Jump to content

kjhabit

Members
  • Posts

    18
  • Joined

  • Last visited

Reputation

0 Neutral

Profile Information

  • Location
    Chesapeake VA

Contact Methods

  • Yahoo
    kjhabit@yahoo.com
  1. THANK you!..i will apply these actions tonite...I appreciate your time spent....kjh
  2. ok..here is the MBAM and ESET logs....both have items still in quarantine..... MBAM Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Database version: v2012.08.12.04 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 owner :: OWNER-PC [administrator] 8/12/2012 10:51:25 AM mbam-log-2012-08-12 (10-51-25).txt Scan type: Full scan (C:\|D:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Objects scanned: 347614 Time elapsed: 1 hour(s), 2 minute(s), 53 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) ESET ESETSmartInstaller@High as CAB hook log: OnlineScanner64.ocx - registred OK OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330) # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial= # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2012-08-13 11:45:45 # local_time=2012-08-13 07:45:45 (-0500, Eastern Daylight Time) # country="United States" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=3588 16777214 85 67 204414 12642733 0 0 # compatibility_mode=5893 16776574 100 94 16252071 96397267 0 0 # compatibility_mode=8192 67108863 100 0 18234 18234 0 0 # scanned=163195 # found=4 # cleaned=4 # scan_time=4527 C:\Program Files (x86)\Smart PC Cleaner\SmartPCCleaner.exe a variant of Win32/SpeedingUpMyPC application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Users\owner\AppData\Local\Temp\YontooSetup-S.exe multiple threats (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Users\owner\Desktop\MY MRI\W7.061612pe builder (2).exe Win32/HideRun.A application (deleted - quarantined) 00000000000000000000000000000000 C C:\Users\owner\Desktop\MY MRI\W7.061612pe builder.exe Win32/HideRun.A application (deleted - quarantined) 00000000000000000000000000000000 C computer runs HD alot...especially when you open a browser....thanks kjh
  3. malwarebytes ran out yesterday I will see about purchasing it today....also will finish your instructions today......Will my backups, copies, and images on my external need to be just scanned later or are they too compromised to save?I have acronis images from about 3 weeks ago and microsoft backups from then as well ..and some personal software backups.....thanks..kjh
  4. ok...I can not find the log file for windows defender offline though..I apologize for the time between posts..but my kids are in town from N.C. and we are running all over town...any way thanks for the help you are giving me...kjh
  5. sorry..no the last two logs were drweb cureit..I had the system lock up after running defender offline twice...and no file log created...I will try again with windows defender...the first two were in order from your previous post..the online uploads..system stil taking time running HD in background..couple of services keep re-enabling themselves to automatic status even after I disable them and stop them from running..they restart when the computer restarts.....these are secondary logon and termserv/remote desktop service..thanks
  6. thanks trying to repost this csv correctly.... {41EDF389-CDDC-41DD-94C2-50114B8D1290}.qbd\data001;C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{0179D;Tool.PassView.604;; {41EDF389-CDDC-41DD-94C2-50114B8D1290}.qbd;C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{0179D;Container contains infected objects;Will be deleted after restart.; {336D336C-8C51-4373-8628-156E134FEC4B}.qbd\data001;C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{0437C;Tool.ShowPass;; {336D336C-8C51-4373-8628-156E134FEC4B}.qbd;C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{0437C;Container contains infected objects;Will be deleted after restart.; {73582721-8EB3-499C-A0E0-68A9B7F83CE0}.qbd\data001;C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{1E0DA;Tool.PassView.604;; {73582721-8EB3-499C-A0E0-68A9B7F83CE0}.qbd;C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{1E0DA;Container contains infected objects;Will be deleted after restart.; {9B26E2A9-CDF7-48C6-8815-4438779DB2BB}.qbd\data001;C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{1FCB4;Tool.ShowPass;; {9B26E2A9-CDF7-48C6-8815-4438779DB2BB}.qbd;C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{1FCB4;Container contains infected objects;Will be deleted after restart.; {96E2D1AA-1605-449E-B968-0349827FB077}.qbd\data001;C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{2239D;Tool.ShowPass;; {96E2D1AA-1605-449E-B968-0349827FB077}.qbd;C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{2239D;Container contains infected objects;Will be deleted after restart.; {30252591-5D6A-4A7D-9831-2D9D4D4F63B0}.qbd\data001;C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{2E23F;Tool.MailPassView.218;; {30252591-5D6A-4A7D-9831-2D9D4D4F63B0}.qbd;C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{2E23F;Container contains infected objects;Will be deleted after restart.; {75D30958-F1A0-4879-8967-20F833BBAC23}.qbd\data001;C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{2E562;Tool.MailPassView.218;; {75D30958-F1A0-4879-8967-20F833BBAC23}.qbd;C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{2E562;Container contains infected objects;Will be deleted after restart.; {FF52887A-4422-4C6E-B80B-7A1DB684A70D}.qbd\data001;C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{31BB6;Tool.PassView.663;; {FF52887A-4422-4C6E-B80B-7A1DB684A70D}.qbd;C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{31BB6;Container contains infected objects;Will be deleted after restart.; {D1EFA2D5-0927-449D-99D0-93C2E14E5C4F}.qbd\data001;C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{4A959;Tool.PassView.604;; {D1EFA2D5-0927-449D-99D0-93C2E14E5C4F}.qbd;C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{4A959;Container contains infected objects;Will be deleted after restart.; {EF7E881D-2955-421F-B1AE-6D3F630684B3}.qbd\data001;C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{4CED6;Tool.PassView.663;; {EF7E881D-2955-421F-B1AE-6D3F630684B3}.qbd;C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{4CED6;Container contains infected objects;Will be deleted after restart.; {FDCD9A2D-4046-497B-96C4-D5BF8B29EDC6}.qbd\data001;C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{607DC;Tool.ShowPass;; {FDCD9A2D-4046-497B-96C4-D5BF8B29EDC6}.qbd;C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{607DC;Container contains infected objects;Will be deleted after restart.; {A69A2F1F-1C4E-4128-A461-35B261C25BDB}.qbd\data001;C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{9D1EF;Tool.MailPassView.218;; {A69A2F1F-1C4E-4128-A461-35B261C25BDB}.qbd;C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{9D1EF;Container contains infected objects;Will be deleted after restart.; {3BCB2260-BA62-4D52-BD16-F78CF9461053}.qbd\data001;C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{ACF49;Tool.MailPass.7;; {3BCB2260-BA62-4D52-BD16-F78CF9461053}.qbd;C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{ACF49;Container contains infected objects;Will be deleted after restart.; {2F3B84D4-592E-4362-AF44-E6A48C7AE15A}.qbd\data001;C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{C126B;Tool.ShowPass;; {2F3B84D4-592E-4362-AF44-E6A48C7AE15A}.qbd;C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{C126B;Container contains infected objects;Will be deleted after restart.; {5E3B33F5-93F3-4BD4-9506-4259845A5B93}.qbd\data001;C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{DA2C6;Tool.PassView.604;; {5E3B33F5-93F3-4BD4-9506-4259845A5B93}.qbd;C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{DA2C6;Container contains infected objects;Will be deleted after restart.; {03F24764-056A-4E14-95FD-1513FB5441B1}.qbd\data001;C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{E5A8B;Tool.PassView.663;; {03F24764-056A-4E14-95FD-1513FB5441B1}.qbd;C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{E5A8B;Container contains infected objects;Will be deleted after restart.; {41EDF389-CDDC-41DD-94C2-50114B8D1290}.qbd\data001;C:\Documents and Settings\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{0179D260-D925-4FAD-9CE;Tool.PassView.604;; {41EDF389-CDDC-41DD-94C2-50114B8D1290}.qbd;C:\Documents and Settings\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{0179D260-D925-4FAD-9CE;Container contains infected objects;Will be deleted after restart.; {336D336C-8C51-4373-8628-156E134FEC4B}.qbd\data001;C:\Documents and Settings\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{0437CF22-96F0-4FB2-B3C;Tool.ShowPass;; {336D336C-8C51-4373-8628-156E134FEC4B}.qbd;C:\Documents and Settings\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{0437CF22-96F0-4FB2-B3C;Container contains infected objects;Will be deleted after restart.; {73582721-8EB3-499C-A0E0-68A9B7F83CE0}.qbd\data001;C:\Documents and Settings\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{1E0DAA98-9C1D-4F34-B76;Tool.PassView.604;; {73582721-8EB3-499C-A0E0-68A9B7F83CE0}.qbd;C:\Documents and Settings\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{1E0DAA98-9C1D-4F34-B76;Container contains infected objects;Will be deleted after restart.; {9B26E2A9-CDF7-48C6-8815-4438779DB2BB}.qbd\data001;C:\Documents and Settings\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{1FCB473C-091A-4026-ABE;Tool.ShowPass;; {9B26E2A9-CDF7-48C6-8815-4438779DB2BB}.qbd;C:\Documents and Settings\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{1FCB473C-091A-4026-ABE;Container contains infected objects;Will be deleted after restart.; {96E2D1AA-1605-449E-B968-0349827FB077}.qbd\data001;C:\Documents and Settings\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{2239DC28-8367-4E02-A07;Tool.ShowPass;; {96E2D1AA-1605-449E-B968-0349827FB077}.qbd;C:\Documents and Settings\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{2239DC28-8367-4E02-A07;Container contains infected objects;Will be deleted after restart.; {30252591-5D6A-4A7D-9831-2D9D4D4F63B0}.qbd\data001;C:\Documents and Settings\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{2E23F33D-3575-477F-BBB;Tool.MailPassView.218;; {30252591-5D6A-4A7D-9831-2D9D4D4F63B0}.qbd;C:\Documents and Settings\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{2E23F33D-3575-477F-BBB;Container contains infected objects;Will be deleted after restart.; {75D30958-F1A0-4879-8967-20F833BBAC23}.qbd\data001;C:\Documents and Settings\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{2E56211E-308D-46C5-A0A;Tool.MailPassView.218;; {75D30958-F1A0-4879-8967-20F833BBAC23}.qbd;C:\Documents and Settings\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{2E56211E-308D-46C5-A0A;Container contains infected objects;Will be deleted after restart.; {FF52887A-4422-4C6E-B80B-7A1DB684A70D}.qbd\data001;C:\Documents and Settings\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{31BB6F5E-2AF2-4614-89F;Tool.PassView.663;; {FF52887A-4422-4C6E-B80B-7A1DB684A70D}.qbd;C:\Documents and Settings\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{31BB6F5E-2AF2-4614-89F;Container contains infected objects;Will be deleted after restart.; {D1EFA2D5-0927-449D-99D0-93C2E14E5C4F}.qbd\data001;C:\Documents and Settings\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{4A959C0B-9D31-44F0-89F;Tool.PassView.604;; {D1EFA2D5-0927-449D-99D0-93C2E14E5C4F}.qbd;C:\Documents and Settings\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{4A959C0B-9D31-44F0-89F;Container contains infected objects;Will be deleted after restart.; {EF7E881D-2955-421F-B1AE-6D3F630684B3}.qbd\data001;C:\Documents and Settings\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{4CED6AA8-4B09-4988-800;Tool.PassView.663;; {EF7E881D-2955-421F-B1AE-6D3F630684B3}.qbd;C:\Documents and Settings\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{4CED6AA8-4B09-4988-800;Container contains infected objects;Will be deleted after restart.; {FDCD9A2D-4046-497B-96C4-D5BF8B29EDC6}.qbd\data001;C:\Documents and Settings\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{607DC1A2-6442-48B0-907;Tool.ShowPass;; {FDCD9A2D-4046-497B-96C4-D5BF8B29EDC6}.qbd;C:\Documents and Settings\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{607DC1A2-6442-48B0-907;Container contains infected objects;Will be deleted after restart.; {A69A2F1F-1C4E-4128-A461-35B261C25BDB}.qbd\data001;C:\Documents and Settings\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{9D1EF5CF-DA7C-4C8F-AAC;Tool.MailPassView.218;; {A69A2F1F-1C4E-4128-A461-35B261C25BDB}.qbd;C:\Documents and Settings\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{9D1EF5CF-DA7C-4C8F-AAC;Container contains infected objects;Will be deleted after restart.; {3BCB2260-BA62-4D52-BD16-F78CF9461053}.qbd\data001;C:\Documents and Settings\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{ACF49A6D-917F-4FCE-AB8;Tool.MailPass.7;; {3BCB2260-BA62-4D52-BD16-F78CF9461053}.qbd;C:\Documents and Settings\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{ACF49A6D-917F-4FCE-AB8;Container contains infected objects;Will be deleted after restart.; {2F3B84D4-592E-4362-AF44-E6A48C7AE15A}.qbd\data001;C:\Documents and Settings\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{C126B276-A67E-4332-966;Tool.ShowPass;; {2F3B84D4-592E-4362-AF44-E6A48C7AE15A}.qbd;C:\Documents and Settings\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{C126B276-A67E-4332-966;Container contains infected objects;Will be deleted after restart.; {5E3B33F5-93F3-4BD4-9506-4259845A5B93}.qbd\data001;C:\Documents and Settings\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{DA2C626B-AEB0-4F95-B06;Tool.PassView.604;; {5E3B33F5-93F3-4BD4-9506-4259845A5B93}.qbd;C:\Documents and Settings\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{DA2C626B-AEB0-4F95-B06;Container contains infected objects;Will be deleted after restart.; {03F24764-056A-4E14-95FD-1513FB5441B1}.qbd\data001;C:\Documents and Settings\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{E5A8B5DA-8186-48EC-8A1;Tool.PassView.663;; {03F24764-056A-4E14-95FD-1513FB5441B1}.qbd;C:\Documents and Settings\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{E5A8B5DA-8186-48EC-8A1;Container contains infected objects;Will be deleted after restart.; install.rdf;C:\Documents and Settings\owner\AppData\Roaming\Mozilla\Firefox\Profiles\ttz7prjd.default\extensions\{6cfa2c5b-274f-4d68-a6e4-b;Adware.FreeCause.3;Invalid path to file ; const.js;C:\Documents and Settings\owner\AppData\Roaming\Mozilla\Firefox\Profiles\ttz7prjd.default\extensions\{6cfa2c5b-274f-4d68-a6e4-b;Adware.Bho.3783;Invalid path to file ; settings.xml;C:\Documents and Settings\owner\AppData\Roaming\Mozilla\Firefox\Profiles\ttz7prjd.default\extensions\{6cfa2c5b-274f-4d68-a6e4-b;Adware.Shopper.232;Invalid path to file ; install.rdf;C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\ttz7prjd.default\extensions\{6cfa2c5b-274f-4d68-a6e4-;Adware.FreeCause.3;Invalid path to file ; const.js;C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\ttz7prjd.default\extensions\{6cfa2c5b-274f-4d68-a6e4-;Adware.Bho.3783;Invalid path to file ; settings.xml;C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\ttz7prjd.default\extensions\{6cfa2c5b-274f-4d68-a6e4-;Adware.Shopper.232;Invalid path to file ; OTL.exe;C:\Documents and Settings\owner\Desktop;Trojan.Siggen4.14927;Incurable.Moved.; mzcv.exe;C:\Documents and Settings\owner\Desktop\MY MRI\brtools;Tool.CookieView.2;Invalid path to file ; tftpd32.exe;C:\Documents and Settings\owner\Desktop\nettyPE_2011_11_07\winbuilder project folder!\Programs\Tftpd32;Program.Ftpd.2 - read error;Invalid path to file ; BadPlugin.exe;C:\Documents and Settings\owner\Desktop\new junk\Joeys Junk II\Tor Browser\FirefoxPortable\App\Firefox;Trojan.Click2.25892;Deleted.; BadPlugin.exe;C:\Documents and Settings\owner\Desktop\new junk\Tor Browser\FirefoxPortable\App\Firefox;Trojan.Click2.25892;Deleted.; mzcv.exe;C:\Documents and Settings\owner\Desktop\Nirsoft utilities\brtools;Tool.CookieView.2;Invalid path to file ; mzcv.exe;C:\Documents and Settings\owner\Desktop\Nirsoft utilities\mzcv;Tool.CookieView.2;Invalid path to file ; BulletsPassView.exe;C:\Documents and Settings\owner\Desktop\Nirsoft utilities\passrec;Tool.PassView.614;Invalid path to file ; OTL.exe;C:\Documents and Settings\owner\DoctorWeb\Quarantine;Trojan.Siggen4.14927;Incurable.Moved.; {03F24764-056A-4E14-95FD-1513FB5441B10.qbd\data001;C:\Documents and Settings\owner\DoctorWeb\Quarantine\{03F24764-056A-4E14-95FD-1513FB5441B10.qbd;Tool.PassView.663;; {03F24764-056A-4E14-95FD-1513FB5441B10.qbd;C:\Documents and Settings\owner\DoctorWeb\Quarantine;Container contains infected objects;Moved.; {03F24764-056A-4E14-95FD-1513FB5441B1}.qbd\data001;C:\Documents and Settings\owner\DoctorWeb\Quarantine\{03F24764-056A-4E14-95FD-1513FB5441B1}.qbd;Tool.PassView.663;; {03F24764-056A-4E14-95FD-1513FB5441B1}.qbd;C:\Documents and Settings\owner\DoctorWeb\Quarantine;Container contains infected objects;Moved.; {2F3B84D4-592E-4362-AF44-E6A48C7AE15A0.qbd\data001;C:\Documents and Settings\owner\DoctorWeb\Quarantine\{2F3B84D4-592E-4362-AF44-E6A48C7AE15A0.qbd;Tool.ShowPass;; {2F3B84D4-592E-4362-AF44-E6A48C7AE15A0.qbd;C:\Documents and Settings\owner\DoctorWeb\Quarantine;Container contains infected objects;Moved.; {2F3B84D4-592E-4362-AF44-E6A48C7AE15A}.qbd\data001;C:\Documents and Settings\owner\DoctorWeb\Quarantine\{2F3B84D4-592E-4362-AF44-E6A48C7AE15A}.qbd;Tool.ShowPass;; {2F3B84D4-592E-4362-AF44-E6A48C7AE15A}.qbd;C:\Documents and Settings\owner\DoctorWeb\Quarantine;Container contains infected objects;Moved.; {30252591-5D6A-4A7D-9831-2D9D4D4F63B00.qbd\data001;C:\Documents and Settings\owner\DoctorWeb\Quarantine\{30252591-5D6A-4A7D-9831-2D9D4D4F63B00.qbd;Tool.MailPassView.218;; {30252591-5D6A-4A7D-9831-2D9D4D4F63B00.qbd;C:\Documents and Settings\owner\DoctorWeb\Quarantine;Container contains infected objects;Moved.; {30252591-5D6A-4A7D-9831-2D9D4D4F63B0}.qbd\data001;C:\Documents and Settings\owner\DoctorWeb\Quarantine\{30252591-5D6A-4A7D-9831-2D9D4D4F63B0}.qbd;Tool.MailPassView.218;; {30252591-5D6A-4A7D-9831-2D9D4D4F63B0}.qbd;C:\Documents and Settings\owner\DoctorWeb\Quarantine;Container contains infected objects;Moved.; {336D336C-8C51-4373-8628-156E134FEC4B0.qbd\data001;C:\Documents and Settings\owner\DoctorWeb\Quarantine\{336D336C-8C51-4373-8628-156E134FEC4B0.qbd;Tool.ShowPass;; {336D336C-8C51-4373-8628-156E134FEC4B0.qbd;C:\Documents and Settings\owner\DoctorWeb\Quarantine;Container contains infected objects;Moved.; {336D336C-8C51-4373-8628-156E134FEC4B}.qbd\data001;C:\Documents and Settings\owner\DoctorWeb\Quarantine\{336D336C-8C51-4373-8628-156E134FEC4B}.qbd;Tool.ShowPass;; {336D336C-8C51-4373-8628-156E134FEC4B}.qbd;C:\Documents and Settings\owner\DoctorWeb\Quarantine;Container contains infected objects;Moved.; {3BCB2260-BA62-4D52-BD16-F78CF94610530.qbd\data001;C:\Documents and Settings\owner\DoctorWeb\Quarantine\{3BCB2260-BA62-4D52-BD16-F78CF94610530.qbd;Tool.MailPass.7;; {3BCB2260-BA62-4D52-BD16-F78CF94610530.qbd;C:\Documents and Settings\owner\DoctorWeb\Quarantine;Container contains infected objects;Moved.; {3BCB2260-BA62-4D52-BD16-F78CF9461053}.qbd\data001;C:\Documents and Settings\owner\DoctorWeb\Quarantine\{3BCB2260-BA62-4D52-BD16-F78CF9461053}.qbd;Tool.MailPass.7;; {3BCB2260-BA62-4D52-BD16-F78CF9461053}.qbd;C:\Documents and Settings\owner\DoctorWeb\Quarantine;Container contains infected objects;Moved.; {41EDF389-CDDC-41DD-94C2-50114B8D12900.qbd\data001;C:\Documents and Settings\owner\DoctorWeb\Quarantine\{41EDF389-CDDC-41DD-94C2-50114B8D12900.qbd;Tool.PassView.604;; {41EDF389-CDDC-41DD-94C2-50114B8D12900.qbd;C:\Documents and Settings\owner\DoctorWeb\Quarantine;Container contains infected objects;Moved.; {41EDF389-CDDC-41DD-94C2-50114B8D1290}.qbd\data001;C:\Documents and Settings\owner\DoctorWeb\Quarantine\{41EDF389-CDDC-41DD-94C2-50114B8D1290}.qbd;Tool.PassView.604;; {41EDF389-CDDC-41DD-94C2-50114B8D1290}.qbd;C:\Documents and Settings\owner\DoctorWeb\Quarantine;Container contains infected objects;Moved.; {5E3B33F5-93F3-4BD4-9506-4259845A5B930.qbd\data001;C:\Documents and Settings\owner\DoctorWeb\Quarantine\{5E3B33F5-93F3-4BD4-9506-4259845A5B930.qbd;Tool.PassView.604;; {5E3B33F5-93F3-4BD4-9506-4259845A5B930.qbd;C:\Documents and Settings\owner\DoctorWeb\Quarantine;Container contains infected objects;Moved.; {5E3B33F5-93F3-4BD4-9506-4259845A5B93}.qbd\data001;C:\Documents and Settings\owner\DoctorWeb\Quarantine\{5E3B33F5-93F3-4BD4-9506-4259845A5B93}.qbd;Tool.PassView.604;; {5E3B33F5-93F3-4BD4-9506-4259845A5B93}.qbd;C:\Documents and Settings\owner\DoctorWeb\Quarantine;Container contains infected objects;Moved.; {73582721-8EB3-499C-A0E0-68A9B7F83CE00.qbd\data001;C:\Documents and Settings\owner\DoctorWeb\Quarantine\{73582721-8EB3-499C-A0E0-68A9B7F83CE00.qbd;Tool.PassView.604;; {73582721-8EB3-499C-A0E0-68A9B7F83CE00.qbd;C:\Documents and Settings\owner\DoctorWeb\Quarantine;Container contains infected objects;Moved.; {73582721-8EB3-499C-A0E0-68A9B7F83CE0}.qbd\data001;C:\Documents and Settings\owner\DoctorWeb\Quarantine\{73582721-8EB3-499C-A0E0-68A9B7F83CE0}.qbd;Tool.PassView.604;; {73582721-8EB3-499C-A0E0-68A9B7F83CE0}.qbd;C:\Documents and Settings\owner\DoctorWeb\Quarantine;Container contains infected