Jump to content

westsidetom

Members
  • Posts

    12
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Thank you, as I was very worried about this ransom threat, I believe the CEO, Corporate officers, and all the stock holders of this rogue company should be boiled in oil, and left in the town square to be picked clean by feathered scavengers...
  2. Combofix uninstalled OTL removed itself and some other tools, but I still have Security check, AdwCleaner, and JRT showing. Do I do something special to remove these?
  3. Adobe reader updated - removed old version installed new version Open Office updated - 4.0 and dictionary installed removed older version Firefox is upto date from website like you provided
  4. How are things Running: appears I am still having problems with Google Chrome, currently using Firefox instead.
  5. All processes killed ========== OTL ========== C:\Program Files (x86)\GUM4EF.tmp folder deleted successfully. C:\Windows\assembly\Desktop.ini moved successfully. File EY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 not found. File EY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] not found. File EY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 not found. File EY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] not found. File EY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 not found. File EY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] not found. Folder EY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64\ not found. Folder EY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]\ not found. Folder EY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64\ not found. Folder EY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]\ not found. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: merry carol ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 26198921 bytes ->Java cache emptied: 10684448 bytes ->FireFox cache emptied: 63240553 bytes ->Google Chrome cache emptied: 356183614 bytes ->Flash cache emptied: 26340 bytes User: Public ->Temp folder emptied: 0 bytes User: tom ->Temp folder emptied: 1404293 bytes ->Temporary Internet Files folder emptied: 69372339 bytes ->Java cache emptied: 421483 bytes ->FireFox cache emptied: 102700014 bytes ->Google Chrome cache emptied: 9568213 bytes ->Flash cache emptied: 1835 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 15680 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 42312953 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 651.00 mb [EMPTYJAVA] User: All Users User: Default User: Default User User: merry carol ->Java cache emptied: 0 bytes User: Public User: tom ->Java cache emptied: 0 bytes Total Java Files Cleaned = 0.00 mb [EMPTYFLASH] User: All Users User: Default User: Default User User: merry carol ->Flash cache emptied: 0 bytes User: Public User: tom ->Flash cache emptied: 0 bytes Total Flash Files Cleaned = 0.00 mb OTL by OldTimer - Version 3.2.69.0 log created on 07312013_125213 Files\Folders moved on Reboot... C:\Users\tom\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. C:\Users\tom\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully. PendingFileRenameOperations files... Registry entries deleted on Reboot... # AdwCleaner v2.306 - Logfile created 07/31/2013 at 13:05:27 # Updated 19/07/2013 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits) # User : tom - TOM-PC # Boot Mode : Normal # Running from : C:\Users\tom\Desktop\AdwCleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** Folder Deleted : C:\Users\merry carol\AppData\Roaming\Mozilla\Firefox\Profiles\tcfa6skk.default\extensions\4jffxtbr@RadioRage_4j.com Folder Deleted : C:\Users\tom\AppData\Roaming\Mozilla\Firefox\Profiles\1g6y8xph.default\extensions\4jffxtbr@RadioRage_4j.com ***** [Registry] ***** Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Key Deleted : HKLM\SOFTWARE\Software ***** [internet Browsers] ***** -\\ Internet Explorer v10.0.9200.16635 [OK] Registry is clean. -\\ Mozilla Firefox v15.0.1 (en-US) File : C:\Users\tom\AppData\Roaming\Mozilla\Firefox\Profiles\1g6y8xph.default\prefs.js [OK] File is clean. File : C:\Users\merry carol\AppData\Roaming\Mozilla\Firefox\Profiles\tcfa6skk.default\prefs.js [OK] File is clean. -\\ Google Chrome v28.0.1500.72 File : C:\Users\tom\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. File : C:\Users\merry carol\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[R1].txt - [3101 octets] - [30/07/2013 20:08:49] AdwCleaner[s1].txt - [1658 octets] - [31/07/2013 13:05:27] ########## EOF - C:\AdwCleaner[s1].txt - [1718 octets] ##########
  6. OTL logfile created on: 7/30/2013 8:27:07 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\tom\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16635) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.75 Gb Total Physical Memory | 2.49 Gb Available Physical Memory | 66.31% Memory free 7.50 Gb Paging File | 5.97 Gb Available in Paging File | 79.58% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 585.31 Gb Total Space | 532.02 Gb Free Space | 90.89% Space Free | Partition Type: NTFS Drive D: | 10.76 Gb Total Space | 1.57 Gb Free Space | 14.59% Space Free | Partition Type: NTFS Computer Name: TOM-PC | User Name: tom | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013/07/30 20:25:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\tom\Desktop\OTL.exe PRC - [2013/05/20 21:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ccsvchst.exe PRC - [2013/05/10 00:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012/11/27 14:48:08 | 000,069,120 | ---- | M] () -- C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe PRC - [2012/09/05 18:26:39 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2012/08/13 10:57:02 | 010,376,704 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe PRC - [2012/08/13 10:57:02 | 010,368,512 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin PRC - [2009/10/22 19:50:40 | 000,210,216 | ---- | M] (CyberLink) -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe PRC - [2009/08/24 19:11:15 | 000,656,896 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe PRC - [2008/11/20 11:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe ========== Modules (No Company Name) ========== MOD - [2013/07/28 11:25:06 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\a7a3ebc76a454af37918211506e81e31\System.Management.ni.dll MOD - [2013/07/26 11:11:13 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a2920ed81e097f8551231a9350697bbd\PresentationFramework.Aero.ni.dll MOD - [2013/07/26 11:10:53 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\89fe719039385377f6b5ad8d0070aa6b\System.Runtime.Remoting.ni.dll MOD - [2013/07/26 11:10:49 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\f95e6b6a92e3e28a3b553fe2998dd308\System.Data.ni.dll MOD - [2013/07/26 11:10:40 | 014,340,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\fc4a8709f71eba20cc71c7905bba3dee\PresentationFramework.ni.dll MOD - [2013/07/26 11:10:27 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\178644ab40108f3becd8b91049a254c3\System.Windows.Forms.ni.dll MOD - [2013/07/26 11:10:21 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\bfa7a95284aec941f4b03bae0debe07c\System.Drawing.ni.dll MOD - [2013/07/26 11:10:18 | 000,185,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\033da6b735d41afaa20309b5e87e2ae0\UIAutomationTypes.ni.dll MOD - [2013/07/26 11:10:17 | 012,238,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\ef17be93e209cc95b9768c7822530432\PresentationCore.ni.dll MOD - [2013/07/26 11:10:07 | 003,348,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\c25666b99761bc42322bae2e59968df8\WindowsBase.ni.dll MOD - [2013/07/26 11:10:02 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\32066405eb9ab14056b2af3115d2a6de\System.Xml.ni.dll MOD - [2013/07/26 11:09:58 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\9e24b9ffd816c0c90efc4d3fc9fd745f\System.Configuration.ni.dll MOD - [2013/07/26 11:09:57 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\187c13e8967097d2ed1e5f123e7d890a\System.ni.dll MOD - [2013/07/26 11:09:52 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll MOD - [2013/07/26 09:10:45 | 000,762,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\ee96e3bb14f5b3f2fe95c57e46c2495d\System.Runtime.Remoting.ni.dll MOD - [2013/07/09 23:47:16 | 013,199,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\6ea5ee4386d67f4b432a27c40fbff93c\System.Windows.Forms.ni.dll MOD - [2013/07/09 23:47:08 | 001,667,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\4787bb699ed4291859fb86f15d793add\System.Drawing.ni.dll MOD - [2013/07/09 23:47:00 | 005,628,928 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\91c185bd043af039dcdc93e3fcf87f3d\System.Xml.ni.dll MOD - [2013/07/09 23:47:00 | 001,013,248 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\256b7bb1216345c5a66ced50c1cf239d\System.Configuration.ni.dll MOD - [2013/07/09 23:46:56 | 009,099,776 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\8a6d1c8abeb8eb82f06c7d075130cc67\System.ni.dll MOD - [2013/07/09 23:42:49 | 014,416,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\cf58670896c5313b9b52f026f4455a5d\mscorlib.ni.dll MOD - [2013/04/17 14:49:03 | 000,037,280 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\HP.ActiveSupportLibrary\2.0.0.1__01a974bc1760f423\HP.ActiveSupportLibrary.dll MOD - [2012/11/27 14:48:08 | 000,069,120 | ---- | M] () -- C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe MOD - [2012/11/27 14:38:36 | 000,112,128 | ---- | M] () -- C:\Program Files (x86)\Canon\ImageBrowser EX\MFMFileSystemWatcher.dll MOD - [2012/09/05 18:26:41 | 002,244,064 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2012/08/27 22:33:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2012/08/27 22:33:08 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2012/08/10 16:51:32 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll MOD - [2012/05/30 07:51:08 | 000,699,280 | R--- | M] () -- C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\wincfi39.dll MOD - [2010/11/04 18:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll MOD - [2009/10/22 19:50:38 | 000,931,112 | ---- | M] () -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll MOD - [2009/09/29 16:25:46 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll MOD - [2009/09/29 16:25:44 | 000,131,072 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll MOD - [2009/09/29 16:25:38 | 000,040,960 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingServer.dll MOD - [2009/09/29 16:25:38 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingClients.dll MOD - [2009/09/29 16:25:38 | 000,007,680 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\RemotingClient.dll MOD - [2009/09/29 16:25:36 | 000,005,632 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingInterface.dll MOD - [2009/09/29 16:25:28 | 000,018,944 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingMessages.dll MOD - [2009/09/29 16:25:18 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll ========== Services (SafeList) ========== SRV:64bit: - [2013/05/26 22:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2013/06/11 12:56:16 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013/05/20 21:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe -- (N360) SRV - [2013/05/10 00:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012/09/27 11:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service) SRV - [2012/09/05 18:26:40 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009/06/05 17:07:28 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013/06/18 10:32:20 | 000,177,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent) DRV:64bit: - [2013/05/22 22:25:28 | 001,139,800 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\1404000.028\symefa64.sys -- (SymEFA) DRV:64bit: - [2013/05/20 22:02:00 | 000,493,656 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\1404000.028\symds64.sys -- (SymDS) DRV:64bit: - [2013/05/15 22:02:14 | 000,796,760 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\N360x64\1404000.028\srtsp64.sys -- (SRTSP) DRV:64bit: - [2013/04/24 17:43:56 | 000,433,752 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1404000.028\symnets.sys -- (SymNetS) DRV:64bit: - [2013/04/15 19:41:14 | 000,169,048 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1404000.028\ccsetx64.sys -- (ccSet_N360) DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2013/03/04 18:40:08 | 000,224,416 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1404000.028\ironx64.sys -- (SymIRON) DRV:64bit: - [2013/03/04 18:21:35 | 000,036,952 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1404000.028\srtspx64.sys -- (SRTSPX) DRV:64bit: - [2012/08/21 14:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2012/06/26 21:38:30 | 000,046,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64) DRV:64bit: - [2012/06/24 22:24:48 | 000,052,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/11/20 04:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010/01/18 16:40:26 | 000,004,608 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rcmirror.sys -- (rcmirror) DRV:64bit: - [2009/09/16 22:57:46 | 000,023,536 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- c:\Program Files\PC-Doctor for Windows\pcdsrvc_x64.pkms -- (PCDSRVC{F36B3A4C-F95654BD-06000000}_0) DRV:64bit: - [2009/07/30 10:12:56 | 000,339,744 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET) DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2013/07/26 02:31:16 | 002,098,776 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\VirusDefs\20130730.017\ex64.sys -- (NAVEX15) DRV - [2013/07/26 02:31:16 | 000,126,040 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\VirusDefs\20130730.017\eng64.sys -- (NAVENG) DRV - [2013/07/25 15:10:14 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\IPSDefs\20130730.001\IDSviA64.sys -- (IDSVia64) DRV - [2013/07/15 22:58:54 | 001,393,240 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\BASHDefs\20130715.001_8e\BHDrvx64.sys -- (BHDrvx64) DRV - [2013/04/29 03:50:41 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl) DRV - [2012/11/10 02:00:00 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{5EE7A2B6-6E58-4E02-85E8-7984BCB134FC}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE:64bit: - HKLM\..\SearchScopes\{9987411E-AEC8-4F14-85BC-EDAADE26C195}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{5EE7A2B6-6E58-4E02-85E8-7984BCB134FC}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com IE - HKU\S-1-5-21-614392041-434456633-1230101488-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com IE - HKU\S-1-5-21-614392041-434456633-1230101488-1001\..\SearchScopes,DefaultScope = {5EE7A2B6-6E58-4E02-85E8-7984BCB134FC} IE - HKU\S-1-5-21-614392041-434456633-1230101488-1001\..\SearchScopes\{5EE7A2B6-6E58-4E02-85E8-7984BCB134FC}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox IE - HKU\S-1-5-21-614392041-434456633-1230101488-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\S-1-5-21-614392041-434456633-1230101488-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-614392041-434456633-1230101488-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@RadioRage_4j.com/Plugin: C:\Program Files (x86)\RadioRage_4j\bar\1.bin\NP4jStub.dll File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@hulu.com/Hulu Desktop: C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.9.1\npHDPlg.dll () FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\quickprint@hp.com: C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2011/01/26 15:27:28 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\coFFPlgn\ [2013/07/30 20:07:21 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\4jffxtbr@RadioRage_4j.com: C:\Program Files (x86)\RadioRage_4j\bar\1.bin FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\IPSFFPlgn\ [2013/07/26 09:05:14 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/01/17 13:05:41 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/07/30 20:16:01 | 000,000,000 | ---D | M] [2012/09/20 13:51:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\tom\AppData\Roaming\Mozilla\Extensions [2013/07/29 16:52:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\tom\AppData\Roaming\Mozilla\Firefox\Profiles\1g6y8xph.default\extensions [2013/04/04 18:40:37 | 000,000,000 | ---D | M] (RadioRage) -- C:\Users\tom\AppData\Roaming\Mozilla\Firefox\Profiles\1g6y8xph.default\extensions\4jffxtbr@RadioRage_4j.com [2012/09/20 13:49:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2012/09/05 18:27:05 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012/09/05 18:26:22 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012/09/05 18:26:22 | 000,002,253 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter} CHR - homepage: http://www.google.com/ CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\PepperFlash\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\gcswf32.dll CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Hulu Desktop (Enabled) = C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.9.1\npHDPlg.