323) 32-Bit Edition
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinHTTrack Website Copier 3.47-25
.
==== Event Viewer Messages From Past Week ========
.
10/21/2013 9:35:30 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service.
10/20/2013 9:33:59 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Freemake Improver service to connect.
10/20/2013 9:33:59 PM, Error: Service Control Manager [7000] - The Freemake Improver service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================
I'll run roguekiller next...
thanks
-
I ran your 'Anti-Malware' tool, and it found 50 malware items. I selected them all and removed them thru the tool. I'll see if this fixes the problem. If not, I'll continue following your instructions.
Is it likely that I still need to run Rogekiller even though I ran the Anti-Malware tool?
thanks!
-
Hi,
How do I get rid of the redirect that takes me to Bing when I am using Explorer? Frustrating...
I'm running Windows 7 64bit, with Explorer 10
thanks!
-
Things still look good. No more redirects.
Thanks for your help! Glad there are folks like you that can stay 1 step ahead of the bad guys.... and are willing to help others.
Too bad some people see messing with someone else's computer as 'sport' these days....
Thanks again,
Rod
-
Ran Combofix as directed. I have not seen any redirects after running Combofix (20-30 Google tries).
Below is the Combofix log file. From this log file can you see if there was something found/fixed?
thanks again
ComboFix 12-06-28.03 - Rod 06/29/2012 10:28:57.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.8151.6016 [GMT -7:00]
Running from: c:\users\Rod\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Rod\AppData\Local\Apple Computer\Apple\vpcqypvt.dll
c:\users\Rod\AppData\Roaming\Mozilla\Firefox\Profiles\pxw97tka.default\extensions\crossriderapp2258@crossrider.com
c:\users\Rod\AppData\Roaming\Mozilla\Firefox\Profiles\pxw97tka.default\extensions\crossriderapp2258@crossrider.com\chrome.manifest
c:\users\Rod\AppData\Roaming\Mozilla\Firefox\Profiles\pxw97tka.default\extensions\crossriderapp2258@crossrider.com\chrome\content\background.html
c:\users\Rod\AppData\Roaming\Mozilla\Firefox\Profiles\pxw97tka.default\extensions\crossriderapp2258@crossrider.com\chrome\content\browser.xul
c:\users\Rod\AppData\Roaming\Mozilla\Firefox\Profiles\pxw97tka.default\extensions\crossriderapp2258@crossrider.com\chrome\content\crossrider.js
c:\users\Rod\AppData\Roaming\Mozilla\Firefox\Profiles\pxw97tka.default\extensions\crossriderapp2258@crossrider.com\chrome\content\crossriderapi.js
c:\users\Rod\AppData\Roaming\Mozilla\Firefox\Profiles\pxw97tka.default\extensions\crossriderapp2258@crossrider.com\chrome\content\dialog.js
c:\users\Rod\AppData\Roaming\Mozilla\Firefox\Profiles\pxw97tka.default\extensions\crossriderapp2258@crossrider.com\chrome\content\lib\faye-browser-min.js
c:\users\Rod\AppData\Roaming\Mozilla\Firefox\Profiles\pxw97tka.default\extensions\crossriderapp2258@crossrider.com\chrome\content\manage-apps-style.css
c:\users\Rod\AppData\Roaming\Mozilla\Firefox\Profiles\pxw97tka.default\extensions\crossriderapp2258@crossrider.com\chrome\content\manage-apps.html
c:\users\Rod\AppData\Roaming\Mozilla\Firefox\Profiles\pxw97tka.default\extensions\crossriderapp2258@crossrider.com\chrome\content\messaging.js
c:\users\Rod\AppData\Roaming\Mozilla\Firefox\Profiles\pxw97tka.default\extensions\crossriderapp2258@crossrider.com\chrome\content\options.js
c:\users\Rod\AppData\Roaming\Mozilla\Firefox\Profiles\pxw97tka.default\extensions\crossriderapp2258@crossrider.com\chrome\content\options.xul
c:\users\Rod\AppData\Roaming\Mozilla\Firefox\Profiles\pxw97tka.default\extensions\crossriderapp2258@crossrider.com\chrome\content\push.html
c:\users\Rod\AppData\Roaming\Mozilla\Firefox\Profiles\pxw97tka.default\extensions\crossriderapp2258@crossrider.com\chrome\content\search_dialog.xul
c:\users\Rod\AppData\Roaming\Mozilla\Firefox\Profiles\pxw97tka.default\extensions\crossriderapp2258@crossrider.com\chrome\content\update.html
c:\users\Rod\AppData\Roaming\Mozilla\Firefox\Profiles\pxw97tka.default\extensions\crossriderapp2258@crossrider.com\defaults\preferences\prefs.js
c:\users\Rod\AppData\Roaming\Mozilla\Firefox\Profiles\pxw97tka.default\extensions\crossriderapp2258@crossrider.com\install.rdf
c:\users\Rod\AppData\Roaming\Mozilla\Firefox\Profiles\pxw97tka.default\extensions\crossriderapp2258@crossrider.com\locale\en-US\translations.dtd
c:\users\Rod\AppData\Roaming\Mozilla\Firefox\Profiles\pxw97tka.default\extensions\crossriderapp2258@crossrider.com\skin\button1.png
c:\users\Rod\AppData\Roaming\Mozilla\Firefox\Profiles\pxw97tka.default\extensions\crossriderapp2258@crossrider.com\skin\button2.png
c:\users\Rod\AppData\Roaming\Mozilla\Firefox\Profiles\pxw97tka.default\extensions\crossriderapp2258@crossrider.com\skin\button3.png
c:\users\Rod\AppData\Roaming\Mozilla\Firefox\Profiles\pxw97tka.default\extensions\crossriderapp2258@crossrider.com\skin\button4.png
c:\users\Rod\AppData\Roaming\Mozilla\Firefox\Profiles\pxw97tka.default\extensions\crossriderapp2258@crossrider.com\skin\button5.png
c:\users\Rod\AppData\Roaming\Mozilla\Firefox\Profiles\pxw97tka.default\extensions\crossriderapp2258@crossrider.com\skin\crossrider_statusbar.png
c:\users\Rod\AppData\Roaming\Mozilla\Firefox\Profiles\pxw97tka.default\extensions\crossriderapp2258@crossrider.com\skin\icon128.png
c:\users\Rod\AppData\Roaming\Mozilla\Firefox\Profiles\pxw97tka.default\extensions\crossriderapp2258@crossrider.com\skin\icon16.png
c:\users\Rod\AppData\Roaming\Mozilla\Firefox\Profiles\pxw97tka.default\extensions\crossriderapp2258@crossrider.com\skin\icon24.png
c:\users\Rod\AppData\Roaming\Mozilla\Firefox\Profiles\pxw97tka.default\extensions\crossriderapp2258@crossrider.com\skin\icon48.png
c:\users\Rod\AppData\Roaming\Mozilla\Firefox\Profiles\pxw97tka.default\extensions\crossriderapp2258@crossrider.com\skin\panelarrow-up.png
c:\users\Rod\AppData\Roaming\Mozilla\Firefox\Profiles\pxw97tka.default\extensions\crossriderapp2258@crossrider.com\skin\popup.css
c:\users\Rod\AppData\Roaming\Mozilla\Firefox\Profiles\pxw97tka.default\extensions\crossriderapp2258@crossrider.com\skin\popup.html
c:\users\Rod\AppData\Roaming\Mozilla\Firefox\Profiles\pxw97tka.default\extensions\crossriderapp2258@crossrider.com\skin\popup_binding.xml
c:\users\Rod\AppData\Roaming\Mozilla\Firefox\Profiles\pxw97tka.default\extensions\crossriderapp2258@crossrider.com\skin\skin.css
c:\users\Rod\AppData\Roaming\Mozilla\Firefox\Profiles\pxw97tka.default\extensions\crossriderapp2258@crossrider.com\skin\update.css
c:\users\Rod\Documents\~WRL3478.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-05-28 to 2012-06-29 )))))))))))))))))))))))))))))))
.
.
2012-06-26 04:54 . 2012-06-26 04:54 -------- d-----w- c:\users\Rod\AppData\Roaming\Malwarebytes
2012-06-26 04:54 . 2012-06-26 04:54 -------- d-----w- c:\programdata\Malwarebytes
2012-06-26 04:54 . 2012-06-26 04:54 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-06-26 04:54 . 2012-04-04 22:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-22 17:08 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-22 17:08 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-22 17:08 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-22 17:08 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-22 17:08 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-22 17:08 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-22 17:08 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-22 17:07 . 2012-06-02 22:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-22 17:07 . 2012-06-02 22:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-21 20:54 . 2012-06-21 20:54 -------- d-----w- c:\program files (x86)\Cisco Systems
2012-06-17 23:09 . 2012-06-17 23:09 -------- d-----w- c:\program files\iTunes
2012-06-17 23:09 . 2012-06-17 23:09 -------- d-----w- c:\program files (x86)\iTunes
2012-06-17 23:09 . 2012-06-17 23:09 -------- d-----w- c:\program files\iPod
2012-06-17 22:52 . 2012-06-17 22:52 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2012-06-17 22:52 . 2012-06-17 22:52 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2012-06-17 22:52 . 2012-06-17 22:52 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2012-06-17 22:52 . 2012-06-17 22:52 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2012-06-17 22:52 . 2012-06-17 22:52 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2012-06-17 22:52 . 2012-06-17 22:52 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2012-06-17 22:52 . 2012-06-17 22:52 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2012-06-17 22:51 . 2012-06-17 22:52 -------- d-----w- c:\program files (x86)\QuickTime
2012-06-17 22:44 . 2012-06-17 22:44 -------- d-----w- c:\program files\Bonjour
2012-06-17 22:44 . 2012-06-17 22:44 -------- d-----w- c:\program files (x86)\Bonjour
2012-06-13 15:05 . 2012-04-26 05:34 76288 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-13 15:05 . 2012-04-26 05:34 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-13 15:05 . 2012-04-26 05:28 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-13 15:05 . 2012-05-02 05:32 208896 ----a-w- c:\windows\system32\profsvc.dll
2012-06-13 15:05 . 2012-05-04 10:52 5505392 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-06-13 15:05 . 2012-05-04 10:08 3902320 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-06-13 15:04 . 2012-05-04 10:08 3958128 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-06-13 15:04 . 2012-05-15 01:32 3144192 ----a-w- c:\windows\system32\win32k.sys
2012-06-13 15:04 . 2012-04-28 03:50 204800 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-13 15:04 . 2012-04-07 12:18 3213824 ----a-w- c:\windows\system32\msi.dll
2012-06-13 15:04 . 2012-04-07 11:34 2342400 ----a-w- c:\windows\SysWow64\msi.dll
2012-06-13 15:04 . 2012-04-24 05:59 182272 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-13 15:04 . 2012-04-24 05:59 1460224 ----a-w- c:\windows\system32\crypt32.dll
2012-06-13 15:04 . 2012-04-24 05:59 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-13 15:04 . 2012-04-24 04:47 139264 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-06-13 15:04 . 2012-04-24 04:47 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-06-13 15:04 . 2012-04-24 04:47 1156608 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-06-08 04:42 . 2012-06-28 03:34 -------- d-----r- c:\users\Rod\Dropbox
2012-06-08 04:37 . 2012-06-28 22:40 -------- d-----w- c:\users\Rod\AppData\Roaming\Dropbox
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-03 15:34 . 2011-04-28 02:55 175736 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2012-04-25 19:11 . 2012-04-25 19:11 52736 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
2012-04-25 19:11 . 2012-04-25 19:11 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-04-19 03:56 . 2012-04-19 03:56 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2012-04-19 03:56 . 2012-04-19 03:56 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\Rod\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\Rod\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\Rod\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPADVISOR"="c:\program files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2009-09-29 1685048]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-01-27 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"HP Remote Solution"="c:\program files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe" [2009-08-25 656896]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2009-10-02 284696]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-03-11 98304]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"Anti-phishing Domain Advisor"="c:\programdata\Anti-phishing Domain Advisor\visicom_antiphishing.exe" [2011-07-29 217256]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-08 421776]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
c:\users\Rod\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Rod\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-6-13 27595032]
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2011-9-2 227712]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe [2009-6-3 430080]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-27 136176]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-10 86072]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-27 136176]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 PCDSRVC{F36B3A4C-F95654BD-06000000}_0;PCDSRVC{F36B3A4C-F95654BD-06000000}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms [2009-09-17 23536]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-04-25 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-05 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1307010.005\SYMDS64.SYS [2012-03-29 451192]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1307010.005\SYMEFA64.SYS [2012-03-29 1092728]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.0.9\Definitions\BASHDefs\20120619.001\BHDrvx64.sys [2012-06-19 1161376]
S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1307010.005\ccSetx64.sys [2011-11-29 167048]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.0.9\Definitions\IPSDefs\20120628.001\IDSvia64.sys [2012-06-14 509088]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1307010.005\Ironx64.SYS [2012-03-29 190072]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1307010.005\SYMNETS.SYS [2012-03-29 405624]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-03-11 202752]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-29 94264]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-10-02 13336]
S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-08-26 13672]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe [2012-03-27 138232]
S2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files (x86)\Norton PC Checkup\Engine\2.0.8.13\SymcPCCULaunchSvc.exe [2011-12-16 177080]
S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.8.13\ccSvcHst.exe [2009-08-24 126392]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [2010-03-11 6403072]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-03-11 188928]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-05-31 138912]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 24904]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-08-21 239616]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-27 22:07]
.