objects;Moved.; {75D30958-F1A0-4879-8967-20F833BBAC230.qbd\data001;C:\Documents and Settings\owner\DoctorWeb\Quarantine\{75D30958-F1A0-4879-8967-20F833BBAC230.qbd;Tool.MailPassView.218;; {75D30958-F1A0-4879-8967-20F833BBAC230.qbd;C:\Documents and Settings\owner\DoctorWeb\Quarantine;Container contains infected objects;Moved.; {75D30958-F1A0-4879-8967-20F833BBAC23}.qbd\data001;C:\Documents and Settings\owner\DoctorWeb\Quarantine\{75D30958-F1A0-4879-8967-20F833BBAC23}.qbd;Tool.MailPassView.218;; {75D30958-F1A0-4879-8967-20F833BBAC23}.qbd;C:\Documents and Settings\owner\DoctorWeb\Quarantine;Container contains infected objects;Moved.; {96E2D1AA-1605-449E-B968-0349827FB0770.qbd\data001;C:\Documents and Settings\owner\DoctorWeb\Quarantine\{96E2D1AA-1605-449E-B968-0349827FB0770.qbd;Tool.ShowPass;; {96E2D1AA-1605-449E-B968-0349827FB0770.qbd;C:\Documents and Settings\owner\DoctorWeb\Quarantine;Container contains infected objects;Moved.; {96E2D1AA-1605-449E-B968-0349827FB077}.qbd\data001;C:\Documents and Settings\owner\DoctorWeb\Quarantine\{96E2D1AA-1605-449E-B968-0349827FB077}.qbd;Tool.ShowPass;; {96E2D1AA-1605-449E-B968-0349827FB077}.qbd;C:\Documents and Settings\owner\DoctorWeb\Quarantine;Container contains infected objects;Moved.; {9B26E2A9-CDF7-48C6-8815-4438779DB2BB0.qbd\data001;C:\Documents and Settings\owner\DoctorWeb\Quarantine\{9B26E2A9-CDF7-48C6-8815-4438779DB2BB0.qbd;Tool.ShowPass;; {9B26E2A9-CDF7-48C6-8815-4438779DB2BB0.qbd;C:\Documents and Settings\owner\DoctorWeb\Quarantine;Container contains infected objects;Moved.; {9B26E2A9-CDF7-48C6-8815-4438779DB2BB}.qbd\data001;C:\Documents and Settings\owner\DoctorWeb\Quarantine\{9B26E2A9-CDF7-48C6-8815-4438779DB2BB}.qbd;Tool.ShowPass;; {9B26E2A9-CDF7-48C6-8815-4438779DB2BB}.qbd;C:\Documents and Settings\owner\DoctorWeb\Quarantine;Container contains infected objects;Moved.; {A69A2F1F-1C4E-4128-A461-35B261C25BDB0.qbd\data001;C:\Documents and Settings\owner\DoctorWeb\Quarantine\{A69A2F1F-1C4E-4128-A461-35B261C25BDB0.qbd;Tool.MailPassView.218;; {A69A2F1F-1C4E-4128-A461-35B261C25BDB0.qbd;C:\Documents and Settings\owner\DoctorWeb\Quarantine;Container contains infected objects;Moved.; {A69A2F1F-1C4E-4128-A461-35B261C25BDB}.qbd\data001;C:\Documents and Settings\owner\DoctorWeb\Quarantine\{A69A2F1F-1C4E-4128-A461-35B261C25BDB}.qbd;Tool.MailPassView.218;; {A69A2F1F-1C4E-4128-A461-35B261C25BDB}.qbd;C:\Documents and Settings\owner\DoctorWeb\Quarantine;Container contains infected objects;Moved.; {D1EFA2D5-0927-449D-99D0-93C2E14E5C4F0.qbd\data001;C:\Documents and Settings\owner\DoctorWeb\Quarantine\{D1EFA2D5-0927-449D-99D0-93C2E14E5C4F0.qbd;Tool.PassView.604;; {D1EFA2D5-0927-449D-99D0-93C2E14E5C4F0.qbd;C:\Documents and Settings\owner\DoctorWeb\Quarantine;Container contains infected objects;Moved.; {D1EFA2D5-0927-449D-99D0-93C2E14E5C4F}.qbd\data001;C:\Documents and Settings\owner\DoctorWeb\Quarantine\{D1EFA2D5-0927-449D-99D0-93C2E14E5C4F}.qbd;Tool.PassView.604;; {D1EFA2D5-0927-449D-99D0-93C2E14E5C4F}.qbd;C:\Documents and Settings\owner\DoctorWeb\Quarantine;Container contains infected objects;Moved.; {EF7E881D-2955-421F-B1AE-6D3F630684B30.qbd\data001;C:\Documents and Settings\owner\DoctorWeb\Quarantine\{EF7E881D-2955-421F-B1AE-6D3F630684B30.qbd;Tool.PassView.663;; {EF7E881D-2955-421F-B1AE-6D3F630684B30.qbd;C:\Documents and Settings\owner\DoctorWeb\Quarantine;Container contains infected objects;Moved.; {EF7E881D-2955-421F-B1AE-6D3F630684B3}.qbd\data001;C:\Documents and Settings\owner\DoctorWeb\Quarantine\{EF7E881D-2955-421F-B1AE-6D3F630684B3}.qbd;Tool.PassView.663;; {EF7E881D-2955-421F-B1AE-6D3F630684B3}.qbd;C:\Documents and Settings\owner\DoctorWeb\Quarantine;Container contains infected objects;Moved.; {FDCD9A2D-4046-497B-96C4-D5BF8B29EDC60.qbd\data001;C:\Documents and Settings\owner\DoctorWeb\Quarantine\{FDCD9A2D-4046-497B-96C4-D5BF8B29EDC60.qbd;Tool.ShowPass;; {FDCD9A2D-4046-497B-96C4-D5BF8B29EDC60.qbd;C:\Documents and Settings\owner\DoctorWeb\Quarantine;Container contains infected objects;Moved.; {FDCD9A2D-4046-497B-96C4-D5BF8B29EDC6}.qbd\data001;C:\Documents and Settings\owner\DoctorWeb\Quarantine\{FDCD9A2D-4046-497B-96C4-D5BF8B29EDC6}.qbd;Tool.ShowPass;; {FDCD9A2D-4046-497B-96C4-D5BF8B29EDC6}.qbd;C:\Documents and Settings\owner\DoctorWeb\Quarantine;Container contains infected objects;Moved.; {FF52887A-4422-4C6E-B80B-7A1DB684A70D0.qbd\data001;C:\Documents and Settings\owner\DoctorWeb\Quarantine\{FF52887A-4422-4C6E-B80B-7A1DB684A70D0.qbd;Tool.PassView.663;; {FF52887A-4422-4C6E-B80B-7A1DB684A70D0.qbd;C:\Documents and Settings\owner\DoctorWeb\Quarantine;Container contains infected objects;Moved.; {FF52887A-4422-4C6E-B80B-7A1DB684A70D}.qbd\data001;C:\Documents and Settings\owner\DoctorWeb\Quarantine\{FF52887A-4422-4C6E-B80B-7A1DB684A70D}.qbd;Tool.PassView.663;; {FF52887A-4422-4C6E-B80B-7A1DB684A70D}.qbd;C:\Documents and Settings\owner\DoctorWeb\Quarantine;Container contains infected objects;Moved.; tftpd32.exe;C:\nettyPE_2011_11_07\Temp\Win7PE_SE\Tftpd32;Program.Ftpd.2 - read error;Invalid path to file ; {41EDF389-CDDC-41DD-94C2-50114B8D1290}.qbd\data001;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{0179D260-D925-4FAD-9CE1-E5E5EE774829}\{41ED;Tool.PassView.604;; {41EDF389-CDDC-41DD-94C2-50114B8D1290}.qbd;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{0179D260-D925-4FAD-9CE1-E5E5EE774829};Container contains infected objects;Will be deleted after restart.; {336D336C-8C51-4373-8628-156E134FEC4B}.qbd\data001;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{0437CF22-96F0-4FB2-B3C6-C0224BE65E68}\{336D;Tool.ShowPass;; {336D336C-8C51-4373-8628-156E134FEC4B}.qbd;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{0437CF22-96F0-4FB2-B3C6-C0224BE65E68};Container contains infected objects;Will be deleted after restart.; {73582721-8EB3-499C-A0E0-68A9B7F83CE0}.qbd\data001;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{1E0DAA98-9C1D-4F34-B765-13861B475964}\{7358;Tool.PassView.604;; {73582721-8EB3-499C-A0E0-68A9B7F83CE0}.qbd;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{1E0DAA98-9C1D-4F34-B765-13861B475964};Container contains infected objects;Will be deleted after restart.; {9B26E2A9-CDF7-48C6-8815-4438779DB2BB}.qbd\data001;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{1FCB473C-091A-4026-ABE4-EBF8D57EA767}\{9B26;Tool.ShowPass;; {9B26E2A9-CDF7-48C6-8815-4438779DB2BB}.qbd;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{1FCB473C-091A-4026-ABE4-EBF8D57EA767};Container contains infected objects;Will be deleted after restart.; {96E2D1AA-1605-449E-B968-0349827FB077}.qbd\data001;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{2239DC28-8367-4E02-A07F-9EF25B1BD9F0}\{96E2;Tool.ShowPass;; {96E2D1AA-1605-449E-B968-0349827FB077}.qbd;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{2239DC28-8367-4E02-A07F-9EF25B1BD9F0};Container contains infected objects;Will be deleted after restart.; {30252591-5D6A-4A7D-9831-2D9D4D4F63B0}.qbd\data001;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{2E23F33D-3575-477F-BBB4-014604B8C410}\{3025;Tool.MailPassView.218;; {30252591-5D6A-4A7D-9831-2D9D4D4F63B0}.qbd;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{2E23F33D-3575-477F-BBB4-014604B8C410};Container contains infected objects;Will be deleted after restart.; {75D30958-F1A0-4879-8967-20F833BBAC23}.qbd\data001;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{2E56211E-308D-46C5-A0A9-D25D09A338DB}\{75D3;Tool.MailPassView.218;; {75D30958-F1A0-4879-8967-20F833BBAC23}.qbd;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{2E56211E-308D-46C5-A0A9-D25D09A338DB};Container contains infected objects;Will be deleted after restart.; {FF52887A-4422-4C6E-B80B-7A1DB684A70D}.qbd\data001;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{31BB6F5E-2AF2-4614-89FA-1F1687E3770A}\{FF52;Tool.PassView.663;; {FF52887A-4422-4C6E-B80B-7A1DB684A70D}.qbd;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{31BB6F5E-2AF2-4614-89FA-1F1687E3770A};Container contains infected objects;Will be deleted after restart.; {D1EFA2D5-0927-449D-99D0-93C2E14E5C4F}.qbd\data001;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{4A959C0B-9D31-44F0-89FF-6D1F711BAB95}\{D1EF;Tool.PassView.604;; {D1EFA2D5-0927-449D-99D0-93C2E14E5C4F}.qbd;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{4A959C0B-9D31-44F0-89FF-6D1F711BAB95};Container contains infected objects;Will be deleted after restart.; {EF7E881D-2955-421F-B1AE-6D3F630684B3}.qbd\data001;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{4CED6AA8-4B09-4988-8006-C092D900BC0F}\{EF7E;Tool.PassView.663;; {EF7E881D-2955-421F-B1AE-6D3F630684B3}.qbd;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{4CED6AA8-4B09-4988-8006-C092D900BC0F};Container contains infected objects;Will be deleted after restart.; {FDCD9A2D-4046-497B-96C4-D5BF8B29EDC6}.qbd\data001;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{607DC1A2-6442-48B0-9077-2F46AC497961}\{FDCD;Tool.ShowPass;; {FDCD9A2D-4046-497B-96C4-D5BF8B29EDC6}.qbd;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{607DC1A2-6442-48B0-9077-2F46AC497961};Container contains infected objects;Will be deleted after restart.; {A69A2F1F-1C4E-4128-A461-35B261C25BDB}.qbd\data001;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{9D1EF5CF-DA7C-4C8F-AACF-9C426D07AAA9}\{A69A;Tool.MailPassView.218;; {A69A2F1F-1C4E-4128-A461-35B261C25BDB}.qbd;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{9D1EF5CF-DA7C-4C8F-AACF-9C426D07AAA9};Container contains infected objects;Will be deleted after restart.; {3BCB2260-BA62-4D52-BD16-F78CF9461053}.qbd\data001;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{ACF49A6D-917F-4FCE-AB8D-30142D26C632}\{3BCB;Tool.MailPass.7;; {3BCB2260-BA62-4D52-BD16-F78CF9461053}.qbd;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{ACF49A6D-917F-4FCE-AB8D-30142D26C632};Container contains infected objects;Will be deleted after restart.; {2F3B84D4-592E-4362-AF44-E6A48C7AE15A}.qbd\data001;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{C126B276-A67E-4332-9666-683563B93C97}\{2F3B;Tool.ShowPass;; {2F3B84D4-592E-4362-AF44-E6A48C7AE15A}.qbd;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{C126B276-A67E-4332-9666-683563B93C97};Container contains infected objects;Will be deleted after restart.; {5E3B33F5-93F3-4BD4-9506-4259845A5B93}.qbd\data001;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{DA2C626B-AEB0-4F95-B06D-0DF7BA6DCB1E}\{5E3B;Tool.PassView.604;; {5E3B33F5-93F3-4BD4-9506-4259845A5B93}.qbd;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{DA2C626B-AEB0-4F95-B06D-0DF7BA6DCB1E};Container contains infected objects;Will be deleted after restart.; {03F24764-056A-4E14-95FD-1513FB5441B1}.qbd\data001;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{E5A8B5DA-8186-48EC-8A14-3B43B5821120}\{03F2;Tool.PassView.663;; {03F24764-056A-4E14-95FD-1513FB5441B1}.qbd;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{E5A8B5DA-8186-48EC-8A14-3B43B5821120};Container contains infected objects;Will be deleted after restart.; {41EDF389-CDDC-41DD-94C2-50114B8D1290}.qbd\data001;C:\Users\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{0179D260-D925-4FAD-9CE1-E5E5EE774829}\{;Tool.PassView.604;; {41EDF389-CDDC-41DD-94C2-50114B8D1290}.qbd;C:\Users\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{0179D260-D925-4FAD-9CE1-E5E5EE774829};Container contains infected objects;Will be deleted after restart.; {336D336C-8C51-4373-8628-156E134FEC4B}.qbd\data001;C:\Users\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{0437CF22-96F0-4FB2-B3C6-C0224BE65E68}\{;Tool.ShowPass;; {336D336C-8C51-4373-8628-156E134FEC4B}.qbd;C:\Users\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{0437CF22-96F0-4FB2-B3C6-C0224BE65E68};Container contains infected objects;Will be deleted after restart.; {73582721-8EB3-499C-A0E0-68A9B7F83CE0}.qbd\data001;C:\Users\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{1E0DAA98-9C1D-4F34-B765-13861B475964}\{;Tool.PassView.604;; {73582721-8EB3-499C-A0E0-68A9B7F83CE0}.qbd;C:\Users\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{1E0DAA98-9C1D-4F34-B765-13861B475964};Container contains infected objects;Will be deleted after restart.; {9B26E2A9-CDF7-48C6-8815-4438779DB2BB}.qbd\data001;C:\Users\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{1FCB473C-091A-4026-ABE4-EBF8D57EA767}\{;Tool.ShowPass;; {9B26E2A9-CDF7-48C6-8815-4438779DB2BB}.qbd;C:\Users\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{1FCB473C-091A-4026-ABE4-EBF8D57EA767};Container contains infected objects;Will be deleted after restart.; {96E2D1AA-1605-449E-B968-0349827FB077}.qbd\data001;C:\Users\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{2239DC28-8367-4E02-A07F-9EF25B1BD9F0}\{;Tool.ShowPass;; {96E2D1AA-1605-449E-B968-0349827FB077}.qbd;C:\Users\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{2239DC28-8367-4E02-A07F-9EF25B1BD9F0};Container contains infected objects;Will be deleted after restart.; {30252591-5D6A-4A7D-9831-2D9D4D4F63B0}.qbd\data001;C:\Users\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{2E23F33D-3575-477F-BBB4-014604B8C410}\{;Tool.MailPassView.218;; {30252591-5D6A-4A7D-9831-2D9D4D4F63B0}.qbd;C:\Users\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{2E23F33D-3575-477F-BBB4-014604B8C410};Container contains infected objects;Will be deleted after restart.; {75D30958-F1A0-4879-8967-20F833BBAC23}.qbd\data001;C:\Users\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{2E56211E-308D-46C5-A0A9-D25D09A338DB}\{;Tool.MailPassView.218;; {75D30958-F1A0-4879-8967-20F833BBAC23}.qbd;C:\Users\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{2E56211E-308D-46C5-A0A9-D25D09A338DB};Container contains infected objects;Will be deleted after restart.; {FF52887A-4422-4C6E-B80B-7A1DB684A70D}.qbd\data001;C:\Users\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{31BB6F5E-2AF2-4614-89FA-1F1687E3770A}\{;Tool.PassView.663;; {FF52887A-4422-4C6E-B80B-7A1DB684A70D}.qbd;C:\Users\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{31BB6F5E-2AF2-4614-89FA-1F1687E3770A};Container contains infected objects;Will be deleted after restart.; {D1EFA2D5-0927-449D-99D0-93C2E14E5C4F}.qbd\data001;C:\Users\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{4A959C0B-9D31-44F0-89FF-6D1F711BAB95}\{;Tool.PassView.604;; {D1EFA2D5-0927-449D-99D0-93C2E14E5C4F}.qbd;C:\Users\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{4A959C0B-9D31-44F0-89FF-6D1F711BAB95};Container contains infected objects;Will be deleted after restart.; {EF7E881D-2955-421F-B1AE-6D3F630684B3}.qbd\data001;C:\Users\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{4CED6AA8-4B09-4988-8006-C092D900BC0F}\{;Tool.PassView.663;; {EF7E881D-2955-421F-B1AE-6D3F630684B3}.qbd;C:\Users\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{4CED6AA8-4B09-4988-8006-C092D900BC0F};Container contains infected objects;Will be deleted after restart.; {FDCD9A2D-4046-497B-96C4-D5BF8B29EDC6}.qbd\data001;C:\Users\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{607DC1A2-6442-48B0-9077-2F46AC497961}\{;Tool.ShowPass;; {FDCD9A2D-4046-497B-96C4-D5BF8B29EDC6}.qbd;C:\Users\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{607DC1A2-6442-48B0-9077-2F46AC497961};Container contains infected objects;Will be deleted after restart.; {A69A2F1F-1C4E-4128-A461-35B261C25BDB}.qbd\data001;C:\Users\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{9D1EF5CF-DA7C-4C8F-AACF-9C426D07AAA9}\{;Tool.MailPassView.218;; {A69A2F1F-1C4E-4128-A461-35B261C25BDB}.qbd;C:\Users\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{9D1EF5CF-DA7C-4C8F-AACF-9C426D07AAA9};Container contains infected objects;Will be deleted after restart.; {3BCB2260-BA62-4D52-BD16-F78CF9461053}.qbd\data001;C:\Users\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{ACF49A6D-917F-4FCE-AB8D-30142D26C632}\{;Tool.MailPass.7;; {3BCB2260-BA62-4D52-BD16-F78CF9461053}.qbd;C:\Users\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{ACF49A6D-917F-4FCE-AB8D-30142D26C632};Container contains infected objects;Will be deleted after restart.; {2F3B84D4-592E-4362-AF44-E6A48C7AE15A}.qbd\data001;C:\Users\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{C126B276-A67E-4332-9666-683563B93C97}\{;Tool.ShowPass;; {2F3B84D4-592E-4362-AF44-E6A48C7AE15A}.qbd;C:\Users\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{C126B276-A67E-4332-9666-683563B93C97};Container contains infected objects;Will be deleted after restart.; {5E3B33F5-93F3-4BD4-9506-4259845A5B93}.qbd\data001;C:\Users\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{DA2C626B-AEB0-4F95-B06D-0DF7BA6DCB1E}\{;Tool.PassView.604;; {5E3B33F5-93F3-4BD4-9506-4259845A5B93}.qbd;C:\Users\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{DA2C626B-AEB0-4F95-B06D-0DF7BA6DCB1E};Container contains infected objects;Will be deleted after restart.; {03F24764-056A-4E14-95FD-1513FB5441B1}.qbd\data001;C:\Users\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{E5A8B5DA-8186-48EC-8A14-3B43B5821120}\{;Tool.PassView.663;; {03F24764-056A-4E14-95FD-1513FB5441B1}.qbd;C:\Users\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{E5A8B5DA-8186-48EC-8A14-3B43B5821120};Container contains infected objects;Will be deleted after restart.; install.rdf;C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\ttz7prjd.default\extensions\{6cfa2c5b-274f-4d68-a6e4-bfb31acd5ee4};Adware.FreeCause.3;Incurable.Moved.; const.js;C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\ttz7prjd.default\extensions\{6cfa2c5b-274f-4d68-a6e4-bfb31acd5ee4}\chro;Adware.Bho.3783;Incurable.Moved.; settings.xml;C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\ttz7prjd.default\extensions\{6cfa2c5b-274f-4d68-a6e4-bfb31acd5ee4}\chro;Adware.Shopper.232;Incurable.Moved.; mzcv.exe;C:\Users\owner\Desktop\MY MRI\brtools;Tool.CookieView.2;Incurable.Moved.; mzcv.exe;C:\Users\owner\Desktop\Nirsoft utilities\brtools;Tool.CookieView.2;Incurable.Moved.; mzcv.exe;C:\Users\owner\Desktop\Nirsoft utilities\mzcv;Tool.CookieView.2;Incurable.Moved.; BulletsPassView.exe;C:\Users\owner\Desktop\Nirsoft utilities\passrec;Tool.PassView.614;Incurable.Moved.;
  7. thanks heres the files: SHA256: 50935f1101e7c712399cee8565f2a244f7a657eec296a92afc05552d92a26a8e SHA1: 689bb1735f888fa813dafae17a08fcea1196862e MD5: df81bda711ebc1005e114f43350cecea File size: 18.6 MB ( 19517952 bytes ) File name: file-2723057_exe File type: Win32 EXE Detection ratio: 0 / 44 Analysis date: 2011-09-01 17:37:34 UTC ( 11 months, 1 week ago ) SHA256: 88176347d3cac73434807944f85460341f41f38e818a4e89a198081777be6987 SHA1: d823d78d6d08df732e7f267321fe24d1f15de87d MD5: 4bcd01f7772410dd29df8f25c9321010 File size: 435.5 KB ( 445952 bytes ) File name: smona_88176347d3cac73434807944f85460341f41f38e818a4e89a198081777be6987.bin File type: Win32 EXE Detection ratio: 0 / 42 Analysis date: 2012-05-26 04:03:54 UTC ( 2 months, 2 weeks ago ) 00 VirSCAN.org Scanned Report : Scanned time : 2012/08/09 10:17:40 (EDT) Scanner results: Scanners did not find malware! File Name : redsn0w.exe File Size : 19517952 byte File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit MD5 : df81bda711ebc1005e114f43350cecea SHA1 : 689bb1735f888fa813dafae17a08fcea1196862e Online report : http://r.virscan.org...918a4148eaa66a4 Scanner Engine Ver Sig Ver Sig Date Time Scan result a-squared 5.1.0.4 20120809110502 2012-08-09 7.34 - AhnLab V3 ... .. -- 0.15 - AntiVir 8.2.10.80 7.11.32.106 2012-06-09 0.00 - Antiy 2.0.18 20120803.20230192 2012-08-03 0.00 - Arcavir 2011 201206041805 2012-06-04 0.00 - Authentium 5.1.1 201208070244 2012-08-07 0.00 - AVAST! 4.7.4 120806-1 2012-08-06 0.00 - AVG 12.0.1787 2437/5182 2012-08-06 0.00 - BitDefender 7.90123.7330300 7.42746 2012-06-27 0.00 - ClamAV 0.97.3 15226 2012-08-07 0.00 - Comodo 5.1 13186 2012-08-08 2.70 - CP Secure 1.3.0.5 2012.08.06 2012-08-06 0.00 - Dr.Web 7.0.2.4281 2012.08.07 2012-08-07 0.00 - F-Prot 4.6.2.117 20120806 2012-08-06 0.00 - F-Secure 7.02.73807 2012.08.07.01 2012-08-07 0.00 - Fortinet 4.3.392 16.5 2012-08-09 0.99 - GData 22.5755 20120809 2012-08-09 5.99 - ViRobot 20120809 2012.08.09 2012-08-09 0.37 - Ikarus T3.1.32.20.0 ..1.32.20.0. --1.32.20.0 0.00 - JiangMin 13.0.900 2012.08.09 2012-08-09 2.24 - Kaspersky 5.5.10 2012.08.07 2012-08-07 0.00 - KingSoft 2009.2.5.15 2012.8.9.9 2012-08-09 1.67 - McAfee 5400.1158 6795 2012-08-06 0.00 - Microsoft 1.8601 2012.08.09 2012-08-09 7.33 - NOD32 3.0.21 7353 2012-08-03 0.00 - Panda 9.05.01 2012.08.09 2012-08-09 2.68 - Trend Micro 9.500-1005 9.308.05 2012-08-06 0.00 - Quick Heal 11.00 2012.08.08 2012-08-08 6.45 - Rising 20.0 24.22.02.05 2012-08-08 3.04 - Sophos 3.33.2 4.79 2012-08-07 0.00 - Sunbelt 3.9.2544.2 12550 2012-08-08 3.58 - Symantec 1.3.0.24 20120805.009 2012-08-05 0.00 - nProtect 20120809.01 11678306 2012-08-09 1.73 - The Hacker 6.8.0.0 v00074 2012-08-08 0.63 - VBA32 3.12.18.1 20120806.0754 2012-08-06 0.00 - VirusBuster 5.5.2.13 15.0.133.1/92354842012-08-07 0.00 - VirSCAN.org Scanned Report : Scanned time : 2012/08/09 10:20:49 (EDT) Scanner results: Scanners did not find malware! File Name : cinject.exe File Size : 445952 byte File Type : PE32 executable for MS Windows (console) Intel 80386 32-bit MD5 : 4bcd01f7772410dd29df8f25c9321010 SHA1 : d823d78d6d08df732e7f267321fe24d1f15de87d Online report : http://r.virscan.org...63664a05b0b4f58 Scanner Engine Ver Sig Ver Sig Date Time Scan result a-squared 5.1.0.4 20120809110502 2012-08-09 11.63 - AhnLab V3 ... .. -- 0.21 - AntiVir 8.2.10.80 7.11.32.106 2012-06-09 0.00 - Antiy 2.0.18 20120803.20230192 2012-08-03 0.00 - Arcavir 2011 201206041805 2012-06-04 0.00 - Authentium 5.1.1 201208070244 2012-08-07 0.00 - AVAST! 