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - Extension: Norton Identity Protection = C:\Users\tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.4.0.10_0\ O1 HOSTS File: ([2013/07/29 16:32:19 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\coieplg.dll (Symantec Corporation) O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ips\ipsbho.dll (Symantec Corporation) O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.) O3 - HKLM\..\Toolbar: (RadioRage) - {78ba36c9-6036-482b-b48d-ecca6f964b84} - C:\Program Files (x86)\RadioRage_4j\bar\1.bin\4jbar.dll File not found O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\coieplg.dll (Symantec Corporation) O3:64bit: - HKU\S-1-5-21-614392041-434456633-1230101488-1001\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O4:64bit: - HKLM..\Run: [intelliPoint] c:\Program Files\Microsoft Device Center\ipoint.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [intelliType Pro] c:\Program Files\Microsoft Device Center\itype.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation) O4:64bit: - HKLM..\Run: [PC-Doctor for Windows localizer] C:\Program Files\PC-Doctor for Windows\localizer.exe (PC-Doctor, Inc.) O4:64bit: - HKLM..\Run: [smartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe () O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [HP Remote Solution] C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe (Hewlett-Packard) O4 - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard) O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation) O4 - Startup: C:\Users\tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-614392041-434456633-1230101488-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-614392041-434456633-1230101488-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard) O9 - Extra 'Tools' menuitem : SmartPrint - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard) O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard) O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} https://h50203.www5.hp.com/CSMWeb/Customer/cabs/HPISDataManager.CAB (Hewlett-Packard Online Support Services) O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll (PCPitstop Exam) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.10.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3732DE0D-B102-4A88-8953-629A26D219D7}: DhcpNameServer = 192.168.10.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013/07/30 20:24:59 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\tom\Desktop\OTL.exe [2013/07/30 20:13:56 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013/07/30 20:11:36 | 000,562,430 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\tom\Desktop\JRT.exe [2013/07/29 16:32:23 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN [2013/07/29 16:28:50 | 000,000,000 | ---D | C] -- C:\Windows\temp [2013/07/29 16:06:55 | 000,000,000 | ---D | C] -- C:\Users\tom\AppData\Roaming\Oracle [2013/07/29 16:05:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2013/07/29 16:05:08 | 000,263,592 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2013/07/29 16:05:04 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2013/07/29 16:05:04 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2013/07/29 16:05:04 | 000,096,168 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2013/07/29 16:04:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2013/07/29 15:49:51 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013/07/29 15:49:51 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013/07/29 15:49:51 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013/07/29 15:40:17 | 000,000,000 | ---D | C] -- C:\Qoobox [2013/07/29 15:39:47 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013/07/29 15:32:03 | 005,095,176 | R--- | C] (Swearware) -- C:\Users\tom\Desktop\ComboFix.exe [2013/07/29 15:17:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable) [2013/07/29 15:09:25 | 002,240,864 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\tom\Desktop\tdsskiller.exe [2013/07/29 14:56:06 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\tom\Desktop\dds.com [2013/07/29 14:47:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013/07/29 14:47:00 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013/07/29 14:47:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013/07/29 14:46:20 | 000,000,000 | ---D | C] -- C:\Users\tom\AppData\Local\Programs [2013/07/26 08:41:49 | 000,000,000 | ---D | C] -- C:\Users\tom\AppData\Roaming\TuneUp Software [2013/07/26 08:33:12 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files [2013/07/26 08:33:12 | 000,000,000 | ---D | C] -- C:\Users\tom\AppData\Local\MFAData [2013/07/26 08:33:12 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData [2013/07/26 08:33:12 | 000,000,000 | ---D | C] -- C:\Users\tom\AppData\Local\Avg2013 [2013/07/26 08:19:03 | 000,624,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qedit.dll [2013/07/26 08:19:03 | 000,509,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qedit.dll [2013/07/26 08:19:01 | 001,620,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL [2013/07/25 22:54:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SparkTrust [2013/07/09 23:43:36 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013/07/09 23:43:35 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013/07/09 23:43:35 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll [2013/07/09 23:43:35 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2013/07/09 23:43:34 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll [2013/07/09 23:43:34 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll [2013/07/09 23:43:34 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe [2013/07/09 23:43:34 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe [2013/07/09 23:43:34 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe [2013/07/09 23:43:34 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll [2013/07/09 23:43:34 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2013/07/09 23:43:33 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013/07/09 23:43:33 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013/07/09 23:43:33 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013/07/09 23:43:33 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013/07/09 23:37:02 | 001,887,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL [2013/07/09 23:36:32 | 001,643,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll [1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013/07/30 20:25:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\tom\Desktop\OTL.exe [2013/07/30 20:21:00 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013/07/30 20:12:43 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013/07/30 20:12:43 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013/07/30 20:11:41 | 000,562,430 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\tom\Desktop\JRT.exe [2013/07/30 20:07:18 | 000,666,633 | ---- | M] () -- C:\Users\tom\Desktop\AdwCleaner.exe [2013/07/30 20:05:22 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013/07/30 20:05:09 | 000,001,944 | ---- | M] () -- C:\Users\tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Photosmart 7520 series.lnk [2013/07/30 20:04:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013/07/30 20:04:12 | 3019,350,016 | -HS- | M] () -- C:\hiberfil.sys [2013/07/29 16:56:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013/07/29 16:53:06 | 000,891,098 | ---- | M] () -- C:\Users\tom\Desktop\SecurityCheck.exe [2013/07/29 16:32:19 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2013/07/29 16:05:00 | 000,867,240 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll [2013/07/29 16:05:00 | 000,789,416 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll [2013/07/29 16:05:00 | 000,263,592 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2013/07/29 16:05:00 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2013/07/29 16:05:00 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2013/07/29 16:05:00 | 000,096,168 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2013/07/29 15:32:12 | 005,095,176 | R--- | M] (Swearware) -- C:\Users\tom\Desktop\ComboFix.exe [2013/07/29 15:09:31 | 002,240,864 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\tom\Desktop\tdsskiller.exe [2013/07/29 14:56:10 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\tom\Desktop\dds.com [2013/07/29 14:47:02 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2013/07/29 10:34:08 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013/07/29 10:34:08 | 000,623,940 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013/07/29 10:34:08 | 000,106,316 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013/07/26 23:24:01 | 000,008,188 | ---- | M] () -- C:\Users\tom\AppData\Roaming\wklnhst.dat [2013/07/26 09:57:56 | 000,003,448 | ---- | M] () -- C:\{19750BA2-92FF-490F-AA63-5FB94606853A} [2013/07/18 11:49:25 | 000,000,200 | ---- | M] () -- C:\Users\tom\Desktop\(16) Facebook.url [2013/07/18 11:28:54 | 000,000,213 | ---- | M] () -- C:\Users\tom\Desktop\MSN.com (2).url [2013/07/10 10:35:32 | 000,358,312 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013/07/05 16:26:55 | 000,000,324 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleFortom.job [2013/07/03 20:00:02 | 000,001,374 | ---- | M] () -- C:\Users\tom\Desktop\Continue Mine Craft.lnk [1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ] ========== Files Created - No Company Name ========== [2013/07/30 20:07:11 | 000,666,633 | ---- | C] () -- C:\Users\tom\Desktop\AdwCleaner.exe [2013/07/29 16:53:01 | 000,891,098 | ---- | C] () -- C:\Users\tom\Desktop\SecurityCheck.exe [2013/07/29 15:49:51 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013/07/29 15:49:51 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013/07/29 15:49:51 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013/07/29 15:49:51 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013/07/29 15:49:51 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013/07/29 14:47:02 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2013/07/26 09:57:56 | 000,003,448 | ---- | C] () -- C:\{19750BA2-92FF-490F-AA63-5FB94606853A} [2013/07/18 11:49:25 | 000,000,200 | ---- | C] () -- C:\Users\tom\Desktop\(16) Facebook.url [2013/07/18 11:28:54 | 000,000,213 | ---- | C] () -- C:\Users\tom\Desktop\MSN.com (2).url [2013/07/03 19:59:36 | 000,001,374 | ---- | C] () -- C:\Users\tom\Desktop\Continue Mine Craft.lnk [2013/06/10 13:32:21 | 000,049,507 | ---- | C] () -- C:\Users\tom\AppData\Local\tmpDSCN0169.0 [2013/06/10 13:32:21 | 000,048,117 | ---- | C] () -- C:\Users\tom\AppData\Local\tmpDSCN0169.JPG [2013/06/10 13:31:04 | 000,058,749 | ---- | C] () -- C:\Users\tom\AppData\Local\tmpDSCN0172.0 [2013/06/10 13:31:04 | 000,056,057 | ---- | C] () -- C:\Users\tom\AppData\Local\tmpDSCN0172.JPG [2013/06/10 13:30:42 | 000,052,984 | ---- | C] () -- C:\Users\tom\AppData\Local\tmpDSCN0171.0 [2013/06/10 13:30:42 | 000,051,776 | ---- | C] () -- C:\Users\tom\AppData\Local\tmpDSCN0171.JPG [2013/03/21 07:43:03 | 002,250,054 | ---- | C] () -- C:\ProgramData\1.bmp [2013/03/21 07:42:47 | 000,302,806 | ---- | C] () -- C:\ProgramData\1.jpg [2013/01/18 16:22:46 | 003,118,148 | ---- | C] () -- C:\Users\tom\AppData\Local\tmp037.JPG [2013/01/18 16:22:10 | 003,097,487 | ---- | C] () -- C:\Users\tom\AppData\Local\tmp033.0 [2013/01/18 16:22:10 | 001,677,494 | ---- | C] () -- C:\Users\tom\AppData\Local\tmp033.JPG [2012/09/14 14:59:31 | 000,008,188 | ---- | C] () -- C:\Users\tom\AppData\Roaming\wklnhst.dat [2012/09/12 17:29:13 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini ========== ZeroAccess Check ========== [2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013/02/26 22:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013/02/26 21:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 05:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report > -- OTL Extras logfile created on: 7/30/2013 8:27:07 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\tom\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16635) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.75 Gb Total Physical Memory | 2.49 Gb Available Physical Memory | 66.31% Memory free 7.50 Gb Paging File | 5.97 Gb Available in Paging File | 79.58% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 585.31 Gb Total Space | 532.02 Gb Free Space | 90.89% Space Free | Partition Type: NTFS Drive D: | 10.76 Gb Total Space | 1.57 Gb Free Space | 14.59% Space Free | Partition Type: NTFS Computer Name: TOM-PC | User Name: tom | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) [HKEY_USERS\S-1-5-21-614392041-434456633-1230101488-1001\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error. ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{261DF910-C7D1-4059-A152-A689965B733A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{3876B9C4-727D-469D-9AFB-EE3933C96EA6}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{41A85DF5-3A4B-4BD8-A777-BC5360A2C658}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{53708D92-37B2-45B0-89C9-BBE6F15B1B9E}" = lport=445 | protocol=6 | dir=in | app=system | "{59B16C82-BD85-48E4-9626-BF5487C6316F}" = lport=2869 | protocol=6 | dir=in | app=system | "{5F2EA0BD-E8AF-4D6B-BB14-79E74F7905C0}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{604FBCFE-134C-4225-9052-AE95A6AE1706}" = rport=137 | protocol=17 | dir=out | app=system | "{6CD33E2F-CA8E-4D0A-8E29-E91E97CAB718}" = rport=138 | protocol=17 | dir=out | app=system | "{748BFF8F-99EF-4ABD-AC6E-D4FB855AA654}" = lport=138 | protocol=17 | dir=in | app=system | "{7A568CAE-6336-449A-97E2-8439AD50B084}" = lport=10243 | protocol=6 | dir=in | app=system | "{87C77AF6-15B4-45D4-B5C9-768F165E1A5E}" = rport=10243 | protocol=6 | dir=out | app=system | "{8BFA3B58-C645-4CFB-8D91-08C007C2DA8A}" = lport=2869 | protocol=6 | dir=in | app=system | "{943585DF-40D1-4FC0-BBD6-A777075DFC13}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{A6A4A98B-62A4-4FB9-9019-AD29D1286114}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{B4811805-5557-4005-AE75-757E5FF63EC7}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{C78DB32E-2F89-46F1-AF67-818E0F0C9258}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{D9026204-F1E7-4A40-A99E-9A21E95FE49D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{DB92F915-DA23-4456-9634-07C37CAAC9D1}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{DCF620C6-852D-4823-9ABA-E07549C06C61}" = rport=139 | protocol=6 | dir=out | app=system | "{DF70FE2A-DE41-4561-B368-131E191C0744}" = rport=445 | protocol=6 | dir=out | app=system | "{E7487C35-F6C2-48AA-B5F0-DD62B437FD7E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{EA1B5F54-96E6-49E0-812F-EE5E60E1DD28}" = lport=139 | protocol=6 | dir=in | app=system | "{EB63D468-DB5E-4507-AC67-8C8B1D4B18E4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{F07C8533-2497-4824-AE89-28854FC2F08C}" = lport=137 | protocol=17 | dir=in | app=system | "{FFAAE630-9423-4A5F-A579-8BA303824CBA}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{05E3FF95-13A3-41AE-815E-B904F5195E10}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartmusic.exe | "{075E788D-1915-40FC-BEBE-105EBEEBA3F8}" = dir=in | app=c:\program files\hp\hp photosmart 7520 series\bin\faxapplications.exe | "{0C6E3080-1313-4ECF-AE2A-FEDC199A7721}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartvideo.exe | "{0CD30992-3537-4384-85ED-5F7EBFD8DF56}" = dir=in | app=c:\program files\hp\hp photosmart 7520 series\bin\sendafax.exe | "{12DEA382-42A4-44CE-A1CD-6535BF6AF925}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{15142DB0-381C-41DE-AFA0-AD3CC9D560A3}" = dir=in | app=c:\program files\hp\hp officejet 6700\bin\hpnetworkcommunicator.exe | "{1523A0E4-32E9-486A-8A8A-709915565B51}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{1B883942-D931-4AB8-8C50-BDE3E24CBC1F}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{21F60580-7576-4D40-901E-B78FD5F4D02A}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | "{2641F1BA-1636-46F3-B338-A995D060FD84}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{2EB95B1A-9029-4868-8EE2-E8787BDF63A4}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{3A2FEB40-7E34-4BFD-9FC2-39877BF80E42}" = dir=in | app=c:\program files\hp\hp photosmart 7520 series\bin\devicesetup.exe | "{3B98CB35-AA94-43FD-A3DC-8DC51AE27F85}" = protocol=6 | dir=out | app=system | "{4006DD14-5B60-4E6F-9356-7A56A94E6393}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe | "{443CF217-8639-4B53-A3FE-0E3176D1F9F5}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\tsmagent.exe | "{47812198-47B6-460E-8812-41CF524F4693}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{49B19500-FDE4-4AB2-A642-5D450DCC0BD3}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe | "{4B837A29-10AA-4B2A-A8E7-0E8AA7B436BC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{4DAC22CF-5660-4578-9D2B-7986569D7A8A}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe | "{5078E7FC-FE5C-450A-AF5A-4A8A559BAF1E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{62A738E4-C353-4F3F-A75C-C079D3BF4687}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe | "{68E29DCE-C8D8-4B69-9CC9-1C4ACA06707F}" = dir=in | app=c:\program files\hp\hp photosmart 7520 series\bin\hpnetworkcommunicatorcom.exe | "{73258ACC-0C03-43D4-ABDE-B97021DC72BA}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{78F1BCCC-150D-4D92-8FCB-E3BFDC562FBE}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe | "{7B1207D0-4B40-4164-8FCC-29F4B9488623}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe | "{8624114C-AA22-40C5-8976-29B73A29EC76}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{89A6C288-5EE7-48C8-B96B-FBCA577ACDAA}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{8DA1D0E2-8069-4344-AC98-2EB0FE6B2ACE}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe | "{93785FD7-ADA0-4AD0-B65A-03D6D00057D3}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{982EB52F-A15E-45C4-953F-14A8390EBEB1}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{9FB9B609-9C37-41E7-BA1D-3EFF589393DA}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\tsmagent.exe | "{A9D559DE-FAAF-4E2A-8004-05478F3B5A8B}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{ABFA7910-6A71-4F19-BFC5-4E49A6AFE06B}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{AE702042-022B-4441-9B57-F6B5B73D0C3F}" = dir=in | app=c:\program files\hp\hp photosmart 7520 series\bin\hpnetworkcommunicator.exe | "{B0ECD528-DCCD-42FB-800E-BF1A6ADA0287}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe | "{B20FE2F9-A733-421E-B415-8A86CFD8D96E}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{B2E3E5DD-8FBC-4842-A195-7DBACA9ACC82}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe | "{B587BE6C-272D-40B7-A450-63EF79960281}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe | "{B656979F-07BF-41AA-97C5-51C51C9A92DD}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{C6BF4E1D-3B48-4181-A15D-505CE69E6376}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{C9E73BB9-5251-4ED0-A5AE-CE0CC45026D2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{CEBA063F-70B3-42CF-9E54-E35F0552039B}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartvideo.exe | "{D1187D19-B85C-4984-92E0-2507B963552A}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe | "{D5694F69-B38D-481A-BECB-2ADD1FEFEDE8}" = dir=in | app=c:\program files (x86)\hewlett-packard\hp support framework\resources\hpwarrantycheck\hpdevicedetection3.exe | "{DD45DE64-02EF-4292-BCC4-8D5FFCA78E26}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe | "{DD75617D-5AFC-4960-BA05-E06784452656}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartphoto.exe | "{E036FAB7-6D60-4DCE-A80E-84A3CB4C0A76}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartmusic.exe | "{E180B042-F50B-4AF0-B2CD-C4F48BADB85D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{E4E1FA40-F456-40E4-B991-34336BD9CD2D}" = dir=in | app=c:\program files\hp\hp photosmart 7520 series\bin\digitalwizards.exe | "{E5929E34-388B-42FE-AE91-30C9D8B357AC}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{F00874EF-0FFF-42DF-BC0D-EA5388D2941E}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{F08663A5-E7BB-4267-83DB-8B8669CB7338}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{F1BE39A8-6513-48D0-AABA-91A35EA2ED20}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{F5C201C4-64A1-4AF5-8EDF-D45D3B131F64}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\clml\clmlsvc.exe | "{F69B6713-0CA7-479C-9A97-D9C2875F1D38}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe | "{F715C7F3-EA33-4C3E-8539-449BDDC7B25A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{FE474AC0-1061-49E4-9719-46C03E1128F3}" = dir=in | app=c:\program files\hp\hp officejet 6700\bin\devicesetup.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{0AACE096-CF1C-4FCE-BB60-6F3F914006C9}" = HP Officejet 6700 Product Improvement Study "{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes "{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables "{30B80A98-D5EC-4FCF-9AF5-00D929B2320B}" = HP Photosmart 7520 series Product Improvement Study "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{88E60521-1E4E-4785-B9F1-1798A4BD0C30}" = HP MediaSmart SmartMenu "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{AEF6C676-D7A2-4487-BD4B-1BED17B229B5}" = Microsoft Mouse and Keyboard Center "{B2903FFC-7AFD-4D29-8CEE-D5BDC5F4C38F}" = HP Photosmart 7520 series Basic Device Software "{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64 "{C0CA6788-386E-4BE1-B214-629E746A5302}" = HP Officejet 6700 Basic Device Software "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "GIMP-2_is1" = GIMP 2.8.2 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft Mouse and Keyboard Center" = Microsoft Mouse and Keyboard Center "NVIDIA Drivers" = NVIDIA Drivers "OfficeTrial" = Microsoft Office Home and Student 60 day trial "PC-Doctor for Windows" = Hardware Diagnostic Tools [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements "{08295D09-E002-48F8-905D-34E4B08509BA}" = HP Photosmart 7520 series Help "{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works "{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer "{17B4760F-334B-475D-829F-1A3E94A6A4E6}" = HP Setup "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{1896E712-2B3D-45eb-BCE9-542742A51032}" = PictureMover "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25 "{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video "{35021DFB-F9CA-402A-89A2-47F91E506465}" = HP MediaSmart/TouchSmart Netflix "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go "{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor "{415FA9AD-DA10-4ABE-97B6-5051D4795C90}" = HP FWUpdateEDO2 "{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager "{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{50DA41E2-0701-43E2-A8BB-FAA0CB64B28B}" = HP Officejet 6700 Help "{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support "{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail "{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}" = HP Update "{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.1.1 "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{7FC8C210-A319-4835-A87D-B935EFB4C148}" = Microsoft Live Search Toolbar "{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials "{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert "{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English) "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9DEF9686-CCB2-47B7-BF83-B49EA21FA016}" = HP MediaSmart Demo "{9F1F2AEA-C72A-4DD6-991E-C5506A5625E4}" = OpenOffice.org 3.4.1 "{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.7) "{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video "{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer "{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}" = HP Support Information "{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Norton Online Backup "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint "{C611CF88-969D-43E6-A877-D6D6439DD081}" = HP Remote Solution "{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector "{CC8E94A2-55C7-4460-953C-2A790180578C}" = LightScribe System Software "{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery "{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD "{DF802C05-4660-418c-970C-B988ADB1D316}" = Microsoft Live Search Toolbar "{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update "{E9E34215-82EF-4909-BE2F-F581F0DC9062}" = DirectX for Managed Code Update (Summer 2004) "{EE202411-2C26-49E8-9784-1BC1DBF7DE96}" = HP Support Assistant "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call "{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "CameraUserGuide-PSA4000ISandA3400ISandA2400ISandA2300andA1300andA810" = Canon PowerShot A4000 IS and A3400 IS and A2400 IS and A2300 and A1300 and A810 Camera User Guide "CameraWindowDC" = Canon Utilities CameraWindow DC 8 "Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows "Google Chrome" = Google Chrome "HP Photo Creations" = HP Photo Creations "HP Remote Solution" = HP Remote Solution "ImageBrowser EX" = Canon Utilities ImageBrowser EX "InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe "InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go "InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector "InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD "InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300 "Mozilla Firefox 15.0.1 (x86 en-US)" = Mozilla Firefox 15.0.1 (x86 en-US) "MozillaMaintenanceService" = Mozilla Maintenance Service "N360" = Norton 360 "PhotoStitch" = Canon Utilities PhotoStitch "RadioRage_4jbar Uninstall" = RadioRage Toolbar "WildTangent hp Master Uninstall" = HP Games "WinLiveSuite_Wave3" = Windows Live Essentials ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-614392041-434456633-1230101488-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "HuluDesktop" = Hulu Desktop ========== Last 20 Event Log Errors ========== [ Hewlett-Packard Events ] Error - 9/12/2012 7:48:22 PM | Computer Name = tom-PC | Source = Hewlett-Packard | ID = 0 Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options) at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks, Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding) at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a(Object A_0, EventArgs A_1) Error - 9/12/2012 7:48:22 PM | Computer Name = tom-PC | Source = Hewlett-Packard | ID = 0 Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options) at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks, Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding) at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a(Object A_0, EventArgs A_1) Error - 9/12/2012 7:56:56 PM | Computer Name = tom-PC | Source = Hewlett-Packard | ID = 0 Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options) at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks, Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding) at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a(Object A_0, EventArgs A_1) Error - 9/12/2012 7:56:57 PM | Computer Name = tom-PC | Source = Hewlett-Packard | ID = 0 Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options) at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks, Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding) at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a(Object A_0, EventArgs A_1) Error - 2/20/2013 10:26:39 PM | Computer Name = tom-PC | Source = Hewlett-Packard | ID = 0 Description = en-US Object reference not set to an instance of an object. HPSF at HPAssistant.Pages.MaintainAnalyzing.MaintainAnalyzing_Unloaded(Object sender, RoutedEventArgs e) at System.Windows.RoutedEventHandlerInfo.InvokeHandler(Object target, RoutedEventArgs routedEventArgs) at System.Windows.EventRoute.InvokeHandlersImpl(Object source, RoutedEventArgs args, Boolean reRaised) at System.Windows.UIElement.RaiseEventImpl(DependencyObject sender, RoutedEventArgs args) at System.Windows.UIElement.RaiseEvent(RoutedEventArgs e) at System.Windows.BroadcastEventHelper.BroadcastEvent(DependencyObject root, RoutedEvent routedEvent) at System.Windows.BroadcastEventHelper.BroadcastUnloadedEvent(Object root) at MS.Internal.LoadedOrUnloadedOperation.DoWork() at System.Windows.Media.MediaContext.FireLoadedPendingCallbacks() at System.Windows.Media.MediaContext.FireInvokeOnRenderCallbacks() at System.Windows.Media.MediaContext.RenderMessageHandlerCore(Object resizedCompositionTarget) at System.Windows.Media.MediaContext.AnimatedRenderMessageHandler(Object resizedCompositionTarget) at System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate callback, Object args, Boolean isSingleParameter) at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler) Error - 3/21/2013 10:44:22 AM | Computer Name = tom-PC | Source = Hewlett-Packard | ID = 0 Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options) at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks, Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding) at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a(Object A_0, EventArgs A_1) Error - 3/21/2013 10:44:22 AM | Computer Name = tom-PC | Source = Hewlett-Packard | ID = 0 Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options) at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks, Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding) at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a(Object A_0, EventArgs A_1) Error - 3/21/2013 1:42:03 PM | Computer Name = tom-PC | Source = Hewlett-Packard | ID = 0 Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options) at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks, Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding) at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a(Object A_0, EventArgs A_1) < End of report > -- Eset om-line Scan & Clean C:\Users\tom\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16\266824d0-4b2bc230 Java/Exploit.Agent.PAK trojan cleaned by deleting - quarantined C:\Users\tom\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26\44dd05a-2ede67cf Java/Exploit.Agent.PAL trojan cleaned by deleting - quarantined