2012-06-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-27 22:07]
.
2012-06-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-258491159-1904954851-485267930-1000Core.job
- c:\users\Rod\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-11 18:04]
.
2012-06-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-258491159-1904954851-485267930-1000UA.job
- c:\users\Rod\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-11 18:04]
.
2012-06-19 c:\windows\Tasks\HPCeeScheduleForRod.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
2012-05-31 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdrcui.exe [2009-09-18 07:11]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 97792 ----a-w- c:\users\Rod\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 97792 ----a-w- c:\users\Rod\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 97792 ----a-w- c:\users\Rod\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 97792 ----a-w- c:\users\Rod\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-09-15 610360]
"PC-Doctor for Windows localizer"="c:\program files\PC-Doctor for Windows\localizer.exe" [2009-09-17 95728]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-16 499608]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
uLocal Page = c:\windows\system32\blank.htm
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.0.1 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-Apple - c:\users\Rod\AppData\Local\Apple Computer\Apple\vpcqypvt.dll
AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\19.7.1.5\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCCUJobMgr]
"ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.8.13\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.8.13\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{F36B3A4C-F95654BD-06000000}_0]
"ImagePath"="\??\c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
c:\program files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
.
**************************************************************************
.
Completion time: 2012-06-29 10:41:09 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-29 17:41
.
Pre-Run: 541,084,131,328 bytes free
Post-Run: 542,415,908,864 bytes free
.
- - End Of File - - DFD6341AA8A59AEBECD2EB72DC7B3779
-
thanks
Here's the bottom 1/2 of the log:
21:02:30.0910 2124 MRxDAV - ok
21:02:30.0942 2124 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:02:30.0973 2124 mrxsmb - ok
21:02:31.0020 2124 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:02:31.0051 2124 mrxsmb10 - ok
21:02:31.0066 2124 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:02:31.0082 2124 mrxsmb20 - ok
21:02:31.0098 2124 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
21:02:31.0113 2124 msahci - ok
21:02:31.0144 2124 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
21:02:31.0160 2124 msdsm - ok
21:02:31.0176 2124 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
21:02:31.0191 2124 MSDTC - ok
21:02:31.0222 2124 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
21:02:31.0238 2124 Msfs - ok
21:02:31.0254 2124 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
21:02:31.0269 2124 mshidkmdf - ok
21:02:31.0285 2124 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
21:02:31.0300 2124 msisadrv - ok
21:02:31.0332 2124 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
21:02:31.0378 2124 MSiSCSI - ok
21:02:31.0378 2124 msiserver - ok
21:02:31.0410 2124 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
21:02:31.0441 2124 MSKSSRV - ok
21:02:31.0456 2124 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
21:02:31.0472 2124 MSPCLOCK - ok
21:02:31.0488 2124 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
21:02:31.0503 2124 MSPQM - ok
21:02:31.0550 2124 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
21:02:31.0581 2124 MsRPC - ok
21:02:31.0581 2124 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
21:02:31.0597 2124 mssmbios - ok
21:02:31.0612 2124 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
21:02:31.0628 2124 MSTEE - ok
21:02:31.0644 2124 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
21:02:31.0659 2124 MTConfig - ok
21:02:31.0675 2124 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
21:02:31.0690 2124 Mup - ok
21:02:31.0737 2124 napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll
21:02:31.0784 2124 napagent - ok
21:02:31.0831 2124 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
21:02:31.0862 2124 NativeWifiP - ok
21:02:32.0049 2124 NAVENG (8043d41f881d6ace40b854ad6e32217f) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.0.9\Definitions\VirusDefs\20120628.004\ENG64.SYS
21:02:32.0065 2124 NAVENG - ok
21:02:32.0236 2124 NAVEX15 (9a9ab2fc45d701daed465d14980f1305) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.0.9\Definitions\VirusDefs\20120628.004\EX64.SYS
21:02:32.0283 2124 NAVEX15 - ok
21:02:32.0455 2124 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
21:02:32.0502 2124 NDIS - ok
21:02:32.0502 2124 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
21:02:32.0533 2124 NdisCap - ok
21:02:32.0548 2124 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
21:02:32.0564 2124 NdisTapi - ok
21:02:32.0595 2124 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
21:02:32.0611 2124 Ndisuio - ok
21:02:32.0642 2124 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
21:02:32.0673 2124 NdisWan - ok
21:02:32.0689 2124 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
21:02:32.0720 2124 NDProxy - ok
21:02:32.0720 2124 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
21:02:32.0751 2124 NetBIOS - ok
21:02:32.0782 2124 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
21:02:32.0798 2124 NetBT - ok
21:02:32.0829 2124 Netlogon (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
21:02:32.0845 2124 Netlogon - ok
21:02:32.0892 2124 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
21:02:32.0923 2124 Netman - ok
21:02:32.0970 2124 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
21:02:33.0001 2124 netprofm - ok
21:02:33.0063 2124 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:02:33.0094 2124 NetTcpPortSharing - ok
21:02:33.0110 2124 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
21:02:33.0126 2124 nfrd960 - ok
21:02:33.0235 2124 NIS (c6948f034d7edabcfa2234d399fc78bc) C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe
21:02:33.0250 2124 NIS - ok
21:02:33.0282 2124 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll
21:02:33.0328 2124 NlaSvc - ok
21:02:33.0360 2124 Norton PC Checkup Application Launcher - ok
21:02:33.0375 2124 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
21:02:33.0391 2124 Npfs - ok
21:02:33.0406 2124 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
21:02:33.0422 2124 nsi - ok
21:02:33.0438 2124 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
21:02:33.0453 2124 nsiproxy - ok
21:02:33.0609 2124 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
21:02:33.0656 2124 Ntfs - ok
21:02:33.0781 2124 NuidFltr (d4012918d3a3847b44b888d56bc095d6) C:\Windows\system32\DRIVERS\NuidFltr.sys
21:02:33.0796 2124 NuidFltr - ok
21:02:33.0812 2124 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
21:02:33.0843 2124 Null - ok
21:02:33.0890 2124 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
21:02:33.0921 2124 nvraid - ok
21:02:33.0968 2124 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
21:02:33.0984 2124 nvstor - ok
21:02:34.0015 2124 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
21:02:34.0046 2124 nv_agp - ok
21:02:34.0062 2124 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
21:02:34.0077 2124 ohci1394 - ok
21:02:34.0140 2124 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:02:34.0155 2124 ose - ok
21:02:34.0592 2124 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
21:02:34.0654 2124 osppsvc - ok
21:02:34.0779 2124 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
21:02:34.0810 2124 p2pimsvc - ok
21:02:34.0842 2124 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
21:02:34.0873 2124 p2psvc - ok
21:02:34.0920 2124 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
21:02:34.0935 2124 Parport - ok
21:02:34.0966 2124 partmgr (90061b1acfe8ccaa5345750ffe08d8b8) C:\Windows\system32\drivers\partmgr.sys
21:02:34.0982 2124 partmgr - ok
21:02:35.0013 2124 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
21:02:35.0029 2124 PcaSvc - ok
21:02:35.0091 2124 PCCUJobMgr (2f86be1818c2d7ac90478e3323ee7fcb) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.8.13\ccSvcHst.exe
21:02:35.0107 2124 PCCUJobMgr - ok
21:02:35.0278 2124 PCDSRVC{F36B3A4C-F95654BD-06000000}_0 (51209fbdb13a46e05c1b0077a9310264) c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms
21:02:35.0294 2124 PCDSRVC{F36B3A4C-F95654BD-06000000}_0 - ok
21:02:35.0403 2124 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
21:02:35.0419 2124 pci - ok
21:02:35.0450 2124 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
21:02:35.0466 2124 pciide - ok
21:02:35.0497 2124 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
21:02:35.0528 2124 pcmcia - ok
21:02:35.0544 2124 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
21:02:35.0544 2124 pcw - ok
21:02:35.0606 2124 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
21:02:35.0668 2124 PEAUTH - ok
21:02:35.0746 2124 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
21:02:35.0762 2124 PerfHost - ok
21:02:35.0902 2124 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll
21:02:35.0949 2124 pla - ok
21:02:35.0996 2124 PlugPlay (98b1721b8718164293b9701b98c52d77) C:\Windows\system32\umpnpmgr.dll
21:02:36.0027 2124 PlugPlay - ok
21:02:36.0027 2124 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
21:02:36.0043 2124 PNRPAutoReg - ok
21:02:36.0074 2124 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
21:02:36.0090 2124 PNRPsvc - ok
21:02:36.0152 2124 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll
21:02:36.0183 2124 PolicyAgent - ok
21:02:36.0230 2124 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
21:02:36.0261 2124 Power - ok
21:02:36.0292 2124 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
21:02:36.0308 2124 PptpMiniport - ok
21:02:36.0324 2124 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
21:02:36.0339 2124 Processor - ok
21:02:36.0386 2124 ProfSvc (97293447431311c06703368ad0f6c4be) C:\Windows\system32\profsvc.dll
21:02:36.0386 2124 ProfSvc - ok
21:02:36.0417 2124 ProtectedStorage (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
21:02:36.0448 2124 ProtectedStorage - ok
21:02:36.0464 2124 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
21:02:36.0495 2124 Psched - ok
21:02:36.0636 2124 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
21:02:36.0667 2124 ql2300 - ok
21:02:36.0776 2124 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
21:02:36.0792 2124 ql40xx - ok
21:02:36.0838 2124 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
21:02:36.0870 2124 QWAVE - ok
21:02:36.0885 2124 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
21:02:36.0901 2124 QWAVEdrv - ok
21:02:36.0916 2124 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
21:02:36.0963 2124 RasAcd - ok
21:02:36.0994 2124 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
21:02:37.0010 2124 RasAgileVpn - ok
21:02:37.0026 2124 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
21:02:37.0057 2124 RasAuto - ok
21:02:37.0072 2124 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:02:37.0104 2124 Rasl2tp - ok
21:02:37.0135 2124 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll
21:02:37.0166 2124 RasMan - ok
21:02:37.0166 2124 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
21:02:37.0197 2124 RasPppoe - ok
21:02:37.0213 2124 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
21:02:37.0244 2124 RasSstp - ok
21:02:37.0260 2124 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
21:02:37.0291 2124 rdbss - ok
21:02:37.0306 2124 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
21:02:37.0322 2124 rdpbus - ok
21:02:37.0322 2124 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:02:37.0353 2124 RDPCDD - ok
21:02:37.0353 2124 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
21:02:37.0384 2124 RDPENCDD - ok
21:02:37.0400 2124 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
21:02:37.0416 2124 RDPREFMP - ok
21:02:37.0462 2124 RDPWD (447de7e3dea39d422c1504f245b668b1) C:\Windows\system32\drivers\RDPWD.sys
21:02:37.0478 2124 RDPWD - ok
21:02:37.0509 2124 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
21:02:37.0525 2124 rdyboost - ok
21:02:37.0540 2124 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