4.7.4 120806-1 2012-08-06 0.00 - AVG 12.0.1787 2437/5182 2012-08-06 0.00 - BitDefender 7.90123.7330300 7.42746 2012-06-27 0.00 - ClamAV 0.97.3 15226 2012-08-07 0.00 - Comodo 5.1 13186 2012-08-08 2.50 - CP Secure 1.3.0.5 2012.08.06 2012-08-06 0.00 - Dr.Web 7.0.2.4281 2012.08.07 2012-08-07 0.00 - F-Prot 4.6.2.117 20120806 2012-08-06 0.00 - F-Secure 7.02.73807 2012.08.07.01 2012-08-07 0.00 - Fortinet 4.3.392 16.5 2012-08-09 0.26 - GData 22.5755 20120809 2012-08-09 5.35 - ViRobot 20120809 2012.08.09 2012-08-09 0.37 - Ikarus T3.1.32.20.0 ..1.32.20.0. --1.32.20.0 0.00 - JiangMin 13.0.900 2012.08.09 2012-08-09 2.27 - Kaspersky 5.5.10 2012.08.07 2012-08-07 0.00 - KingSoft 2009.2.5.15 2012.8.9.9 2012-08-09 0.98 - McAfee 5400.1158 6795 2012-08-06 0.00 - Microsoft 1.8601 2012.08.09 2012-08-09 3.61 - NOD32 3.0.21 7353 2012-08-03 0.00 - Panda 9.05.01 2012.08.09 2012-08-09 2.68 - Trend Micro 9.500-1005 9.308.05 2012-08-06 0.00 - Quick Heal 11.00 2012.08.08 2012-08-08 1.47 - Rising 20.0 24.22.02.05 2012-08-08 3.38 - Sophos 3.33.2 4.79 2012-08-07 0.00 - Sunbelt 3.9.2544.2 12550 2012-08-08 1.64 - Symantec 1.3.0.24 20120805.009 2012-08-05 0.00 - nProtect 20120809.01 11678306 2012-08-09 1.40 - The Hacker 6.8.0.0 v00074 2012-08-08 0.65 - VBA32 3.12.18.1 20120806.0754 2012-08-06 0.00 - VirusBuster 5.5.2.13 15.0.133.1/92354842012-08-07 0.00 - {41EDF389-CDDC-41DD-94C2-50114B8D1290}.qbd\data001;C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{0179D;Tool.PassView.604;; {41EDF389-CDDC-41DD-94C2-50114B8D1290}.qbd;C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{0179D;Container contains infected objects;Will be deleted after restart.; {336D336C-8C51-4373-8628-156E134FEC4B}.qbd\data001;C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{0437C;Tool.ShowPass;; {336D336C-8C51-4373-8628-156E134FEC4B}.qbd;C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{0437C;Container contains infected objects;Will be deleted after restart.; {73582721-8EB3-499C-A0E0-68A9B7F83CE0}.qbd\data001;C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{1E0DA;Tool.PassView.604;; {73582721-8EB3-499C-A0E0-68A9B7F83CE0}.qbd;C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{1E0DA;Container contains infected objects;Will be deleted after restart.; {9B26E2A9-CDF7-48C6-8815-4438779DB2BB}.qbd\data001;C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{1FCB4;Tool.ShowPass;; {9B26E2A9-CDF7-48C6-8815-4438779DB2BB}.qbd;C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{1FCB4;Container contains infected objects;Will be deleted after restart.; {96E2D1AA-1605-449E-B968-0349827FB077}.qbd\data001;C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{2239D;Tool.ShowPass;; {96E2D1AA-1605-449E-B968-0349827FB077}.qbd;C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{2239D;Container contains infected objects;Will be deleted after restart.; {30252591-5D6A-4A7D-9831-2D9D4D4F63B0}.qbd\data001;C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{2E23F;Tool.MailPassView.218;; {30252591-5D6A-4A7D-9831-2D9D4D4F63B0}.qbd;C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{2E23F;Container contains infected objects;Will be deleted after restart.; {75D30958-F1A0-4879-8967-20F833BBAC23}.qbd\data001;C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{2E562;Tool.MailPassView.218;; {75D30958-F1A0-4879-8967-20F833BBAC23}.qbd;C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{2E562;Container contains infected objects;Will be deleted after restart.; {FF52887A-4422-4C6E-B80B-7A1DB684A70D}.qbd\data001;C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{31BB6;Tool.PassView.663;; {FF52887A-4422-4C6E-B80B-7A1DB684A70D}.qbd;C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{31BB6;Container contains infected objects;Will be deleted after restart.; {D1EFA2D5-0927-449D-99D0-93C2E14E5C4F}.qbd\data001;C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{4A959;Tool.PassView.604;; {D1EFA2D5-0927-449D-99D0-93C2E14E5C4F}.qbd;C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{4A959;Container contains infected objects;Will be deleted after restart.; {EF7E881D-2955-421F-B1AE-6D3F630684B3}.qbd\data001;C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{4CED6;Tool.PassView.663;; {EF7E881D-2955-421F-B1AE-6D3F630684B3}.qbd;C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{4CED6;Container contains infected objects;Will be deleted after restart.; {FDCD9A2D-4046-497B-96C4-D5BF8B29EDC6}.qbd\data001;C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{607DC;Tool.ShowPass;; {FDCD9A2D-4046-497B-96C4-D5BF8B29EDC6}.qbd;C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{607DC;Container contains infected objects;Will be deleted after restart.; {A69A2F1F-1C4E-4128-A461-35B261C25BDB}.qbd\data001;C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{9D1EF;Tool.MailPassView.218;; {A69A2F1F-1C4E-4128-A461-35B261C25BDB}.qbd;C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{9D1EF;Container contains infected objects;Will be deleted after restart.; {3BCB2260-BA62-4D52-BD16-F78CF9461053}.qbd\data001;C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{ACF49;Tool.MailPass.7;; {3BCB2260-BA62-4D52-BD16-F78CF9461053}.qbd;C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{ACF49;Container contains infected objects;Will be deleted after restart.; {2F3B84D4-592E-4362-AF44-E6A48C7AE15A}.qbd\data001;C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{C126B;Tool.ShowPass;; {2F3B84D4-592E-4362-AF44-E6A48C7AE15A}.qbd;C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{C126B;Container contains infected objects;Will be deleted after restart.; {5E3B33F5-93F3-4BD4-9506-4259845A5B93}.qbd\data001;C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{DA2C6;Tool.PassView.604;; {5E3B33F5-93F3-4BD4-9506-4259845A5B93}.qbd;C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{DA2C6;Container contains infected objects;Will be deleted after restart.; {03F24764-056A-4E14-95FD-1513FB5441B1}.qbd\data001;C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{E5A8B;Tool.PassView.663;; {03F24764-056A-4E14-95FD-1513FB5441B1}.qbd;C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{E5A8B;Container contains infected objects;Will be deleted after restart.; {41EDF389-CDDC-41DD-94C2-50114B8D1290}.qbd\data001;C:\Documents and Settings\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{0179D260-D925-4FAD-9CE;Tool.PassView.604;; {41EDF389-CDDC-41DD-94C2-50114B8D1290}.qbd;C:\Documents and Settings\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{0179D260-D925-4FAD-9CE;Container contains infected objects;Will be deleted after restart.; {336D336C-8C51-4373-8628-156E134FEC4B}.qbd\data001;C:\Documents and Settings\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{0437CF22-96F0-4FB2-B3C;Tool.ShowPass;; {336D336C-8C51-4373-8628-156E134FEC4B}.qbd;C:\Documents and Settings\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{0437CF22-96F0-4FB2-B3C;Container contains infected objects;Will be deleted after restart.; {73582721-8EB3-499C-A0E0-68A9B7F83CE0}.qbd\data001;C:\Documents and Settings\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{1E0DAA98-9C1D-4F34-B76;Tool.PassView.604;; {73582721-8EB3-499C-A0E0-68A9B7F83CE0}.qbd;C:\Documents and Settings\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{1E0DAA98-9C1D-4F34-B76;Container contains infected objects;Will be deleted after restart.; {9B26E2A9-CDF7-48C6-8815-4438779DB2BB}.qbd\data001;C:\Documents and Settings\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{1FCB473C-091A-4026-ABE;Tool.ShowPass;; {9B26E2A9-CDF7-48C6-8815-4438779DB2BB}.qbd;C:\Documents and Settings\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{1FCB473C-091A-4026-ABE;Container contains infected objects;Will be deleted after restart.; {96E2D1AA-1605-449E-B968-0349827FB077}.qbd\data001;C:\Documents and Settings\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{2239DC28-8367-4E02-A07;Tool.ShowPass;; {96E2D1AA-1605-449E-B968-0349827FB077}.qbd;C:\Documents and Settings\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{2239DC28-8367-4E02-A07;Container contains infected objects;Will be deleted after restart.; {30252591-5D6A-4A7D-9831-2D9D4D4F63B0}.qbd\data001;C:\Documents and Settings\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{2E23F33D-3575-477F-BBB;Tool.MailPassView.218;; {30252591-5D6A-4A7D-9831-2D9D4D4F63B0}.qbd;C:\Documents and Settings\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{2E23F33D-3575-477F-BBB;Container contains infected objects;Will be deleted after restart.; {75D30958-F1A0-4879-8967-20F833BBAC23}.qbd\data001;C:\Documents and Settings\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{2E56211E-308D-46C5-A0A;Tool.MailPassView.218;; {75D30958-F1A0-4879-8967-20F833BBAC23}.qbd;C:\Documents and Settings\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{2E56211E-308D-46C5-A0A;Container contains infected objects;Will be deleted after restart.; {FF52887A-4422-4C6E-B80B-7A1DB684A70D}.qbd\data001;C:\Documents and Settings\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{31BB6F5E-2AF2-4614-89F;Tool.PassView.663;; {FF52887A-4422-4C6E-B80B-7A1DB684A70D}.qbd;C:\Documents and Settings\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{31BB6F5E-2AF2-4614-89F;Container contains infected objects;Will be deleted after restart.; {D1EFA2D5-0927-449D-99D0-93C2E14E5C4F}.qbd\data001;C:\Documents and Settings\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{4A959C0B-9D31-44F0-89F;Tool.PassView.604;; {D1EFA2D5-0927-449D-99D0-93C2E14E5C4F}.qbd;C:\Documents and Settings\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{4A959C0B-9D31-44F0-89F;Container contains infected objects;Will be deleted after restart.; {EF7E881D-2955-421F-B1AE-6D3F630684B3}.qbd\data001;C:\Documents and Settings\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{4CED6AA8-4B09-4988-800;Tool.PassView.663;; {EF7E881D-2955-421F-B1AE-6D3F630684B3}.qbd;C:\Documents and Settings\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{4CED6AA8-4B09-4988-800;Container contains infected objects;Will be deleted after restart.; {FDCD9A2D-4046-497B-96C4-D5BF8B29EDC6}.qbd\data001;C:\Documents and Settings\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{607DC1A2-6442-48B0-907;Tool.ShowPass;; {FDCD9A2D-4046-497B-96C4-D5BF8B29EDC6}.qbd;C:\Documents and Settings\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{607DC1A2-6442-48B0-907;Container contains infected objects;Will be deleted after restart.; {A69A2F1F-1C4E-4128-A461-35B261C25BDB}.qbd\data001;C:\Documents and Settings\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{9D1EF5CF-DA7C-4C8F-AAC;Tool.MailPassView.218;; {A69A2F1F-1C4E-4128-A461-35B261C25BDB}.qbd;C:\Documents and Settings\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{9D1EF5CF-DA7C-4C8F-AAC;Container contains infected objects;Will be deleted after restart.; {3BCB2260-BA62-4D52-BD16-F78CF9461053}.qbd\data001;C:\Documents and Settings\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{ACF49A6D-917F-4FCE-AB8;Tool.MailPass.7;; {3BCB2260-BA62-4D52-BD16-F78CF9461053}.qbd;C:\Documents and Settings\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{ACF49A6D-917F-4FCE-AB8;Container contains infected objects;Will be deleted after restart.; {2F3B84D4-592E-4362-AF44-E6A48C7AE15A}.qbd\data001;C:\Documents and Settings\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{C126B276-A67E-4332-966;Tool.ShowPass;; {2F3B84D4-592E-4362-AF44-E6A48C7AE15A}.qbd;C:\Documents and Settings\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{C126B276-A67E-4332-966;Container contains infected objects;Will be deleted after restart.; {5E3B33F5-93F3-4BD4-9506-4259845A5B93}.qbd\data001;C:\Documents and Settings\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{DA2C626B-AEB0-4F95-B06;Tool.PassView.604;; {5E3B33F5-93F3-4BD4-9506-4259845A5B93}.qbd;C:\Documents and Settings\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{DA2C626B-AEB0-4F95-B06;Container contains infected objects;Will be deleted after restart.; {03F24764-056A-4E14-95FD-1513FB5441B1}.qbd\data001;C:\Documents and Settings\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{E5A8B5DA-8186-48EC-8A1;Tool.PassView.663;; {03F24764-056A-4E14-95FD-1513FB5441B1}.qbd;C:\Documents and Settings\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{E5A8B5DA-8186-48EC-8A1;Container contains infected objects;Will be deleted after restart.; install.rdf;C:\Documents and Settings\owner\AppData\Roaming\Mozilla\Firefox\Profiles\ttz7prjd.default\extensions\{6cfa2c5b-274f-4d68-a6e4-b;Adware.FreeCause.3;Invalid path to file ; const.js;C:\Documents and Settings\owner\AppData\Roaming\Mozilla\Firefox\Profiles\ttz7prjd.default\extensions\{6cfa2c5b-274f-4d68-a6e4-b;Adware.Bho.3783;Invalid path to file ; settings.xml;C:\Documents and Settings\owner\AppData\Roaming\Mozilla\Firefox\Profiles\ttz7prjd.default\extensions\{6cfa2c5b-274f-4d68-a6e4-b;Adware.Shopper.232;Invalid path to file ; install.rdf;C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\ttz7prjd.default\extensions\{6cfa2c5b-274f-4d68-a6e4-;Adware.FreeCause.3;Invalid path to file ; const.js;C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\ttz7prjd.default\extensions\{6cfa2c5b-274f-4d68-a6e4-;Adware.Bho.3783;Invalid path to file ; settings.xml;C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\ttz7prjd.default\extensions\{6cfa2c5b-274f-4d68-a6e4-;Adware.Shopper.232;Invalid path to file ; OTL.exe;C:\Documents and Settings\owner\Desktop;Trojan.Siggen4.14927;Incurable.Moved.; mzcv.exe;C:\Documents and Settings\owner\Desktop\MY MRI\brtools;Tool.CookieView.2;Invalid path to file ; tftpd32.exe;C:\Documents and Settings\owner\Desktop\nettyPE_2011_11_07\winbuilder project folder!\Programs\Tftpd32;Program.Ftpd.2 - read error;Invalid path to file ; BadPlugin.exe;C:\Documents and Settings\owner\Desktop\new junk\Joeys Junk II\Tor Browser\FirefoxPortable\App\Firefox;Trojan.Click2.25892;Deleted.; BadPlugin.exe;C:\Documents and Settings\owner\Desktop\new junk\Tor Browser\FirefoxPortable\App\Firefox;Trojan.Click2.25892;Deleted.; mzcv.exe;C:\Documents and Settings\owner\Desktop\Nirsoft utilities\brtools;Tool.CookieView.2;Invalid path to file ; mzcv.exe;C:\Documents and Settings\owner\Desktop\Nirsoft utilities\mzcv;Tool.CookieView.2;Invalid path to file ; BulletsPassView.exe;C:\Documents and Settings\owner\Desktop\Nirsoft utilities\passrec;Tool.PassView.614;Invalid path to file ; OTL.exe;C:\Documents and Settings\owner\DoctorWeb\Quarantine;Trojan.Siggen4.14927;Incurable.Moved.; {03F24764-056A-4E14-95FD-1513FB5441B10.qbd\data001;C:\Documents and Settings\owner\DoctorWeb\Quarantine\{03F24764-056A-4E14-95FD-1513FB5441B10.qbd;Tool.PassView.663;; {03F24764-056A-4E14-95FD-1513FB5441B10.qbd;C:\Documents and Settings\owner\DoctorWeb\Quarantine;Container contains infected objects;Moved.; {03F24764-056A-4E14-95FD-1513FB5441B1}.qbd\data001;C:\Documents and Settings\owner\DoctorWeb\Quarantine\{03F24764-056A-4E14-95FD-1513FB5441B1}.qbd;Tool.PassView.663;; {03F24764-056A-4E14-95FD-1513FB5441B1}.qbd;C:\Documents and Settings\owner\DoctorWeb\Quarantine;Container contains infected objects;Moved.; {2F3B84D4-592E-4362-AF44-E6A48C7AE15A0.qbd\data001;C:\Documents and Settings\owner\DoctorWeb\Quarantine\{2F3B84D4-592E-4362-AF44-E6A48C7AE15A0.qbd;Tool.ShowPass;; {2F3B84D4-592E-4362-AF44-E6A48C7AE15A0.qbd;C:\Documents and Settings\owner\DoctorWeb\Quarantine;Container contains infected objects;Moved.; {2F3B84D4-592E-4362-AF44-E6A48C7AE15A}.qbd\data001;C:\Documents and Settings\owner\DoctorWeb\Quarantine\{2F3B84D4-592E-4362-AF44-E6A48C7AE15A}.qbd;Tool.ShowPass;; {2F3B84D4-592E-4362-AF44-E6A48C7AE15A}.qbd;C:\Documents and Settings\owner\DoctorWeb\Quarantine;Container contains infected objects;Moved.; {30252591-5D6A-4A7D-9831-2D9D4D4F63B00.qbd\data001;C:\Documents and Settings\owner\DoctorWeb\Quarantine\{30252591-5D6A-4A7D-9831-2D9D4D4F63B00.qbd;Tool.MailPassView.218;; {30252591-5D6A-4A7D-9831-2D9D4D4F63B00.qbd;C:\Documents and Settings\owner\DoctorWeb\Quarantine;Container contains infected objects;Moved.; {30252591-5D6A-4A7D-9831-2D9D4D4F63B0}.qbd\data001;C:\Documents and Settings\owner\DoctorWeb\Quarantine\{30252591-5D6A-4A7D-9831-2D9D4D4F63B0}.qbd;Tool.MailPassView.218;; {30252591-5D6A-4A7D-9831-2D9D4D4F63B0}.qbd;C:\Documents and Settings\owner\DoctorWeb\Quarantine;Container contains infected objects;Moved.; {336D336C-8C51-4373-8628-156E134FEC4B0.qbd\data001;C:\Documents and Settings\owner\DoctorWeb\Quarantine\{336D336C-8C51-4373-8628-156E134FEC4B0.qbd;Tool.ShowPass;; {336D336C-8C51-4373-8628-156E134FEC4B0.qbd;C:\Documents and Settings\owner\DoctorWeb\Quarantine;Container contains infected objects;Moved.; {336D336C-8C51-4373-8628-156E134FEC4B}.qbd\data001;C:\Documents and Settings\owner\DoctorWeb\Quarantine\{336D336C-8C51-4373-8628-156E134FEC4B}.qbd;Tool.ShowPass;; {336D336C-8C51-4373-8628-156E134FEC4B}.qbd;C:\Documents and Settings\owner\DoctorWeb\Quarantine;Container contains infected objects;Moved.; {3BCB2260-BA62-4D52-BD16-F78CF94610530.qbd\data001;C:\Documents and Settings\owner\DoctorWeb\Quarantine\{3BCB2260-BA62-4D52-BD16-F78CF94610530.qbd;Tool.MailPass.7;; {3BCB2260-BA62-4D52-BD16-F78CF94610530.qbd;C:\Documents and Settings\owner\DoctorWeb\Quarantine;Container contains infected objects;Moved.; {3BCB2260-BA62-4D52-BD16-F78CF9461053}.qbd\data001;C:\Documents and Settings\owner\DoctorWeb\Quarantine\{3BCB2260-BA62-4D52-BD16-F78CF9461053}.qbd;Tool.MailPass.7;; {3BCB2260-BA62-4D52-BD16-F78CF9461053}.qbd;C:\Documents and Settings\owner\DoctorWeb\Quarantine;Container contains infected objects;Moved.; {41EDF389-CDDC-41DD-94C2-50114B8D12900.qbd\data001;C:\Documents and Settings\owner\DoctorWeb\Quarantine\{41EDF389-CDDC-41DD-94C2-50114B8D12900.qbd;Tool.PassView.604;; {41EDF389-CDDC-41DD-94C2-50114B8D12900.qbd;C:\Documents and Settings\owner\DoctorWeb\Quarantine;Container contains infected objects;Moved.; {41EDF389-CDDC-41DD-94C2-50114B8D1290}.qbd\data001;C:\Documents and Settings\owner\DoctorWeb\Quarantine\{41EDF389-CDDC-41DD-94C2-50114B8D1290}.qbd;Tool.PassView.604;; {41EDF389-CDDC-41DD-94C2-50114B8D1290}.qbd;C:\Documents and Settings\owner\DoctorWeb\Quarantine;Container contains infected objects;Moved.; {5E3B33F5-93F3-4BD4-9506-4259845A5B930.qbd\data001;C:\Documents and Settings\owner\DoctorWeb\Quarantine\{5E3B33F5-93F3-4BD4-9506-4259845A5B930.qbd;Tool.PassView.604;; {5E3B33F5-93F3-4BD4-9506-4259845A5B930.qbd;C:\Documents and Settings\owner\DoctorWeb\Quarantine;Container contains infected objects;Moved.; {5E3B33F5-93F3-4BD4-9506-4259845A5B93}.qbd\data001;C:\Documents and Settings\owner\DoctorWeb\Quarantine\{5E3B33F5-93F3-4BD4-9506-4259845A5B93}.qbd;Tool.PassView.604;; {5E3B33F5-93F3-4BD4-9506-4259845A5B93}.qbd;C:\Documents and Settings\owner\DoctorWeb\Quarantine;Container contains infected objects;Moved.; {73582721-8EB3-499C-A0E0-68A9B7F83CE00.qbd\data001;C:\Documents and Settings\owner\DoctorWeb\Quarantine\{73582721-8EB3-499C-A0E0-68A9B7F83CE00.qbd;Tool.PassView.604;; {73582721-8EB3-499C-A0E0-68A9B7F83CE00.qbd;C:\Documents and Settings\owner\DoctorWeb\Quarantine;Container contains infected objects;Moved.; {73582721-8EB3-499C-A0E0-68A9B7F83CE0}.qbd\data001;C:\Documents and Settings\owner\DoctorWeb\Quarantine\{73582721-8EB3-499C-A0E0-68A9B7F83CE0}.qbd;Tool.PassView.604;; {73582721-8EB3-499C-A0E0-68A9B7F83CE0}.qbd;C:\Documents and Settings\owner\DoctorWeb\Quarantine;Container contains infected objects;Moved.; {75D30958-F1A0-4879-8967-20F833BBAC230.qbd\data001;C:\Documents and Settings\owner\DoctorWeb\Quarantine\{75D30958-F1A0-4879-8967-20F833BBAC230.qbd;Tool.MailPassView.218;; {75D30958-F1A0-4879-8967-20F833BBAC230.qbd;C:\Documents and Settings\owner\DoctorWeb\Quarantine;Container contains infected objects;Moved.; {75D30958-F1A0-4879-8967-20F833BBAC23}.qbd\data001;C:\Documents and Settings\owner\DoctorWeb\Quarantine\{75D30958-F1A0-4879-8967-20F833BBAC23}.qbd;Tool.MailPassView.218;; {75D30958-F1A0-4879-8967-20F833BBAC23}.qbd;C:\Documents and Settings\owner\DoctorWeb\Quarantine;Container contains infected objects;Moved.; {96E2D1AA-1605-449E-B968-0349827FB0770.qbd\data001;C:\Documents and Settings\owner\DoctorWeb\Quarantine\{96E2D1AA-1605-449E-B968-0349827FB0770.qbd;Tool.ShowPass;; {96E2D1AA-1605-449E-B968-0349827FB0770.qbd;C:\Documents and Settings\owner\DoctorWeb\Quarantine;Container contains infected objects;Moved.; {96E2D1AA-1605-449E-B968-0349827FB077}.qbd\data001;C:\Documents and Settings\owner\DoctorWeb\Quarantine\{96E2D1AA-1605-449E-B968-0349827FB077}.qbd;Tool.ShowPass;; {96E2D1AA-1605-449E-B968-0349827FB077}.qbd;C:\Documents and Settings\owner\DoctorWeb\Quarantine;Container contains infected objects;Moved.; {9B26E2A9-CDF7-48C6-8815-4438779DB2BB0.qbd\data001;C:\Documents and Settings\owner\DoctorWeb\Quarantine\{9B26E2A9-CDF7-48C6-8815-4438779DB2BB0.qbd;Tool.ShowPass;; {9B26E2A9-CDF7-48C6-8815-4438779DB2BB0.qbd;C:\Documents and Settings\owner\DoctorWeb\Quarantine;Container contains infected objects;Moved.; {9B26E2A9-CDF7-48C6-8815-4438779DB2BB}.qbd\data001;C:\Documents and Settings\owner\DoctorWeb\Quarantine\{9B26E2A9-CDF7-48C6-8815-4438779DB2BB}.qbd;Tool.ShowPass;; {9B26E2A9-CDF7-48C6-8815-4438779DB2BB}.qbd;C:\Documents and Settings\owner\DoctorWeb\Quarantine;Container