  7. # AdwCleaner v2.306 - Logfile created 07/30/2013 at 20:08:49 # Updated 19/07/2013 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits) # User : tom - TOM-PC # Boot Mode : Normal # Running from : C:\Users\tom\Desktop\AdwCleaner.exe # Option [search] ***** [services] ***** ***** [Files / Folders] ***** File Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk Folder Found : C:\Users\merry carol\AppData\Roaming\Mozilla\Firefox\Profiles\tcfa6skk.default\extensions\4jffxtbr@RadioRage_4j.com Folder Found : C:\Users\merry carol\AppData\Roaming\Mozilla\Firefox\Profiles\tcfa6skk.default\extensions\4jffxtbr@RadioRage_4j.com Folder Found : C:\Users\tom\AppData\Roaming\DriverCure Folder Found : C:\Users\tom\AppData\Roaming\Mozilla\Firefox\Profiles\1g6y8xph.default\extensions\4jffxtbr@RadioRage_4j.com Folder Found : C:\Users\tom\AppData\Roaming\Mozilla\Firefox\Profiles\1g6y8xph.default\extensions\4jffxtbr@RadioRage_4j.com ***** [Registry] ***** Key Found : HKLM\SOFTWARE\Classes\TypeLib\{03119103-0854-469D-807A-171568457991} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{13119113-0854-469D-807A-171568457991} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{33119133-0854-469D-807A-171568457991} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{23119123-0854-469D-807A-171568457991} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Key Found : HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991} Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Key Found : HKLM\SOFTWARE\Software ***** [internet Browsers] ***** -\\ Internet Explorer v10.0.9200.16635 -\\ Mozilla Firefox v15.0.1 (en-US) File : C:\Users\tom\AppData\Roaming\Mozilla\Firefox\Profiles\1g6y8xph.default\prefs.js [OK] File is clean. File : C:\Users\merry carol\AppData\Roaming\Mozilla\Firefox\Profiles\tcfa6skk.default\prefs.js [OK] File is clean. -\\ Google Chrome v28.0.1500.72 File : C:\Users\tom\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. File : C:\Users\merry carol\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[R1].txt - [2980 octets] - [30/07/2013 20:08:49] ########## EOF - C:\AdwCleaner[R1].txt - [3040 octets] ########## -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 5.2.9 (07.30.2013:1) OS: Windows 7 Home Premium x64 Ran by tom on Tue 07/30/2013 at 20:13:59.21 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services Successfully stopped: [service] radiorage_4jservice Successfully deleted: [service] radiorage_4jservice ~~~ Registry Values Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-614392041-434456633-1230101488-1001\Software\Microsoft\Internet Explorer\Main\\Start Page ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{13119113-0854-469d-807a-171568457991} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{33119133-0854-469d-807a-171568457991} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{de9028d0-5ffa-4e69-94e3-89ee8741f468} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{e7df6bff-55a5-4eb7-a673-4ed3e9456d39} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\interface\{03e2a1f3-4402-4121-8b35-733216d61217} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\interface\{23119123-0854-469d-807a-171568457991} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\interface\{9e3b11f6-4179-4603-a71b-a55f4bcb0bec} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\typelib\{03119103-0854-469d-807a-171568457991} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\typelib\{9c049ba6-ea47-4ac3-aed6-a66d8dc9e1d8} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{110a9ea2-8810-4c04-b916-cfd4e9427fec} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9987411E-AEC8-4F14-85BC-EDAADE26C195} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{110a9ea2-8810-4c04-b916-cfd4e9427fec} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{9987411E-AEC8-4F14-85BC-EDAADE26C195} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{48909954-14FB-4971-A7B3-47E7AF10B38A} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5848763C-2668-44CA-ADBE-2999A6EE2858} ~~~ Files Successfully deleted: [File] "C:\Program Files (x86)\mozilla firefox\plugins\npcouponprinter.dll" Successfully deleted: [File] "C:\Program Files (x86)\mozilla firefox\plugins\npmozcouponprinter.dll" Successfully deleted: [File] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ebay.lnk" Successfully deleted: [File] "C:\Windows\couponprinter.ocx" ~~~ Folders Successfully deleted: [Folder] "C:\ProgramData\sparktrust" Successfully deleted: [Folder] "C:\ProgramData\speedypc software" Successfully deleted: [Folder] "C:\Users\tom\AppData\Roaming\drivercure" Successfully deleted: [Folder] "C:\Users\tom\AppData\Roaming\sparktrust" Successfully deleted: [Folder] "C:\Users\tom\AppData\Roaming\speedypc software" Successfully deleted: [Folder] "C:\Users\tom\appdata\locallow\radiorage_4j" Successfully deleted: [Folder] "C:\Program Files (x86)\coupons" Successfully deleted: [Folder] "C:\Program Files (x86)\sparktrust" Successfully deleted: [Folder] "C:\Users\tom\AppData\Roaming\microsoft\windows\start menu\programs\sparktrust" ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Tue 07/30/2013 at 20:20:06.71 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ --
  8. ComboFix 13-07-27.01 - tom 07/29/2013 16:16:48.1.2 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3839.2456 [GMT -7:00] Running from: c:\users\tom\Desktop\ComboFix.exe AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files (x86)\RadioRage_4j c:\program files (x86)\RadioRage_4j\bar\1.bin\4jauxstb.dll c:\program files (x86)\RadioRage_4j\bar\1.bin\4jbar.dll c:\program files (x86)\RadioRage_4j\bar\1.bin\4jbarsvc.exe c:\program files (x86)\RadioRage_4j\bar\1.bin\4jbrmon.exe c:\program files (x86)\RadioRage_4j\bar\1.bin\4jbrstub.dll c:\program files (x86)\RadioRage_4j\bar\1.bin\4jdatact.dll c:\program files (x86)\RadioRage_4j\bar\1.bin\4jdlghk.dll c:\program files (x86)\RadioRage_4j\bar\1.bin\4jdyn.dll c:\program files (x86)\RadioRage_4j\bar\1.bin\4jfeedmg.dll c:\program files (x86)\RadioRage_4j\bar\1.bin\4jhighin.exe c:\program files (x86)\RadioRage_4j\bar\1.bin\4jhkstub.dll c:\program files (x86)\RadioRage_4j\bar\1.bin\4jhtmlmu.dll c:\program files (x86)\RadioRage_4j\bar\1.bin\4jhttpct.dll c:\program files (x86)\RadioRage_4j\bar\1.bin\4jidle.dll c:\program files (x86)\RadioRage_4j\bar\1.bin\4jieovr.dll c:\program files (x86)\RadioRage_4j\bar\1.bin\4jimpipe.exe c:\program files (x86)\RadioRage_4j\bar\1.bin\4jmedint.exe c:\program files (x86)\RadioRage_4j\bar\1.bin\4jmlbtn.dll c:\program files (x86)\RadioRage_4j\bar\1.bin\4jmsg.dll c:\program files (x86)\RadioRage_4j\bar\1.bin\4jPlugin.dll c:\program files (x86)\RadioRage_4j\bar\1.bin\4jradio.dll c:\program files (x86)\RadioRage_4j\bar\1.bin\4jregfft.dll c:\program files (x86)\RadioRage_4j\bar\1.bin\4jreghk.dll c:\program files (x86)\RadioRage_4j\bar\1.bin\4jregiet.dll c:\program files (x86)\RadioRage_4j\bar\1.bin\4jscript.dll c:\program files (x86)\RadioRage_4j\bar\1.bin\4jskin.dll c:\program files (x86)\RadioRage_4j\bar\1.bin\4jsknlcr.dll c:\program files (x86)\RadioRage_4j\bar\1.bin\4jskplay.exe c:\program files (x86)\RadioRage_4j\bar\1.bin\4jSrcAs.dll c:\program files (x86)\RadioRage_4j\bar\1.bin\4jSrchMn.exe c:\program files (x86)\RadioRage_4j\bar\1.bin\4jtpinst.dll c:\program files (x86)\RadioRage_4j\bar\1.bin\4juabtn.dll c:\program files (x86)\RadioRage_4j\bar\1.bin\BOOTSTRAP.JS c:\program files (x86)\RadioRage_4j\bar\1.bin\CHROME.MANIFEST c:\program files (x86)\RadioRage_4j\bar\1.bin\chrome\4jffxtbr.jar c:\program files (x86)\RadioRage_4j\bar\1.bin\CREXT.DLL c:\program files (x86)\RadioRage_4j\bar\1.bin\CrExtP4j.exe c:\program files (x86)\RadioRage_4j\bar\1.bin\INSTALL.RDF c:\program files (x86)\RadioRage_4j\bar\1.bin\installKeys.js c:\program files (x86)\RadioRage_4j\bar\1.bin\LOGO.BMP c:\program files (x86)\RadioRage_4j\bar\1.bin\NP4jStub.dll c:\program files (x86)\RadioRage_4j\bar\1.bin\T8EXTEX.DLL c:\program files (x86)\RadioRage_4j\bar\1.bin\T8EXTPEX.DLL c:\program files (x86)\RadioRage_4j\bar\1.bin\T8HTML.DLL c:\program files (x86)\RadioRage_4j\bar\1.bin\T8RES.DLL c:\program files (x86)\RadioRage_4j\bar\1.bin\T8TICKER.DLL c:\program files (x86)\RadioRage_4j\bar\gen1\COMMON.T8S c:\program files (x86)\RadioRage_4j\bar\IE9Mesg\COMMON.T8S c:\program files (x86)\RadioRage_4j\bar\Message\COMMON.T8S c:\program files (x86)\RadioRage_4j\bar\Settings\s_pid.dat . . ((((((((((((((((((((((((( Files Created from 2013-06-28 to 2013-07-29 ))))))))))))))))))))))))))))))) . . 2013-07-29 23:28 . 2013-07-29 23:28 -------- d-----w- c:\users\merry carol\AppData\Local\temp 2013-07-29 23:28 . 2013-07-29 23:28 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-07-29 23:06 . 2013-07-29 23:06 -------- d-----w- c:\users\tom\AppData\Roaming\Oracle 2013-07-29 23:05 . 2013-07-29 23:05 -------- d-----w- c:\program files (x86)\Common Files\Java 2013-07-29 23:05 . 2013-07-29 23:05 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2013-07-29 23:04 . 2013-07-29 23:04 -------- d-----w- c:\program files (x86)\Java 2013-07-29 22:17 . 2013-07-29 22:27 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable) 2013-07-29 21:47 . 2013-07-29 21:47 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2013-07-29 21:47 . 2013-04-04 21:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-07-29 21:46 . 2013-07-29 21:46 -------- d-----w- c:\users\tom\AppData\Local\Programs 2013-07-26 15:41 . 2013-07-26 15:41 -------- d-----w- c:\users\tom\AppData\Roaming\TuneUp Software 2013-07-26 15:33 . 2013-07-29 22:54 -------- d-----w- c:\programdata\MFAData 2013-07-26 15:33 . 2013-07-29 22:51 -------- d-----w- c:\users\tom\AppData\Local\Avg2013 2013-07-26 15:33 . 2013-07-26 15:33 -------- d--h--w- c:\programdata\Common Files 2013-07-26 15:33 . 2013-07-26 15:33 -------- d-----w- c:\users\tom\AppData\Local\MFAData 2013-07-26 15:29 . 2013-06-24 07:41 78185248 ----a-w- c:\windows\system32\MRT.exe 2013-07-26 15:19 . 2013-05-27 05:50 1011712 ----a-w- c:\program files\Windows Defender\MpSvc.dll 2013-07-26 15:19 . 2013-05-27 05:50 571904 ----a-w- c:\program files\Windows Defender\MpClient.dll 2013-07-26 15:19 . 2013-05-27 05:50 314880 ----a-w- c:\program files\Windows Defender\MpCommu.dll 2013-07-26 15:19 . 2013-05-27 04:57 54784 ----a-w- c:\program files (x86)\Windows Defender\MpOAV.dll 2013-07-26 15:19 . 2013-05-27 04:57 392704 ----a-w- c:\program files (x86)\Windows Defender\MpClient.dll 2013-07-26 15:19 . 2013-05-27 03:15 9216 ----a-w- c:\program files (x86)\Windows Defender\MpAsDesc.dll 2013-07-26 15:19 . 2013-06-04 06:00 624128 ----a-w- c:\windows\system32\qedit.dll 2013-07-26 15:19 . 2013-06-04 04:53 509440 ----a-w- c:\windows\SysWow64\qedit.dll 2013-07-26 15:19 . 2013-05-06 04:56 1620480 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL 2013-07-26 06:19 . 2013-07-26 06:19 -------- d-----w- c:\users\merry carol\AppData\Local\LogMeIn Rescue Applet 2013-07-26 05:55 . 2013-07-26 05:55 -------- d-----w- c:\users\tom\AppData\Roaming\SparkTrust 2013-07-26 05:54 . 2013-07-26 05:54 -------- d-----w- c:\program files (x86)\Common Files\SparkTrust 2013-07-26 05:54 . 2013-07-26 05:54 -------- d-----w- c:\programdata\SparkTrust 2013-07-26 05:54 . 2013-07-26 05:54 -------- d-----w- c:\program files (x86)\SparkTrust 2013-07-10 06:37 . 2013-05-27 04:57 4608 ----a-w- c:\program files (x86)\Windows Defender\MsMpLics.dll 2013-07-10 06:37 . 2013-05-06 06:03 1887744 ----a-w- c:\windows\system32\WMVDECOD.DLL 2013-07-10 06:36 . 2013-06-05 03:34 3153920 ----a-w- c:\windows\system32\win32k.sys 2013-07-10 06:36 . 2013-04-10 05:48 1732608 ----a-w- c:\program files\Windows Journal\NBDoc.DLL 2013-07-10 06:36 . 2013-04-10 05:46 1393152 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll 2013-07-10 06:36 . 2013-04-10 05:46 1367040 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll 2013-07-10 06:36 . 2013-04-10 05:46 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll 2013-07-10 06:36 . 2013-04-10 05:03 936448 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll 2013-07-10 06:36 . 2013-04-09 23:34 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll 2013-07-10 06:36 . 2013-04-02 22:51 1643520 ----a-w- c:\windows\system32\DWrite.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-07-29 23:05 . 2012-09-20 21:07 867240 ----a-w- c:\windows\SysWow64\npDeployJava1.dll 2013-07-29 23:05 . 2012-09-20 21:07 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll 2013-06-18 17:32 . 2012-11-11 22:38 177312 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS 2013-06-18 06:50 . 2013-06-18 06:50 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll 2013-06-18 06:50 . 2013-06-18 06:50 81408 ----a-w- c:\windows\system32\icardie.dll 2013-06-18 06:50 . 2013-06-18 06:50 762368 ----a-w- c:\windows\system32\ieapfltr.dll 2013-06-18 06:50 . 2013-06-18 06:50 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe 2013-06-18 06:50 . 2013-06-18 06:50 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll 2013-06-18 06:50 . 2013-06-18 06:50 61952 ----a-w- c:\windows\SysWow64\tdc.ocx 2013-06-18 06:50 . 2013-06-18 06:50 523264 ----a-w- c:\windows\SysWow64\vbscript.dll 2013-06-18 06:50 . 2013-06-18 06:50 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll 2013-06-18 06:50 . 2013-06-18 06:50 452096 ----a-w- c:\windows\system32\dxtmsft.dll 2013-06-18 06:50 . 2013-06-18 06:50 441856 ----a-w- c:\windows\system32\html.iec 2013-06-18 06:50 . 2013-06-18 06:50 38400 ----a-w- c:\windows\SysWow64\imgutil.dll 2013-06-18 06:50 . 2013-06-18 06:50 361984 ----a-w- c:\windows\SysWow64\html.iec 2013-06-18 06:50 . 2013-06-18 06:50 281600 ----a-w- c:\windows\system32\dxtrans.dll 2013-06-18 06:50 . 2013-06-18 06:50 270848 ----a-w- c:\windows\system32\iedkcs32.dll 2013-06-18 06:50 . 2013-06-18 06:50 235008 ----a-w- c:\windows\system32\url.dll 2013-06-18 06:50 . 2013-06-18 06:50 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll 2013-06-18 06:50 . 2013-06-18 06:50 226304 ----a-w- c:\windows\system32\elshyph.dll 2013-06-18 06:50 . 2013-06-18 06:50 216064 ----a-w- c:\windows\system32\msls31.dll 2013-06-18 06:50 . 2013-06-18 06:50 197120 ----a-w- c:\windows\system32\msrating.dll 2013-06-18 06:50 . 2013-06-18 06:50 185344 ----a-w- c:\windows\SysWow64\elshyph.dll 2013-06-18 06:50 . 2013-06-18 06:50 158720 ----a-w- c:\windows\SysWow64\msls31.dll 2013-06-18 06:50 . 2013-06-18 06:50 1509376 ----a-w- c:\windows\system32\inetcpl.cpl 2013-06-18 06:50 . 2013-06-18 06:50 150528 ----a-w- c:\windows\SysWow64\iexpress.exe 2013-06-18 06:50 . 2013-06-18 06:50 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl 2013-06-18 06:50 . 2013-06-18 06:50 1400416 ----a-w- c:\windows\system32\ieapfltr.dat 2013-06-18 06:50 . 2013-06-18 06:50 138752 ----a-w- c:\windows\SysWow64\wextract.exe 2013-06-18 06:50 . 2013-06-18 06:50 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2013-06-18 06:50 . 2013-06-18 06:50 12800 ----a-w- c:\windows\SysWow64\mshta.exe 2013-06-18 06:50 . 2013-06-18 06:50 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll 2013-06-18 06:50 . 2013-06-18 06:50 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe 2013-06-18 06:50 . 2013-06-18 06:50 247296 ----a-w- c:\windows\system32\webcheck.dll 2013-06-18 06:50 . 2013-06-18 06:50 97280 ----a-w- c:\windows\system32\mshtmled.dll 2013-06-18 06:50 . 2013-06-18 06:50 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2013-06-18 06:50 . 2013-06-18 06:50 77312 ----a-w- c:\windows\system32\tdc.ocx 2013-06-18 06:50 . 2013-06-18 06:50 62976 ----a-w- c:\windows\system32\pngfilt.dll 2013-06-18 06:50 . 2013-06-18 06:50 599552 ----a-w- c:\windows\system32\vbscript.dll 2013-06-18 06:50 . 2013-06-18 06:50 52224 ----a-w- c:\windows\system32\msfeedsbs.dll 2013-06-18 06:50 . 2013-06-18 06:50 51200 ----a-w- c:\windows\system32\imgutil.dll 2013-06-18 06:50 . 2013-06-18 06:50 48640 ----a-w- c:\windows\system32\mshtmler.dll 2013-06-18 06:50 . 2013-06-18 06:50 27648 ----a-w- c:\windows\system32\licmgr10.dll 2013-06-18 06:50 . 2013-06-18 06:50 173568 ----a-w- c:\windows\system32\ieUnatt.exe 2013-06-18 06:50 . 2013-06-18 06:50 167424 ----a-w- c:\windows\system32\iexpress.exe 2013-06-18 06:50 . 2013-06-18 06:50 149504 ----a-w- c:\windows\system32\occache.dll 2013-06-18 06:50 . 2013-06-18 06:50 144896 ----a-w- c:\windows\system32\wextract.exe 2013-06-18 06:50 . 2013-06-18 06:50 13824 ----a-w- c:\windows\system32\mshta.exe 2013-06-18 06:50 . 2013-06-18 06:50 136192 ----a-w- c:\windows\system32\iepeers.dll 2013-06-18 06:50 . 2013-06-18 06:50 135680 ----a-w- c:\windows\system32\IEAdvpack.dll 2013-06-18 06:50 . 2013-06-18 06:50 12800 ----a-w- c:\windows\system32\msfeedssync.exe 2013-06-18 06:50 . 2013-06-18 06:50 102912 ----a-w- c:\windows\system32\inseng.dll 2013-06-18 06:49 . 2013-06-18 06:49 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll 2013-06-18 06:49 . 2013-06-18 06:49 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll 2013-06-18 06:49 . 2013-06-18 06:49 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll 2013-06-18 06:49 . 2013-06-18 06:49 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll 2013-06-18 06:49 . 2013-06-18 06:49 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll 2013-06-18 06:49 . 2013-06-18 06:49 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll 2013-06-18 06:49 . 2013-06-18 06:49 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll 2013-06-18 06:49 . 2013-06-18 06:49 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll 2013-06-18 06:49 . 2013-06-18 06:49 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll 2013-06-18 06:49 . 2013-06-18 06:49 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll 2013-06-18 06:49 . 2013-06-18 06:49 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll 2013-06-18 06:49 . 2013-06-18 06:49 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll 2013-06-18 06:49 . 2013-06-18 06:49 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll 2013-06-18 06:49 . 2013-06-18 06:49 2560 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll 2013-06-18 06:49 . 2013-06-18 06:49 10752 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll 2013-06-18 06:49 . 2013-06-18 06:49 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll 2013-06-18 06:49 . 2013-06-18 06:49 648192 ----a-w- c:\windows\system32\d3d10level9.dll 2013-06-18 06:49 . 2013-06-18 06:49 604160 ----a-w- c:\windows\SysWow64\d3d10level9.dll 2013-06-18 06:49 . 2013-06-18 06:49 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll 2013-06-18 06:49 . 2013-06-18 06:49 465920 ----a-w- c:\windows\system32\WMPhoto.dll 2013-06-18 06:49 . 2013-06-18 06:49 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll 2013-06-18 06:49 . 2013-06-18 06:49 3928064 ----a-w- c:\windows\system32\d2d1.dll 2013-06-18 06:49 . 2013-06-18 06:49 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll 2013-06-18 06:49 . 2013-06-18 06:49 363008 ----a-w- c:\windows\system32\dxgi.dll 2013-06-18 06:49 . 2013-06-18 06:49 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll 2013-06-18 06:49 . 2013-06-18 06:49 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll 2013-06-18 06:49 . 2013-06-18 06:49 333312 ----a-w- c:\windows\system32\d3d10_1core.dll 2013-06-18 06:49 . 