21:02:37.0572 2124 RemoteAccess - ok
21:02:37.0603 2124 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
21:02:37.0634 2124 RemoteRegistry - ok
21:02:37.0634 2124 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
21:02:37.0681 2124 RpcEptMapper - ok
21:02:37.0696 2124 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
21:02:37.0696 2124 RpcLocator - ok
21:02:37.0759 2124 RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
21:02:37.0790 2124 RpcSs - ok
21:02:37.0806 2124 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
21:02:37.0837 2124 rspndr - ok
21:02:37.0884 2124 RTL8167 (3b01789ee4eaee97f5eb46b711387d5e) C:\Windows\system32\DRIVERS\Rt64win7.sys
21:02:37.0884 2124 RTL8167 - ok
21:02:37.0915 2124 SamSs (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
21:02:37.0930 2124 SamSs - ok
21:02:37.0946 2124 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
21:02:37.0962 2124 sbp2port - ok
21:02:38.0008 2124 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
21:02:38.0040 2124 SCardSvr - ok
21:02:38.0040 2124 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
21:02:38.0071 2124 scfilter - ok
21:02:38.0196 2124 Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\Windows\system32\schedsvc.dll
21:02:38.0211 2124 Schedule - ok
21:02:38.0242 2124 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
21:02:38.0289 2124 SCPolicySvc - ok
21:02:38.0305 2124 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll
21:02:38.0320 2124 SDRSVC - ok
21:02:38.0352 2124 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
21:02:38.0383 2124 secdrv - ok
21:02:38.0398 2124 seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll
21:02:38.0414 2124 seclogon - ok
21:02:38.0430 2124 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
21:02:38.0461 2124 SENS - ok
21:02:38.0476 2124 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
21:02:38.0492 2124 SensrSvc - ok
21:02:38.0523 2124 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
21:02:38.0523 2124 Serenum - ok
21:02:38.0554 2124 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
21:02:38.0570 2124 Serial - ok
21:02:38.0586 2124 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
21:02:38.0601 2124 sermouse - ok
21:02:38.0617 2124 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll
21:02:38.0648 2124 SessionEnv - ok
21:02:38.0664 2124 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
21:02:38.0679 2124 sffdisk - ok
21:02:38.0679 2124 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
21:02:38.0695 2124 sffp_mmc - ok
21:02:38.0710 2124 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
21:02:38.0726 2124 sffp_sd - ok
21:02:38.0742 2124 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
21:02:38.0742 2124 sfloppy - ok
21:02:38.0804 2124 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
21:02:38.0851 2124 SharedAccess - ok
21:02:38.0898 2124 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll
21:02:38.0929 2124 ShellHWDetection - ok
21:02:38.0944 2124 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:02:38.0944 2124 SiSRaid2 - ok
21:02:38.0976 2124 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
21:02:38.0976 2124 SiSRaid4 - ok
21:02:38.0991 2124 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
21:02:39.0038 2124 Smb - ok
21:02:39.0054 2124 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
21:02:39.0069 2124 SNMPTRAP - ok
21:02:39.0069 2124 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
21:02:39.0085 2124 spldr - ok
21:02:39.0163 2124 Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\Windows\System32\spoolsv.exe
21:02:39.0194 2124 Spooler - ok
21:02:39.0459 2124 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe
21:02:39.0537 2124 sppsvc - ok
21:02:39.0631 2124 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
21:02:39.0678 2124 sppuinotify - ok
21:02:39.0818 2124 SRTSP (06b9a7ba94356ec5207c5ddb59540378) C:\Windows\System32\Drivers\NISx64\1307010.005\SRTSP64.SYS
21:02:39.0849 2124 SRTSP - ok
21:02:39.0865 2124 SRTSPX (fbb8945a61e55a2345d12487c74a9d76) C:\Windows\system32\drivers\NISx64\1307010.005\SRTSPX64.SYS
21:02:39.0865 2124 SRTSPX - ok
21:02:39.0927 2124 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
21:02:39.0943 2124 srv - ok
21:02:39.0990 2124 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
21:02:40.0005 2124 srv2 - ok
21:02:40.0052 2124 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
21:02:40.0068 2124 srvnet - ok
21:02:40.0083 2124 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
21:02:40.0114 2124 SSDPSRV - ok
21:02:40.0130 2124 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
21:02:40.0161 2124 SstpSvc - ok
21:02:40.0177 2124 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
21:02:40.0192 2124 stexstor - ok
21:02:40.0255 2124 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll
21:02:40.0286 2124 stisvc - ok
21:02:40.0302 2124 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
21:02:40.0317 2124 swenum - ok
21:02:40.0473 2124 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
21:02:40.0489 2124 SwitchBoard ( UnsignedFile.Multi.Generic ) - warning
21:02:40.0489 2124 SwitchBoard - detected UnsignedFile.Multi.Generic (1)
21:02:40.0536 2124 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
21:02:40.0582 2124 swprv - ok
21:02:40.0629 2124 SymDS (8b2430762099598da40686f754632efd) C:\Windows\system32\drivers\NISx64\1307010.005\SYMDS64.SYS
21:02:40.0660 2124 SymDS - ok
21:02:40.0754 2124 SymEFA (f90c7a190399165d3ab2245048d34786) C:\Windows\system32\drivers\NISx64\1307010.005\SYMEFA64.SYS
21:02:40.0785 2124 SymEFA - ok
21:02:40.0832 2124 SymEvent (898bb48c797483420df523b2bbc1ecdb) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
21:02:40.0848 2124 SymEvent - ok
21:02:40.0894 2124 SymIRON (5013a76caaa1d7cf1c55214b490b4e35) C:\Windows\system32\drivers\NISx64\1307010.005\Ironx64.SYS
21:02:40.0910 2124 SymIRON - ok
21:02:40.0972 2124 SymNetS (3911bd0e68c010e5438a87706abbe9ab) C:\Windows\System32\Drivers\NISx64\1307010.005\SYMNETS.SYS
21:02:40.0988 2124 SymNetS - ok
21:02:41.0144 2124 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll
21:02:41.0191 2124 SysMain - ok
21:02:41.0300 2124 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll
21:02:41.0331 2124 TabletInputService - ok
21:02:41.0362 2124 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll
21:02:41.0394 2124 TapiSrv - ok
21:02:41.0409 2124 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
21:02:41.0440 2124 TBS - ok
21:02:41.0628 2124 Tcpip (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\drivers\tcpip.sys
21:02:41.0659 2124 Tcpip - ok
21:02:41.0877 2124 TCPIP6 (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\DRIVERS\tcpip.sys
21:02:41.0924 2124 TCPIP6 - ok
21:02:42.0002 2124 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
21:02:42.0064 2124 tcpipreg - ok
21:02:42.0080 2124 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
21:02:42.0096 2124 TDPIPE - ok
21:02:42.0127 2124 TDTCP (7518f7bcfd4b308abc9192bacaf6c970) C:\Windows\system32\drivers\tdtcp.sys
21:02:42.0142 2124 TDTCP - ok
21:02:42.0158 2124 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
21:02:42.0205 2124 tdx - ok
21:02:42.0220 2124 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
21:02:42.0220 2124 TermDD - ok
21:02:42.0298 2124 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll
21:02:42.0345 2124 TermService - ok
21:02:42.0361 2124 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
21:02:42.0376 2124 Themes - ok
21:02:42.0408 2124 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
21:02:42.0439 2124 THREADORDER - ok
21:02:42.0454 2124 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
21:02:42.0501 2124 TrkWks - ok
21:02:42.0532 2124 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe
21:02:42.0564 2124 TrustedInstaller - ok
21:02:42.0564 2124 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:02:42.0595 2124 tssecsrv - ok
21:02:42.0610 2124 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
21:02:42.0642 2124 tunnel - ok
21:02:42.0657 2124 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
21:02:42.0657 2124 uagp35 - ok
21:02:42.0704 2124 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
21:02:42.0735 2124 udfs - ok
21:02:42.0751 2124 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
21:02:42.0766 2124 UI0Detect - ok
21:02:42.0782 2124 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
21:02:42.0782 2124 uliagpkx - ok
21:02:42.0813 2124 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
21:02:42.0813 2124 umbus - ok
21:02:42.0829 2124 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
21:02:42.0829 2124 UmPass - ok
21:02:42.0876 2124 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
21:02:42.0891 2124 upnphost - ok
21:02:42.0922 2124 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
21:02:42.0938 2124 USBAAPL64 - ok
21:02:42.0954 2124 usbccgp (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\DRIVERS\usbccgp.sys
21:02:42.0969 2124 usbccgp - ok
21:02:42.0985 2124 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
21:02:43.0000 2124 usbcir - ok
21:02:43.0032 2124 usbehci (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\drivers\usbehci.sys
21:02:43.0032 2124 usbehci - ok
21:02:43.0063 2124 usbhub (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys
21:02:43.0078 2124 usbhub - ok
21:02:43.0110 2124 usbohci (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\drivers\usbohci.sys
21:02:43.0125 2124 usbohci - ok
21:02:43.0141 2124 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
21:02:43.0156 2124 usbprint - ok
21:02:43.0172 2124 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
21:02:43.0188 2124 usbscan - ok
21:02:43.0219 2124 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:02:43.0219 2124 USBSTOR - ok
21:02:43.0250 2124 usbuhci (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\drivers\usbuhci.sys
21:02:43.0266 2124 usbuhci - ok
21:02:43.0281 2124 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
21:02:43.0312 2124 UxSms - ok
21:02:43.0328 2124 VaultSvc (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
21:02:43.0344 2124 VaultSvc - ok
21:02:43.0359 2124 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
21:02:43.0359 2124 vdrvroot - ok
21:02:43.0406 2124 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe
21:02:43.0437 2124 vds - ok
21:02:43.0453 2124 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
21:02:43.0468 2124 vga - ok
21:02:43.0484 2124 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
21:02:43.0515 2124 VgaSave - ok
21:02:43.0546 2124 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
21:02:43.0578 2124 vhdmp - ok
21:02:43.0578 2124 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
21:02:43.0593 2124 viaide - ok
21:02:43.0624 2124 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
21:02:43.0640 2124 volmgr - ok
21:02:43.0671 2124 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
21:02:43.0687 2124 volmgrx - ok
21:02:43.0734 2124 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
21:02:43.0749 2124 volsnap - ok
21:02:43.0765 2124 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
21:02:43.0796 2124 vsmraid - ok
21:02:43.0936 2124 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe
21:02:43.0968 2124 VSS - ok
21:02:44.0077 2124 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
21:02:44.0108 2124 vwifibus - ok
21:02:44.0139 2124 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
21:02:44.0186 2124 W32Time - ok
21:02:44.0186 2124 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
21:02:44.0202 2124 WacomPen - ok
21:02:44.0217 2124 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
21:02:44.0233 2124 WANARP - ok
21:02:44.0233 2124 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
21:02:44.0264 2124 Wanarpv6 - ok
21:02:44.0404 2124 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
21:02:44.0436 2124 WatAdminSvc - ok
21:02:44.0560 2124 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe
21:02:44.0592 2124 wbengine - ok
21:02:44.0670 2124 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
21:02:44.0701 2124 WbioSrvc - ok
21:02:44.0763 2124 wcncsvc (dd1bae8ebfc653824d29ccf8c9054d68) C:\Windows\System32\wcncsvc.dll
21:02:44.0779 2124 wcncsvc - ok
21:02:44.0794 2124 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
21:02:44.0810 2124 WcsPlugInService - ok
21:02:44.0841 2124 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
21:02:44.0857 2124 Wd - ok