contains infected objects;Moved.; {A69A2F1F-1C4E-4128-A461-35B261C25BDB0.qbd\data001;C:\Documents and Settings\owner\DoctorWeb\Quarantine\{A69A2F1F-1C4E-4128-A461-35B261C25BDB0.qbd;Tool.MailPassView.218;; {A69A2F1F-1C4E-4128-A461-35B261C25BDB0.qbd;C:\Documents and Settings\owner\DoctorWeb\Quarantine;Container contains infected objects;Moved.; {A69A2F1F-1C4E-4128-A461-35B261C25BDB}.qbd\data001;C:\Documents and Settings\owner\DoctorWeb\Quarantine\{A69A2F1F-1C4E-4128-A461-35B261C25BDB}.qbd;Tool.MailPassView.218;; {A69A2F1F-1C4E-4128-A461-35B261C25BDB}.qbd;C:\Documents and Settings\owner\DoctorWeb\Quarantine;Container contains infected objects;Moved.; {D1EFA2D5-0927-449D-99D0-93C2E14E5C4F0.qbd\data001;C:\Documents and Settings\owner\DoctorWeb\Quarantine\{D1EFA2D5-0927-449D-99D0-93C2E14E5C4F0.qbd;Tool.PassView.604;; {D1EFA2D5-0927-449D-99D0-93C2E14E5C4F0.qbd;C:\Documents and Settings\owner\DoctorWeb\Quarantine;Container contains infected objects;Moved.; {D1EFA2D5-0927-449D-99D0-93C2E14E5C4F}.qbd\data001;C:\Documents and Settings\owner\DoctorWeb\Quarantine\{D1EFA2D5-0927-449D-99D0-93C2E14E5C4F}.qbd;Tool.PassView.604;; {D1EFA2D5-0927-449D-99D0-93C2E14E5C4F}.qbd;C:\Documents and Settings\owner\DoctorWeb\Quarantine;Container contains infected objects;Moved.; {EF7E881D-2955-421F-B1AE-6D3F630684B30.qbd\data001;C:\Documents and Settings\owner\DoctorWeb\Quarantine\{EF7E881D-2955-421F-B1AE-6D3F630684B30.qbd;Tool.PassView.663;; {EF7E881D-2955-421F-B1AE-6D3F630684B30.qbd;C:\Documents and Settings\owner\DoctorWeb\Quarantine;Container contains infected objects;Moved.; {EF7E881D-2955-421F-B1AE-6D3F630684B3}.qbd\data001;C:\Documents and Settings\owner\DoctorWeb\Quarantine\{EF7E881D-2955-421F-B1AE-6D3F630684B3}.qbd;Tool.PassView.663;; {EF7E881D-2955-421F-B1AE-6D3F630684B3}.qbd;C:\Documents and Settings\owner\DoctorWeb\Quarantine;Container contains infected objects;Moved.; {FDCD9A2D-4046-497B-96C4-D5BF8B29EDC60.qbd\data001;C:\Documents and Settings\owner\DoctorWeb\Quarantine\{FDCD9A2D-4046-497B-96C4-D5BF8B29EDC60.qbd;Tool.ShowPass;; {FDCD9A2D-4046-497B-96C4-D5BF8B29EDC60.qbd;C:\Documents and Settings\owner\DoctorWeb\Quarantine;Container contains infected objects;Moved.; {FDCD9A2D-4046-497B-96C4-D5BF8B29EDC6}.qbd\data001;C:\Documents and Settings\owner\DoctorWeb\Quarantine\{FDCD9A2D-4046-497B-96C4-D5BF8B29EDC6}.qbd;Tool.ShowPass;; {FDCD9A2D-4046-497B-96C4-D5BF8B29EDC6}.qbd;C:\Documents and Settings\owner\DoctorWeb\Quarantine;Container contains infected objects;Moved.; {FF52887A-4422-4C6E-B80B-7A1DB684A70D0.qbd\data001;C:\Documents and Settings\owner\DoctorWeb\Quarantine\{FF52887A-4422-4C6E-B80B-7A1DB684A70D0.qbd;Tool.PassView.663;; {FF52887A-4422-4C6E-B80B-7A1DB684A70D0.qbd;C:\Documents and Settings\owner\DoctorWeb\Quarantine;Container contains infected objects;Moved.; {FF52887A-4422-4C6E-B80B-7A1DB684A70D}.qbd\data001;C:\Documents and Settings\owner\DoctorWeb\Quarantine\{FF52887A-4422-4C6E-B80B-7A1DB684A70D}.qbd;Tool.PassView.663;; {FF52887A-4422-4C6E-B80B-7A1DB684A70D}.qbd;C:\Documents and Settings\owner\DoctorWeb\Quarantine;Container contains infected objects;Moved.; tftpd32.exe;C:\nettyPE_2011_11_07\Temp\Win7PE_SE\Tftpd32;Program.Ftpd.2 - read error;Invalid path to file ; {41EDF389-CDDC-41DD-94C2-50114B8D1290}.qbd\data001;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{0179D260-D925-4FAD-9CE1-E5E5EE774829}\{41ED;Tool.PassView.604;; {41EDF389-CDDC-41DD-94C2-50114B8D1290}.qbd;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{0179D260-D925-4FAD-9CE1-E5E5EE774829};Container contains infected objects;Will be deleted after restart.; {336D336C-8C51-4373-8628-156E134FEC4B}.qbd\data001;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{0437CF22-96F0-4FB2-B3C6-C0224BE65E68}\{336D;Tool.ShowPass;; {336D336C-8C51-4373-8628-156E134FEC4B}.qbd;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{0437CF22-96F0-4FB2-B3C6-C0224BE65E68};Container contains infected objects;Will be deleted after restart.; {73582721-8EB3-499C-A0E0-68A9B7F83CE0}.qbd\data001;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{1E0DAA98-9C1D-4F34-B765-13861B475964}\{7358;Tool.PassView.604;; {73582721-8EB3-499C-A0E0-68A9B7F83CE0}.qbd;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{1E0DAA98-9C1D-4F34-B765-13861B475964};Container contains infected objects;Will be deleted after restart.; {9B26E2A9-CDF7-48C6-8815-4438779DB2BB}.qbd\data001;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{1FCB473C-091A-4026-ABE4-EBF8D57EA767}\{9B26;Tool.ShowPass;; {9B26E2A9-CDF7-48C6-8815-4438779DB2BB}.qbd;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{1FCB473C-091A-4026-ABE4-EBF8D57EA767};Container contains infected objects;Will be deleted after restart.; {96E2D1AA-1605-449E-B968-0349827FB077}.qbd\data001;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{2239DC28-8367-4E02-A07F-9EF25B1BD9F0}\{96E2;Tool.ShowPass;; {96E2D1AA-1605-449E-B968-0349827FB077}.qbd;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{2239DC28-8367-4E02-A07F-9EF25B1BD9F0};Container contains infected objects;Will be deleted after restart.; {30252591-5D6A-4A7D-9831-2D9D4D4F63B0}.qbd\data001;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{2E23F33D-3575-477F-BBB4-014604B8C410}\{3025;Tool.MailPassView.218;; {30252591-5D6A-4A7D-9831-2D9D4D4F63B0}.qbd;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{2E23F33D-3575-477F-BBB4-014604B8C410};Container contains infected objects;Will be deleted after restart.; {75D30958-F1A0-4879-8967-20F833BBAC23}.qbd\data001;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{2E56211E-308D-46C5-A0A9-D25D09A338DB}\{75D3;Tool.MailPassView.218;; {75D30958-F1A0-4879-8967-20F833BBAC23}.qbd;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{2E56211E-308D-46C5-A0A9-D25D09A338DB};Container contains infected objects;Will be deleted after restart.; {FF52887A-4422-4C6E-B80B-7A1DB684A70D}.qbd\data001;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{31BB6F5E-2AF2-4614-89FA-1F1687E3770A}\{FF52;Tool.PassView.663;; {FF52887A-4422-4C6E-B80B-7A1DB684A70D}.qbd;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{31BB6F5E-2AF2-4614-89FA-1F1687E3770A};Container contains infected objects;Will be deleted after restart.; {D1EFA2D5-0927-449D-99D0-93C2E14E5C4F}.qbd\data001;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{4A959C0B-9D31-44F0-89FF-6D1F711BAB95}\{D1EF;Tool.PassView.604;; {D1EFA2D5-0927-449D-99D0-93C2E14E5C4F}.qbd;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{4A959C0B-9D31-44F0-89FF-6D1F711BAB95};Container contains infected objects;Will be deleted after restart.; {EF7E881D-2955-421F-B1AE-6D3F630684B3}.qbd\data001;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{4CED6AA8-4B09-4988-8006-C092D900BC0F}\{EF7E;Tool.PassView.663;; {EF7E881D-2955-421F-B1AE-6D3F630684B3}.qbd;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{4CED6AA8-4B09-4988-8006-C092D900BC0F};Container contains infected objects;Will be deleted after restart.; {FDCD9A2D-4046-497B-96C4-D5BF8B29EDC6}.qbd\data001;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{607DC1A2-6442-48B0-9077-2F46AC497961}\{FDCD;Tool.ShowPass;; {FDCD9A2D-4046-497B-96C4-D5BF8B29EDC6}.qbd;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{607DC1A2-6442-48B0-9077-2F46AC497961};Container contains infected objects;Will be deleted after restart.; {A69A2F1F-1C4E-4128-A461-35B261C25BDB}.qbd\data001;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{9D1EF5CF-DA7C-4C8F-AACF-9C426D07AAA9}\{A69A;Tool.MailPassView.218;; {A69A2F1F-1C4E-4128-A461-35B261C25BDB}.qbd;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{9D1EF5CF-DA7C-4C8F-AACF-9C426D07AAA9};Container contains infected objects;Will be deleted after restart.; {3BCB2260-BA62-4D52-BD16-F78CF9461053}.qbd\data001;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{ACF49A6D-917F-4FCE-AB8D-30142D26C632}\{3BCB;Tool.MailPass.7;; {3BCB2260-BA62-4D52-BD16-F78CF9461053}.qbd;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{ACF49A6D-917F-4FCE-AB8D-30142D26C632};Container contains infected objects;Will be deleted after restart.; {2F3B84D4-592E-4362-AF44-E6A48C7AE15A}.qbd\data001;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{C126B276-A67E-4332-9666-683563B93C97}\{2F3B;Tool.ShowPass;; {2F3B84D4-592E-4362-AF44-E6A48C7AE15A}.qbd;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{C126B276-A67E-4332-9666-683563B93C97};Container contains infected objects;Will be deleted after restart.; {5E3B33F5-93F3-4BD4-9506-4259845A5B93}.qbd\data001;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{DA2C626B-AEB0-4F95-B06D-0DF7BA6DCB1E}\{5E3B;Tool.PassView.604;; {5E3B33F5-93F3-4BD4-9506-4259845A5B93}.qbd;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{DA2C626B-AEB0-4F95-B06D-0DF7BA6DCB1E};Container contains infected objects;Will be deleted after restart.; {03F24764-056A-4E14-95FD-1513FB5441B1}.qbd\data001;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{E5A8B5DA-8186-48EC-8A14-3B43B5821120}\{03F2;Tool.PassView.663;; {03F24764-056A-4E14-95FD-1513FB5441B1}.qbd;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{E5A8B5DA-8186-48EC-8A14-3B43B5821120};Container contains infected objects;Will be deleted after restart.; {41EDF389-CDDC-41DD-94C2-50114B8D1290}.qbd\data001;C:\Users\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{0179D260-D925-4FAD-9CE1-E5E5EE774829}\{;Tool.PassView.604;; {41EDF389-CDDC-41DD-94C2-50114B8D1290}.qbd;C:\Users\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{0179D260-D925-4FAD-9CE1-E5E5EE774829};Container contains infected objects;Will be deleted after restart.; {336D336C-8C51-4373-8628-156E134FEC4B}.qbd\data001;C:\Users\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{0437CF22-96F0-4FB2-B3C6-C0224BE65E68}\{;Tool.ShowPass;; {336D336C-8C51-4373-8628-156E134FEC4B}.qbd;C:\Users\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{0437CF22-96F0-4FB2-B3C6-C0224BE65E68};Container contains infected objects;Will be deleted after restart.; {73582721-8EB3-499C-A0E0-68A9B7F83CE0}.qbd\data001;C:\Users\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{1E0DAA98-9C1D-4F34-B765-13861B475964}\{;Tool.PassView.604;; {73582721-8EB3-499C-A0E0-68A9B7F83CE0}.qbd;C:\Users\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{1E0DAA98-9C1D-4F34-B765-13861B475964};Container contains infected objects;Will be deleted after restart.; {9B26E2A9-CDF7-48C6-8815-4438779DB2BB}.qbd\data001;C:\Users\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{1FCB473C-091A-4026-ABE4-EBF8D57EA767}\{;Tool.ShowPass;; {9B26E2A9-CDF7-48C6-8815-4438779DB2BB}.qbd;C:\Users\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{1FCB473C-091A-4026-ABE4-EBF8D57EA767};Container contains infected objects;Will be deleted after restart.; {96E2D1AA-1605-449E-B968-0349827FB077}.qbd\data001;C:\Users\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{2239DC28-8367-4E02-A07F-9EF25B1BD9F0}\{;Tool.ShowPass;; {96E2D1AA-1605-449E-B968-0349827FB077}.qbd;C:\Users\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{2239DC28-8367-4E02-A07F-9EF25B1BD9F0};Container contains infected objects;Will be deleted after restart.; {30252591-5D6A-4A7D-9831-2D9D4D4F63B0}.qbd\data001;C:\Users\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{2E23F33D-3575-477F-BBB4-014604B8C410}\{;Tool.MailPassView.218;; {30252591-5D6A-4A7D-9831-2D9D4D4F63B0}.qbd;C:\Users\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{2E23F33D-3575-477F-BBB4-014604B8C410};Container contains infected objects;Will be deleted after restart.; {75D30958-F1A0-4879-8967-20F833BBAC23}.qbd\data001;C:\Users\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{2E56211E-308D-46C5-A0A9-D25D09A338DB}\{;Tool.MailPassView.218;; {75D30958-F1A0-4879-8967-20F833BBAC23}.qbd;C:\Users\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{2E56211E-308D-46C5-A0A9-D25D09A338DB};Container contains infected objects;Will be deleted after restart.; {FF52887A-4422-4C6E-B80B-7A1DB684A70D}.qbd\data001;C:\Users\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{31BB6F5E-2AF2-4614-89FA-1F1687E3770A}\{;Tool.PassView.663;; {FF52887A-4422-4C6E-B80B-7A1DB684A70D}.qbd;C:\Users\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{31BB6F5E-2AF2-4614-89FA-1F1687E3770A};Container contains infected objects;Will be deleted after restart.; {D1EFA2D5-0927-449D-99D0-93C2E14E5C4F}.qbd\data001;C:\Users\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{4A959C0B-9D31-44F0-89FF-6D1F711BAB95}\{;Tool.PassView.604;; {D1EFA2D5-0927-449D-99D0-93C2E14E5C4F}.qbd;C:\Users\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{4A959C0B-9D31-44F0-89FF-6D1F711BAB95};Container contains infected objects;Will be deleted after restart.; {EF7E881D-2955-421F-B1AE-6D3F630684B3}.qbd\data001;C:\Users\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{4CED6AA8-4B09-4988-8006-C092D900BC0F}\{;Tool.PassView.663;; {EF7E881D-2955-421F-B1AE-6D3F630684B3}.qbd;C:\Users\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{4CED6AA8-4B09-4988-8006-C092D900BC0F};Container contains infected objects;Will be deleted after restart.; {FDCD9A2D-4046-497B-96C4-D5BF8B29EDC6}.qbd\data001;C:\Users\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{607DC1A2-6442-48B0-9077-2F46AC497961}\{;Tool.ShowPass;; {FDCD9A2D-4046-497B-96C4-D5BF8B29EDC6}.qbd;C:\Users\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{607DC1A2-6442-48B0-9077-2F46AC497961};Container contains infected objects;Will be deleted after restart.; {A69A2F1F-1C4E-4128-A461-35B261C25BDB}.qbd\data001;C:\Users\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{9D1EF5CF-DA7C-4C8F-AACF-9C426D07AAA9}\{;Tool.MailPassView.218;; {A69A2F1F-1C4E-4128-A461-35B261C25BDB}.qbd;C:\Users\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{9D1EF5CF-DA7C-4C8F-AACF-9C426D07AAA9};Container contains infected objects;Will be deleted after restart.; {3BCB2260-BA62-4D52-BD16-F78CF9461053}.qbd\data001;C:\Users\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{ACF49A6D-917F-4FCE-AB8D-30142D26C632}\{;Tool.MailPass.7;; {3BCB2260-BA62-4D52-BD16-F78CF9461053}.qbd;C:\Users\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{ACF49A6D-917F-4FCE-AB8D-30142D26C632};Container contains infected objects;Will be deleted after restart.; {2F3B84D4-592E-4362-AF44-E6A48C7AE15A}.qbd\data001;C:\Users\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{C126B276-A67E-4332-9666-683563B93C97}\{;Tool.ShowPass;; {2F3B84D4-592E-4362-AF44-E6A48C7AE15A}.qbd;C:\Users\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{C126B276-A67E-4332-9666-683563B93C97};Container contains infected objects;Will be deleted after restart.; {5E3B33F5-93F3-4BD4-9506-4259845A5B93}.qbd\data001;C:\Users\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{DA2C626B-AEB0-4F95-B06D-0DF7BA6DCB1E}\{;Tool.PassView.604;; {5E3B33F5-93F3-4BD4-9506-4259845A5B93}.qbd;C:\Users\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{DA2C626B-AEB0-4F95-B06D-0DF7BA6DCB1E};Container contains infected objects;Will be deleted after restart.; {03F24764-056A-4E14-95FD-1513FB5441B1}.qbd\data001;C:\Users\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{E5A8B5DA-8186-48EC-8A14-3B43B5821120}\{;Tool.PassView.663;; {03F24764-056A-4E14-95FD-1513FB5441B1}.qbd;C:\Users\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{E5A8B5DA-8186-48EC-8A14-3B43B5821120};Container contains infected objects;Will be deleted after restart.; install.rdf;C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\ttz7prjd.default\extensions\{6cfa2c5b-274f-4d68-a6e4-bfb31acd5ee4};Adware.FreeCause.3;Incurable.Moved.; const.js;C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\ttz7prjd.default\extensions\{6cfa2c5b-274f-4d68-a6e4-bfb31acd5ee4}\chro;Adware.Bho.3783;Incurable.Moved.; settings.xml;C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\ttz7prjd.default\extensions\{6cfa2c5b-274f-4d68-a6e4-bfb31acd5ee4}\chro;Adware.Shopper.232;Incurable.Moved.; mzcv.exe;C:\Users\owner\Desktop\MY MRI\brtools;Tool.CookieView.2;Incurable.Moved.; mzcv.exe;C:\Users\owner\Desktop\Nirsoft utilities\brtools;Tool.CookieView.2;Incurable.Moved.; mzcv.exe;C:\Users\owner\Desktop\Nirsoft utilities\mzcv;Tool.CookieView.2;Incurable.Moved.; BulletsPassView.exe;C:\Users\owner\Desktop\Nirsoft utilities\passrec;Tool.PassView.614;Incurable.Moved.;
  8. Thanks...gold lock just dissappears when you hover the mouse tab over it..here the log ComboFix 12-08-07.05 - owner 08/08/2012 10:16:50.1.2 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2943.1922 [GMT -4:00] Running from: c:\users\owner\Desktop\ComboFix.exe AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\owner\AppData\Roaming\DefaultTab\DefaultTab c:\users\owner\AppData\Roaming\DefaultTab\DefaultTab\addon.ico c:\users\owner\AppData\Roaming\DefaultTab\DefaultTab\amazon_ie.ico c:\users\owner\AppData\Roaming\DefaultTab\DefaultTab\bing.ico c:\users\owner\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll c:\users\owner\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabStart.exe c:\users\owner\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabWrap.dll c:\users\owner\AppData\Roaming\DefaultTab\DefaultTab\DT.ico c:\users\owner\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe c:\users\owner\AppData\Roaming\DefaultTab\DefaultTab\facebook_ie.ico c:\users\owner\AppData\Roaming\DefaultTab\DefaultTab\google.ico c:\users\owner\AppData\Roaming\DefaultTab\DefaultTab\search_here_ie.ico c:\users\owner\AppData\Roaming\DefaultTab\DefaultTab\searchhere.ico c:\users\owner\AppData\Roaming\DefaultTab\DefaultTab\twitter_ie.ico c:\users\owner\AppData\Roaming\DefaultTab\DefaultTab\uninstalldt.exe c:\users\owner\AppData\Roaming\DefaultTab\DefaultTab\wikipedia_ie.ico c:\users\owner\AppData\Roaming\DefaultTab\DefaultTab\yahoo.ico c:\users\owner\AppData\Roaming\DefaultTab\DefaultTab\youtube_ie.ico c:\windows\SysWow64\install c:\windows\SysWow64\w32apiw.dll c:\windows\WindowsUpdate.log . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Service_DefaultTabUpdate -------\Service_DefaultTabUpdate . . ((((((((((((((((((((((((( Files Created from 2012-07-08 to 2012-08-08 ))))))))))))))))))))))))))))))) . . 2012-08-08 14:22 . 2012-08-08 14:22 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-08-07 14:05 . 2012-08-07 14:05 -------- d-sh--w- c:\windows\system32\%APPDATA% 2012-08-06 17:03 . 2012-08-06 17:02 955888 ----a-w- c:\windows\system32\npDeployJava1.dll 2012-08-06 17:03 . 2012-08-06 17:02 839152 ----a-w- c:\windows\system32\deployJava1.dll 2012-08-06 17:03 . 2012-08-06 17:02 268784 ----a-w- c:\windows\system32\javaws.exe 2012-08-06 17:03 . 2012-08-06 17:02 189424 ----a-w- c:\windows\system32\javaw.exe 2012-08-06 17:03 . 2012-08-06 17:02 188912 ----a-w- c:\windows\system32\java.exe 2012-08-06 17:02 . 2012-08-06 17:02 -------- d-----w- c:\program files\Java 2012-08-05 21:40 . 2012-08-05 21:40 18944 ----a-r- c:\users\owner\AppData\Roaming\Microsoft\Installer\{297DCADA-86A1-4A42-8A13-66B7D7A09FD2}\IconBB6A16301.exe 2012-08-05 21:38 . 2012-08-05 21:38 -------- d-----w- c:\program files (x86)\Free Offers from Freeze.com 2012-08-05 21:38 . 2012-08-06 16:57 -------- d-----w- c:\programdata\Tarma Installer 2012-08-05 21:38 . 2012-08-08 14:22 -------- d-----w- c:\users\owner\AppData\Roaming\DefaultTab 2012-08-05 21:38 . 2012-08-06 16:51 -------- d-----w- c:\programdata\Yahoo! 2012-08-05 21:38 . 2012-08-06 16:59 -------- d-----w- c:\program files (x86)\Yahoo! 2012-08-05 16:07 . 2012-08-05 16:07 -------- d-----w- c:\program files (x86)\ERUNT 2012-08-02 14:47 . 2012-08-02 14:47 -------- d-----w- c:\users\owner\AppData\Local\CrashDumps 2012-08-02 13:26 . 2012-08-02 13:26 -------- d-----w- c:\program files (x86)\ESET 2012-08-01 13:09 . 2012-08-01 13:09 -------- d-----w- c:\users\owner\AppData\Local\Citrix 2012-07-30 15:31 . 2009-05-18 17:17 34152 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys 2012-07-30 15:31 . 2008-04-17 16:12 126312 ----a-w- c:\windows\system32\GEARAspi64.dll 2012-07-30 15:31 . 2008-04-17 16:12 107368 ----a-w- c:\windows\SysWow64\GEARAspi.dll 2012-07-30 15:31 . 2012-07-30 15:31 -------- d-----w- c:\program files (x86)\iPod 2012-07-30 15:31 . 2012-07-30 15:31 -------- d-----w- c:\program files\iTunes 2012-07-30 15:31 . 2012-07-30 15:31 -------- d-----w- c:\program files (x86)\iTunes 2012-07-30 15:30 . 2012-07-30 15:30 -------- d-----w- c:\users\owner\AppData\Local\Apple Computer 2012-07-30 15:30 . 2012-07-30 15:30 -------- d-----w- c:\program files (x86)\Apple Software Update 2012-07-30 15:23 . 2012-07-30 15:23 -------- d-----w- c:\users\owner\AppData\Local\Apple 2012-07-30 15:22 . 2012-07-30 15:22 -------- d-----w- c:\program files\Common Files\Apple 2012-07-30 15:22 . 2012-07-30 15:31 -------- d-----w- c:\program files (x86)\Common Files\Apple 2012-07-29 16:53 . 2012-08-01 21:16 -------- d-----w- c:\users\owner\AppData\Local\NPE 2012-07-29 03:08 . 2012-07-29 03:08 -------- d-----w- c:\users\owner\AppData\Local\Adobe 2012-07-28 23:09 . 2012-07-28 23:12 -------- d-----w- c:\program files (x86)\TULP2G 2012-07-27 20:24 . 2012-07-27 20:24 -------- d-----w- c:\users\owner\AppData\Roaming\Malwarebytes 2012-07-27 20:23 . 2012-07-27 20:23 -------- d-----w- c:\programdata\Malwarebytes 2012-07-27 20:23 . 2012-07-27 20:23 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-07-27 20:23 . 2012-07-03 17:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-07-27 16:02 . 