2013-06-18 06:49 296960 ----a-w- c:\windows\system32\d3d10core.dll 2013-06-18 06:49 . 2013-06-18 06:49 293376 ----a-w- c:\windows\SysWow64\dxgi.dll 2013-06-18 06:49 . 2013-06-18 06:49 2776576 ----a-w- c:\windows\system32\msmpeg2vdec.dll 2013-06-18 06:49 . 2013-06-18 06:49 2565120 ----a-w- c:\windows\system32\d3d10warp.dll 2013-06-18 06:49 . 2013-06-18 06:49 249856 ----a-w- c:\windows\SysWow64\d3d10_1core.dll 2013-06-18 06:49 . 2013-06-18 06:49 245248 ----a-w- c:\windows\system32\WindowsCodecsExt.dll 2013-06-18 06:49 . 2013-06-18 06:49 2284544 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll 2013-06-18 06:49 . 2013-06-18 06:49 221184 ----a-w- c:\windows\system32\UIAnimation.dll 2013-06-18 06:49 . 2013-06-18 06:49 220160 ----a-w- c:\windows\SysWow64\d3d10core.dll 2013-06-18 06:49 . 2013-06-18 06:49 207872 ----a-w- c:\windows\SysWow64\WindowsCodecsExt.dll 2013-06-18 06:49 . 2013-06-18 06:49 1988096 ----a-w- c:\windows\SysWow64\d3d10warp.dll 2013-06-18 06:49 . 2013-06-18 06:49 194560 ----a-w- c:\windows\system32\d3d10_1.dll 2013-06-18 06:49 . 2013-06-18 06:49 187392 ----a-w- c:\windows\SysWow64\UIAnimation.dll 2013-06-18 06:49 . 2013-06-18 06:49 1682432 ----a-w- c:\windows\system32\XpsPrint.dll 2013-06-18 06:49 . 2013-06-18 06:49 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll 2013-06-18 06:49 . 2013-06-18 06:49 1238528 ----a-w- c:\windows\system32\d3d10.dll 2013-06-18 06:49 . 2013-06-18 06:49 1175552 ----a-w- c:\windows\system32\FntCache.dll 2013-06-18 06:49 . 2013-06-18 06:49 1158144 ----a-w- c:\windows\SysWow64\XpsPrint.dll 2013-06-18 06:49 . 2013-06-18 06:49 1080832 ----a-w- c:\windows\SysWow64\d3d10.dll 2013-06-18 06:49 . 2013-06-18 06:49 10752 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll 2013-06-11 19:56 . 2013-01-11 15:29 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HPADVISOR"="c:\program files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2009-09-29 1685048] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768] "HP Remote Solution"="c:\program files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe" [2009-08-25 656896] "NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-06-29 600936] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776] "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816] . c:\users\tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Monitor Ink Alerts - HP Photosmart 7520 series.lnk - c:\windows\system32\RunDll32.exe "c:\program files\HP\HP Photosmart 7520 series\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN29H2900905XX;CONNECTION=USB;MONITOR=1; [2009-7-13 45568] OpenOffice.org 3.4.1.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ ImageBrowser EX Agent.lnk - c:\program files (x86)\Canon\ImageBrowser EX\MFManager.exe [2013-1-13 69120] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x] R2 RadioRage_4jService;RadioRageService;c:\progra~2\RADIOR~2\bar\1.bin\4jbarsvc.exe;c:\progra~2\RADIOR~2\bar\1.bin\4jbarsvc.exe [x] R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x] R3 PCDSRVC{F36B3A4C-F95654BD-06000000}_0;PCDSRVC{F36B3A4C-F95654BD-06000000}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms;c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms [x] R3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x] R3 rcmirror;rcmirror;c:\windows\system32\DRIVERS\rcmirror.sys;c:\windows\SYSNATIVE\DRIVERS\rcmirror.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\1404000.028\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1404000.028\SYMDS64.SYS [x] S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\1404000.028\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1404000.028\SYMEFA64.SYS [x] S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\BASHDefs\20130715.001_8e\BHDrvx64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\BASHDefs\20130715.001_8e\BHDrvx64.sys [x] S1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\N360x64\1404000.028\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\N360x64\1404000.028\ccSetx64.sys [x] S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\IPSDefs\20130726.001\IDSvia64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\IPSDefs\20130726.001\IDSvia64.sys [x] S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\1404000.028\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1404000.028\Ironx64.SYS [x] S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\1404000.028\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\N360x64\1404000.028\SYMNETS.SYS [x] S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x] S2 N360;Norton 360;c:\program files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe;c:\program files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe [x] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-07-26 22:21 1173456 ----a-w- c:\program files (x86)\Google\Chrome\Application\28.0.1500.72\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2013-07-29 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-11 19:56] . 2013-07-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-12 17:20] . 2013-07-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-12 17:20] . 2013-04-03 c:\windows\Tasks\HPCeeScheduleFormerry carol.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15] . 2013-07-05 c:\windows\Tasks\HPCeeScheduleFortom.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15] . 2012-09-12 c:\windows\Tasks\PCDRScheduledMaintenance.job - c:\program files\PC-Doctor for Windows\pcdrcui.exe [2009-09-18 07:11] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-29 16333856] "SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-09-15 610360] "PC-Doctor for Windows localizer"="c:\program files\PC-Doctor for Windows\localizer.exe" [2009-09-17 95728] "IntelliType Pro"="c:\program files\Microsoft Device Center\itype.exe" [2012-06-27 1464928] "IntelliPoint"="c:\program files\Microsoft Device Center\ipoint.exe" [2012-06-27 2004584] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local TCP: DhcpNameServer = 192.168.10.1 FF - ProfilePath - c:\users\tom\AppData\Roaming\Mozilla\Firefox\Profiles\1g6y8xph.default\ FF - ExtSQL: !HIDDEN! 2013-02-08 11:46; 4jffxtbr@RadioRage_4j.com; c:\program files (x86)\RadioRage_4j\bar\1.bin . - - - - ORPHANS REMOVED - - - - . BHO-{48909954-14fb-4971-a7b3-47e7af10b38a} - c:\progra~2\RADIOR~2\bar\1.bin\4jbar.dll BHO-{5848763c-2668-44ca-adbe-2999a6ee2858} - c:\program files (x86)\RadioRage_4j\bar\1.bin\4jSrcAs.dll Toolbar-{78ba36c9-6036-482b-b48d-ecca6f964b84} - c:\program files (x86)\RadioRage_4j\bar\1.bin\4jbar.dll Wow6432Node-HKLM-Run-<NO NAME> - (no file) Wow6432Node-HKLM-Run-RadioRage Search Scope Monitor - c:\progra~2\RADIOR~2\bar\1.bin\4jsrchmn.exe Wow6432Node-HKLM-Run-RadioRage_4j Browser Plugin Loader - c:\progra~2\RADIOR~2\bar\1.bin\4jbrmon.exe Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe . . . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\N360] "ImagePath"="\"c:\program files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\20.4.0.40\diMaster.dll\" /prefetch:1" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCDSRVC{F36B3A4C-F95654BD-06000000}_0] "ImagePath"="\??\c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe . ************************************************************************** . Completion time: 2013-07-29 16:42:34 - machine was rebooted ComboFix-quarantined-files.txt 2013-07-29 23:42 . Pre-Run: 572,001,456,128 bytes free Post-Run: 571,528,626,176 bytes free . - - End Of File - - E5187CA8AADC571DCE456D823E94C421 0D1A73F8575FCA9A1439616AA43205AD -- Results of screen317's Security Check version 0.99.71 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 10 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Norton 360 WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.75.0.1300 Java 7 Update 25 Adobe Reader 10.1.7 Adobe Reader out of Date! Mozilla Firefox 15.0.1 Firefox out of Date! Google Chrome 27.0.1453.116 Google Chrome 28.0.1500.72 ````````Process Check: objlist.exe by Laurent```````` Norton ccSvcHst.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 7% ````````````````````End of Log``````````````````````
  9. Malwarebytes Anti-Rootkit BETA 1.06.0.1004 www.malwarebytes.org Database version: v2013.07.29.06 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16635 tom :: TOM-PC [administrator] 7/29/2013 3:17:34 PM mbar-log-2013-07-29 (15-17-34).txt Scan type: Quick scan Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P Scan options disabled: PUP Objects scanned: 263352 Time elapsed: 9 minute(s), 16 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) Physical Sectors Detected: 0 (No malicious items detected) (end) -- --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.06.0.1004 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 10.0.9200.16635 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED CPU speed: 3.013000 GHz Memory total: 4025802752, free: 2505265152 Downloaded database version: v2013.07.29.06 Downloaded database version: v2013.07.15.01 Initializing... ------------ Kernel report ------------ 07/29/2013 15:17:30 ------------ Loaded modules ----------- \SystemRoot\system32\ntoskrnl.exe \SystemRoot\system32\hal.dll \SystemRoot\system32\kdcom.dll \SystemRoot\system32\mcupdate_AuthenticAMD.dll \SystemRoot\system32\PSHED.dll \SystemRoot\system32\CLFS.SYS \SystemRoot\system32\CI.dll \SystemRoot\system32\drivers\Wdf01000.sys \SystemRoot\system32\drivers\WDFLDR.SYS \SystemRoot\system32\drivers\ACPI.sys \SystemRoot\system32\drivers\WMILIB.SYS \SystemRoot\system32\drivers\msisadrv.sys \SystemRoot\system32\drivers\pci.sys \SystemRoot\system32\drivers\vdrvroot.sys \SystemRoot\System32\drivers\partmgr.sys \SystemRoot\system32\drivers\volmgr.sys \SystemRoot\System32\drivers\volmgrx.sys \SystemRoot\System32\drivers\mountmgr.sys \SystemRoot\system32\DRIVERS\nvstor64.sys \SystemRoot\system32\DRIVERS\storport.sys \SystemRoot\system32\drivers\amdxata.sys \SystemRoot\system32\drivers\fltmgr.sys \SystemRoot\system32\drivers\N360x64\1404000.028\SYMDS64.SYS \SystemRoot\system32\drivers\fileinfo.sys \SystemRoot\system32\drivers\N360x64\1404000.028\SYMEFA64.SYS \SystemRoot\System32\Drivers\Ntfs.sys \SystemRoot\System32\Drivers\msrpc.sys \SystemRoot\System32\Drivers\ksecdd.sys \SystemRoot\System32\Drivers\cng.sys \SystemRoot\System32\drivers\pcw.sys \SystemRoot\System32\Drivers\Fs_Rec.sys \SystemRoot\system32\drivers\ndis.sys \SystemRoot\system32\drivers\NETIO.SYS \SystemRoot\System32\Drivers\ksecpkg.sys \SystemRoot\System32\drivers\tcpip.sys \SystemRoot\System32\drivers\fwpkclnt.sys \SystemRoot\system32\drivers\volsnap.sys \SystemRoot\System32\Drivers\spldr.sys \SystemRoot\System32\drivers\rdyboost.sys \SystemRoot\System32\Drivers\mup.sys \SystemRoot\System32\drivers\hwpolicy.sys \SystemRoot\System32\DRIVERS\fvevol.sys \SystemRoot\system32\DRIVERS\disk.sys \SystemRoot\system32\DRIVERS\CLASSPNP.SYS \SystemRoot\system32\DRIVERS\avgrkx64.sys \SystemRoot\system32\DRIVERS\avgloga.sys \SystemRoot\system32\DRIVERS\avgmfx64.sys \SystemRoot\system32\DRIVERS\avgidsha.sys \SystemRoot\system32\drivers\cdrom.sys \SystemRoot\system32\drivers\N360x64\1404000.028\ccSetx64.sys \SystemRoot\system32\drivers\N360x64\1404000.028\Ironx64.SYS \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \??\C:\Windows\system32\drivers\avgtpx64.sys \SystemRoot\System32\drivers\vga.sys \SystemRoot\System32\drivers\VIDEOPRT.SYS \SystemRoot\System32\drivers\watchdog.sys \SystemRoot\System32\DRIVERS\RDPCDD.sys \SystemRoot\system32\drivers\rdpencdd.sys \SystemRoot\system32\drivers\rdprefmp.sys \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\system32\DRIVERS\tdx.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\system32\DRIVERS\avgtdia.sys \SystemRoot\System32\DRIVERS\netbt.sys \SystemRoot\system32\drivers\afd.sys \SystemRoot\system32\DRIVERS\wfplwf.sys \SystemRoot\system32\DRIVERS\pacer.sys \SystemRoot\system32\DRIVERS\netbios.sys \SystemRoot\system32\DRIVERS\wanarp.sys \SystemRoot\system32\drivers\termdd.sys \SystemRoot\System32\Drivers\N360x64\1404000.028\SYMNETS.SYS \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS \SystemRoot\system32\drivers\N360x64\1404000.028\SRTSPX64.SYS \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\drivers\nsiproxy.sys \SystemRoot\system32\drivers\mssmbios.sys \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\IPSDefs\20130726.001\IDSvia64.sys \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys \SystemRoot\System32\drivers\discache.sys \SystemRoot\System32\Drivers\dfsc.sys \SystemRoot\system32\DRIVERS\blbdrive.sys \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\BASHDefs\20130715.001_8e\BHDrvx64.sys \SystemRoot\system32\DRIVERS\avgldx64.sys \SystemRoot\system32\DRIVERS\avgidsdrivera.sys \SystemRoot\system32\DRIVERS\tunnel.sys \SystemRoot\system32\DRIVERS\amdppm.sys \SystemRoot\system32\DRIVERS\usbohci.sys \SystemRoot\system32\DRIVERS\USBPORT.SYS \SystemRoot\system32\DRIVERS\usbehci.sys \SystemRoot\system32\drivers\HDAudBus.sys \SystemRoot\system32\DRIVERS\nvmf6264.sys \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys \SystemRoot\system32\DRIVERS\nvlddmkm.sys \SystemRoot\system32\DRIVERS\nvBridge.kmd \SystemRoot\System32\drivers\dxgkrnl.sys \SystemRoot\System32\drivers\dxgmms1.sys \SystemRoot\system32\drivers\CompositeBus.sys \SystemRoot\system32\DRIVERS\AgileVpn.sys \SystemRoot\system32\DRIVERS\rasl2tp.sys \SystemRoot\system32\DRIVERS\ndistapi.sys \SystemRoot\system32\DRIVERS\ndiswan.sys \SystemRoot\system32\DRIVERS\raspppoe.sys \SystemRoot\system32\DRIVERS\raspptp.sys \SystemRoot\system32\DRIVERS\rassstp.sys \SystemRoot\system32\drivers\kbdclass.sys \SystemRoot\system32\drivers\mouclass.sys \SystemRoot\system32\drivers\swenum.sys \SystemRoot\system32\drivers\ks.sys \SystemRoot\system32\drivers\umbus.sys \SystemRoot\system32\DRIVERS\usbhub.sys \SystemRoot\System32\Drivers\NDProxy.SYS \SystemRoot\system32\drivers\RTKVHD64.sys \SystemRoot\system32\drivers\portcls.sys \SystemRoot\system32\drivers\drmk.sys \SystemRoot\system32\drivers\ksthunk.sys \SystemRoot\system32\drivers\hidusb.sys \SystemRoot\system32\drivers\HIDCLASS.SYS \SystemRoot\system32\drivers\HIDPARSE.SYS \SystemRoot\system32\drivers\USBD.SYS \SystemRoot\system32\DRIVERS\USBSTOR.SYS \SystemRoot\System32\Drivers\crashdmp.sys \SystemRoot\System32\Drivers\dump_diskdump.sys \SystemRoot\System32\Drivers\dump_nvstor64.sys \SystemRoot\System32\Drivers\dump_dumpfve.sys \SystemRoot\System32\win32k.sys \SystemRoot\System32\drivers\Dxapi.sys \SystemRoot\System32\TSDDD.dll \SystemRoot\System32\cdd.dll \SystemRoot\System32\ATMFD.DLL \SystemRoot\system32\drivers\luafv.sys \SystemRoot\system32\DRIVERS\lltdio.sys \SystemRoot\system32\DRIVERS\rspndr.sys \SystemRoot\system32\drivers\HTTP.sys \SystemRoot\system32\DRIVERS\bowser.sys \SystemRoot\System32\drivers\mpsdrv.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\system32\DRIVERS\mrxsmb10.sys \SystemRoot\system32\DRIVERS\mrxsmb20.sys \SystemRoot\system32\drivers\peauth.sys \SystemRoot\System32\Drivers\secdrv.SYS \SystemRoot\System32\DRIVERS\srvnet.sys \SystemRoot\System32\drivers\tcpipreg.sys \SystemRoot\System32\DRIVERS\srv2.sys \SystemRoot\System32\DRIVERS\srv.sys \SystemRoot\system32\drivers\WudfPf.sys \SystemRoot\system32\DRIVERS\WUDFRd.sys \SystemRoot\system32\DRIVERS\monitor.sys \SystemRoot\system32\DRIVERS\kbdhid.sys \SystemRoot\system32\DRIVERS\mouhid.sys \SystemRoot\System32\Drivers\N360x64\1404000.028\SRTSP64.SYS \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\VirusDefs\20130729.003\EX64.SYS \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\VirusDefs\20130729.003\ENG64.SYS \??\C:\Windows\system32\drivers\mbamchameleon.sys \??