21:02:44.0919 2124 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
21:02:44.0950 2124 Wdf01000 - ok
21:02:44.0966 2124 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
21:02:44.0997 2124 WdiServiceHost - ok
21:02:44.0997 2124 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
21:02:45.0013 2124 WdiSystemHost - ok
21:02:45.0060 2124 WebClient (733006127f235be7c35354ebee7b9a7b) C:\Windows\System32\webclnt.dll
21:02:45.0075 2124 WebClient - ok
21:02:45.0106 2124 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
21:02:45.0138 2124 Wecsvc - ok
21:02:45.0153 2124 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
21:02:45.0184 2124 wercplsupport - ok
21:02:45.0200 2124 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
21:02:45.0216 2124 WerSvc - ok
21:02:45.0247 2124 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
21:02:45.0294 2124 WfpLwf - ok
21:02:45.0309 2124 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
21:02:45.0309 2124 WIMMount - ok
21:02:45.0340 2124 WinDefend - ok
21:02:45.0340 2124 WinHttpAutoProxySvc - ok
21:02:45.0418 2124 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
21:02:45.0465 2124 Winmgmt - ok
21:02:45.0637 2124 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll
21:02:45.0684 2124 WinRM - ok
21:02:45.0777 2124 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
21:02:45.0808 2124 WinUsb - ok
21:02:45.0902 2124 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
21:02:45.0933 2124 Wlansvc - ok
21:02:45.0996 2124 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
21:02:46.0011 2124 wlcrasvc - ok
21:02:46.0230 2124 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
21:02:46.0261 2124 wlidsvc - ok
21:02:46.0339 2124 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
21:02:46.0354 2124 WmiAcpi - ok
21:02:46.0417 2124 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
21:02:46.0448 2124 wmiApSrv - ok
21:02:46.0464 2124 WMPNetworkSvc - ok
21:02:46.0495 2124 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
21:02:46.0510 2124 WPCSvc - ok
21:02:46.0542 2124 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll
21:02:46.0557 2124 WPDBusEnum - ok
21:02:46.0573 2124 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
21:02:46.0604 2124 ws2ifsl - ok
21:02:46.0635 2124 wscsvc (8f9f3969933c02da96eb0f84576db43e) C:\Windows\System32\wscsvc.dll
21:02:46.0651 2124 wscsvc - ok
21:02:46.0651 2124 WSearch - ok
21:02:46.0854 2124 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
21:02:46.0885 2124 wuauserv - ok
21:02:47.0010 2124 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
21:02:47.0072 2124 WudfPf - ok
21:02:47.0119 2124 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:02:47.0166 2124 WUDFRd - ok
21:02:47.0197 2124 wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\Windows\System32\WUDFSvc.dll
21:02:47.0228 2124 wudfsvc - ok
21:02:47.0259 2124 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
21:02:47.0275 2124 WwanSvc - ok
21:02:47.0290 2124 MBR (0x1B8) (a8ed7a471985bafd441c2b52f3f4109f) \Device\Harddisk0\DR0
21:02:47.0602 2124 \Device\Harddisk0\DR0 - ok
21:02:47.0618 2124 Boot (0x1200) (ded680b37e1872ad1e1b9d74a0d6ae0a) \Device\Harddisk0\DR0\Partition0
21:02:47.0618 2124 \Device\Harddisk0\DR0\Partition0 - ok
21:02:47.0634 2124 Boot (0x1200) (5cf5f34694c8b9a836392b999c956a0d) \Device\Harddisk0\DR0\Partition1
21:02:47.0649 2124 \Device\Harddisk0\DR0\Partition1 - ok
21:02:47.0680 2124 Boot (0x1200) (495af5d9a1398fe1ea9febb05d119e03) \Device\Harddisk0\DR0\Partition2
21:02:47.0680 2124 \Device\Harddisk0\DR0\Partition2 - ok
21:02:47.0680 2124 ============================================================
21:02:47.0680 2124 Scan finished
21:02:47.0680 2124 ============================================================
21:02:47.0680 1092 Detected object count: 2
21:02:47.0680 1092 Actual detected object count: 2
21:03:23.0670 1092 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
21:03:23.0670 1092 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:03:23.0670 1092 SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user
21:03:23.0670 1092 SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:15:19.0075 7456 ============================================================
21:15:19.0075 7456 Scan started
21:15:19.0075 7456 Mode: Manual; SigCheck; TDLFS;
21:15:19.0075 7456 ============================================================
21:15:19.0559 7456 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
21:15:19.0590 7456 1394ohci - ok
21:15:19.0637 7456 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
21:15:19.0668 7456 ACPI - ok
21:15:19.0684 7456 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
21:15:19.0699 7456 AcpiPmi - ok
21:15:19.0762 7456 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
21:15:19.0793 7456 adp94xx - ok
21:15:19.0840 7456 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
21:15:19.0871 7456 adpahci - ok
21:15:19.0902 7456 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
21:15:19.0918 7456 adpu320 - ok
21:15:19.0949 7456 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
21:15:19.0980 7456 AeLookupSvc - ok
21:15:20.0058 7456 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys
21:15:20.0089 7456 AFD - ok
21:15:20.0121 7456 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
21:15:20.0152 7456 agp440 - ok
21:15:20.0183 7456 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
21:15:20.0245 7456 ALG - ok
21:15:20.0261 7456 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
21:15:20.0277 7456 aliide - ok
21:15:20.0339 7456 AMD External Events Utility (0de7bf2a2e64a841f9abf9558870d9c4) C:\Windows\system32\atiesrxx.exe
21:15:20.0355 7456 AMD External Events Utility - ok
21:15:20.0386 7456 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
21:15:20.0401 7456 amdide - ok
21:15:20.0433 7456 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
21:15:20.0448 7456 AmdK8 - ok
21:15:21.0103 7456 amdkmdag (f284da3156166b45d02acc3c228ade1e) C:\Windows\system32\DRIVERS\atipmdag.sys
21:15:21.0197 7456 amdkmdag - ok
21:15:21.0353 7456 amdkmdap (91e1daf0193bd2ab90b1b35c987237fe) C:\Windows\system32\DRIVERS\atikmpag.sys
21:15:21.0369 7456 amdkmdap - ok
21:15:21.0384 7456 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
21:15:21.0415 7456 AmdPPM - ok
21:15:21.0447 7456 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
21:15:21.0478 7456 amdsata - ok
21:15:21.0509 7456 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
21:15:21.0525 7456 amdsbs - ok
21:15:21.0556 7456 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
21:15:21.0571 7456 amdxata - ok
21:15:21.0603 7456 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
21:15:21.0618 7456 AppID - ok
21:15:21.0649 7456 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
21:15:21.0696 7456 AppIDSvc - ok
21:15:21.0712 7456 Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll
21:15:21.0712 7456 Appinfo - ok
21:15:21.0821 7456 Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:15:21.0837 7456 Apple Mobile Device - ok
21:15:21.0852 7456 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
21:15:21.0868 7456 arc - ok
21:15:21.0899 7456 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
21:15:21.0899 7456 arcsas - ok
21:15:21.0930 7456 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
21:15:21.0961 7456 AsyncMac - ok
21:15:21.0961 7456 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
21:15:21.0977 7456 atapi - ok
21:15:22.0008 7456 AtiHdmiService (77c149e6d702737b2e372dee166faef8) C:\Windows\system32\drivers\AtiHdmi.sys
21:15:22.0008 7456 AtiHdmiService - ok
21:15:22.0632 7456 atikmdag (f284da3156166b45d02acc3c228ade1e) C:\Windows\system32\DRIVERS\atikmdag.sys
21:15:22.0679 7456 atikmdag - ok
21:15:22.0882 7456 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
21:15:22.0929 7456 AudioEndpointBuilder - ok
21:15:22.0929 7456 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
21:15:22.0960 7456 AudioSrv - ok
21:15:22.0975 7456 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll
21:15:22.0991 7456 AxInstSV - ok
21:15:23.0069 7456 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
21:15:23.0100 7456 b06bdrv - ok
21:15:23.0147 7456 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
21:15:23.0178 7456 b57nd60a - ok
21:15:23.0194 7456 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
21:15:23.0225 7456 BDESVC - ok
21:15:23.0241 7456 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
21:15:23.0272 7456 Beep - ok
21:15:23.0334 7456 BFE (4992c609a6315671463e30f6512bc022) C:\Windows\System32\bfe.dll
21:15:23.0412 7456 BFE - ok
21:15:23.0755 7456 BHDrvx64 (c8ab71a5102d0fc103f6dfc750005137) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.0.9\Definitions\BASHDefs\20120619.001\BHDrvx64.sys
21:15:23.0771 7456 BHDrvx64 - ok
21:15:23.0974 7456 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\System32\qmgr.dll
21:15:24.0021 7456 BITS - ok
21:15:24.0067 7456 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
21:15:24.0083 7456 blbdrive - ok
21:15:24.0192 7456 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
21:15:24.0208 7456 Bonjour Service - ok
21:15:24.0239 7456 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
21:15:24.0255 7456 bowser - ok
21:15:24.0270 7456 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:15:24.0301 7456 BrFiltLo - ok
21:15:24.0317 7456 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:15:24.0333 7456 BrFiltUp - ok
21:15:24.0364 7456 Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll
21:15:24.0395 7456 Browser - ok
21:15:24.0442 7456 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
21:15:24.0457 7456 Brserid - ok
21:15:24.0473 7456 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
21:15:24.0489 7456 BrSerWdm - ok
21:15:24.0504 7456 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
21:15:24.0520 7456 BrUsbMdm - ok
21:15:24.0535 7456 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
21:15:24.0551 7456 BrUsbSer - ok
21:15:24.0567 7456 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
21:15:24.0582 7456 BTHMODEM - ok
21:15:24.0598 7456 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
21:15:24.0645 7456 bthserv - ok
21:15:24.0723 7456 ccSet_NIS (0e1737a63aec0f6de231bb59836c0a11) C:\Windows\system32\drivers\NISx64\1307010.005\ccSetx64.sys
21:15:24.0738 7456 ccSet_NIS - ok
21:15:24.0769 7456 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
21:15:24.0801 7456 cdfs - ok
21:15:24.0832 7456 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
21:15:24.0832 7456 cdrom - ok
21:15:24.0847 7456 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
21:15:24.0879 7456 CertPropSvc - ok
21:15:24.0894 7456 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
21:15:24.0910 7456 circlass - ok
21:15:24.0957 7456 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
21:15:24.0972 7456 CLFS - ok
21:15:25.0035 7456 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:15:25.0066 7456 clr_optimization_v2.0.50727_32 - ok
21:15:25.0113 7456 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:15:25.0128 7456 clr_optimization_v2.0.50727_64 - ok
21:15:25.0206 7456 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:15:25.0222 7456 clr_optimization_v4.0.30319_32 - ok
21:15:25.0269 7456 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
21:15:25.0284 7456 clr_optimization_v4.0.30319_64 - ok
21:15:25.0300 7456 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
21:15:25.0315 7456 CmBatt - ok
21:15:25.0347 7456 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
21:15:25.0362 7456 cmdide - ok
21:15:25.0425 7456 CNG (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys
21:15:25.0471 7456 CNG - ok
21:15:25.0487 7456 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
21:15:25.0503 7456 Compbatt - ok
21:15:25.0518 7456 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
21:15:25.0534 7456 CompositeBus - ok
21:15:25.0534 7456 COMSysApp - ok
21:15:25.0565 7456 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
21:15:25.0565 7456 crcdisk - ok
21:15:25.0612 7456 CryptSvc (f02786b66375292e58c8777082d4396d) C:\Windows\system32\cryptsvc.dll
21:15:25.0643 7456 CryptSvc - ok
21:15:25.0705 7456 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
21:15:25.0752 7456 DcomLaunch - ok
21:15:25.0799 7456 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
21:15:25.0815 7456 defragsvc - ok
21:15:25.0861 7456 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
21:15:25.0861 7456 DfsC - ok
21:15:25.0908 7456 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll
21:15:25.0939 7456 Dhcp - ok