2012-07-27 16:02 -------- d-----w- c:\users\owner\AppData\Roaming\MOBILeditForensic 2012-07-27 16:01 . 2012-07-27 16:01 -------- d-----w- c:\program files (x86)\COMPELSON Labs 2012-07-27 16:00 . 2012-07-27 16:01 -------- d-----w- c:\program files (x86)\MOBILedit!4 Forensic 2012-07-25 13:46 . 2012-07-13 20:11 302592 ----a-w- C:\g5dm2s33.exe 2012-07-24 18:33 . 2012-07-24 18:33 -------- d-----w- c:\program files (x86)\PhotoScape 2012-07-23 18:15 . 2012-07-24 21:14 -------- d-----w- c:\program files (x86)\NirSoft 2012-07-11 16:04 . 2012-07-11 16:07 -------- d-----w- c:\users\mypc 2012-07-11 13:18 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys 2012-07-11 04:24 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll 2012-07-10 20:14 . 2012-07-10 21:54 -------- d-----w- c:\users\owner\AppData\Local\VMware 2012-07-10 20:14 . 2012-07-11 13:40 -------- d-----w- c:\users\owner\AppData\Roaming\VMware 2012-07-10 20:11 . 2012-07-10 20:11 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Roaming\VMware 2012-07-10 20:09 . 2012-07-13 19:38 -------- d-----w- c:\programdata\VMware 2012-07-10 19:08 . 2012-07-10 19:08 -------- d-----w- c:\users\owner\AppData\Roaming\ImgBurn 2012-07-09 23:06 . 2012-07-09 23:06 -------- d-----w- c:\program files (x86)\7-Zip 2012-07-09 17:01 . 2012-07-09 17:01 -------- d-----w- C:\Projects . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-07-30 16:02 . 2011-08-09 03:31 19517952 ----a-w- C:\redsn0w.exe 2012-07-27 19:08 . 2012-04-06 13:18 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-07-27 19:08 . 2012-01-27 17:56 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-07-11 13:14 . 2012-01-31 21:28 59701280 ----a-w- c:\windows\system32\MRT.exe 2012-06-28 03:13 . 2012-06-28 03:17 445952 ----a-w- C:\cinject.exe 2012-06-26 20:10 . 2012-06-26 20:53 154168 ----a-w- c:\windows\system32\drivers\WimFltr.sys 2012-06-17 15:42 . 2012-06-17 15:42 1263200 ----a-w- c:\windows\system32\drivers\tdrpm273.sys 2012-06-17 15:42 . 2012-06-17 15:42 970336 ----a-w- c:\windows\system32\drivers\timntr.sys 2012-06-12 20:12 . 2012-06-12 20:12 834544 ----a-w- c:\windows\system32\drivers\sptd.sys 2012-06-02 22:19 . 2012-06-24 10:39 38424 ----a-w- c:\windows\system32\wups.dll 2012-06-02 22:19 . 2012-06-24 10:39 2428952 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-02 22:19 . 2012-06-24 10:39 57880 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-02 22:19 . 2012-06-24 10:39 44056 ----a-w- c:\windows\system32\wups2.dll 2012-06-02 22:19 . 2012-06-24 10:39 701976 ----a-w- c:\windows\system32\wuapi.dll 2012-06-02 22:15 . 2012-06-24 10:39 2622464 ----a-w- c:\windows\system32\wucltux.dll 2012-06-02 22:15 . 2012-06-24 10:39 99840 ----a-w- c:\windows\system32\wudriver.dll 2012-06-02 19:19 . 2012-06-24 10:38 186752 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-02 19:15 . 2012-06-24 10:38 36864 ----a-w- c:\windows\system32\wuapp.exe . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) "EnableLinkedConnections"= 1 (0x1) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe . R0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys [x] R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-02 136176] R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [x] R3 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-27 250056] R3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\DRIVERS\lgandbus64.sys [x] R3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\DRIVERS\lganddiag64.sys [x] R3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\DRIVERS\lgandgps64.sys [x] R3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\DRIVERS\lgandmodem64.sys [x] R3 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-02 136176] R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-27 113120] R3 netr28ux;RT2870 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr28ux.sys [2009-05-25 966144] R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-06 40464] R3 PORTMON;PORTMON;c:\users\owner\Desktop\SysinternalsSuite\PORTMSYS.SYS [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-04-25 52736] R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2012-06-12 834544] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2007-11-14 53488] S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1307010.005\SYMDS64.SYS [2011-07-26 451192] S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1307010.005\SYMEFA64.SYS [2012-03-29 1092728] S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120803.001\BHDrvx64.sys [2012-06-19 1161376] S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1307010.005\ccSetx64.sys [2011-11-29 167048] S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120807.001\IDSvia64.sys [2012-06-14 509088] S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1307010.005\Ironx64.SYS [2012-03-29 190072] S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1307010.005\SYMNETS.SYS [2012-03-29 405624] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944] S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe [2012-03-27 138232] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-07-04 138912] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2011-06-20 19:05 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe . Contents of the 'Scheduled Tasks' folder . 2012-07-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-02 18:11] . 2012-07-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-02 18:11] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "combofix"="c:\combofix\CF4385.3XE" [2010-11-20 345088] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.yahoo.com/ mLocal Page = c:\windows\SysWOW64\blank.htm IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\ttz7prjd.default\ FF - prefs.js: browser.startup.homepage - www.google.com FF - user.js: extensions.autoDisableScopes - 14 . - - - - ORPHANS REMOVED - - - - . BHO-{7F6AFBF1-E065-4627-A2FD-810366367D01} - c:\users\owner\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll AddRemove-DefaultTab - c:\users\owner\AppData\Roaming\DefaultTab\DefaultTab\uninstalldt.exe . . . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\NIS] "ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\19.7.1.5\diMaster.dll\" /prefetch:1" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe . ************************************************************************** . Completion time: 2012-08-08 10:30:42 - machine was rebooted ComboFix-quarantined-files.txt 2012-08-08 14:30 . Pre-Run: 101,285,208,064 bytes free Post-Run: 101,057,736,704 bytes free . - - End Of File - - F156EF02FC3A21391B6E79000ED9163E
  9. Thanks for the help here is the log and also there is a gold lock in the rh taskbar by the clock that disappears when you move the mouse over it?: Malwarebytes Anti-Malware (Trial) 1.62.0.1300 www.malwarebytes.org Database version: v2012.08.06.11 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 owner :: OWNER-PC [administrator] Protection: Enabled 8/6/2012 1:10:31 PM mbam-log-2012-08-06 (13-10-31).txt Scan type: Full scan (C:\|D:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Objects scanned: 340142 Time elapsed: 52 minute(s), 20 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 2 C:\Users\owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5WCJ89DW\gimp_freely_1790.exe (PUP.BundleOffers.IIQ) -> Quarantined and deleted successfully. C:\Users\owner\Desktop\Nirsoft utilities\passrec\VNCPassView.exe (PUP.VNCPasswordTool) -> Quarantined and deleted successfully. (end)
  10. here is OTL only one txt created each time I ran the scan (2) just otl log OTL logfile created on: 8/5/2012 12:38:23 PM - Run 3 OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\owner\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.87 Gb Total Physical Memory | 1.62 Gb Available Physical Memory | 56.39% Memory free 5.75 Gb Paging File | 4.67 Gb Available in Paging File | 81.30% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 207.48 Gb Total Space | 101.16 Gb Free Space | 48.76% Space Free | Partition Type: NTFS Computer Name: OWNER-PC | User Name: owner | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/08/05 12:26:09 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\owner\Desktop\OTL.exe PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012/03/27 19:14:06 | 000,138,232 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\ccsvchst.exe ========== Modules (No Company Name) ========== ========== Win32 Services (SafeList) ========== SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:64bit: - [2009/07/13 21:39:47 | 000,081,920 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\tlntsvr.exe -- (TlntSvr) SRV - [2012/07/27 15:08:32 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/07/27 14:28:29 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012/03/27 19:14:06 | 000,138,232 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe -- (NIS) SRV - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012/06/26 16:10:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr) DRV:64bit: - [2012/06/12 16:12:09 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd) DRV:64bit: - [2012/04/25 12:11:36 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2012/03/29 02:28:38 | 000,405,624 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1307010.005\symnets.sys -- (SymNetS) DRV:64bit: - [2012/03/29 02:28:34 | 000,043,640 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SymIMV.sys -- (SymIM) DRV:64bit: - [2012/03/29 02:28:30 | 001,092,728 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1307010.005\symefa64.sys -- (SymEFA) DRV:64bit: - [2012/03/29 02:06:25 | 000,190,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1307010.005\ironx64.sys -- (SymIRON) DRV:64bit: - [2012/03/29 02:03:27 | 000,737,912 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1307010.005\srtsp64.sys -- (SRTSP) DRV:64bit: - [2012/03/29 02:03:27 | 000,037,496 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1307010.005\srtspx64.sys -- (SRTSPX) DRV:64bit: - [2012/03/23 02:33:10 | 000,175,736 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent) DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012/02/14 00:15:43 | 000,230,864 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt) DRV:64bit: - [2012/01/31 22:31:08 | 000,087,456 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\LMIRfsClientNP.dll -- (LMIRfsClientNP) DRV:64bit: - [2011/11/29 18:44:29 | 000,167,048 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1307010.005\ccsetx64.sys -- (ccSet_NIS) DRV:64bit: - [2011/09/16 15:10:24 | 000,011,552 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lmimirr.sys -- (lmimirr) DRV:64bit: - [2011/07/25 22:18:36 | 000,451,192 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1307010.005\symds64.sys -- (SymDS) DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2009/07/31 00:12:56 | 000,339,744 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET) DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/06/10 16:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD) DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009/05/25 04:38:20 | 000,966,144 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux) DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2007/11/14 03:00:00 | 000,053,488 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64) DRV:64bit: - [2007/11/06 16:23:14 | 000,040,464 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF) DRV - [2012/08/04 22:49:42 | 002,068,600 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120804.009\ex64.sys -- (NAVEX15) DRV - [2012/08/04 22:49:42 | 000,120,440 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120804.009\eng64.sys -- (NAVENG) DRV - [2012/07/04 04:15:54 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2012/06/18 20:01:13 | 001,161,376 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120711.002\BHDrvx64.sys -- (BHDrvx64) DRV - [2012/06/14 14:39:24 | 000,509,088 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120803.002\IDSviA64.sys -- (IDSVia64) DRV - [2012/05/30 22:54:54 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl) DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [binary data over 100 bytes] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D0 55 A5 46 15 DD CC 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/web?q={SEARCHTERMS}&o=15527&l=dis&prt=NIS&chn=retail&geo=US&ver=19 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "www.google.com" FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_268.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPlgn\ [2012/02/12 18:57:39 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\coFFPlgn\ [2012/08/04 10:18:09 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/27 14:28:29 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/27 14:28:29 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/01/27 13:12:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\owner\AppData\Roaming\Mozilla\Extensions [2012/07/30 16:33:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\ttz7prjd.default\extensions [2012/06/06 09:58:35 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\ttz7prjd.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2012/01/27 14:27:04 | 000,000,000 | ---D | M] (IE Tab +) -- C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\ttz7prjd.default\extensions\coralietab@mozdev.org [2012/06/18 09:20:23 | 000,002,464 | ---- | M] () -- C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\ttz7prjd.default\searchplugins\safesearch.xml [2012/02/12 19:56:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2012/08/04 10:18:09 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\COFFPLGN [2012/02/12 18:57:39 | 000,000,000 | ---D | M] (Norton Vulnerability Protection) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPLGN [2012/07/30 16:33:49 | 000,526,190 | ---- | M] () (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\TTZ7PRJD.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI [2012/07/27 14:28:29 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012/06/28 22:28:12 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012/06/28 22:28:12 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml O1 HOSTS File: ([2012/07/01 09:27:06 | 000,001,070 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 gs.apple.com O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\coieplg.dll (Symantec Corporation) O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\ips\ipsbho.dll (Symantec Corporation) O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\coieplg.dll (Symantec Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\coieplg.dll (Symantec Corporation) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 0 O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKCU\..Trusted Ranges: Range37 ([*] in Local intranet) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1C97E4E8-EEEB-4726-B765-780123AF218A}: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - Unable to read "AutoRun" value or value not present! O33 - MountPoints2\{9b9f3286-b7be-11e1-a872-001da209dda5}\Shell - "" = AutoRun O33 - MountPoints2\{9b9f3286-b7be-11e1-a872-001da209dda5}\Shell\AutoRun\command - "" = L:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012/08/05 12:26:09 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\owner\Desktop\OTL.exe [2012/08/05 12:17:26 | 002,136,664 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\owner\Desktop\tdsskiller.exe [2012/08/05 12:09:52 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\owner\Desktop\aswMBR.exe [2012/08/05 12:08:30 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2012/08/05 12:07:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\erunt [2012/08/05 12:07:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT [2012/08/05 12:02:06 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\owner\Desktop\erunt-setup.exe [2012/08/02 10:47:46 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\CrashDumps [2012/08/02 09:26:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2012/08/01 11:07:56 | 000,000,000 | ---D | C] -- C:\Users\owner\Desktop\WinOwnership [2012/08/01 09:09:22 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\Citrix [2012/07/30 11:31:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2012/07/30 11:31:53 | 000,126,312 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\GEARAspi64.dll [2012/07/30 11:31:53 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysWow64\GEARAspi.dll [2012/07/30 11:31:53 | 000,034,152 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys [2012/07/30 11:31:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iPod [2012/07/30 11:31:20 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2012/07/30 11:31:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes [2012/07/30 11:30:59 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\Apple Computer [2012/07/30 11:30:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update [2012/07/30 11:29:28 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012/07/30 11:23:05 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\Apple [2012/07/30 11:22:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple [2012/07/30 11:22:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple [2012/07/29 12:53:03 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\NPE [2012/07/29 12:48:58 | 002,841,104 | ---- | C] (Symantec Corporation) -- C:\Users\owner\Desktop\NPE.exe [2012/07/29 09:50:12 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\owner\Desktop\dds.com [2012/07/29 09:50:06 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\owner\Desktop\dds(1).scr [2012/07/28 23:35:39 | 000,000,000 | ---D | C] -- C:\Users\owner\Desktop\usbwifihack! [2012/07/28 23:08:35 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\Adobe [2012/07/28 19:09:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TULP2G [2012/07/27 17:31:10 | 000,000,000 | ---D | C] -- C:\Users\owner\Documents\MOBILedit! Forensic [2012/07/27 16:24:09 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Roaming\Malwarebytes [2012/07/27 16:23:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/07/27 16:23:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012/07/27 16:23:55 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012/07/27 16:23:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012/07/27 16:22:58 | 010,652,120 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\owner\Desktop\mbam-setup-1.62.0.1300.exe [2012/07/27 12:42:43 | 000,000,000 | ---D | C] -- C:\Users\owner\Desktop\mobiledit [2012/07/27 12:10:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Windows Genuine Advantage [2012/07/27 12:02:34 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Roaming\MOBILeditForensic [2012/07/27 12:01:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\COMPELSON Labs [2012/07/27 12:01:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MOBILedit!4 Forensic [2012/07/27 12:01:13 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\MOBILedit! Forensic [2012/07/27 12:00:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MOBILedit!4 Forensic [2012/07/27 11:25:34 | 000,000,000 | ---D | C] -- C:\Users\owner\Desktop\forte downloads [2012/07/27 10:21:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Forte Agent [2012/07/27 10:17:54 | 000,000,000 | ---D | C] -- C:\Users\owner\Desktop\password crackers [2012/07/27 10:17:13 | 000,000,000 | ---D | C] -- C:\Users\owner\Desktop\FORTEJUNK!! [2012/07/26 12:31:56 | 000,000,000 | ---D | C] -- C:\Users\owner\Desktop\cellphone forensics [2012/07/24 14:33:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoScape [2012/07/24 14:33:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PhotoScape [2012/07/23 14:15:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NirSoft [2012/07/23 14:04:55 | 000,000,000 | ---D | C] -- C:\Users\owner\Desktop\Nirsoft utilities [2012/07/11 09:13:20 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012/07/11 09:13:20 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012/07/11 09:13:20 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012/07/11 09:13:20 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012/07/11 09:13:18 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012/07/11 09:13:18 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012/07/11 09:13:18 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2012/07/11 09:13:18 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2012/07/11 09:13:15 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012/07/11 09:13:15 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012/07/11 09:13:15 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012/07/11 09:13:15 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012/07/11 09:13:15 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012/07/11 00:24:17 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll [2012/07/11 00:24:17 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll [2012/07/11 00:24:12 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll [2012/07/11 00:24:10 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll [2012/07/11 00:24:10 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll [2012/07/10 16:14:47 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\VMware [2012/07/10 16:14:06 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Roaming\VMware [2012/07/10 16:09:58 | 000,000,000 | ---D | C] -- C:\ProgramData\VMware [2012/07/10 15:08:42 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Roaming\ImgBurn [2012/07/09 19:06:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip [2012/07/09 19:06:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip [2012/07/09 13:01:21 | 000,000,000 | ---D | C] -- C:\Projects [2012/07/09 12:47:43 | 000,000,000 | ---D | C] -- C:\Users\owner\Desktop\nettyPE_2011_11_07 [2012/07/07 13:04:39 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2012/07/07 12:24:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tor ========== Files - Modified Within 30 Days ========== [2012/08/05 12:26:09 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\owner\Desktop\OTL.exe [2012/08/05 12:17:27 | 002,136,664 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\owner\Desktop\tdsskiller.exe [2012/08/05 12:13:14 | 000,000,512 | ---- | M] () -- C:\Users\owner\Desktop\MBR.dat [2012/08/05 12:10:26 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\owner\Desktop\aswMBR.exe [2012/08/05 12:07:33 | 000,000,928 | ---- | M] () -- C:\Users\owner\Desktop\NTREGOPT.lnk [2012/08/05 12:07:33 | 000,000,909 | ---- | M] () -- C:\Users\owner\Desktop\ERUNT.lnk [2012/08/05 12:02:06 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\owner\Desktop\erunt-setup.exe [2012/08/04 10:25:24 | 000,023,376 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/08/04 10:25:24 | 000,023,376 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/08/04 10:22:25 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012/08/04 10:22:25 | 000,623,940 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012/08/04 10:22:25 | 000,106,316 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012/08/04 10:16:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/08/03 22:08:39 | 000,032,313 | ---- | M] () -- C:\Users\owner\Desktop\merp___-471565.jpg [2012/08/03 22:07:31 | 000,008,201 | ---- | M] () -- C:\Users\owner\Desktop\merppp.jpg [2012/08/03 22:05:21 | 000,057,858 | ---- | M] () -- C:\Users\owner\Desktop\come_at_me_bro-7650.jpg [2012/08/02 09:32:33 | 000,881,494 | ---- | M] () -- C:\Users\owner\Desktop\SecurityCheck.exe [2012/08/02 09:29:34 | 523,237,157 | ---- | M] () -- C:\Users\owner\Desktop\dart_v1.0.zip [2012/08/01 11:06:04 | 002,150,033 | ---- | M] () -- C:\Users\owner\Desktop\WinOwnership(1).7z [2012/08/01 11:05:35 | 002,150,033 | ---- | M] () -- C:\Users\owner\Desktop\WinOwnership.7z [2012/08/01 10:28:44 | 000,021,504 | -H-- | M] () -- C:\Users\owner\Desktop\photothumb.db [2012/08/01 10:06:35 | 000,011,152 | ---- | M] () -- C:\Users\owner\Desktop\firewa4ll.csv [2012/08/01 09:58:24 | 000,403,616 | ---- | M] () -- C:\Users\owner\Desktop\Wireless Broadband Route22r.conf [2012/08/01 09:47:20 | 000,011,032 | ---- | M] () -- C:\Users\owner\Desktop\firewal2l.csv [2012/08/01 08:55:04 | 000,461,440 | ---- | M] () -- C:\Users\owner\Desktop\Wireless Broadband Router.conf [2012/08/01 08:32:38 | 000,172,720 | ---- | M] () -- C:\Users\owner\Desktop\firewall(1).csv [2012/07/31 19:53:54 | 000,133,869 | ---- | M] () -- C:\Users\owner\Desktop\firewall.csv [2012/07/31 10:27:42 | 000,162,667 | ---- | M] () -- C:\Users\owner\Desktop\quote 1.png [2012/07/30 12:02:35 | 019,517,952 | ---- | M] () -- C:\redsn0w.exe [2012/07/30 11:31:57 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2012/07/30 09:09:50 | 000,083,632 | ---- | M] () -- C:\Users\owner\Desktop\cover photo.jpg [2012/07/30 09:00:42 | 000,018,318 | ---- | M] () -- C:\Users\owner\Desktop\facebook.jpg [2012/07/30 08:48:30 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012/07/30 08:48:30 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012/07/29 12:57:56 | 000,335,656 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012/07/29 12:48:58 | 002,841,104 | ---- | M] (Symantec Corporation) -- C:\Users\owner\Desktop\NPE.exe [2012/07/29 11:08:53 | 000,080,299 | ---- | M] () -- C:\Users\owner\Desktop\562860_10151112702870977_1122763594_n.jpg [2012/07/29 11:08:42 | 000,074,462 | ---- | M] () -- C:\Users\owner\Desktop\418323_10151112702780977_590408167_n.jpg [2012/07/29 11:08:35 | 000,100,448 | ---- | M] () -- C:\Users\owner\Desktop\531576_10151112700045977_1594803034_n.jpg [2012/07/29 10:46:59 | 000,167,034 | ---- | M] () -- C:\Users\owner\Desktop\fileassassin-setup-1.06.exe [2012/07/29 09:50:14 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\owner\Desktop\dds.com [2012/07/29 09:50:06 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\owner\Desktop\dds(1).scr [2012/07/27 19:33:16 | 000,000,346 | ---- | M] () -- C:\Users\owner\Desktop\TOM'S EBAY.url [2012/07/27 16:23:57 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/07/27 16:22:58 | 010,652,120 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\owner\Desktop\mbam-setup-1.62.0.1300.exe [2012/07/27 15:08:29 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012/07/27 15:08:29 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012/07/27 12:59:18 | 000,010,380 | ---- | M] () -- C:\Users\owner\Documents\cc_20120727_125910.reg [2012/07/27 12:01:14 | 000,001,017 | ---- | M] () -- C:\Users\Public\Desktop\MOBILedit!4 Forensic.lnk [2012/07/27 10:21:12 | 000,000,669 | ---- | M] () -- C:\Users\Public\Desktop\Forte Agent.lnk [2012/07/24 17:14:37 | 000,001,324 | ---- | M] () -- C:\Users\owner\Documents\cc_20120724_171434.reg [2012/07/24 08:47:42 | 000,134,716 | ---- | M] () -- C:\Users\owner\Desktop\dartdocument.h [2012/07/13 16:11:15 | 000,302,592 | ---- | M] () -- C:\g5dm2s33.exe [2012/07/13 15:40:13 | 000,010,940 | ---- | M] () -- C:\Users\owner\Documents\cc_20120713_154010.reg [2012/07/11 10:15:25 | 000,743,066 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012/07/10 16:10:50 | 000,001,024 | ---- | M] () -- C:\.rnd [2012/07/08 14:41:27 | 000,000,008 | ---- | M] () -- C:\Windows\SysWow64\w32apiw.dll [2012/07/08 14:03:54 | 178,702,424 | ---- | M] () -- C:\Users\owner\Documents\regbackupncleaner.reg [2012/07/08 12:03:17 | 000,000,979 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012/07/06 19:36:41 | 000,012,316 | ---- | M] () -- C:\Users\owner\Documents\cc_20120706_193638.reg ========== Files Created - No Company Name ========== [2012/08/05 12:13:14 | 000,000,512 | ---- | C] () -- C:\Users\owner\Desktop\MBR.dat [2012/08/05 12:07:33 | 000,000,928 | ---- | C] () -- C:\Users\owner\Desktop\NTREGOPT.lnk [2012/08/05 12:07:33 | 000,000,909 | ---- | C] () -- C:\Users\owner\Desktop\ERUNT.lnk [2012/08/03 22:08:46 | 000,032,313 | ---- | C] () -- C:\Users\owner\Desktop\merp___-471565.jpg [2012/08/03 22:07:44 | 000,008,201 | ---- | C] () -- C:\Users\owner\Desktop\merppp.jpg [2012/08/03 22:05:33 | 000,057,858 | ---- | C] () -- C:\Users\owner\Desktop\come_at_me_bro-7650.jpg [2012/08/02 09:32:32 | 000,881,494 | ---- | C] () -- C:\Users\owner\Desktop\SecurityCheck.exe [2012/08/01 11:06:04 | 002,150,033 | ---- | C] () -- C:\Users\owner\Desktop\WinOwnership(1).7z [2012/08/01 11:05:35 | 002,150,033 | ---- | C] () -- C:\Users\owner\Desktop\WinOwnership.7z [2012/08/01 10:06:35 | 000,011,152 | ---- | C] () -- C:\Users\owner\Desktop\firewa4ll.csv [2012/08/01 09:58:24 | 000,403,616 | ---- | C] () -- C:\Users\owner\Desktop\Wireless Broadband Route22r.conf [2012/08/01 09:47:20 | 000,011,032 | ---- | C] () -- C:\Users\owner\Desktop\firewal2l.csv [2012/08/01 08:55:04 | 000,461,440 | ---- | C] () -- C:\Users\owner\Desktop\Wireless Broadband Router.conf [2012/08/01 08:32:38 | 000,172,720 | ---- | C] () -- C:\Users\owner\Desktop\firewall(1).csv [2012/07/31 19:53:54 | 000,133,869 | ---- | C] () -- C:\Users\owner\Desktop\firewall.csv [2012/07/31 10:28:00 | 000,162,667 | ---- | C] () -- C:\Users\owner\Desktop\quote 1.png [2012/07/30 11:31:57 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2012/07/30 11:22:58 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk [2012/07/30 09:10:23 | 000,083,632 | ---- | C] () -- C:\Users\owner\Desktop\cover photo.jpg [2012/07/30 09:01:21 | 000,018,318 | ---- | C] () -- C:\Users\owner\Desktop\facebook.jpg [2012/07/29 17:08:31 | 000,021,504 | -H-- | C] () -- C:\Users\owner\Desktop\photothumb.db [2012/07/29 12:56:13 | 000,335,656 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012/07/29 11:08:53 | 000,080,299 | ---- | C] () -- C:\Users\owner\Desktop\562860_10151112702870977_1122763594_n.jpg [2012/07/29 11:08:42 | 000,074,462 | ---- | C] () -- C:\Users\owner\Desktop\418323_10151112702780977_590408167_n.jpg [2012/07/29 11:08:35 | 000,100,448 | ---- | C] () -- C:\Users\owner\Desktop\531576_10151112700045977_1594803034_n.jpg [2012/07/29 10:46:59 | 000,167,034 | ---- | C] () -- C:\Users\owner\Desktop\fileassassin-setup-1.06.exe [2012/07/27 16:23:57 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/07/27 12:59:16 | 000,010,380 | ---- | C] () -- C:\Users\owner\Documents\cc_20120727_125910.reg [2012/07/27 12:01:14 | 000,001,017 | ---- | C] () -- C:\Users\Public\Desktop\MOBILedit!4 Forensic.lnk [2012/07/27 10:21:12 | 000,000,669 | ---- | C] () -- C:\Users\Public\Desktop\Forte Agent.lnk [2012/07/25 09:46:52 | 000,302,592 | ---- | C] () -- C:\g5dm2s33.exe [2012/07/24 17:14:36 | 000,001,324 | ---- | C] () -- C:\Users\owner\Documents\cc_20120724_171434.reg [2012/07/24 08:50:46 | 523,237,157 | ---- | C] () -- C:\Users\owner\Desktop\dart_v1.0.zip [2012/07/24 08:47:42 | 000,134,716 | ---- | C] () -- C:\Users\owner\Desktop\dartdocument.h [2012/07/13 22:33:38 | 000,000,898 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012/07/13 15:40:12 | 000,010,940 | ---- | C] () -- C:\Users\owner\Documents\cc_20120713_154010.reg [2012/07/10 16:10:42 | 000,743,066 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012/07/08 14:03:41 | 178,702,424 | ---- | C] () -- C:\Users\owner\Documents\regbackupncleaner.reg [2012/07/06 19:36:40 | 000,012,316 | ---- | C] () -- C:\Users\owner\Documents\cc_20120706_193638.reg [2012/06/29 17:27:15 | 000,000,353 | ---- | C] () -- C:\Windows\VVFPlayer_V2_6_4B.INI [2012/06/14 16:17:47 | 000,000,008 | ---- | C] () -- C:\Windows\SysWow64\w32apiw.dll [2012/06/13 16:56:29 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\CommonDL.dll [2012/06/13 16:56:29 | 000,002,413 | ---- | C] () -- C:\Windows\SysWow64\lgAxconfig.ini [2012/01/29 22:04:57 | 000,080,896 | ---- | C] () -- C:\Windows\SysWow64\QUTIL.DLL ========== LOP Check ========== [2012/06/17 11:47:33 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Acronis [2012/06/06 07:38:24 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Forte [2012/06/06 09:59:16 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Garmin [2012/07/10 15:08:42 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\ImgBurn [2012/07/27 12:02:34 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\MOBILeditForensic [2012/06/26 19:53:42 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\nCleaner [2012/07/28 22:47:51 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Notepad++ [2012/02/01 15:58:44 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\OpenOffice.org [2012/06/09 11:36:14 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Philipp Winterberg [2012/02/02 14:30:29 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\PhotoFiltre 7 [2012/07/24 16:44:23 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\PhotoScape [2012/06/09 12:12:21 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\QFX Software [2012/06/27 23:03:44 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\redsn0w [2012/06/27 23:48:00 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Seas0nPass [2012/07/07 22:54:42 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\TrueCrypt [2012/07/01 18:25:00 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\WinBatch [2012/06/07 11:04:43 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\YourFileDownloader [2012/07/06 19:26:45 | 000,019,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:E0258CAE < End of report >
  11. here is aswMBR with no fix button enabled: aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software Run date: 2012-08-05 12:11:22 ----------------------------- 12:11:22.162 OS Version: Windows x64 6.1.7601 Service Pack 1 12:11:22.162 Number of processors: 2 586 0x4B02 12:11:22.162 ComputerName: OWNER-PC UserName: owner 12:11:23.363 Initialize success 12:12:15.548 AVAST engine defs: 12080500 12:12:28.823 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000070 12:12:28.823 Disk 0 Vendor: SAMSUNG_ VT10 Size: 238475MB BusType: 6 12:12:28.823 Disk 0 MBR read successfully 12:12:28.839 Disk 0 MBR scan 12:12:28.839 Disk 0 Windows 7 default MBR code 12:12:28.855 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048 12:12:28.870 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 212456 MB offset 206848 12:12:28.886 Disk 0 scanning C:\Windows\system32\drivers 12:12:40.648 Service scanning 12:13:05.951 Modules scanning 12:13:05.967 Scan finished successfully 12:13:14.313 Disk 0 MBR has been saved successfully to "C:\Users\owner\Desktop\MBR.dat" 12:13:14.313 The log file has been saved successfully to "C:\Users\owner\Desktop\aswMBR.txt" tdsskiller: 12:17:59.0354 3044 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32 12:17:59.0620 3044 ============================================================ 12:17:59.0620 3044 Current date / time: 2012/08/05 12:17:59.0620 12:17:59.0620 3044 SystemInfo: 12:17:59.0620 3044 12:17:59.0620 3044 OS Version: 6.1.7601 ServicePack: 1.0 12:17:59.0620 3044 Product type: Workstation 12:17:59.0620 3044 ComputerName: OWNER-PC 12:17:59.0620 3044 UserName: owner 12:17:59.0620 3044 Windows directory: C:\Windows 12:17:59.0620 3044 System windows directory: C:\Windows 12:17:59.0620 3044 Running under WOW64 12:17:59.0620 3044 Processor architecture: Intel x64 12:17:59.0620 3044 Number of processors: 2 12:17:59.0620 3044 Page size: 0x1000 12:17:59.0620 3044 Boot type: Normal boot 12:17:59.0620 3044 ============================================================ 12:18:00.0134 3044 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x7E2D, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040 12:18:00.0166 3044 ============================================================ 12:18:00.0166 3044 \Device\Harddisk0\DR0: 12:18:00.0166 3044 MBR partitions: 12:18:00.0166 3044 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000 12:18:00.0166 3044 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x19EF4000 12:18:00.0166 3044 ============================================================ 12:18:00.0197 3044 C: <-> \Device\Harddisk0\DR0\Partition1 12:18:00.0197 3044 ============================================================ 12:18:00.0197 3044 Initialize success 12:18:00.0197 3044 ============================================================ 12:19:40.0832 2080 ============================================================ 12:19:40.0832 2080 Scan started 12:19:40.0832 2080 Mode: Manual; SigCheck; TDLFS; 12:19:40.0832 2080 ============================================================ 12:19:41.0410 2080 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys 12:19:41.0550 2080 1394ohci - ok 12:19:41.0628 2080 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys 12:19:41.0644 2080 ACPI - ok 12:19:41.0690 2080 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys 12:19:41.0784 2080 AcpiPmi - ok 12:19:41.0924 2080 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 12:19:41.0956 2080 AdobeARMservice - ok 12:19:42.0112 2080 AdobeFlashPlayerUpdateSvc (6c40d5ed8951ab7b90d08af655224ee4) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 12:19:42.0127 2080 AdobeFlashPlayerUpdateSvc - ok 12:19:42.0221 2080 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys 12:19:42.0252 2080 adp94xx - ok 12:19:42.0314 2080 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys 12:19:42.0361 2080 adpahci - ok 12:19:42.0392 2080 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys 12:19:42.0424 2080 adpu320 - ok 12:19:42.0470 2080 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll 12:19:42.0626 2080 AeLookupSvc - ok 12:19:42.0704 2080 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys 12:19:42.0767 2080 AFD - ok 12:19:42.0829 2080 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys 12:19:42.0860 2080 agp440 - ok 12:19:42.0892 2080 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe 12:19:42.0970 2080 ALG - ok 12:19:43.0001 2080 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys 12:19:43.0016 2080 aliide - ok 12:19:43.0048 2080 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys 12:19:43.0063 2080 amdide - ok 12:19:43.0126 2080 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys 12:19:43.0172 2080 AmdK8 - ok 12:19:43.0204 2080 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys 12:19:43.0235 2080 AmdPPM - ok 12:19:43.0282 2080 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys 12:19:43.0297 2080 amdsata - ok 12:19:43.0328 2080 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys 12:19:43.0344 2080 amdsbs - ok 12:19:43.0360 2080 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys 12:19:43.0375 2080 amdxata - ok 12:19:43.0406 2080 Andbus - ok 12:19:43.0406 2080 AndDiag - ok 12:19:43.0422 2080 AndGps - ok 12:19:43.0438 2080 ANDModem - ok 12:19:43.0500 2080 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys 12:19:43.0562 2080 AppID - ok 12:19:43.0594 2080 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll 12:19:43.0687 2080 AppIDSvc - ok 12:19:43.0750 2080 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll 12:19:43.0859 2080 Appinfo - ok 12:19:43.0984 2080 Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 12:19:43.0999 2080 Apple Mobile Device - ok 12:19:44.0046 2080 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys 12:19:44.0077 2080 arc - ok 12:19:44.0093 2080 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys 12:19:44.0108 2080 arcsas - ok 12:19:44.0140 2080 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys 12:19:44.0249 2080 AsyncMac - ok 12:19:44.0296 2080 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys 12:19:44.0311 2080 atapi - ok 12:19:44.0405 2080 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll 12:19:44.0483 2080 AudioEndpointBuilder - ok 12:19:44.0498 2080 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll 12:19:44.0545 2080 AudioSrv - ok 12:19:44.0608 2080 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll 12:19:44.0701 2080 AxInstSV - ok 12:19:44.0779 2080 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys 12:19:44.0826 2080 b06bdrv - ok 12:19:44.0888 2080 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys 12:19:44.0935 2080 b57nd60a - ok 12:19:44.0982 2080 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll 12:19:45.0029 2080 BDESVC - ok 12:19:45.0044 2080 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys 12:19:45.0107 2080 Beep - ok 12:19:45.0232 2080 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll 12:19:45.0310 2080 BFE - ok 12:19:45.0528 2080 BHDrvx64 (c8ab71a5102d0fc103f6dfc750005137) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120711.002\BHDrvx64.sys 12:19:45.0575 2080 BHDrvx64 - ok 12:19:45.0746 2080 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll 12:19:45.0840 2080 BITS - ok 12:19:45.0918 2080 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys 12:19:45.0934 2080 blbdrive - ok 12:19:45.0996 2080 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys 12:19:46.0012 2080 bowser - ok 12:19:46.0058 2080 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys 12:19:46.0152 2080 BrFiltLo - ok 12:19:46.0168 2080 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys 12:19:46.0199 2080 BrFiltUp - ok 12:19:46.0230 2080 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll 12:19:46.0292 2080 Browser - ok 12:19:46.0339 2080 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys 12:19:46.0402 2080 Brserid - ok 12:19:46.0417 2080 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys 12:19:46.0448 2080 BrSerWdm - ok 12:19:46.0495 2080 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys 12:19:46.0526 2080 BrUsbMdm - ok 12:19:46.0542 2080 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys 12:19:46.0573 2080 BrUsbSer - ok 12:19:46.0589 2080 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys 12:19:46.0636 2080 BTHMODEM - ok 12:19:46.0682 2080 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll 12:19:46.0745 2080 bthserv - ok 12:19:46.0838 2080 ccSet_NIS (0e1737a63aec0f6de231bb59836c0a11) C:\Windows\system32\drivers\NISx64\1307010.005\ccSetx64.sys 12:19:46.0870 2080 ccSet_NIS - ok 12:19:46.0932 2080 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys 12:19:47.0010 2080 cdfs - ok 12:19:47.0072 2080 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys 12:19:47.0104 2080 cdrom - ok 12:19:47.0150 2080 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll 12:19:47.0228 2080 CertPropSvc - ok 12:19:47.0244 2080 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys 12:19:47.0275 2080 circlass - ok 12:19:47.0338 2080 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys 12:19:47.0353 2080 CLFS - ok 12:19:47.0431 2080 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 12:19:47.0462 2080 clr_optimization_v2.0.50727_32 - ok 12:19:47.0509 2080 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 12:19:47.0540 2080 clr_optimization_v2.0.50727_64 - ok 12:19:47.0618 2080 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 