\C:\Windows\system32\drivers\mbamswissarmy.sys \Windows\System32\ntdll.dll \Windows\System32\smss.exe \Windows\System32\apisetschema.dll ----------- End ----------- Done! <<<1>>> Upper Device Name: \Device\Harddisk4\DR4 Upper Device Object: 0xfffffa80060da790 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\00000070\ Lower Device Object: 0xfffffa80060c6060 Lower Device Driver Name: \Driver\USBSTOR\ <<<1>>> Upper Device Name: \Device\Harddisk3\DR3 Upper Device Object: 0xfffffa80060d9790 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\0000006f\ Lower Device Object: 0xfffffa80060b4060 Lower Device Driver Name: \Driver\USBSTOR\ <<<1>>> Upper Device Name: \Device\Harddisk2\DR2 Upper Device Object: 0xfffffa80060d8790 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\0000006e\ Lower Device Object: 0xfffffa80060c5060 Lower Device Driver Name: \Driver\USBSTOR\ <<<1>>> Upper Device Name: \Device\Harddisk1\DR1 Upper Device Object: 0xfffffa80060c6790 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\0000006d\ Lower Device Object: 0xfffffa80060c05f0 Lower Device Driver Name: \Driver\USBSTOR\ <<<1>>> Upper Device Name: \Device\Harddisk0\DR0 Upper Device Object: 0xfffffa80045fa700 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\00000062\ Lower Device Object: 0xfffffa800401e060 Lower Device Driver Name: \Driver\nvstor64\ <<<2>>> Device number: 0, partition: 2 Physical Sector Size: 512 Drive: 0, DevicePointer: 0xfffffa80045fa700, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa80045fb040, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa80045fa700, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa80036fab90, DeviceName: Unknown, DriverName: \Driver\ACPI\ DevicePointer: 0xfffffa800401e060, DeviceName: \Device\00000062\, DriverName: \Driver\nvstor64\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes <<<2>>> Device number: 0, partition: 2 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Scanning drivers directory: C:\Windows\system32\drivers... <<<2>>> Device number: 0, partition: 2 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Done! Drive 0 Scanning MBR on drive 0... Inspecting partition table: MBR Signature: 55AA Disk Signature: 1549F232 Partition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 2048 Numsec = 204800 Partition file system is NTFS Partition is bootable Partition 1 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 206848 Numsec = 1227491328 Partition 2 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 1227698176 Numsec = 22562816 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 640135028736 bytes Sector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1250243728-1250263728)... Done! Physical Sector Size: 0 Drive: 1, DevicePointer: 0xfffffa80060c6790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa80060c5690, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa80060c6790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa80060c05f0, DeviceName: \Device\0000006d\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Physical Sector Size: 0 Drive: 2, DevicePointer: 0xfffffa80060d8790, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa80060d9040, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa80060d8790, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa80060c5060, DeviceName: \Device\0000006e\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Physical Sector Size: 0 Drive: 3, DevicePointer: 0xfffffa80060d9790, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa80060da040, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa80060d9790, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa80060b4060, DeviceName: \Device\0000006f\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Physical Sector Size: 0 Drive: 4, DevicePointer: 0xfffffa80060da790, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa80060d8040, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa80060da790, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa80060c6060, DeviceName: \Device\00000070\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Read File: File "c:\programdata\avg2013\chjw\680409f00409c254.dat:7681956c-a324-4555-8f06-2111ac025d65" is sparse (flags = 32768) Read File: File "c:\Users\tom\AppData\Local\Avg2013\log\avgui.log.1" is compressed (flags = 1) Read File: File "c:\Users\tom\AppData\Local\Avg2013\log\avgui.log.1" is compressed (flags = 1) Scan finished ======================================= Removal queue found; removal started Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_i.mbam... Removing c:\programdata\malwarebytes' anti-malware (portable)\bootstrap_0_0_2048_i.mbam... Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_r.mbam... Removal finished
  10. 15:12:15.0903 5188 TDSS rootkit removing tool 2.8.18.0 Jun 10 2013 21:44:19 15:12:17.0297 5188 ============================================================ 15:12:17.0297 5188 Current date / time: 2013/07/29 15:12:17.0297 15:12:17.0297 5188 SystemInfo: 15:12:17.0297 5188 15:12:17.0298 5188 OS Version: 6.1.7601 ServicePack: 1.0 15:12:17.0298 5188 Product type: Workstation 15:12:17.0298 5188 ComputerName: TOM-PC 15:12:17.0298 5188 UserName: tom 15:12:17.0298 5188 Windows directory: C:\Windows 15:12:17.0298 5188 System windows directory: C:\Windows 15:12:17.0298 5188 Running under WOW64 15:12:17.0299 5188 Processor architecture: Intel x64 15:12:17.0299 5188 Number of processors: 2 15:12:17.0299 5188 Page size: 0x1000 15:12:17.0299 5188 Boot type: Normal boot 15:12:17.0299 5188 ============================================================ 15:12:19.0263 5188 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x14301, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040 15:12:19.0316 5188 ============================================================ 15:12:19.0316 5188 \Device\Harddisk0\DR0: 15:12:19.0354 5188 MBR partitions: 15:12:19.0354 5188 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000 15:12:19.0354 5188 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x492A0800 15:12:19.0354 5188 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x492D3000, BlocksNum 0x1584800 15:12:19.0355 5188 ============================================================ 15:12:19.0413 5188 C: <-> \Device\Harddisk0\DR0\Partition2 15:12:19.0469 5188 D: <-> \Device\Harddisk0\DR0\Partition3 15:12:19.0470 5188 ============================================================ 15:12:19.0470 5188 Initialize success 15:12:19.0470 5188 ============================================================ 15:12:28.0076 4280 ============================================================ 15:12:28.0076 4280 Scan started 15:12:28.0076 4280 Mode: Manual; 15:12:28.0076 4280 ============================================================ 15:12:29.0156 4280 ================ Scan system memory ======================== 15:12:29.0157 4280 System memory - ok 15:12:29.0158 4280 ================ Scan services ============================= 15:12:29.0353 4280 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys 15:12:29.0357 4280 1394ohci - ok 15:12:29.0423 4280 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys 15:12:29.0429 4280 ACPI - ok 15:12:29.0445 4280 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys 15:12:29.0448 4280 AcpiPmi - ok 15:12:29.0540 4280 [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 15:12:29.0542 4280 AdobeARMservice - ok 15:12:29.0684 4280 [ 9915504F602D277EE47FD843A677FD15 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 15:12:29.0688 4280 AdobeFlashPlayerUpdateSvc - ok 15:12:29.0740 4280 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys 15:12:29.0757 4280 adp94xx - ok 15:12:29.0827 4280 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys 15:12:29.0860 4280 adpahci - ok 15:12:29.0881 4280 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys 15:12:29.0887 4280 adpu320 - ok 15:12:29.0921 4280 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 15:12:29.0923 4280 AeLookupSvc - ok 15:12:29.0999 4280 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys 15:12:30.0017 4280 AFD - ok 15:12:30.0066 4280 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys 15:12:30.0070 4280 agp440 - ok 15:12:30.0126 4280 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe 15:12:30.0130 4280 ALG - ok 15:12:30.0185 4280 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys 15:12:30.0188 4280 aliide - ok 15:12:30.0208 4280 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys 15:12:30.0211 4280 amdide - ok 15:12:30.0274 4280 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys 15:12:30.0278 4280 AmdK8 - ok 15:12:30.0316 4280 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys 15:12:30.0318 4280 AmdPPM - ok 15:12:30.0353 4280 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys 15:12:30.0358 4280 amdsata - ok 15:12:30.0400 4280 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys 15:12:30.0406 4280 amdsbs - ok 15:12:30.0428 4280 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys 15:12:30.0431 4280 amdxata - ok 15:12:30.0494 4280 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys 15:12:30.0498 4280 AppID - ok 15:12:30.0513 4280 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll 15:12:30.0515 4280 AppIDSvc - ok 15:12:30.0556 4280 [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo C:\Windows\System32\appinfo.dll 15:12:30.0558 4280 Appinfo - ok 15:12:30.0630 4280 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 15:12:30.0631 4280 Apple Mobile Device - ok 15:12:30.0649 4280 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys 15:12:30.0651 4280 arc - ok 15:12:30.0663 4280 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys 15:12:30.0665 4280 arcsas - ok 15:12:30.0703 4280 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 15:12:30.0705 4280 AsyncMac - ok 15:12:30.0724 4280 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys 15:12:30.0726 4280 atapi - ok 15:12:30.0746 4280 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 15:12:30.0763 4280 AudioEndpointBuilder - ok 15:12:30.0772 4280 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll 15:12:30.0777 4280 AudioSrv - ok 15:12:31.0023 4280 [ 4AFC14AFA58878FAA1D249E7E90EA54B ] AVGIDSAgent C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe 15:12:31.0132 4280 AVGIDSAgent - ok 15:12:31.0218 4280 [ 388056EBD5FE6718FE669078DBE37897 ] AVGIDSDriver C:\Windows\system32\DRIVERS\avgidsdrivera.sys 15:12:31.0223 4280 AVGIDSDriver - ok 15:12:31.0257 4280 [ 550E981747D6A6C55078C77346FFC2C6 ] AVGIDSHA C:\Windows\system32\DRIVERS\avgidsha.sys 15:12:31.0261 4280 AVGIDSHA - ok 15:12:31.0318 4280 [ 5989592A91A17587799792A81E1541D4 ] Avgldx64 C:\Windows\system32\DRIVERS\avgldx64.sys 15:12:31.0325 4280 Avgldx64 - ok 15:12:31.0379 4280 [ 3FC43AA02545FCDDC22817829114DEC8 ] Avgloga C:\Windows\system32\DRIVERS\avgloga.sys 15:12:31.0396 4280 Avgloga - ok 15:12:31.0438 4280 [ 841C40C193889730848849AC220D9242 ] Avgmfx64 C:\Windows\system32\DRIVERS\avgmfx64.sys 15:12:31.0443 4280 Avgmfx64 - ok 15:12:31.0491 4280 [ FE4F444DBE4BBBDFD8FECF49398DEFC7 ] Avgrkx64 C:\Windows\system32\DRIVERS\avgrkx64.sys 15:12:31.0493 4280 Avgrkx64 - ok 15:12:31.0569 4280 [ 6E634525613D48A1D1657FB21F21F3B2 ] Avgtdia C:\Windows\system32\DRIVERS\avgtdia.sys 15:12:31.0576 4280 Avgtdia - ok 15:12:31.0604 4280 [ 0B2520AA90C20971BDB45AE6F3047E0F ] avgtp C:\Windows\system32\drivers\avgtpx64.sys 15:12:31.0607 4280 avgtp - ok 15:12:31.0644 4280 [ 6B72E1E329C4E98C6B6FDD2D265E3BA3 ] avgwd C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe 15:12:31.0647 4280 avgwd - ok 15:12:31.0703 4280 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll 15:12:31.0705 4280 AxInstSV - ok 15:12:31.0779 4280 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys 15:12:31.0796 4280 b06bdrv - ok 15:12:31.0864 4280 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys 15:12:31.0882 4280 b57nd60a - ok 15:12:31.0962 4280 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll 15:12:31.0966 4280 BDESVC - ok 15:12:31.0988 4280 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys 15:12:31.0991 4280 Beep - ok 15:12:32.0070 4280 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll 15:12:32.0096 4280 BFE - ok 15:12:32.0396 4280 [ 6E10DB69DB1AA96207F4B14B18FF12F8 ] BHDrvx64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\BASHDefs\20130715.001_8e\BHDrvx64.sys 15:12:32.0426 4280 BHDrvx64 - ok 15:12:32.0463 4280 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll 15:12:32.0481 4280 BITS - ok 15:12:32.0539 4280 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys 15:12:32.0543 4280 blbdrive - ok 15:12:32.0657 4280 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe 15:12:32.0674 4280 Bonjour Service - ok 15:12:32.0738 4280 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys 15:12:32.0743 4280 bowser - ok 15:12:32.0764 4280 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys 15:12:32.0767 4280 BrFiltLo - ok 15:12:32.0777 4280 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys 15:12:32.0780 4280 BrFiltUp - ok 15:12:32.0807 4280 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll 15:12:32.0809 4280 Browser - ok 15:12:32.0830 4280 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys 15:12:32.0835 4280 Brserid - ok 15:12:32.0841 4280 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys 15:12:32.0843 4280 BrSerWdm - ok 15:12:32.0848 4280 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys 15:12:32.0850 4280 BrUsbMdm - ok 15:12:32.0857 4280 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys 15:12:32.0859 4280 BrUsbSer - ok 15:12:32.0865 4280 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys 15:12:32.0867 4280 BTHMODEM - ok 15:12:32.0918 4280 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll 15:12:32.0921 4280 bthserv - ok 15:12:33.0033 4280 [ 56685951208AC81CF923B9B08BEDF3B7 ] ccSet_N360 C:\Windows\system32\drivers\N360x64\1404000.028\ccSetx64.sys 15:12:33.0039 4280 ccSet_N360 - ok 15:12:33.0059 4280 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 15:12:33.0061 4280 cdfs - ok 15:12:33.0090 4280 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys 15:12:33.0093 4280 cdrom - ok 15:12:33.0154 4280 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll 15:12:33.0158 4280 CertPropSvc - ok 15:12:33.0180 4280 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys 15:12:33.0184 4280 circlass - ok 15:12:33.0215 4280 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys 15:12:33.0220 4280 CLFS - ok 15:12:33.0280 4280 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 15:12:33.0284 4280 clr_optimization_v2.0.50727_32 - ok 15:12:33.0333 4280 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 15:12:33.0337 4280 clr_optimization_v2.0.50727_64 - ok 15:12:33.0435 4280 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 15:12:33.0439 4280 clr_optimization_v4.0.30319_32 - ok 15:12:33.0509 4280 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 15:12:33.0515 4280 clr_optimization_v4.0.30319_64 - ok 15:12:33.0564 4280 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys 15:12:33.0566 4280 CmBatt - ok 15:12:33.0588 4280 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys 15:12:33.0591 4280 cmdide - ok 15:12:33.0636 4280 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys 15:12:33.0653 4280 CNG - ok 15:12:33.0667 4280 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys 15:12:33.0669 4280 Compbatt - ok 15:12:33.0703 4280 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys 15:12:33.0704 4280 CompositeBus - ok 15:12:33.0726 4280 COMSysApp - ok 15:12:33.0750 4280 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys 15:12:33.0751 4280 crcdisk - ok 15:12:33.0820 4280 [ D8129C49798CBBFB2E4351D4B7B8EF9C ] CryptSvc C:\Windows\system32\cryptsvc.dll 15:12:33.0826 4280 CryptSvc - ok 15:12:33.0892 4280 [ C7259495924D21F1AFA26467D9F4DAE0 ] dc3d C:\Windows\system32\DRIVERS\dc3d.sys 15:12:33.0895 4280 dc3d - ok 15:12:33.0941 4280 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll 15:12:33.0959 4280 DcomLaunch - ok 15:12:34.0031 4280 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll 15:12:34.0048 4280 defragsvc - ok 15:12:34.0118 4280 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys 15:12:34.0123 4280 DfsC - ok 15:12:34.0193 4280 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll 15:12:34.0210 4280 Dhcp - ok 15:12:34.0224 4280 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys 15:12:34.0226 4280 discache - ok 15:12:34.0282 4280 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys 15:12:34.0284 4280 Disk - ok 15:12:34.0317 4280 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll 15:12:34.0323 4280 Dnscache - ok 15:12:34.0345 4280 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll 15:12:34.0350 4280 dot3svc - ok 15:12:34.0376 4280 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll 15:12:34.0379 4280 DPS - ok 15:12:34.0431 4280 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 15:12:34.0433 4280 drmkaud - ok 15:12:34.0476 4280 [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 15:12:34.0511 4280 DXGKrnl - ok 15:12:34.0532 4280 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll 15:12:34.0535 4280 EapHost - ok 15:12:34.0600 4280 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys 15:12:34.0654 4280 ebdrv - ok 15:12:34.0730 4280 [ 4353FF94D47A0A9D52B89ECCF0CDB013 ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys 15:12:34.0748 4280 eeCtrl - ok 15:12:34.0772 4280 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe 15:12:34.0776 4280 EFS - ok 15:12:34.0838 4280 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe 15:12:34.0865 4280 ehRecvr - ok 15:12:34.0896 4280 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe 15:12:34.0898 4280 ehSched - ok 15:12:34.0967 4280 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys 15:12:34.0985 4280 elxstor - ok 15:12:35.0044 4280 [ C5BCCB378D0A896304A3E71BE7215983 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 15:12:35.0048 4280 EraserUtilRebootDrv - ok 15:12:35.0083 4280 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys 15:12:35.0086 4280 ErrDev - ok 15:12:35.0146 4280 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll 15:12:35.0165 4280 EventSystem - ok 15:12:35.0190 4280 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys 15:12:35.0194 4280 exfat - ok 15:12:35.0209 4280 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys 15:12:35.0213 4280 fastfat - ok 15:12:35.0274 4280 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe 15:12:35.0300 4280 Fax - ok 15:12:35.0320 4280 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys 15:12:35.0324 4280 fdc - ok 15:12:35.0345 4280 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll 15:12:35.0348 4280 fdPHost - ok 15:12:35.0364 4280 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll 15:12:35.0367 4280 FDResPub - ok 15:12:35.0391 4280 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 15:12:35.0395 4280 FileInfo - ok 15:12:35.0401 4280 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys 15:12:35.0402 4280 Filetrace - ok 15:12:35.0408 4280 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys 15:12:35.0410 4280 flpydisk - ok 15:12:35.0449 4280 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 15:12:35.0454 4280 FltMgr - ok 15:12:35.0497 4280 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\Windows\system32\FntCache.dll 15:12:35.0524 4280 FontCache - ok 15:12:35.0576 4280 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 15:12:35.0577 4280 FontCache3.0.0.0 - ok 15:12:35.0596 4280 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys 15:12:35.0598 4280 FsDepends - ok 15:12:35.0623 4280 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 15:12:35.0625 4280 Fs_Rec - ok 15:12:35.0699 4280 [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys 15:12:35.0704 4280 fvevol - ok 15:12:35.0747 4280 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys 15:12:35.0750 4280 gagp30kx - ok 15:12:35.0859 4280 [ C1BBCE4B30B45410178EE674C818D10C ] GameConsoleService C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe 15:12:35.0868 4280 GameConsoleService - ok 15:12:35.0944 4280 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 15:12:35.0947 4280 GEARAspiWDM - ok 15:12:36.0001 4280 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll 15:12:36.0027 4280 gpsvc - ok 15:12:36.0075 4280 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 15:12:36.0080 4280 gupdate - ok 15:12:36.0133 4280 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 15:12:36.0137 4280 gupdatem - ok 15:12:36.0195 4280 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe 15:12:36.0200 4280 gusvc - ok 15:12:36.0216 4280 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys 15:12:36.0220 4280 hcw85cir - ok 15:12:36.0270 4280 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys 15:12:36.0274 4280 HDAudBus - ok 15:12:36.0283 4280 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys 15:12:36.0286 4280 HidBatt - ok 15:12:36.0297 4280 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys 15:12:36.0300 4280 HidBth - ok 15:12:36.0315 4280 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys 15:12:36.0317 4280 HidIr - ok 15:12:36.0342 4280 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll 15:12:36.0344 4280 hidserv - ok 15:12:36.0383 4280 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys 15:12:36.0386 4280 HidUsb - ok 15:12:36.0416 4280 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll 15:12:36.0420 4280 hkmsvc - ok 15:12:36.0456 4280 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll 15:12:36.0465 4280 HomeGroupListener - ok 15:12:36.0479 4280 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll 15:12:36.0483 4280 HomeGroupProvider - ok 15:12:36.0593 4280 [ BB1FC298BE53AAB1E110F6E786BD8AC5 ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe 15:12:36.0596 4280 HP Support Assistant Service - ok 15:12:36.0700 4280 [ 9B7EDD3FE7C211C36E921D34D18A3A0A ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe 15:12:36.0752 4280 hpqwmiex - ok 15:12:36.0802 4280 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys 15:12:36.0805 4280 HpSAMD - ok 15:12:36.0854 4280 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys 15:12:36.0871 4280 HTTP - ok 15:12:36.0895 4280 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys 15:12:36.0896 4280 hwpolicy - ok 15:12:36.0951 4280 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys 15:12:36.0953 4280 i8042prt - ok 15:12:37.0016 4280 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys 15:12:37.0034 4280 iaStorV - ok 15:12:37.0096 4280 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 15:12:37.0122 4280 idsvc - ok 15:12:37.0231 4280 [ A48928D4CCA6F8B731989DB08CF2C0AB ] IDSVia64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\IPSDefs\20130726.001\IDSvia64.sys 15:12:37.0244 4280 IDSVia64 - ok 15:12:37.0273 4280 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys 15:12:37.0275 4280 iirsp - ok 15:12:37.0304 4280 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll 15:12:37.0321 4280 IKEEXT - ok 15:12:37.0402 4280 [ EF75C94792187A143871FBB87611B0B7 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys 15:12:37.0437 4280 IntcAzAudAddService - ok 15:12:37.0453 4280 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys 15:12:37.0455 4280 intelide - ok 15:12:37.0503 4280 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 15:12:37.0507 4280 intelppm - ok 15:12:37.0532 4280 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll 15:12:37.0535 4280 IPBusEnum - ok 15:12:37.0560 4280 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 15:12:37.0562 4280 IpFilterDriver - ok 15:12:37.0594 4280 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 15:12:37.0612 4280 iphlpsvc - ok 15:12:37.0628 4280 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys 15:12:37.0631 4280 IPMIDRV - ok 15:12:37.0638 4280 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys 15:12:37.0641 4280 IPNAT - ok 15:12:37.0722 4280 [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe 15:12:37.0748 4280 iPod Service - ok 15:12:37.0799 4280 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys 15:12:37.0801 4280 IRENUM - ok 15:12:37.0812 4280 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys 15:12:37.0814 4280 isapnp - ok 15:12:37.0830 4280 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys 15:12:37.0835 4280 iScsiPrt - ok 15:12:37.0887 4280 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys 15:12:37.0888 4280 kbdclass - ok 15:12:37.0939 4280 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys 15:12:37.0941 4280 kbdhid - ok 15:12:37.0948 4280 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe 15:12:37.0951 4280 KeyIso - ok 15:12:37.0985 4280 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 15:12:37.0989 4280 KSecDD - ok 15:12:38.0012 4280 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys 15:12:38.0017 4280 KSecPkg - ok 15:12:38.0034 4280 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys 15:12:38.0037 4280 ksthunk - ok 15:12:38.0065 4280 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll 15:12:38.0073 4280 KtmRm - ok 15:12:38.0152 4280 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll 15:12:38.0169 4280 LanmanServer - ok 15:12:38.0211 4280 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 15:12:38.0217 4280 LanmanWorkstation - ok 15:12:38.0304 4280 [ 2238B91AC1A12CC6CC4C4FED41258B2A ] LightScribeService c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe 15:12:38.0308 4280 LightScribeService - ok 15:12:38.0332 4280 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 15:12:38.0335 4280 lltdio - ok 15:12:38.0376 4280 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll 15:12:38.0394 4280 lltdsvc - ok 15:12:38.0410 4280 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll 15:12:38.0413 4280 lmhosts - ok 15:12:38.0475 4280 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys 15:12:38.0480 4280 LSI_FC - ok 15:12:38.0499 4280 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys 15:12:38.0503 4280 LSI_SAS - ok 15:12:38.0530 4280 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys 15:12:38.0532 4280 LSI_SAS2 - ok 15:12:38.0539 4280 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys 15:12:38.0541 4280 LSI_SCSI - ok 15:12:38.0581 4280 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys 15:12:38.0586 4280 luafv - ok 15:12:38.0615 4280 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 15:12:38.0622 4280 Mcx2Svc - ok 15:12:38.0666 4280 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys 15:12:38.0668 4280 megasas - ok 15:12:38.0682 4280 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys 15:12:38.0687 4280 MegaSR - ok 15:12:38.0706 4280 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll 15:12:38.0708 4280 MMCSS - ok 15:12:38.0719 4280 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys 15:12:38.0720 4280 Modem - ok 15:12:38.0725 4280 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys 15:12:38.0726 4280 monitor - ok 15:12:38.0764 4280 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys 15:12:38.0765 4280 mouclass - ok 15:12:38.0827 4280 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 15:12:38.0828 4280 mouhid - ok 15:12:38.0858 4280 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys 15:12:38.0859 4280 mountmgr - ok 15:12:38.0931 4280 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe 15:12:38.0935 4280 MozillaMaintenance - ok 15:12:38.0970 4280 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys 15:12:38.0976 4280 mpio - ok 15:12:38.0986 4280 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 15:12:38.0990 4280 mpsdrv - ok 15:12:39.0036 4280 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll 15:12:39.0059 4280 MpsSvc - ok 15:12:39.0089 4280 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 15:12:39.0092 4280 MRxDAV - ok 15:12:39.0129 4280 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 15:12:39.0132 4280 mrxsmb - ok 15:12:39.0148 4280 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 15:12:39.0152 4280 mrxsmb10 - ok 15:12:39.0176 4280 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 15:12:39.0179 4280 mrxsmb20 - ok 15:12:39.0195 4280 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys 15:12:39.0197 4280 msahci - ok 15:12:39.0216 4280 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys 15:12:39.0219 4280 msdsm - ok 15:12:39.0238 4280 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe 15:12:39.0242 4280 MSDTC - ok 15:12:39.0306 4280 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys 15:12:39.0308 4280 Msfs - ok 15:12:39.0321 4280 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys 15:12:39.0323 4280 mshidkmdf - ok 15:12:39.0344 4280 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 15:12:39.0346 4280 msisadrv - ok 15:12:39.0375 4280 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 15:12:39.0379 4280 MSiSCSI - ok 15:12:39.0383 4280 msiserver - ok 15:12:39.0411 4280 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 15:12:39.0413 4280 MSKSSRV - ok 15:12:39.0419 4280 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 15:12:39.0421 4280 MSPCLOCK - ok 15:12:39.0443 4280 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 15:12:39.0444 4280 MSPQM - ok 15:12:39.0471 4280 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 15:12:39.0478 4280 MsRPC - ok 15:12:39.0495 4280 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys 15:12:39.0496 4280 mssmbios - ok 15:12:39.0508 4280 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 15:12:39.0510 4280 MSTEE - ok 15:12:39.0515 4280 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys 15:12:39.0517 4280 MTConfig - ok 15:12:39.0538 4280 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys 15:12:39.0540 4280 Mup - ok 15:12:39.0682 4280 [ 1BF9D6476061B31CD7FC2BF848529A56 ] N360 C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe 15:12:39.0686 4280 N360 - ok 15:12:39.0729 4280 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll 15:12:39.0746 4280 napagent - ok 15:12:39.0802 4280 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 15:12:39.0809 4280 NativeWifiP - ok 15:12:39.0930 4280 [ 56540E526B46E379A476FB5BC381B290 ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\VirusDefs\20130729.003\ENG64.SYS 15:12:39.0935 4280 NAVENG - ok 15:12:40.0001 4280 [ 8A19D3991F9F14B885CDE8BC640F6B68 ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\VirusDefs\20130729.003\EX64.SYS 15:12:40.0029 4280 NAVEX15 - ok 15:12:40.0062 4280 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys 15:12:40.0089 4280 NDIS - ok 15:12:40.0135 4280 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys 15:12:40.0139 4280 NdisCap - ok 15:12:40.0202 4280 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 15:12:40.0206 4280 NdisTapi - ok 15:12:40.0262 4280 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 15:12:40.0266 4280 Ndisuio - ok 15:12:40.0309 4280 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 15:12:40.0314 4280 NdisWan - ok 15:12:40.0327 4280 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 15:12:40.0331 4280 NDProxy - ok 15:12:40.0352 4280 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 15:12:40.0354 4280 NetBIOS - ok 15:12:40.0386 4280 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys 15:12:40.0390 4280 NetBT - ok 15:12:40.0406 4280 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe 15:12:40.0408 4280 Netlogon - ok 15:12:40.0480 4280 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll 15:12:40.0498 4280 Netman - ok 15:12:40.0525 4280 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll 15:12:40.0539 4280 netprofm - ok 15:12:40.0557 4280 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe 15:12:40.0560 4280 NetTcpPortSharing - ok 15:12:40.0608 4280 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys 15:12:40.0610 4280 nfrd960 - ok 15:12:40.0667 4280 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll 15:12:40.0673 4280 NlaSvc - ok 15:12:40.0683 4280 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys 15:12:40.0685 4280 Npfs - ok 15:12:40.0717 4280 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll 15:12:40.0719 4280 nsi - ok 15:12:40.0725 4280 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 15:12:40.0726 4280 nsiproxy - ok 15:12:40.0799 4280 [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 15:12:40.0843 4280 Ntfs - ok 15:12:40.0859 4280 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys 15:12:40.0861 4280 Null - ok 15:12:41.0131 4280 [ 181B6E6F49F9F3AD05589B48E29BA167 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys 15:12:41.0321 4280 nvlddmkm - ok 15:12:41.0380 4280 [ 909EEDCBD365BB81027D8E742E6B3416 ] NVNET C:\Windows\system32\DRIVERS\nvmf6264.sys 15:12:41.0388 4280 NVNET - ok 15:12:41.0435 4280 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys 15:12:41.0440 4280 nvraid - ok 15:12:41.0459 4280 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys 15:12:41.0465 4280 nvstor - ok 15:12:41.0502 4280 [ 1E45F96342429D63DC30E0D9117DA3D8 ] nvstor64 C:\Windows\system32\DRIVERS\nvstor64.sys 15:12:41.0507 4280 nvstor64 - ok 15:12:41.0577 4280 [ B5B5DA18380F625C34B88B93D09D7D40 ] nvsvc C:\Windows\system32\nvvsvc.exe 15:12:41.0591 4280 nvsvc - ok 15:12:41.0616 4280 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 15:12:41.0619 4280 nv_agp - ok 15:12:41.0639 4280 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys 15:12:41.0642 4280 ohci1394 - ok 15:12:41.0661 4280 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll 15:12:41.0666 4280 p2pimsvc - ok 15:12:41.0683 4280 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll 15:12:41.0699 4280 p2psvc - ok 15:12:41.0714 4280 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys 15:12:41.0716 4280 Parport - ok 15:12:41.0736 4280 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys 15:12:41.0738 4280 partmgr - ok 15:12:41.0745 4280 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll 15:12:41.0749 4280 PcaSvc - ok 15:12:41.0924 4280 [ 51209FBDB13A46E05C1B0077A9310264 ] PCDSRVC{F36B3A4C-F95654BD-06000000}_0 c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms 15:12:42.0167 4280 PCDSRVC{F36B3A4C-F95654BD-06000000}_0 - ok 