21:15:25.0955 7456 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
21:15:25.0986 7456 discache - ok
21:15:26.0002 7456 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
21:15:26.0017 7456 Disk - ok
21:15:26.0064 7456 Dnscache (85cf424c74a1d5ec33533e1dbff9920a) C:\Windows\System32\dnsrslvr.dll
21:15:26.0080 7456 Dnscache - ok
21:15:26.0111 7456 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll
21:15:26.0158 7456 dot3svc - ok
21:15:26.0173 7456 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll
21:15:26.0205 7456 DPS - ok
21:15:26.0236 7456 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
21:15:26.0251 7456 drmkaud - ok
21:15:26.0376 7456 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
21:15:26.0392 7456 DXGKrnl - ok
21:15:26.0423 7456 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
21:15:26.0454 7456 EapHost - ok
21:15:26.0766 7456 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
21:15:26.0797 7456 ebdrv - ok
21:15:26.0891 7456 eeCtrl (ba6420c1f7070ed8f1ba372844f3e1ec) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
21:15:26.0922 7456 eeCtrl - ok
21:15:27.0031 7456 EFS (156f6159457d0aa7e59b62681b56eb90) C:\Windows\System32\lsass.exe
21:15:27.0047 7456 EFS - ok
21:15:27.0156 7456 ehRecvr (47c071994c3f649f23d9cd075ac9304a) C:\Windows\ehome\ehRecvr.exe
21:15:27.0187 7456 ehRecvr - ok
21:15:27.0203 7456 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
21:15:27.0234 7456 ehSched - ok
21:15:27.0312 7456 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
21:15:27.0343 7456 elxstor - ok
21:15:27.0390 7456 EraserUtilRebootDrv (1343df3451bc0c442dc69837c6fba21b) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
21:15:27.0406 7456 EraserUtilRebootDrv - ok
21:15:27.0421 7456 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
21:15:27.0453 7456 ErrDev - ok
21:15:27.0515 7456 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
21:15:27.0546 7456 EventSystem - ok
21:15:27.0577 7456 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
21:15:27.0609 7456 exfat - ok
21:15:27.0655 7456 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
21:15:27.0671 7456 fastfat - ok
21:15:27.0749 7456 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe
21:15:27.0780 7456 Fax - ok
21:15:27.0796 7456 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
21:15:27.0811 7456 fdc - ok
21:15:27.0827 7456 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
21:15:27.0858 7456 fdPHost - ok
21:15:27.0889 7456 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
21:15:27.0921 7456 FDResPub - ok
21:15:27.0936 7456 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
21:15:27.0952 7456 FileInfo - ok
21:15:27.0967 7456 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
21:15:27.0999 7456 Filetrace - ok
21:15:28.0014 7456 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
21:15:28.0030 7456 flpydisk - ok
21:15:28.0061 7456 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
21:15:28.0077 7456 FltMgr - ok
21:15:28.0217 7456 FontCache (cb5e4b9c319e3c6bb363eb7e58a4a051) C:\Windows\system32\FntCache.dll
21:15:28.0248 7456 FontCache - ok
21:15:28.0295 7456 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:15:28.0311 7456 FontCache3.0.0.0 - ok
21:15:28.0342 7456 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
21:15:28.0357 7456 FsDepends - ok
21:15:28.0389 7456 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys
21:15:28.0404 7456 fssfltr - ok
21:15:28.0623 7456 fsssvc (4ce9dac1518ff7e77bd213e6394b9d77) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
21:15:28.0669 7456 fsssvc - ok
21:15:28.0779 7456 Fs_Rec (d3e3f93d67821a2db2b3d9fac2dc2064) C:\Windows\system32\drivers\Fs_Rec.sys
21:15:28.0810 7456 Fs_Rec - ok
21:15:28.0857 7456 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
21:15:28.0888 7456 fvevol - ok
21:15:28.0903 7456 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
21:15:28.0919 7456 gagp30kx - ok
21:15:28.0997 7456 GameConsoleService (c1bbce4b30b45410178ee674c818d10c) C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
21:15:29.0013 7456 GameConsoleService - ok
21:15:29.0028 7456 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:15:29.0044 7456 GEARAspiWDM - ok
21:15:29.0153 7456 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll
21:15:29.0200 7456 gpsvc - ok
21:15:29.0278 7456 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:15:29.0293 7456 gupdate - ok
21:15:29.0309 7456 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:15:29.0325 7456 gupdatem - ok
21:15:29.0371 7456 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
21:15:29.0387 7456 gusvc - ok
21:15:29.0403 7456 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
21:15:29.0418 7456 hcw85cir - ok
21:15:29.0449 7456 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
21:15:29.0465 7456 HDAudBus - ok
21:15:29.0481 7456 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
21:15:29.0496 7456 HECIx64 - ok
21:15:29.0512 7456 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
21:15:29.0527 7456 HidBatt - ok
21:15:29.0543 7456 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
21:15:29.0559 7456 HidBth - ok
21:15:29.0574 7456 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
21:15:29.0590 7456 HidIr - ok
21:15:29.0605 7456 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
21:15:29.0652 7456 hidserv - ok
21:15:29.0668 7456 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
21:15:29.0668 7456 HidUsb - ok
21:15:29.0683 7456 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll
21:15:29.0715 7456 hkmsvc - ok
21:15:29.0746 7456 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll
21:15:29.0761 7456 HomeGroupListener - ok
21:15:29.0808 7456 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll
21:15:29.0839 7456 HomeGroupProvider - ok
21:15:29.0886 7456 HP Support Assistant Service (13bb1114451c63bfb41ba7daa4d70a29) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
21:15:29.0902 7456 HP Support Assistant Service - ok
21:15:29.0964 7456 HPDrvMntSvc.exe (bcc4a8b2e2e902f52e7f2e7d8e125765) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
21:15:29.0980 7456 HPDrvMntSvc.exe - ok
21:15:30.0105 7456 hpqwmiex (ec9739a46f1f83c6e52a7a4697f44a65) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
21:15:30.0136 7456 hpqwmiex - ok
21:15:30.0183 7456 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
21:15:30.0198 7456 HpSAMD - ok
21:15:30.0292 7456 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
21:15:30.0339 7456 HTTP - ok
21:15:30.0370 7456 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
21:15:30.0385 7456 hwpolicy - ok
21:15:30.0417 7456 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
21:15:30.0432 7456 i8042prt - ok
21:15:30.0510 7456 iaStor (631fa8935163b01fc0c02966cb3adb92) C:\Windows\system32\DRIVERS\iaStor.sys
21:15:30.0526 7456 iaStor - ok
21:15:30.0619 7456 IAStorDataMgrSvc (7493ea4de41348f7d3edbf9db298f56a) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
21:15:30.0635 7456 IAStorDataMgrSvc - ok
21:15:30.0697 7456 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
21:15:30.0729 7456 iaStorV - ok
21:15:30.0869 7456 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:15:30.0900 7456 idsvc - ok
21:15:31.0524 7456 IDSVia64 (ce0bf35c79e03bb89da6b14fac838605) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.0.9\Definitions\IPSDefs\20120628.001\IDSvia64.sys
21:15:31.0555 7456 IDSVia64 - ok
21:15:31.0665 7456 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
21:15:31.0696 7456 iirsp - ok
21:15:31.0805 7456 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll
21:15:31.0852 7456 IKEEXT - ok
21:15:32.0055 7456 IntcAzAudAddService (ef75c94792187a143871fbb87611b0b7) C:\Windows\system32\drivers\RTKVHD64.sys
21:15:32.0101 7456 IntcAzAudAddService - ok
21:15:32.0211 7456 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
21:15:32.0242 7456 intelide - ok
21:15:32.0257 7456 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
21:15:32.0273 7456 intelppm - ok
21:15:32.0367 7456 IntuitUpdateService (3dc635b66dd7412e1c9c3a77b8d78f25) C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
21:15:32.0382 7456 IntuitUpdateService - ok
21:15:32.0429 7456 IntuitUpdateServiceV4 (1663a135865f0ba6e853353e98e67f2a) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
21:15:32.0445 7456 IntuitUpdateServiceV4 - ok
21:15:32.0476 7456 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
21:15:32.0538 7456 IPBusEnum - ok
21:15:32.0554 7456 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:15:32.0585 7456 IpFilterDriver - ok
21:15:32.0647 7456 iphlpsvc (f8e058d17363ec580e4b7232778b6cb5) C:\Windows\System32\iphlpsvc.dll
21:15:32.0710 7456 iphlpsvc - ok
21:15:32.0725 7456 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
21:15:32.0725 7456 IPMIDRV - ok
21:15:32.0741 7456 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
21:15:32.0772 7456 IPNAT - ok
21:15:32.0897 7456 iPod Service (a9ab99ee7d39725eafec82732d2b3271) C:\Program Files\iPod\bin\iPodService.exe
21:15:32.0928 7456 iPod Service - ok
21:15:32.0959 7456 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
21:15:32.0975 7456 IRENUM - ok
21:15:32.0975 7456 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
21:15:32.0991 7456 isapnp - ok
21:15:33.0022 7456 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
21:15:33.0037 7456 iScsiPrt - ok
21:15:33.0053 7456 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
21:15:33.0069 7456 kbdclass - ok
21:15:33.0084 7456 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
21:15:33.0100 7456 kbdhid - ok
21:15:33.0131 7456 KeyIso (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
21:15:33.0147 7456 KeyIso - ok
21:15:33.0147 7456 KSecDD (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys
21:15:33.0162 7456 KSecDD - ok
21:15:33.0193 7456 KSecPkg (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys
21:15:33.0209 7456 KSecPkg - ok
21:15:33.0225 7456 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
21:15:33.0256 7456 ksthunk - ok
21:15:33.0318 7456 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
21:15:33.0381 7456 KtmRm - ok
21:15:33.0427 7456 LanmanServer (81f1d04d4d0e433099365127375fd501) C:\Windows\system32\srvsvc.dll
21:15:33.0443 7456 LanmanServer - ok
21:15:33.0474 7456 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll
21:15:33.0521 7456 LanmanWorkstation - ok
21:15:33.0615 7456 LightScribeService (0ee66bdf485c6828aa65c0ef5d591133) c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
21:15:33.0615 7456 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
21:15:33.0615 7456 LightScribeService - detected UnsignedFile.Multi.Generic (1)
21:15:33.0630 7456 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
21:15:33.0677 7456 lltdio - ok
21:15:33.0724 7456 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
21:15:33.0755 7456 lltdsvc - ok
21:15:33.0771 7456 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
21:15:33.0786 7456 lmhosts - ok
21:15:33.0817 7456 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
21:15:33.0817 7456 LSI_FC - ok
21:15:33.0833 7456 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
21:15:33.0849 7456 LSI_SAS - ok
21:15:33.0864 7456 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:15:33.0895 7456 LSI_SAS2 - ok
21:15:33.0911 7456 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:15:33.0927 7456 LSI_SCSI - ok
21:15:33.0958 7456 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
21:15:34.0005 7456 luafv - ok
21:15:34.0020 7456 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
21:15:34.0051 7456 MBAMProtector - ok
21:15:34.0161 7456 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
21:15:34.0176 7456 MBAMService - ok
21:15:34.0207 7456 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll
21:15:34.0223 7456 Mcx2Svc - ok
21:15:34.0239 7456 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
21:15:34.0270 7456 megasas - ok
21:15:34.0285 7456 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
21:15:34.0317 7456 MegaSR - ok
21:15:34.0363 7456 Microsoft SharePoint Workspace Audit Service - ok
21:15:34.0395 7456 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
21:15:34.0457 7456 MMCSS - ok
21:15:34.0473 7456 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
21:15:34.0488 7456 Modem - ok
21:15:34.0519 7456 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
21:15:34.0535 7456 monitor - ok
21:15:34.0551 7456 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
21:15:34.0566 7456 mouclass - ok
21:15:34.0566 7456 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