12:19:47.0650 2080 clr_optimization_v4.0.30319_32 - ok 12:19:47.0681 2080 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 12:19:47.0696 2080 clr_optimization_v4.0.30319_64 - ok 12:19:47.0759 2080 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys 12:19:47.0774 2080 CmBatt - ok 12:19:47.0806 2080 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys 12:19:47.0821 2080 cmdide - ok 12:19:47.0884 2080 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys 12:19:47.0930 2080 CNG - ok 12:19:47.0946 2080 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys 12:19:47.0962 2080 Compbatt - ok 12:19:48.0008 2080 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys 12:19:48.0040 2080 CompositeBus - ok 12:19:48.0055 2080 COMSysApp - ok 12:19:48.0086 2080 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys 12:19:48.0102 2080 crcdisk - ok 12:19:48.0164 2080 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll 12:19:48.0227 2080 CryptSvc - ok 12:19:48.0289 2080 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll 12:19:48.0383 2080 DcomLaunch - ok 12:19:48.0445 2080 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll 12:19:48.0570 2080 defragsvc - ok 12:19:48.0601 2080 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys 12:19:48.0664 2080 DfsC - ok 12:19:48.0726 2080 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll 12:19:48.0804 2080 Dhcp - ok 12:19:48.0820 2080 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys 12:19:48.0882 2080 discache - ok 12:19:48.0944 2080 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys 12:19:48.0960 2080 Disk - ok 12:19:49.0007 2080 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll 12:19:49.0054 2080 Dnscache - ok 12:19:49.0116 2080 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll 12:19:49.0225 2080 dot3svc - ok 12:19:49.0256 2080 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll 12:19:49.0319 2080 DPS - ok 12:19:49.0366 2080 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys 12:19:49.0397 2080 drmkaud - ok 12:19:49.0490 2080 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys 12:19:49.0537 2080 DXGKrnl - ok 12:19:49.0568 2080 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll 12:19:49.0631 2080 EapHost - ok 12:19:49.0927 2080 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys 12:19:50.0021 2080 ebdrv - ok 12:19:50.0130 2080 eeCtrl (ba6420c1f7070ed8f1ba372844f3e1ec) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys 12:19:50.0146 2080 eeCtrl - ok 12:19:50.0270 2080 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe 12:19:50.0348 2080 EFS - ok 12:19:50.0442 2080 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe 12:19:50.0520 2080 ehRecvr - ok 12:19:50.0551 2080 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe 12:19:50.0598 2080 ehSched - ok 12:19:50.0707 2080 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys 12:19:50.0723 2080 elxstor - ok 12:19:50.0863 2080 EraserUtilRebootDrv (1343df3451bc0c442dc69837c6fba21b) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 12:19:50.0894 2080 EraserUtilRebootDrv - ok 12:19:50.0926 2080 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys 12:19:50.0957 2080 ErrDev - ok 12:19:51.0035 2080 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll 12:19:51.0097 2080 EventSystem - ok 12:19:51.0144 2080 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys 12:19:51.0206 2080 exfat - ok 12:19:51.0238 2080 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys 12:19:51.0300 2080 fastfat - ok 12:19:51.0394 2080 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe 12:19:51.0487 2080 Fax - ok 12:19:51.0534 2080 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys 12:19:51.0581 2080 fdc - ok 12:19:51.0612 2080 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll 12:19:51.0690 2080 fdPHost - ok 12:19:51.0721 2080 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll 12:19:51.0784 2080 FDResPub - ok 12:19:51.0815 2080 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys 12:19:51.0830 2080 FileInfo - ok 12:19:51.0830 2080 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys 12:19:51.0908 2080 Filetrace - ok 12:19:51.0924 2080 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys 12:19:51.0940 2080 flpydisk - ok 12:19:52.0018 2080 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys 12:19:52.0049 2080 FltMgr - ok 12:19:52.0174 2080 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll 12:19:52.0252 2080 FontCache - ok 12:19:52.0392 2080 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 12:19:52.0408 2080 FontCache3.0.0.0 - ok 12:19:52.0548 2080 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys 12:19:52.0564 2080 FsDepends - ok 12:19:52.0595 2080 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys 12:19:52.0610 2080 Fs_Rec - ok 12:19:52.0673 2080 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys 12:19:52.0704 2080 fvevol - ok 12:19:52.0751 2080 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys 12:19:52.0766 2080 gagp30kx - ok 12:19:52.0813 2080 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 12:19:52.0829 2080 GEARAspiWDM - ok 12:19:52.0907 2080 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll 12:19:53.0000 2080 gpsvc - ok 12:19:53.0125 2080 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 12:19:53.0141 2080 gupdate - ok 12:19:53.0156 2080 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 12:19:53.0172 2080 gupdatem - ok 12:19:53.0219 2080 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys 12:19:53.0266 2080 hcw85cir - ok 12:19:53.0344 2080 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys 12:19:53.0375 2080 HdAudAddService - ok 12:19:53.0422 2080 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys 12:19:53.0453 2080 HDAudBus - ok 12:19:53.0484 2080 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys 12:19:53.0515 2080 HidBatt - ok 12:19:53.0546 2080 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys 12:19:53.0593 2080 HidBth - ok 12:19:53.0624 2080 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys 12:19:53.0640 2080 HidIr - ok 12:19:53.0656 2080 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll 12:19:53.0734 2080 hidserv - ok 12:19:53.0765 2080 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys 12:19:53.0780 2080 HidUsb - ok 12:19:53.0812 2080 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll 12:19:53.0874 2080 hkmsvc - ok 12:19:53.0936 2080 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll 12:19:53.0983 2080 HomeGroupListener - ok 12:19:54.0014 2080 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll 12:19:54.0046 2080 HomeGroupProvider - ok 12:19:54.0092 2080 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys 12:19:54.0108 2080 HpSAMD - ok 12:19:54.0217 2080 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys 12:19:54.0295 2080 HTTP - ok 12:19:54.0342 2080 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys 12:19:54.0342 2080 hwpolicy - ok 12:19:54.0436 2080 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys 12:19:54.0451 2080 i8042prt - ok 12:19:54.0529 2080 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys 12:19:54.0560 2080 iaStorV - ok 12:19:54.0701 2080 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 12:19:54.0748 2080 idsvc - ok 12:19:54.0888 2080 IDSVia64 (ce0bf35c79e03bb89da6b14fac838605) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120803.002\IDSvia64.sys 12:19:54.0919 2080 IDSVia64 - ok 12:19:55.0028 2080 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys 12:19:55.0044 2080 iirsp - ok 12:19:55.0122 2080 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll 12:19:55.0200 2080 IKEEXT - ok 12:19:55.0418 2080 IntcAzAudAddService (bfbabcb231628a4551dbb10d0ea25d62) C:\Windows\system32\drivers\RTKVHD64.sys 12:19:55.0481 2080 IntcAzAudAddService - ok 12:19:55.0621 2080 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys 12:19:55.0637 2080 intelide - ok 12:19:55.0668 2080 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys 12:19:55.0684 2080 intelppm - ok 12:19:55.0715 2080 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll 12:19:55.0793 2080 IPBusEnum - ok 12:19:55.0824 2080 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys 12:19:55.0886 2080 IpFilterDriver - ok 12:19:55.0949 2080 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll 12:19:56.0011 2080 iphlpsvc - ok 12:19:56.0042 2080 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys 12:19:56.0074 2080 IPMIDRV - ok 12:19:56.0120 2080 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys 12:19:56.0183 2080 IPNAT - ok 12:19:56.0339 2080 iPod Service (a9ab99ee7d39725eafec82732d2b3271) C:\Program Files (x86)\iPod\bin\iPodService.exe 12:19:56.0386 2080 iPod Service - ok 12:19:56.0432 2080 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys 12:19:56.0510 2080 IRENUM - ok 12:19:56.0573 2080 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys 12:19:56.0588 2080 isapnp - ok 12:19:56.0620 2080 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\DRIVERS\msiscsi.sys 12:19:56.0651 2080 iScsiPrt - ok 12:19:56.0698 2080 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys 12:19:56.0713 2080 kbdclass - ok 12:19:56.0744 2080 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys 12:19:56.0776 2080 kbdhid - ok 12:19:56.0807 2080 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 12:19:56.0822 2080 KeyIso - ok 12:19:56.0854 2080 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys 12:19:56.0869 2080 KSecDD - ok 12:19:56.0916 2080 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys 12:19:56.0963 2080 KSecPkg - ok 12:19:57.0025 2080 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys 12:19:57.0103 2080 ksthunk - ok 12:19:57.0150 2080 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll 12:19:57.0228 2080 KtmRm - ok 12:19:57.0306 2080 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll 12:19:57.0384 2080 LanmanServer - ok 12:19:57.0462 2080 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll 12:19:57.0524 2080 LanmanWorkstation - ok 12:19:57.0680 2080 LightScribeService (71c6a95a5f0ccc87298c4dd0f2c3635a) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe 12:19:57.0712 2080 LightScribeService ( UnsignedFile.Multi.Generic ) - warning 12:19:57.0712 2080 LightScribeService - detected UnsignedFile.Multi.Generic (1) 12:19:57.0774 2080 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys 12:19:57.0868 2080 lltdio - ok 12:19:57.0914 2080 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll 12:19:57.0977 2080 lltdsvc - ok 12:19:57.0992 2080 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll 12:19:58.0039 2080 lmhosts - ok 12:19:58.0086 2080 LMIInfo - ok 12:19:58.0117 2080 lmimirr (413ecdcfad9a82804d3674c8d7eec24e) C:\Windows\system32\DRIVERS\lmimirr.sys 12:19:58.0133 2080 lmimirr - ok 12:19:58.0148 2080 LMIRfsClientNP - ok 12:19:58.0164 2080 LMIRfsDriver - ok 12:19:58.0211 2080 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys 12:19:58.0226 2080 LSI_FC - ok 12:19:58.0242 2080 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys 12:19:58.0258 2080 LSI_SAS - ok 12:19:58.0289 2080 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys 12:19:58.0304 2080 LSI_SAS2 - ok 12:19:58.0320 2080 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys 12:19:58.0336 2080 LSI_SCSI - ok 12:19:58.0382 2080 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys 12:19:58.0492 2080 luafv - ok 12:19:58.0554 2080 MBAMProtector (dc8490812a3b72811ae534f423b4c206) C:\Windows\system32\drivers\mbam.sys 12:19:58.0570 2080 MBAMProtector - ok 12:19:58.0663 2080 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe 12:19:58.0694 2080 MBAMService - ok 12:19:58.0726 2080 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll 12:19:58.0757 2080 Mcx2Svc - ok 12:19:58.0788 2080 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys 12:19:58.0804 2080 megasas - ok 12:19:58.0835 2080 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys 12:19:58.0866 2080 MegaSR - ok 12:19:58.0913 2080 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll 12:19:58.0975 2080 MMCSS - ok 12:19:59.0006 2080 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys 12:19:59.0069 2080 Modem - ok 12:19:59.0084 2080 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys 12:19:59.0116 2080 monitor - ok 12:19:59.0162 2080 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys 12:19:59.0194 2080 mouclass - ok 12:19:59.0240 2080 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys 12:19:59.0287 2080 mouhid - ok 12:19:59.0334 2080 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys 12:19:59.0350 2080 mountmgr - ok 12:19:59.0459 2080 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe 12:19:59.0474 2080 MozillaMaintenance - ok 12:19:59.0521 2080 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys 12:19:59.0537 2080 mpio - ok 12:19:59.0568 2080 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys 12:19:59.0615 2080 mpsdrv - ok 12:19:59.0693 2080 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll 12:19:59.0771 2080 MpsSvc - ok 12:19:59.0802 2080 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys 12:19:59.0849 2080 MRxDAV - ok 12:19:59.0896 2080 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys 12:19:59.0942 2080 mrxsmb - ok 12:19:59.0989 2080 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys 12:20:00.0036 2080 mrxsmb10 - ok 12:20:00.0067 2080 mrxsmb20 (c04b3d627f12bd4574e1636dbf045635) C:\Windows\system32\DRIVERS\mrxsmb20.sys 12:20:00.0176 2080 mrxsmb20 ( UnsignedFile.Multi.Generic ) - warning 12:20:00.0176 2080 mrxsmb20 - detected UnsignedFile.Multi.Generic (1) 12:20:00.0223 2080 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys 12:20:00.0254 2080 msahci - ok 12:20:00.0301 2080 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys 12:20:00.0317 2080 msdsm - ok 12:20:00.0364 2080 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe 12:20:00.0395 2080 MSDTC - ok 12:20:00.0426 2080 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys 12:20:00.0473 2080 Msfs - ok 12:20:00.0488 2080 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys 12:20:00.0535 2080 mshidkmdf - ok 12:20:00.0551 2080 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys 12:20:00.0566 2080 msisadrv - ok 12:20:00.0613 2080 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll 12:20:00.0676 2080 MSiSCSI - ok 12:20:00.0691 2080 msiserver - ok 12:20:00.0722 2080 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys 12:20:00.0816 2080 MSKSSRV - ok 12:20:00.0832 2080 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys 12:20:00.0925 2080 MSPCLOCK - ok 12:20:00.0941 2080 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys 12:20:01.0003 2080 MSPQM - ok 12:20:01.0050 2080 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys 12:20:01.0081 2080 MsRPC - ok 12:20:01.0112 2080 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys 12:20:01.0128 2080 mssmbios - ok 12:20:01.0144 2080 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys 12:20:01.0206 2080 MSTEE - ok 12:20:01.0222 2080 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys 12:20:01.0253 2080 MTConfig - ok 12:20:01.0300 2080 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys 12:20:01.0331 2080 Mup - ok 12:20:01.0409 2080 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll 12:20:01.0487 2080 napagent - ok 12:20:01.0565 2080 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys 12:20:01.0596 2080 NativeWifiP - ok 12:20:01.0783 2080 NAVENG (8043d41f881d6ace40b854ad6e32217f) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120804.009\ENG64.SYS 12:20:01.0799 2080 NAVENG - ok 12:20:02.0002 2080 NAVEX15 (9a9ab2fc45d701daed465d14980f1305) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120804.009\EX64.SYS 12:20:02.0080 2080 NAVEX15 - ok 12:20:02.0298 2080 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys 12:20:02.0345 2080 NDIS - ok 12:20:02.0392 2080 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys 12:20:02.0485 2080 NdisCap - ok 12:20:02.0516 2080 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys 12:20:02.0563 2080 NdisTapi - ok 12:20:02.0626 2080 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys 12:20:02.0672 2080 Ndisuio - ok 12:20:02.0719 2080 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys 12:20:02.0782 2080 NdisWan - ok 12:20:02.0813 2080 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys 12:20:02.0860 2080 NDProxy - ok 12:20:02.0906 2080 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys 12:20:03.0000 2080 NetBIOS - ok 12:20:03.0047 2080 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys 12:20:03.0109 2080 NetBT - ok 12:20:03.0140 2080 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 12:20:03.0156 2080 Netlogon - ok 12:20:03.0234 2080 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll 12:20:03.0296 2080 Netman - ok 12:20:03.0359 2080 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll 12:20:03.0437 2080 netprofm - ok 12:20:03.0546 2080 netr28ux (883269c1ca478658f1334f3c39b0c7ac) C:\Windows\system32\DRIVERS\netr28ux.sys 12:20:03.0624 2080 netr28ux - ok 12:20:03.0718 2080 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe 12:20:03.0733 2080 NetTcpPortSharing - ok 12:20:03.0780 2080 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys 12:20:03.0796 2080 nfrd960 - ok 12:20:03.0889 2080 NIS (c6948f034d7edabcfa2234d399fc78bc) C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe 12:20:03.0905 2080 NIS - ok 12:20:03.0983 2080 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll 12:20:04.0061 2080 NlaSvc - ok 12:20:04.0108 2080 NPF (3ceee0be85d24d911b9c02714817774c) C:\Windows\system32\drivers\npf.sys 12:20:04.0123 2080 NPF - ok 12:20:04.0154 2080 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys 12:20:04.0201 2080 Npfs - ok 12:20:04.0232 2080 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll 12:20:04.0279 2080 nsi - ok 12:20:04.0310 2080 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys 12:20:04.0373 2080 nsiproxy - ok 12:20:04.0529 2080 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys 12:20:04.0591 2080 Ntfs - ok 12:20:04.0716 2080 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys 12:20:04.0778 2080 Null - ok 12:20:04.0841 2080 NVENETFD (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys 12:20:04.0872 2080 NVENETFD - ok 12:20:05.0777 2080 nvlddmkm (dd81fbc57ab9134cddc5ce90880bfd80) C:\Windows\system32\DRIVERS\nvlddmkm.sys 12:20:06.0182 2080 nvlddmkm - ok 12:20:06.0354 2080 NVNET (909eedcbd365bb81027d8e742e6b3416) C:\Windows\system32\DRIVERS\nvmf6264.sys 12:20:06.0401 2080 NVNET - ok 12:20:06.0463 2080 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys 12:20:06.0479 2080 nvraid - ok 12:20:06.0510 2080 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys 12:20:06.0526 2080 nvstor - ok 12:20:06.0557 2080 nvstor64 (0996a440d510904b79935a91155b0e4c) C:\Windows\system32\DRIVERS\nvstor64.sys 12:20:06.0572 2080 nvstor64 - ok 12:20:06.0588 2080 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys 12:20:06.0604 2080 nv_agp - ok 12:20:06.0744 2080 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE 12:20:06.0791 2080 odserv - ok 12:20:06.0822 2080 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys 12:20:06.0853 2080 ohci1394 - ok 12:20:06.0916 2080 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 12:20:06.0931 2080 ose - ok 12:20:06.0978 2080 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll 12:20:07.0040 2080 p2pimsvc - ok 12:20:07.0087 2080 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll 12:20:07.0134 2080 p2psvc - ok 12:20:07.0181 2080 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys 12:20:07.0212 2080 Parport - ok 12:20:07.0243 2080 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys 12:20:07.0259 2080 partmgr - ok 12:20:07.0274 2080 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll 12:20:07.0321 2080 PcaSvc - ok 12:20:07.0384 2080 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys 12:20:07.0399 2080 pci - ok 12:20:07.0446 2080 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys 12:20:07.0446 2080 pciide - ok 12:20:07.0493 2080 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys 12:20:07.0508 2080 pcmcia - ok 12:20:07.0524 2080 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys 12:20:07.0555 2080 pcw - ok 12:20:07.0618 2080 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys 12:20:07.0711 2080 PEAUTH - ok 12:20:07.0789 2080 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe 12:20:07.0820 2080 PerfHost - ok 12:20:07.0945 2080 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll 12:20:08.0039 2080 pla - ok 12:20:08.0086 2080 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll 12:20:08.0148 2080 PlugPlay - ok 12:20:08.0179 2080 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll 12:20:08.0210 2080 PNRPAutoReg - ok 12:20:08.0257 2080 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll 12:20:08.0288 2080 PNRPsvc - ok 12:20:08.0382 2080 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll 12:20:08.0460 2080 PolicyAgent - ok 12:20:08.0538 2080 PORTMON - ok 12:20:08.0585 2080 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll 12:20:08.0647 2080 Power - ok 12:20:08.0725 2080 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys 12:20:08.0803 2080 PptpMiniport - ok 12:20:08.0834 2080 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys 12:20:08.0866 2080 Processor - ok 12:20:08.0975 2080 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll 12:20:09.0006 2080 ProfSvc - ok 12:20:09.0053 2080 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 12:20:09.0068 2080 ProtectedStorage - ok 12:20:09.0131 2080 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys 12:20:09.0209 2080 Psched - ok 12:20:09.0256 2080 PxHlpa64 (46851bc18322da70f3f2299a1007c479) C:\Windows\system32\Drivers\PxHlpa64.sys 12:20:09.0271 2080 PxHlpa64 - ok 12:20:09.0380 2080 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys 12:20:09.0427 2080 ql2300 - ok 12:20:09.0568 2080 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys 12:20:09.0599 2080 ql40xx - ok 12:20:09.0646 2080 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll 12:20:09.0692 2080 QWAVE - ok 12:20:09.0708 2080 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys 12:20:09.0739 2080 QWAVEdrv - ok 12:20:09.0755 2080 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys 12:20:09.0817 2080 RasAcd - ok 12:20:09.0864 2080 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys 12:20:09.0911 2080 RasAgileVpn - ok 12:20:09.0926 2080 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll 12:20:09.0989 2080 RasAuto - ok 12:20:10.0036 2080 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys 12:20:10.0129 2080 Rasl2tp - ok 12:20:10.0176 2080 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll 12:20:10.0238 2080 RasMan - ok 12:20:10.0270 2080 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys 12:20:10.0316 2080 RasPppoe - ok 12:20:10.0348 2080 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys 12:20:10.0410 2080 RasSstp - ok 12:20:10.0472 2080 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys 12:20:10.0566 2080 rdbss - ok 12:20:10.0597 2080 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys 12:20:10.0628 2080 rdpbus - ok 12:20:10.0644 2080 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys 12:20:10.0691 2080 RDPCDD - ok 12:20:10.0738 2080 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys 12:20:10.0800 2080 RDPENCDD - ok 12:20:10.0816 2080 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys 12:20:10.0862 2080 RDPREFMP - ok 12:20:10.0909 2080 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys 12:20:10.0940 2080 RDPWD - ok 12:20:11.0003 2080 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys 12:20:11.0034 2080 rdyboost - ok 12:20:11.0081 2080 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll 12:20:11.0159 2080 RemoteAccess - ok 12:20:11.0206 2080 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll 12:20:11.0252 2080 RemoteRegistry - ok 12:20:11.0299 2080 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll 12:20:11.0362 2080 RpcEptMapper - ok 12:20:11.0377 2080 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe 12:20:11.0393 2080 RpcLocator - ok 12:20:11.0471 2080 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll 12:20:11.0549 2080 RpcSs - ok 12:20:11.0611 2080 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys 12:20:11.0658 2080 rspndr - ok 12:20:11.0689 2080 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 12:20:11.0705 2080 SamSs - ok 12:20:11.0736 2080 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys 12:20:11.0752 2080 sbp2port - ok 12:20:11.0798 2080 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll 12:20:11.0861 2080 SCardSvr - ok 12:20:11.0892 2080 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys 12:20:11.0986 2080 scfilter - ok 12:20:12.0095 2080 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll 12:20:12.0173 2080 Schedule - ok 12:20:12.0220 2080 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll 12:20:12.0251 2080 SCPolicySvc - ok 12:20:12.0298 2080 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll 12:20:12.0360 2080 SDRSVC - ok 12:20:12.0438 2080 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys 12:20:12.0500 2080 secdrv - ok 12:20:12.0532 2080 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll 12:20:12.0578 2080 seclogon - ok 12:20:12.0610 2080 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll 12:20:12.0672 2080 SENS - ok 12:20:12.0703 2080 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll 12:20:12.0750 2080 SensrSvc - ok 12:20:12.0781 2080 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys 12:20:12.0828 2080 Serenum - ok 12:20:12.0875 2080 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys 12:20:12.0906 2080 Serial - ok 12:20:12.0953 2080 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys 12:20:13.0000 2080 sermouse - ok 12:20:13.0046 2080 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll 12:20:13.0109 2080 SessionEnv - ok 12:20:13.0124 2080 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys 12:20:13.0156 2080 sffdisk - ok 12:20:13.0187 2080 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys 12:20:13.0218 2080 sffp_mmc - ok 12:20:13.0234 2080 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys 12:20:13.0280 2080 sffp_sd - ok 12:20:13.0312 2080 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys 12:20:13.0343 2080 sfloppy - ok 12:20:13.0405 2080 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll 12:20:13.0468 2080 SharedAccess - ok 12:20:13.0530 2080 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll 12:20:13.0608 2080 ShellHWDetection - ok 12:20:13.0639 2080 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys 12:20:13.0655 2080 SiSRaid2 - ok 12:20:13.0670 2080 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys 12:20:13.0686 2080 SiSRaid4 - ok 12:20:13.0733 2080 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys 12:20:13.0842 2080 Smb - ok 12:20:13.0904 2080 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe 12:20:13.0936 2080 SNMPTRAP - ok 12:20:13.0967 2080 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys 12:20:13.0982 2080 spldr - ok 12:20:14.0045 2080 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe 12:20:14.0092 2080 Spooler - ok 12:20:14.0388 2080 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe 12:20:14.0544 2080 sppsvc - ok 12:20:14.0653 2080 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll 12:20:14.0700 2080 sppuinotify - ok 12:20:14.0840 2080 sptd (602884696850c86434530790b110e8eb) C:\Windows\system32\Drivers\sptd.sys 12:20:14.0887 2080 sptd - ok 12:20:15.0028 2080 SRTSP (06b9a7ba94356ec5207c5ddb59540378) C:\Windows\System32\Drivers\NISx64\1307010.005\SRTSP64.SYS 12:20:15.0059 2080 SRTSP - ok 12:20:15.0074 2080 SRTSPX (fbb8945a61e55a2345d12487c74a9d76) C:\Windows\system32\drivers\NISx64\1307010.005\SRTSPX64.SYS 12:20:15.0074 2080 SRTSPX - ok 12:20:15.0152 2080 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys 12:20:15.0199 2080 srv - ok 12:20:15.0246 2080 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys 12:20:15.0293 2080 srv2 - ok 12:20:15.0324 2080 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys 12:20:15.0355 2080 srvnet - ok 12:20:15.0418 2080 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll 12:20:15.0496 2080 SSDPSRV - ok 12:20:15.0527 2080 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll 12:20:15.0574 2080 SstpSvc - ok 12:20:15.0605 2080 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys 12:20:15.0620 2080 stexstor - ok 12:20:15.0698 2080 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll 12:20:15.0745 2080 stisvc - ok 12:20:15.0823 2080 stllssvr (1d0063597c3666404fcf97698abeb019) C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe 12:20:15.0854 2080 stllssvr - ok 12:20:15.0886 2080 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys 12:20:15.0901 2080 swenum - ok 12:20:15.0979 2080 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll 12:20:16.0042 2080 swprv - ok 12:20:16.0166 2080 SymDS (8b2430762099598da40686f754632efd) C:\Windows\system32\drivers\NISx64\1307010.005\SYMDS64.SYS 12:20:16.0182 2080 SymDS - ok 12:20:16.0291 2080 SymEFA (f90c7a190399165d3ab2245048d34786) C:\Windows\system32\drivers\NISx64\1307010.005\SYMEFA64.SYS 12:20:16.0338 2080 SymEFA - ok 12:20:16.0369 2080 SymEvent (894579207e39c465737e850a252ce4f2) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS 12:20:16.0385 2080 SymEvent - ok 12:20:16.0447 2080 SymIM (b681d1b0f9596684225dcc9b94c6bacf) C:\Windows\system32\DRIVERS\SymIMv.sys 12:20:16.0463 2080 SymIM - ok 12:20:16.0494 2080 SymIRON (5013a76caaa1d7cf1c55214b490b4e35) C:\Windows\system32\drivers\NISx64\1307010.005\Ironx64.SYS 12:20:16.0510 2080 SymIRON - ok 12:20:16.0572 2080 SymNetS (3911bd0e68c010e5438a87706abbe9ab) C:\Windows\System32\Drivers\NISx64\1307010.005\SYMNETS.SYS 12:20:16.0603 2080 SymNetS - ok 12:20:16.0775 2080 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll 12:20:16.0868 2080 SysMain - ok 12:20:16.0993 2080 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll 12:20:17.0024 2080 TabletInputService - ok 12:20:17.0087 2080 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll 12:20:17.0165 2080 TapiSrv - ok 12:20:17.0196 2080 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll 12:20:17.0243 2080 TBS - ok 12:20:17.0461 2080 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys 12:20:17.0570 2080 Tcpip - ok 12:20:17.0820 2080 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys 12:20:17.0867 2080 TCPIP6 - ok 12:20:17.0929 2080 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys 12:20:17.0992 2080 tcpipreg - ok 12:20:18.0038 2080 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys 12:20:18.0085 2080 TDPIPE - ok 12:20:18.0116 2080 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys 12:20:18.0163 2080 TDTCP - ok 12:20:18.0226 2080 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys 12:20:18.0272 2080 tdx - ok 12:20:18.0304 2080 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys 12:20:18.0319 2080 TermDD - ok 12:20:18.0397 2080 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll 12:20:18.0475 2080 TermService - ok 12:20:18.0506 2080 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll 12:20:18.0553 2080 Themes - ok 12:20:18.0569 2080 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll 12:20:18.0616 2080 THREADORDER - ok 12:20:18.0678 2080 TlntSvr (519cb7d7f697f4ba47de05845c20f158) C:\Windows\System32\tlntsvr.exe 12:20:18.0725 2080 TlntSvr - ok 12:20:18.0772 2080 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll 12:20:18.0818 2080 TrkWks - ok 12:20:18.0881 2080 truecrypt (8de922cd4fea6f83b10805df965b9a08) C:\Windows\system32\drivers\truecrypt.sys 12:20:18.0896 2080 truecrypt - ok 12:20:18.0974 2080 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe 12:20:19.0021 2080 TrustedInstaller - ok 12:20:19.0068 2080 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys 12:20:19.0130 2080 tssecsrv - ok 12:20:19.0177 2080 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys 12:20:19.0224 2080 TsUsbFlt - ok 12:20:19.0302 2080 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys 12:20:19.0380 2080 tunnel - ok 12:20:19.0411 2080 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys 12:20:19.0427 2080 uagp35 - ok 12:20:19.0489 2080 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys 12:20:19.0536 2080 udfs - ok 12:20:19.0567 2080 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe 12:20:19.0598 2080 UI0Detect - ok 12:20:19.0630 2080 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys 12:20:19.0645 2080 uliagpkx - ok 12:20:19.0692 2080 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys 12:20:19.0723 2080 umbus - ok 12:20:19.0754 2080 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys 12:20:19.0786 2080 UmPass - ok 12:20:19.0817 2080 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll 12:20:19.0895 2080 upnphost - ok 12:20:19.0942 2080 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys 12:20:19.0988 2080 USBAAPL64 - ok 12:20:20.0035 2080 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys 12:20:20.0082 2080 usbccgp - ok 12:20:20.0144 2080 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys 12:20:20.0160 2080 usbcir - ok 12:20:20.0191 2080 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys 12:20:20.0222 2080 usbehci - ok 12:20:20.0269 2080 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys 12:20:20.0300 2080 usbhub - ok 12:20:20.0316 2080 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys 12:20:20.0347 2080 usbohci - ok 12:20:20.0394 2080 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys 12:20:20.0425 2080 usbprint - ok 12:20:20.0456 2080 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys 12:20:20.0503 2080 usbscan - ok 12:20:20.0534 2080 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS 12:20:20.0550 2080 USBSTOR - ok 12:20:20.0581 2080 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys 12:20:20.0597 2080 usbuhci - ok 12:20:20.0644 2080 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll 12:20:20.0706 2080 UxSms - ok 12:20:20.0722 2080 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 12:20:20.0737 2080 VaultSvc - ok 12:20:20.0800 2080 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys 12:20:20.0831 2080 vdrvroot - ok 12:20:20.0893 2080 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe 12:20:20.0971 2080 vds - ok 12:20:21.0018 2080 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys 12:20:21.0034 2080 vga - ok 12:20:21.0065 2080 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys 12:20:21.0127 2080 VgaSave - ok 12:20:21.0174 2080 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys 12:20:21.0190 2080 vhdmp - ok 12:20:21.0221 2080 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys 12:20:21.0236 2080 viaide - ok 12:20:21.0236 2080 vmci - ok 12:20:21.0268 2080 VMnetAdapter - ok 12:20:21.0283 2080 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys 12:20:21.0314 2080 volmgr - ok 12:20:21.0361 2080 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys 12:20:21.0392 2080 volmgrx - ok 12:20:21.0439 2080 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys 12:20:21.0470 2080 volsnap - ok 12:20:21.0533 2080 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys 12:20:21.0548 2080 vsmraid - ok 12:20:21.0704 2080 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe 12:20:21.0798 2080 VSS - ok 12:20:21.0923 2080 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys 12:20:21.0970 2080 vwifibus - ok 12:20:22.0001 2080 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys 12:20:22.0032 2080 vwififlt - ok 12:20:22.0079 2080 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll 12:20:22.0126 2080 W32Time - ok 12:20:22.0157 2080 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys 12:20:22.0172 2080 WacomPen - ok 12:20:22.0235 2080 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 12:20:22.0328 2080 WANARP - ok 12:20:22.0344 2080 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 12:20:22.0375 2080 Wanarpv6 - ok 12:20:22.0500 2080 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe 12:20:22.0578 2080 wbengine - ok 12:20:22.0703 2080 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll 12:20:22.0750 2080 WbioSrvc - ok 12:20:22.0796 2080 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll 12:20:22.0843 2080 wcncsvc - ok 12:20:22.0874 2080 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll 12:20:22.0921 2080 WcsPlugInService - ok 12:20:22.0984 2080 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys 12:20:22.0999 2080 Wd - ok 12:20:23.0062 2080 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys 12:20:23.0124 2080 Wdf01000 - ok 12:20:23.0140 2080 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll 12:20:23.0233 2080 WdiServiceHost - ok 12:20:23.0233 2080 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll 12:20:23.0264 2080 WdiSystemHost - ok 12:20:23.0296 2080 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll 12:20:23.0358 2080 WebClient - ok 12:20:23.0405 2080 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll 12:20:23.0467 2080 Wecsvc - ok 12:20:23.0498 2080 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll 12:20:23.0561 2080 wercplsupport - ok 12:20:23.0608 2080 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll 12:20:23.0654 2080 WerSvc - ok 12:20:23.0732 2080 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys 12:20:23.0795 2080 WfpLwf - ok 12:20:23.0842 2080 WimFltr (52ded146e4797e6ccf94799e8e22bb2a) C:\Windows\system32\DRIVERS\wimfltr.sys 12:20:23.0873 2080 WimFltr - ok 12:20:23.0888 2080 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys 12:20:23.0904 2080 WIMMount - ok 12:20:23.0935 2080 WinDefend - ok 12:20:23.0935 2080 WinHttpAutoProxySvc - ok 12:20:23.0998 2080 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll 12:20:24.0060 2080 Winmgmt - ok 12:20:24.0247 2080 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll 12:20:24.0356 2080 WinRM - ok 12:20:24.0528 2080 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys 12:20:24.0544 2080 WinUsb - ok 12:20:24.0637 2080 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll 12:20:24.0668 2080 Wlansvc - ok 12:20:24.0700 2080 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys 12:20:24.0731 2080 WmiAcpi - ok 12:20:24.0824 2080 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe 12:20:24.0887 2080 wmiApSrv - ok 12:20:24.0918 2080 WMPNetworkSvc - ok 12:20:24.0949 2080 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll 12:20:24.0996 2080 WPCSvc - ok 12:20:25.0027 2080 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll 12:20:25.0074 2080 WPDBusEnum - ok 12:20:25.0105 2080 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys 12:20:25.0152 2080 ws2ifsl - ok 12:20:25.0168 2080 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll 12:20:25.0214 2080 wscsvc - ok 12:20:25.0214 2080 WSearch - ok 12:20:25.0448 2080 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll 12:20:25.0526 2080 wuauserv - ok 12:20:25.0651 2080 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys 12:20:25.0714 2080 WudfPf - ok 12:20:25.0760 2080 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys 12:20:25.0854 2080 WUDFRd - ok 12:20:25.0885 2080 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll 12:20:25.0932 2080 wudfsvc - ok 12:20:25.0979 2080 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll 12:20:26.0026 2080 WwanSvc - ok 12:20:26.0057 2080 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0 12:20:26.0431 2080 \Device\Harddisk0\DR0 - ok 12:20:26.0462 2080 Boot (0x1200) (71b88620ec48a720d5fb9e4bf48fe4eb) \Device\Harddisk0\DR0\Partition0 12:20:26.0462 2080 \Device\Harddisk0\DR0\Partition0 - ok 12:20:26.0478 2080 Boot (0x1200) (b948cdffd632c8911070778bc9a6c3d9) \Device\Harddisk0\DR0\Partition1 12:20:26.0478 2080 \Device\Harddisk0\DR0\Partition1 - ok 12:20:26.0478 2080 ============================================================ 12:20:26.0478 2080 Scan finished 12:20:26.0478 2080 ============================================================ 12:20:26.0509 0984 Detected object count: 2 12:20:26.0509 0984 Actual detected object count: 2 12:20:38.0662 0984 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user 12:20:38.0662 0984 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip 12:20:38.0662 0984 mrxsmb20 ( UnsignedFile.Multi.Generic ) - skipped by user 12:20:38.0662 0984 mrxsmb20 ( UnsignedFile.Multi.Generic ) - User select action: Skip
  12. ok thanks here are the txt files...also there is a HKCR entry in reg that ccleaner cannot remove and I cannot take ownership over the objet to remove it. Unused File Extension NortonAntiVirus.OfficeAntiVirus.1 HKCR\NortonAntiVirus.OfficeAntiVirus.1 ESET log C:\Users\owner\Desktop\cellphone forensics\cnet2_ds-demo_exe.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined C:\Users\owner\Desktop\MY MRI\nettyPE_2011_11_07.zip Win32/HideRun.A application deleted - quarantined Results of screen317's Security Check version 0.99.43 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Security Center service is not running! This report may not be accurate! Norton Internet Security WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.62.0.1300 nCleaner second 2.3.4.0 Java 6 Update 30 Java version out of Date! Adobe Reader X (10.1.3) Mozilla Firefox (14.0.1) ````````Process Check: objlist.exe by Laurent```````` Norton ccSvcHst.exe Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 1% ````````````````````End of Log``````````````````````
  13. could be a reminant of the scvhost virus I had a while back...I recently noticed unusual computer activity,so I had to shut down group policy which was not supposed to be running anyway on win 7 home premium..and stop remote access service,which kept starting back up resstarts. then early this week i stumble on the scvhost virus and removed it(hopefully)..ran malwarebytes to double check things and there were a few issues that it fixed..but strange ports open in tcpview and i am alomost to the point where i should role back to an acronis image from a couple months ago and go from there..thanks any help would be appreciated...kjh! had o rename and use basic upload to post these logs dds1.txt ddsattach.txt
  14. sorry about the mess..newbie.....i a had to rename the file then finally used the basic uploader to get it on the post.litle trouble my apologies!! thanks for the help kjh
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.