21:15:34.0582 7456 mouhid - ok
21:15:34.0597 7456 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
21:15:34.0613 7456 mountmgr - ok
21:15:34.0629 7456 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
21:15:34.0644 7456 mpio - ok
21:15:34.0660 7456 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
21:15:34.0691 7456 mpsdrv - ok
21:15:34.0800 7456 MpsSvc (aecab449567d1846dad63ece49e893e3) C:\Windows\system32\mpssvc.dll
21:15:34.0847 7456 MpsSvc - ok
21:15:34.0878 7456 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
21:15:34.0894 7456 MRxDAV - ok
21:15:34.0925 7456 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:15:34.0956 7456 mrxsmb - ok
21:15:35.0003 7456 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:15:35.0019 7456 mrxsmb10 - ok
21:15:35.0050 7456 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:15:35.0065 7456 mrxsmb20 - ok
21:15:35.0097 7456 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
21:15:35.0112 7456 msahci - ok
21:15:35.0128 7456 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
21:15:35.0143 7456 msdsm - ok
21:15:35.0175 7456 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
21:15:35.0190 7456 MSDTC - ok
21:15:35.0206 7456 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
21:15:35.0253 7456 Msfs - ok
21:15:35.0268 7456 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
21:15:35.0299 7456 mshidkmdf - ok
21:15:35.0299 7456 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
21:15:35.0315 7456 msisadrv - ok
21:15:35.0362 7456 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
21:15:35.0409 7456 MSiSCSI - ok
21:15:35.0409 7456 msiserver - ok
21:15:35.0424 7456 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
21:15:35.0455 7456 MSKSSRV - ok
21:15:35.0455 7456 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
21:15:35.0471 7456 MSPCLOCK - ok
21:15:35.0487 7456 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
21:15:35.0518 7456 MSPQM - ok
21:15:35.0533 7456 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
21:15:35.0549 7456 MsRPC - ok
21:15:35.0565 7456 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
21:15:35.0565 7456 mssmbios - ok
21:15:35.0580 7456 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
21:15:35.0611 7456 MSTEE - ok
21:15:35.0627 7456 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
21:15:35.0627 7456 MTConfig - ok
21:15:35.0658 7456 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
21:15:35.0658 7456 Mup - ok
21:15:35.0721 7456 napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll
21:15:35.0783 7456 napagent - ok
21:15:35.0830 7456 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
21:15:35.0861 7456 NativeWifiP - ok
21:15:36.0048 7456 NAVENG (8043d41f881d6ace40b854ad6e32217f) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.0.9\Definitions\VirusDefs\20120628.004\ENG64.SYS
21:15:36.0064 7456 NAVENG - ok
21:15:36.0267 7456 NAVEX15 (9a9ab2fc45d701daed465d14980f1305) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.0.9\Definitions\VirusDefs\20120628.004\EX64.SYS
21:15:36.0298 7456 NAVEX15 - ok
21:15:36.0516 7456 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
21:15:36.0547 7456 NDIS - ok
21:15:36.0563 7456 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
21:15:36.0610 7456 NdisCap - ok
21:15:36.0625 7456 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
21:15:36.0657 7456 NdisTapi - ok
21:15:36.0672 7456 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
21:15:36.0703 7456 Ndisuio - ok
21:15:36.0735 7456 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
21:15:36.0750 7456 NdisWan - ok
21:15:36.0766 7456 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
21:15:36.0797 7456 NDProxy - ok
21:15:36.0813 7456 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
21:15:36.0844 7456 NetBIOS - ok
21:15:36.0875 7456 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
21:15:36.0891 7456 NetBT - ok
21:15:36.0922 7456 Netlogon (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
21:15:36.0937 7456 Netlogon - ok
21:15:37.0000 7456 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
21:15:37.0062 7456 Netman - ok
21:15:37.0109 7456 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
21:15:37.0171 7456 netprofm - ok
21:15:37.0234 7456 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:15:37.0249 7456 NetTcpPortSharing - ok
21:15:37.0265 7456 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
21:15:37.0296 7456 nfrd960 - ok
21:15:37.0405 7456 NIS (c6948f034d7edabcfa2234d399fc78bc) C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe
21:15:37.0421 7456 NIS - ok
21:15:37.0452 7456 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll
21:15:37.0515 7456 NlaSvc - ok
21:15:37.0530 7456 Norton PC Checkup Application Launcher - ok
21:15:37.0546 7456 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
21:15:37.0577 7456 Npfs - ok
21:15:37.0577 7456 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
21:15:37.0608 7456 nsi - ok
21:15:37.0608 7456 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
21:15:37.0639 7456 nsiproxy - ok
21:15:37.0811 7456 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
21:15:37.0858 7456 Ntfs - ok
21:15:37.0983 7456 NuidFltr (d4012918d3a3847b44b888d56bc095d6) C:\Windows\system32\DRIVERS\NuidFltr.sys
21:15:37.0998 7456 NuidFltr - ok
21:15:38.0014 7456 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
21:15:38.0061 7456 Null - ok
21:15:38.0107 7456 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
21:15:38.0139 7456 nvraid - ok
21:15:38.0185 7456 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
21:15:38.0201 7456 nvstor - ok
21:15:38.0217 7456 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
21:15:38.0248 7456 nv_agp - ok
21:15:38.0263 7456 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
21:15:38.0279 7456 ohci1394 - ok
21:15:38.0341 7456 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:15:38.0357 7456 ose - ok
21:15:38.0841 7456 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
21:15:38.0903 7456 osppsvc - ok
21:15:39.0043 7456 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
21:15:39.0059 7456 p2pimsvc - ok
21:15:39.0121 7456 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
21:15:39.0153 7456 p2psvc - ok
21:15:39.0199 7456 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
21:15:39.0215 7456 Parport - ok
21:15:39.0262 7456 partmgr (90061b1acfe8ccaa5345750ffe08d8b8) C:\Windows\system32\drivers\partmgr.sys
21:15:39.0277 7456 partmgr - ok
21:15:39.0309 7456 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
21:15:39.0340 7456 PcaSvc - ok
21:15:39.0402 7456 PCCUJobMgr (2f86be1818c2d7ac90478e3323ee7fcb) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.8.13\ccSvcHst.exe
21:15:39.0433 7456 PCCUJobMgr - ok
21:15:39.0621 7456 PCDSRVC{F36B3A4C-F95654BD-06000000}_0 (51209fbdb13a46e05c1b0077a9310264) c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms
21:15:39.0636 7456 PCDSRVC{F36B3A4C-F95654BD-06000000}_0 - ok
21:15:39.0777 7456 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
21:15:39.0792 7456 pci - ok
21:15:39.0823 7456 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
21:15:39.0823 7456 pciide - ok
21:15:39.0870 7456 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
21:15:39.0886 7456 pcmcia - ok
21:15:39.0901 7456 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
21:15:39.0917 7456 pcw - ok
21:15:39.0979 7456 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
21:15:40.0026 7456 PEAUTH - ok
21:15:40.0104 7456 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
21:15:40.0135 7456 PerfHost - ok
21:15:40.0307 7456 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll
21:15:40.0354 7456 pla - ok
21:15:40.0416 7456 PlugPlay (98b1721b8718164293b9701b98c52d77) C:\Windows\system32\umpnpmgr.dll
21:15:40.0447 7456 PlugPlay - ok
21:15:40.0463 7456 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
21:15:40.0479 7456 PNRPAutoReg - ok
21:15:40.0510 7456 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
21:15:40.0525 7456 PNRPsvc - ok
21:15:40.0603 7456 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll
21:15:40.0650 7456 PolicyAgent - ok
21:15:40.0681 7456 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
21:15:40.0713 7456 Power - ok
21:15:40.0759 7456 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
21:15:40.0806 7456 PptpMiniport - ok
21:15:40.0822 7456 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
21:15:40.0822 7456 Processor - ok
21:15:40.0869 7456 ProfSvc (97293447431311c06703368ad0f6c4be) C:\Windows\system32\profsvc.dll
21:15:40.0900 7456 ProfSvc - ok
21:15:40.0931 7456 ProtectedStorage (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
21:15:40.0947 7456 ProtectedStorage - ok
21:15:40.0978 7456 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
21:15:41.0040 7456 Psched - ok
21:15:41.0181 7456 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
21:15:41.0212 7456 ql2300 - ok
21:15:41.0337 7456 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
21:15:41.0352 7456 ql40xx - ok
21:15:41.0399 7456 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
21:15:41.0430 7456 QWAVE - ok
21:15:41.0446 7456 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
21:15:41.0461 7456 QWAVEdrv - ok
21:15:41.0477 7456 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
21:15:41.0508 7456 RasAcd - ok
21:15:41.0539 7456 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
21:15:41.0555 7456 RasAgileVpn - ok
21:15:41.0571 7456 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
21:15:41.0617 7456 RasAuto - ok
21:15:41.0633 7456 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:15:41.0680 7456 Rasl2tp - ok
21:15:41.0711 7456 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll
21:15:41.0742 7456 RasMan - ok
21:15:41.0758 7456 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
21:15:41.0789 7456 RasPppoe - ok
21:15:41.0805 7456 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
21:15:41.0820 7456 RasSstp - ok
21:15:41.0867 7456 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
21:15:41.0898 7456 rdbss - ok
21:15:41.0914 7456 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
21:15:41.0929 7456 rdpbus - ok
21:15:41.0929 7456 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:15:41.0961 7456 RDPCDD - ok
21:15:41.0961 7456 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
21:15:41.0992 7456 RDPENCDD - ok
21:15:42.0007 7456 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
21:15:42.0023 7456 RDPREFMP - ok
21:15:42.0070 7456 RDPWD (447de7e3dea39d422c1504f245b668b1) C:\Windows\system32\drivers\RDPWD.sys
21:15:42.0101 7456 RDPWD - ok
21:15:42.0132 7456 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
21:15:42.0148 7456 rdyboost - ok
21:15:42.0179 7456 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
21:15:42.0210 7456 RemoteAccess - ok
21:15:42.0241 7456 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
21:15:42.0288 7456 RemoteRegistry - ok
21:15:42.0288 7456 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
21:15:42.0319 7456 RpcEptMapper - ok
21:15:42.0335 7456 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
21:15:42.0351 7456 RpcLocator - ok
21:15:42.0397 7456 RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
21:15:42.0460 7456 RpcSs - ok
21:15:42.0475 7456 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
21:15:42.0491 7456 rspndr - ok
21:15:42.0538 7456 RTL8167 (3b01789ee4eaee97f5eb46b711387d5e) C:\Windows\system32\DRIVERS\Rt64win7.sys
21:15:42.0553 7456 RTL8167 - ok
21:15:42.0585 7456 SamSs (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
21:15:42.0600 7456 SamSs - ok
21:15:42.0631 7456 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
21:15:42.0631 7456 sbp2port - ok
21:15:42.0678 7456 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
21:15:42.0709 7456 SCardSvr - ok
21:15:42.0725 7456 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
21:15:42.0756 7456 scfilter - ok
21:15:42.0897 7456 Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\Windows\system32\schedsvc.dll
21:15:42.0928 7456 Schedule - ok
21:15:42.0943 7456 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
21:15:42.0975 7456 SCPolicySvc - ok
21:15:43.0006 7456 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll
21:15:43.0021 7456 SDRSVC - ok
21:15:43.0053 7456 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
21:15:43.0084 7456 secdrv - ok
21:15:43.0099 7456 seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll
21:15:43.0131 7456 seclogon - ok
21:15:43.0162 7456 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
21:15:43.0193 7456 SENS - ok
21:15:43.0209 7456 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
21:15:43.0209 7456 SensrSvc - ok
21:15:43.0224 7456 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
21:15:43.0240 7456 Serenum - ok
21:15:43.0271 7456 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
21:15:43.0271 7456 Serial - ok
21:15:43.0287 7456 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
21:15:43.0302 7456 sermouse - ok
21:15:43.0333 7456 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll
21:15:43.0365 7456 SessionEnv - ok
21:15:43.0380 7456 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
21:15:43.0396 7456 sffdisk - ok
21:15:43.0411 7456 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
21:15:43.0411 7456 sffp_mmc - ok
21:15:43.0427 7456 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
21:15:43.0443 7456 sffp_sd - ok
21:15:43.0458 7456 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
21:15:43.0474 7456 sfloppy - ok
21:15:43.0521 7456 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
21:15:43.0567 7456 SharedAccess - ok
21:15:43.0614 7456 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll
21:15:43.0630 7456 ShellHWDetection - ok
21:15:43.0645 7456 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:15:43.0661 7456 SiSRaid2 - ok
21:15:43.0677 7456 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
21:15:43.0692 7456 SiSRaid4 - ok
21:15:43.0708 7456 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
21:15:43.0739 7456 Smb - ok
21:15:43.0755 7456 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
21:15:43.0770 7456 SNMPTRAP - ok
21:15:43.0786 7456 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
21:15:43.0786 7456 spldr - ok
21:15:43.0864 7456 Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\Windows\System32\spoolsv.exe
21:15:43.0879 7456 Spooler - ok
21:15:44.0238 7456 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe
21:15:44.0269 7456 sppsvc - ok
21:15:44.0379 7456 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
21:15:44.0441 7456 sppuinotify - ok
21:15:44.0581 7456 SRTSP (06b9a7ba94356ec5207c5ddb59540378) C:\Windows\System32\Drivers\NISx64\1307010.005\SRTSP64.SYS
21:15:44.0613 7456 SRTSP - ok
21:15:44.0628 7456 SRTSPX (fbb8945a61e55a2345d12487c74a9d76) C:\Windows\system32\drivers\NISx64\1307010.005\SRTSPX64.SYS
21:15:44.0644 7456 SRTSPX - ok
21:15:44.0706 7456 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
21:15:44.0737 7456 srv - ok
21:15:44.0784 7456 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
21:15:44.0815 7456 srv2 - ok
21:15:44.0847 7456 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
21:15:44.0878 7456 srvnet - ok
21:15:44.0893 7456 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
21:15:44.0925 7456 SSDPSRV - ok
21:15:44.0956 7456 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
21:15:44.0987 7456 SstpSvc - ok
21:15:45.0003 7456 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
21:15:45.0018 7456 stexstor - ok
21:15:45.0096 7456 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll
21:15:45.0127 7456 stisvc - ok
21:15:45.0127 7456 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
21:15:45.0143 7456 swenum - ok
21:15:45.0299 7456 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
21:15:45.0330 7456 SwitchBoard ( UnsignedFile.Multi.Generic ) - warning
21:15:45.0330 7456 SwitchBoard - detected UnsignedFile.Multi.Generic (1)
21:15:45.0393 7456 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
21:15:45.0439 7456 swprv - ok
21:15:45.0517 7456 SymDS (8b2430762099598da40686f754632efd) C:\Windows\system32\drivers\NISx64\1307010.005\SYMDS64.SYS
21:15:45.0533 7456 SymDS - ok
21:15:45.0642 7456 SymEFA (f90c7a190399165d3ab2245048d34786) C:\Windows\system32\drivers\NISx64\1307010.005\SYMEFA64.SYS
21:15:45.0673 7456 SymEFA - ok
21:15:45.0720 7456 SymEvent (898bb48c797483420df523b2bbc1ecdb) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
21:15:45.0736 7456 SymEvent - ok
21:15:45.0783 7456 SymIRON (5013a76caaa1d7cf1c55214b490b4e35) C:\Windows\system32\drivers\NISx64\1307010.005\Ironx64.SYS
21:15:45.0798 7456 SymIRON - ok
21:15:45.0861 7456 SymNetS (3911bd0e68c010e5438a87706abbe9ab) C:\Windows\System32\Drivers\NISx64\1307010.005\SYMNETS.SYS
21:15:45.0876 7456 SymNetS - ok
21:15:46.0048 7456 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll
21:15:46.0079 7456 SysMain - ok
21:15:46.0188 7456 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll
21:15:46.0219 7456 TabletInputService - ok
21:15:46.0251 7456 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll
21:15:46.0297 7456 TapiSrv - ok
21:15:46.0313 7456 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
21:15:46.0329 7456 TBS - ok
21:15:46.0547 7456 Tcpip (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\drivers\tcpip.sys
21:15:46.0578 7456 Tcpip - ok
21:15:46.0828 7456 TCPIP6 (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\DRIVERS\tcpip.sys
21:15:46.0875 7456 TCPIP6 - ok
21:15:46.0968 7456 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
21:15:46.0999 7456 tcpipreg - ok
21:15:47.0015 7456 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
21:15:47.0031 7456 TDPIPE - ok
21:15:47.0062 7456 TDTCP (7518f7bcfd4b308abc9192bacaf6c970) C:\Windows\system32\drivers\tdtcp.sys
21:15:47.0077 7456 TDTCP - ok
21:15:47.0093 7456 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
21:15:47.0124 7456 tdx - ok
21:15:47.0140 7456 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
21:15:47.0155 7456 TermDD - ok
21:15:47.0233 7456 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll
21:15:47.0280 7456 TermService - ok
21:15:47.0296 7456 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
21:15:47.0311 7456 Themes - ok
21:15:47.0343 7456 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
21:15:47.0358 7456 THREADORDER - ok
21:15:47.0389 7456 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
21:15:47.0421 7456 TrkWks - ok
21:15:47.0467 7456 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe
21:15:47.0499 7456 TrustedInstaller - ok
21:15:47.0499 7456 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:15:47.0545 7456 tssecsrv - ok
21:15:47.0561 7456 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
21:15:47.0592 7456 tunnel - ok
21:15:47.0639 7456 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
21:15:47.0655 7456 uagp35 - ok
21:15:47.0701 7456 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
21:15:47.0748 7456 udfs - ok
21:15:47.0764 7456 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
21:15:47.0779 7456 UI0Detect - ok
21:15:47.0795 7456 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
21:15:47.0811 7456 uliagpkx - ok
21:15:47.0826 7456 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
21:15:47.0842 7456 umbus - ok
21:15:47.0857 7456 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
21:15:47.0857 7456 UmPass - ok
21:15:47.0920 7456 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
21:15:47.0982 7456 upnphost - ok
21:15:47.0998 7456 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
21:15:48.0013 7456 USBAAPL64 - ok
21:15:48.0060 7456 usbccgp (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\DRIVERS\usbccgp.sys
21:15:48.0076 7456 usbccgp - ok
21:15:48.0107 7456 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
21:15:48.0123 7456 usbcir - ok
21:15:48.0138 7456 usbehci (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\drivers\usbehci.sys
21:15:48.0154 7456 usbehci - ok
21:15:48.0201 7456 usbhub (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys
21:15:48.0216 7456 usbhub - ok
21:15:48.0232 7456 usbohci (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\drivers\usbohci.sys
21:15:48.0263 7456 usbohci - ok
21:15:48.0279 7456 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
21:15:48.0294 7456 usbprint - ok
21:15:48.0310 7456 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
21:15:48.0341 7456 usbscan - ok
21:15:48.0372 7456 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:15:48.0388 7456 USBSTOR - ok
21:15:48.0419 7456 usbuhci (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\drivers\usbuhci.sys
21:15:48.0435 7456 usbuhci - ok
21:15:48.0450 7456 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
21:15:48.0497 7456 UxSms - ok
21:15:48.0528 7456 VaultSvc (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
21:15:48.0528 7456 VaultSvc - ok
21:15:48.0544 7456 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
21:15:48.0559 7456 vdrvroot - ok
21:15:48.0622 7456 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe
21:15:48.0637 7456 vds - ok
21:15:48.0653 7456 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
21:15:48.0669 7456 vga - ok
21:15:48.0684 7456 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
21:15:48.0715 7456 VgaSave - ok
21:15:48.0747 7456 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
21:15:48.0778 7456 vhdmp - ok
21:15:48.0793 7456 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
21:15:48.0809 7456 viaide - ok
21:15:48.0840 7456 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
21:15:48.0856 7456 volmgr - ok
21:15:48.0887 7456 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
21:15:48.0918 7456 volmgrx - ok
21:15:48.0949 7456 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
21:15:48.0965 7456 volsnap - ok
21:15:48.0996 7456 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
21:15:49.0027 7456 vsmraid - ok
21:15:49.0199 7456 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe
21:15:49.0230 7456 VSS - ok
21:15:49.0355 7456 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
21:15:49.0386 7456 vwifibus - ok
21:15:49.0433 7456 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
21:15:49.0480 7456 W32Time - ok
21:15:49.0480 7456 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
21:15:49.0495 7456 WacomPen - ok
21:15:49.0511 7456 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
21:15:49.0542 7456 WANARP - ok
21:15:49.0542 7456 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
21:15:49.0573 7456 Wanarpv6 - ok
21:15:49.0729 7456 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
21:15:49.0776 7456 WatAdminSvc - ok
21:15:49.0917 7456 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe
21:15:49.0948 7456 wbengine - ok
21:15:50.0041 7456 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
21:15:50.0088 7456 WbioSrvc - ok
21:15:50.0135 7456 wcncsvc (dd1bae8ebfc653824d29ccf8c9054d68) C:\Windows\System32\wcncsvc.dll
21:15:50.0166 7456 wcncsvc - ok
21:15:50.0166 7456 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
21:15:50.0182 7456 WcsPlugInService - ok
21:15:50.0213 7456 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
21:15:50.0229 7456 Wd - ok
21:15:50.0291 7456 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
21:15:50.0322 7456 Wdf01000 - ok
21:15:50.0338 7456 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
21:15:50.0353 7456 WdiServiceHost - ok
21:15:50.0353 7456 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
21:15:50.0369 7456 WdiSystemHost - ok
21:15:50.0416 7456 WebClient (733006127f235be7c35354ebee7b9a7b) C:\Windows\System32\webclnt.dll
21:15:50.0431 7456 WebClient - ok
21:15:50.0463 7456 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
21:15:50.0509 7456 Wecsvc - ok
21:15:50.0525 7456 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
21:15:50.0556 7456 wercplsupport - ok
21:15:50.0572 7456 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
21:15:50.0603 7456 WerSvc - ok
21:15:50.0619 7456 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
21:15:50.0650 7456 WfpLwf - ok
21:15:50.0650 7456 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
21:15:50.0665 7456 WIMMount - ok
21:15:50.0697 7456 WinDefend - ok
21:15:50.0697 7456 WinHttpAutoProxySvc - ok
21:15:50.0759 7456 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
21:15:50.0806 7456 Winmgmt - ok
21:15:51.0040 7456 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll
21:15:51.0087 7456 WinRM - ok
21:15:51.0211 7456 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
21:15:51.0243 7456 WinUsb - ok
21:15:51.0352 7456 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
21:15:51.0383 7456 Wlansvc - ok
21:15:51.0445 7456 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
21:15:51.0461 7456 wlcrasvc - ok
21:15:51.0742 7456 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
21:15:51.0789 7456 wlidsvc - ok
21:15:51.0882 7456 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
21:15:51.0898 7456 WmiAcpi - ok
21:15:51.0960 7456 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
21:15:51.0991 7456 wmiApSrv - ok
21:15:52.0007 7456 WMPNetworkSvc - ok
21:15:52.0038 7456 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
21:15:52.0069 7456 WPCSvc - ok
21:15:52.0085 7456 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll
21:15:52.0116 7456 WPDBusEnum - ok
21:15:52.0116 7456 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
21:15:52.0147 7456 ws2ifsl - ok
21:15:52.0179 7456 wscsvc (8f9f3969933c02da96eb0f84576db43e) C:\Windows\System32\wscsvc.dll
21:15:52.0194 7456 wscsvc - ok
21:15:52.0194 7456 WSearch - ok
21:15:52.0459 7456 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
21:15:52.0506 7456 wuauserv - ok
21:15:52.0584 7456 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
21:15:52.0631 7456 WudfPf - ok
21:15:52.0647 7456 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:15:52.0678 7456 WUDFRd - ok
21:15:52.0693 7456 wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\Windows\System32\WUDFSvc.dll
21:15:52.0725 7456 wudfsvc - ok
21:15:52.0756 7456 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
21:15:52.0771 7456 WwanSvc - ok
21:15:52.0787 7456 MBR (0x1B8) (a8ed7a471985bafd441c2b52f3f4109f) \Device\Harddisk0\DR0
21:15:53.0208 7456 \Device\Harddisk0\DR0 - ok
21:15:53.0208 7456 Boot (0x1200) (ded680b37e1872ad1e1b9d74a0d6ae0a) \Device\Harddisk0\DR0\Partition0
21:15:53.0224 7456 \Device\Harddisk0\DR0\Partition0 - ok
21:15:53.0239 7456 Boot (0x1200) (5cf5f34694c8b9a836392b999c956a0d) \Device\Harddisk0\DR0\Partition1
21:15:53.0239 7456 \Device\Harddisk0\DR0\Partition1 - ok
21:15:53.0286 7456 Boot (0x1200) (495af5d9a1398fe1ea9febb05d119e03) \Device\Harddisk0\DR0\Partition2
21:15:53.0286 7456 \Device\Harddisk0\DR0\Partition2 - ok
21:15:53.0286 7456 ============================================================
21:15:53.0286 7456 Scan finished
21:15:53.0286 7456 ============================================================
21:15:53.0302 5336 Detected object count: 2
21:15:53.0302 5336 Actual detected object count: 2
21:16:17.0295 5336 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
21:16:17.0295 5336 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:16:17.0295 5336 SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user
21:16:17.0295 5336 SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip
-
Thanks again for your help.
I followed your instructions. It found 2 'suspicious files'.
It did not ask to reboot the computer after the scan...hopefully this is correct.
I then tried to paste the contents of the 'TDSSKiller.2.7.42.0_28.06.2012_20.59.56_log' file here, but got a msg of 'post_too_long'.
What do I do now? Probably not a good sign, eh?
-
Thanks for the help.
Presently, I get google redirects 1/2 the time I do a search.
I got the latest MBAM update, and ran the quick scan. It said nothing was detected. Here are the scan results:
Malwarebytes Anti-Malware (Trial) 1.61.0.1400
Database version: v2012.06.28.13
Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Rod :: ROD-PC [administrator]
Protection: Enabled
6/28/2012 5:05:03 PM
mbam-log-2012-06-28 (17-05-03).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 208849
Time elapsed: 2 minute(s), 21 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
-
Hi,
I have been having trouble with Google redirects for few weeks now. I have Norton Internet security 2012, but it finds nothing.
I ran the Malwarebytes' Anti-Malware Quick Scan. It found a couple of things, but the redirects are still happening. Following the advice on your website, I ran the dss.scr tool, and below are the dss.txt results.
Thanks for having a place to go for help on this obscure stuff!!
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Rod at 11:57:16 on 2012-06-28
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.8151.5560 [GMT -7:00]
.
AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.8.13\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.8.13\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Windows\System32\rundll32.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\taskeng.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.8.13\SymcPCCULaunchSvc.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\wuauclt.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files (x86)\AutoHotkey\AutoHotkey.exe
C:\Windows\explorer.exe
C:\Users\Rod\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uDefault_Page_URL = hxxp://us4.hpwis.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\coIEPlg.dll
BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\IPS\IPSBHO.DLL
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\coIEPlg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [Google Update] "C:\Users\Rod\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Apple] rundll32.exe "C:\Users\Rod\AppData\Local\Apple Computer\Apple\vpcqypvt.dll",CreateInstance
mRun: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
mRun: [HP Remote Solution] %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [Anti-phishing Domain Advisor] "C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
StartupFolder: C:\Users\Rod\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Rod\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\Rod\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PICTUR~1.LNK - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} - hxxp://www.ipix.com/download/ipixx.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.0.1 192.168.1.1
TCP: Interfaces\{8D748199-6B6D-4285-9BE6-539F745BAC0B} : DhcpNameServer = 192.168.0.1 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\coIEPlg.dll
BHO-X64: Norton Identity Protection - No File
BHO-X64: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\IPS\IPSBHO.DLL
BHO-X64: Norton Vulnerability Protection - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\coIEPlg.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
mRun-x64: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
mRun-x64: [HP Remote Solution] %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
mRun-x64: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [(Default)]
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun-x64: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun-x64: [Anti-phishing Domain Advisor] "C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\NISx64\1307010.005\SYMDS64.SYS --> C:\Windows\system32\drivers\NISx64\1307010.005\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NISx64\1307010.005\SYMEFA64.SYS --> C:\Windows\system32\drivers\NISx64\1307010.005\SYMEFA64.SYS [?]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.0.9\Definitions\BASHDefs\20120619.001\BHDrvx64.sys [2012-6-18 1161376]
R1 ccSet_NIS;Norton Internet Security Settings Manager;C:\Windows\system32\drivers\NISx64\1307010.005\ccSetx64.sys --> C:\Windows\system32\drivers\NISx64\1307010.005\ccSetx64.sys [?]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.0.9\Definitions\IPSDefs\20120627.001\IDSviA64.sys [2012-6-28 509088]
R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\NISx64\1307010.005\Ironx64.SYS --> C:\Windows\system32\drivers\NISx64\1307010.005\Ironx64.SYS [?]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\NISx64\1307010.005\SYMNETS.SYS --> C:\Windows\system32\Drivers\NISx64\1307010.005\SYMNETS.SYS [?]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-1-25 13336]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-8-25 13672]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-6-25 654408]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\ccsvchst.exe [2012-5-18 138232]
R2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.8.13\SymcPCCULaunchSvc.exe [2011-4-29 177080]
R2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.8.13\ccSvcHst.exe [2011-4-29 126392]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atipmdag.sys --> C:\Windows\system32\DRIVERS\atipmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-5-31 138912]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-1-27 136176]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-1-27 136176]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
S3 PCDSRVC{F36B3A4C-F95654BD-06000000}_0;PCDSRVC{F36B3A4C-F95654BD-06000000}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\PC-Doctor for Windows\pcdsrvc_x64.pkms [2009-9-16 23536]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-06-26 04:54:20 -------- d-----w- C:\Users\Rod\AppData\Roaming\Malwarebytes
2012-06-26 04:54:09 -------- d-----w- C:\ProgramData\Malwarebytes
2012-06-26 04:54:08 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-06-26 04:54:08 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-06-22 17:08:22 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-22 17:08:03 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-22 17:07:49 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-22 17:07:49 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-21 20:54:49 -------- d-----w- C:\Program Files (x86)\Cisco Systems
2012-06-17 23:09:22 -------- d-----w- C:\Program Files\iTunes
2012-06-17 23:09:22 -------- d-----w- C:\Program Files\iPod
2012-06-17 23:09:22 -------- d-----w- C:\Program Files (x86)\iTunes
2012-06-17 22:52:08 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2012-06-17 22:52:08 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2012-06-17 22:52:08 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2012-06-17 22:52:08 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2012-06-17 22:52:08 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2012-06-17 22:52:08 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2012-06-17 22:52:08 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2012-06-17 22:44:24 -------- d-----w- C:\Program Files\Bonjour
2012-06-17 22:44:24 -------- d-----w- C:\Program Files (x86)\Bonjour
2012-06-16 00:15:58 -------- d-----w- C:\Users\Rod\AppData\Local\{0891D2EB-C51D-4153-BB9C-72F1D276EDA3}
2012-06-13 15:05:03 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-06-13 15:05:03 76288 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-06-13 15:05:03 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-06-13 15:05:01 208896 ----a-w- C:\Windows\System32\profsvc.dll
2012-06-13 15:05:00 5505392 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-06-13 15:05:00 3902320 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-06-13 15:04:59 3958128 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-06-13 15:04:38 3144192 ----a-w- C:\Windows\System32\win32k.sys
2012-06-13 15:04:33 204800 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-06-13 15:04:32 3213824 ----a-w- C:\Windows\System32\msi.dll
2012-06-13 15:04:32 2342400 ----a-w- C:\Windows\SysWow64\msi.dll
2012-06-13 15:04:30 182272 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-06-13 15:04:30 1460224 ----a-w- C:\Windows\System32\crypt32.dll
2012-06-13 15:04:30 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-06-13 15:04:30 139264 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-06-13 15:04:30 1156608 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-06-13 15:04:30 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-06-08 04:42:36 -------- d-----r- C:\Users\Rod\Dropbox
2012-06-08 04:37:01 -------- d-----w- C:\Users\Rod\AppData\Roaming\Dropbox
.
==================== Find3M ====================
.
2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-05-03 15:34:38 175736 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2012-04-25 19:11:36 52736 ----a-w- C:\Windows\System32\drivers\usbaapl64.sys
2012-04-25 19:11:36 4547944 ----a-w- C:\Windows\System32\usbaaplrc.dll
2012-04-19 03:56:30 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2012-04-19 03:56:30 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
.
============= FINISH: 11:57:47.51 ===============
Redirects from Google to Bing... how to remove?
in Resolved Malware Removal Logs
Posted
Hi MrC,
Here's the checkup.txt output:
Results of screen317's Security Check version 0.99.76
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 10
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Norton Internet Security
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.75.0.1300
Java 6 Update 24
Java 7 Update 25
Java version out of Date!
Adobe Flash Player 11.9.900.117
Adobe Reader XI
Google Chrome 30.0.1599.101
Google Chrome 30.0.1599.69
Google Chrome plugins...
````````Process Check: objlist.exe by Laurent````````
Norton ccSvcHst.exe
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````