15:12:42.0202 4280 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys 15:12:42.0206 4280 pci - ok 15:12:42.0217 4280 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys 15:12:42.0219 4280 pciide - ok 15:12:42.0232 4280 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys 15:12:42.0236 4280 pcmcia - ok 15:12:42.0253 4280 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys 15:12:42.0255 4280 pcw - ok 15:12:42.0269 4280 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys 15:12:42.0287 4280 PEAUTH - ok 15:12:42.0357 4280 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe 15:12:42.0359 4280 PerfHost - ok 15:12:42.0403 4280 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll 15:12:42.0429 4280 pla - ok 15:12:42.0512 4280 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll 15:12:42.0529 4280 PlugPlay - ok 15:12:42.0553 4280 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll 15:12:42.0558 4280 PNRPAutoReg - ok 15:12:42.0578 4280 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll 15:12:42.0581 4280 PNRPsvc - ok 15:12:42.0625 4280 [ 32D374C60778253B81FA76C2FE19E155 ] Point64 C:\Windows\system32\DRIVERS\point64.sys 15:12:42.0632 4280 Point64 - ok 15:12:42.0676 4280 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 15:12:42.0694 4280 PolicyAgent - ok 15:12:42.0714 4280 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll 15:12:42.0718 4280 Power - ok 15:12:42.0788 4280 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 15:12:42.0793 4280 PptpMiniport - ok 15:12:42.0818 4280 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys 15:12:42.0820 4280 Processor - ok 15:12:42.0852 4280 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll 15:12:42.0856 4280 ProfSvc - ok 15:12:42.0881 4280 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe 15:12:42.0883 4280 ProtectedStorage - ok 15:12:42.0926 4280 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys 15:12:42.0928 4280 Psched - ok 15:12:42.0964 4280 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys 15:12:42.0998 4280 ql2300 - ok 15:12:43.0015 4280 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys 15:12:43.0017 4280 ql40xx - ok 15:12:43.0032 4280 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll 15:12:43.0036 4280 QWAVE - ok 15:12:43.0047 4280 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 15:12:43.0048 4280 QWAVEdrv - ok 15:12:43.0149 4280 [ 622FCF264119F7DF127BE353F796B319 ] RadioRage_4jService C:\PROGRA~2\RADIOR~2\bar\1.bin\4jbarsvc.exe 15:12:43.0152 4280 RadioRage_4jService - ok 15:12:43.0161 4280 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 15:12:43.0164 4280 RasAcd - ok 15:12:43.0229 4280 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys 15:12:43.0232 4280 RasAgileVpn - ok 15:12:43.0258 4280 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll 15:12:43.0264 4280 RasAuto - ok 15:12:43.0299 4280 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 15:12:43.0304 4280 Rasl2tp - ok 15:12:43.0335 4280 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll 15:12:43.0353 4280 RasMan - ok 15:12:43.0406 4280 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 15:12:43.0411 4280 RasPppoe - ok 15:12:43.0442 4280 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 15:12:43.0446 4280 RasSstp - ok 15:12:43.0490 4280 [ 96597C96D5ACF4A3EF0B24D396853879 ] rcmirror C:\Windows\system32\DRIVERS\rcmirror.sys 15:12:43.0492 4280 rcmirror - ok 15:12:43.0514 4280 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 15:12:43.0532 4280 rdbss - ok 15:12:43.0551 4280 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys 15:12:43.0555 4280 rdpbus - ok 15:12:43.0574 4280 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 15:12:43.0575 4280 RDPCDD - ok 15:12:43.0587 4280 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 15:12:43.0588 4280 RDPENCDD - ok 15:12:43.0597 4280 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys 15:12:43.0598 4280 RDPREFMP - ok 15:12:43.0627 4280 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 15:12:43.0631 4280 RDPWD - ok 15:12:43.0653 4280 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys 15:12:43.0657 4280 rdyboost - ok 15:12:43.0684 4280 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll 15:12:43.0687 4280 RemoteAccess - ok 15:12:43.0702 4280 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll 15:12:43.0705 4280 RemoteRegistry - ok 15:12:43.0725 4280 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll 15:12:43.0728 4280 RpcEptMapper - ok 15:12:43.0745 4280 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe 15:12:43.0746 4280 RpcLocator - ok 15:12:43.0780 4280 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll 15:12:43.0785 4280 RpcSs - ok 15:12:43.0802 4280 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 15:12:43.0804 4280 rspndr - ok 15:12:43.0815 4280 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe 15:12:43.0816 4280 SamSs - ok 15:12:43.0859 4280 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 15:12:43.0864 4280 sbp2port - ok 15:12:43.0899 4280 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll 15:12:43.0919 4280 SCardSvr - ok 15:12:43.0953 4280 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys 15:12:43.0957 4280 scfilter - ok 15:12:43.0999 4280 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll 15:12:44.0026 4280 Schedule - ok 15:12:44.0053 4280 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll 15:12:44.0055 4280 SCPolicySvc - ok 15:12:44.0083 4280 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll 15:12:44.0087 4280 SDRSVC - ok 15:12:44.0092 4280 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys 15:12:44.0094 4280 secdrv - ok 15:12:44.0112 4280 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll 15:12:44.0114 4280 seclogon - ok 15:12:44.0133 4280 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll 15:12:44.0136 4280 SENS - ok 15:12:44.0154 4280 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll 15:12:44.0156 4280 SensrSvc - ok 15:12:44.0173 4280 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys 15:12:44.0176 4280 Serenum - ok 15:12:44.0184 4280 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys 15:12:44.0186 4280 Serial - ok 15:12:44.0207 4280 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys 15:12:44.0209 4280 sermouse - ok 15:12:44.0237 4280 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll 15:12:44.0240 4280 SessionEnv - ok 15:12:44.0251 4280 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 15:12:44.0253 4280 sffdisk - ok 15:12:44.0263 4280 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 15:12:44.0265 4280 sffp_mmc - ok 15:12:44.0274 4280 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 15:12:44.0276 4280 sffp_sd - ok 15:12:44.0281 4280 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys 15:12:44.0283 4280 sfloppy - ok 15:12:44.0313 4280 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll 15:12:44.0319 4280 SharedAccess - ok 15:12:44.0350 4280 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll 15:12:44.0366 4280 ShellHWDetection - ok 15:12:44.0412 4280 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys 15:12:44.0415 4280 SiSRaid2 - ok 15:12:44.0423 4280 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys 15:12:44.0426 4280 SiSRaid4 - ok 15:12:44.0481 4280 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys 15:12:44.0486 4280 Smb - ok 15:12:44.0549 4280 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe 15:12:44.0553 4280 SNMPTRAP - ok 15:12:44.0572 4280 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys 15:12:44.0576 4280 spldr - ok 15:12:44.0621 4280 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe 15:12:44.0647 4280 Spooler - ok 15:12:44.0759 4280 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe 15:12:44.0817 4280 sppsvc - ok 15:12:44.0837 4280 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll 15:12:44.0839 4280 sppuinotify - ok 15:12:44.0961 4280 [ 2FD9346F9D76CB4192D37329CFA47A82 ] SRTSP C:\Windows\System32\Drivers\N360x64\1404000.028\SRTSP64.SYS 15:12:44.0987 4280 SRTSP - ok 15:12:45.0005 4280 [ 0E76CEF892C45734F7AED09FDDF35D4D ] SRTSPX C:\Windows\system32\drivers\N360x64\1404000.028\SRTSPX64.SYS 15:12:45.0007 4280 SRTSPX - ok 15:12:45.0038 4280 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys 15:12:45.0056 4280 srv - ok 15:12:45.0069 4280 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 15:12:45.0077 4280 srv2 - ok 15:12:45.0091 4280 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 15:12:45.0094 4280 srvnet - ok 15:12:45.0159 4280 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 15:12:45.0176 4280 SSDPSRV - ok 15:12:45.0187 4280 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll 15:12:45.0192 4280 SstpSvc - ok 15:12:45.0222 4280 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys 15:12:45.0224 4280 stexstor - ok 15:12:45.0291 4280 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll 15:12:45.0316 4280 stisvc - ok 15:12:45.0346 4280 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys 15:12:45.0349 4280 swenum - ok 15:12:45.0376 4280 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll 15:12:45.0394 4280 swprv - ok 15:12:45.0463 4280 [ 52DC0048D667757A8A2E4C87182890AC ] SymDS C:\Windows\system32\drivers\N360x64\1404000.028\SYMDS64.SYS 15:12:45.0480 4280 SymDS - ok 15:12:45.0551 4280 [ 599872BAD7CFB45C7CE47CDED4B726D8 ] SymEFA C:\Windows\system32\drivers\N360x64\1404000.028\SYMEFA64.SYS 15:12:45.0586 4280 SymEFA - ok 15:12:45.0645 4280 [ F19E5E37ED8134B9E5F6287F2D3A75D7 ] SymEvent C:\Windows\system32\Drivers\SYMEVENT64x86.SYS 15:12:45.0649 4280 SymEvent - ok 15:12:45.0715 4280 [ ADF37F1A715D6C56C8E065FD8569A9A4 ] SymIRON C:\Windows\system32\drivers\N360x64\1404000.028\Ironx64.SYS 15:12:45.0724 4280 SymIRON - ok 15:12:45.0772 4280 [ 9CDCA70485BD6B9D230365F67C31F132 ] SymNetS C:\Windows\System32\Drivers\N360x64\1404000.028\SYMNETS.SYS 15:12:45.0788 4280 SymNetS - ok 15:12:45.0850 4280 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll 15:12:45.0885 4280 SysMain - ok 15:12:45.0912 4280 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll 15:12:45.0914 4280 TabletInputService - ok 15:12:45.0949 4280 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll 15:12:45.0952 4280 TapiSrv - ok 15:12:45.0965 4280 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll 15:12:45.0967 4280 TBS - ok 15:12:46.0014 4280 [ 9849EA3843A2ADBDD1497E97A85D8CAE ] Tcpip C:\Windows\system32\drivers\tcpip.sys 15:12:46.0040 4280 Tcpip - ok 15:12:46.0066 4280 [ 9849EA3843A2ADBDD1497E97A85D8CAE ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys 15:12:46.0076 4280 TCPIP6 - ok 15:12:46.0096 4280 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 15:12:46.0097 4280 tcpipreg - ok 15:12:46.0126 4280 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 15:12:46.0127 4280 TDPIPE - ok 15:12:46.0144 4280 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 15:12:46.0146 4280 TDTCP - ok 15:12:46.0159 4280 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 15:12:46.0162 4280 tdx - ok 15:12:46.0191 4280 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys 15:12:46.0193 4280 TermDD - ok 15:12:46.0214 4280 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll 15:12:46.0231 4280 TermService - ok 15:12:46.0260 4280 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll 15:12:46.0262 4280 Themes - ok 15:12:46.0281 4280 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll 15:12:46.0282 4280 THREADORDER - ok 15:12:46.0296 4280 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll 15:12:46.0299 4280 TrkWks - ok 15:12:46.0325 4280 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 15:12:46.0327 4280 TrustedInstaller - ok 15:12:46.0352 4280 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 15:12:46.0353 4280 tssecsrv - ok 15:12:46.0424 4280 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys 15:12:46.0428 4280 TsUsbFlt - ok 15:12:46.0487 4280 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 15:12:46.0491 4280 tunnel - ok 15:12:46.0509 4280 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys 15:12:46.0513 4280 uagp35 - ok 15:12:46.0547 4280 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys 15:12:46.0553 4280 udfs - ok 15:12:46.0569 4280 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe 15:12:46.0572 4280 UI0Detect - ok 15:12:46.0588 4280 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 15:12:46.0591 4280 uliagpkx - ok 15:12:46.0641 4280 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys 15:12:46.0643 4280 umbus - ok 15:12:46.0657 4280 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys 15:12:46.0659 4280 UmPass - ok 15:12:46.0678 4280 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll 15:12:46.0693 4280 upnphost - ok 15:12:46.0721 4280 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 15:12:46.0724 4280 usbccgp - ok 15:12:46.0788 4280 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys 15:12:46.0793 4280 usbcir - ok 15:12:46.0813 4280 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys 15:12:46.0814 4280 usbehci - ok 15:12:46.0832 4280 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 15:12:46.0836 4280 usbhub - ok 15:12:46.0853 4280 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys 15:12:46.0854 4280 usbohci - ok 15:12:46.0906 4280 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys 15:12:46.0908 4280 usbprint - ok 15:12:46.0943 4280 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys 15:12:46.0953 4280 usbscan - ok 15:12:46.0974 4280 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 15:12:46.0977 4280 USBSTOR - ok 15:12:46.0990 4280 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys 15:12:46.0992 4280 usbuhci - ok 15:12:47.0000 4280 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll 15:12:47.0002 4280 UxSms - ok 15:12:47.0014 4280 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe 15:12:47.0015 4280 VaultSvc - ok 15:12:47.0036 4280 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys 15:12:47.0037 4280 vdrvroot - ok 15:12:47.0087 4280 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe 15:12:47.0107 4280 vds - ok 15:12:47.0146 4280 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 15:12:47.0148 4280 vga - ok 15:12:47.0160 4280 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys 15:12:47.0162 4280 VgaSave - ok 15:12:47.0185 4280 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys 15:12:47.0190 4280 vhdmp - ok 15:12:47.0204 4280 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys 15:12:47.0206 4280 viaide - ok 15:12:47.0222 4280 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys 15:12:47.0225 4280 volmgr - ok 15:12:47.0260 4280 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 15:12:47.0265 4280 volmgrx - ok 15:12:47.0284 4280 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys 15:12:47.0289 4280 volsnap - ok 15:12:47.0341 4280 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys 15:12:47.0347 4280 vsmraid - ok 15:12:47.0392 4280 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe 15:12:47.0427 4280 VSS - ok 15:12:47.0595 4280 [ 2F208AD0E44992E5FF1CB7C6B699C263 ] vToolbarUpdater15.4.0 C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exe 15:12:47.0665 4280 vToolbarUpdater15.4.0 - ok 15:12:47.0693 4280 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys 15:12:47.0695 4280 vwifibus - ok 15:12:47.0725 4280 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll 15:12:47.0741 4280 W32Time - ok 15:12:47.0749 4280 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys 15:12:47.0751 4280 WacomPen - ok 15:12:47.0799 4280 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys 15:12:47.0803 4280 WANARP - ok 15:12:47.0838 4280 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 15:12:47.0841 4280 Wanarpv6 - ok 15:12:47.0916 4280 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe 15:12:47.0945 4280 WatAdminSvc - ok 15:12:47.0992 4280 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe 15:12:48.0028 4280 wbengine - ok 15:12:48.0048 4280 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll 15:12:48.0053 4280 WbioSrvc - ok 15:12:48.0080 4280 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll 15:12:48.0096 4280 wcncsvc - ok 15:12:48.0114 4280 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 15:12:48.0117 4280 WcsPlugInService - ok 15:12:48.0131 4280 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys 15:12:48.0133 4280 Wd - ok 15:12:48.0173 4280 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 15:12:48.0191 4280 Wdf01000 - ok 15:12:48.0206 4280 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll 15:12:48.0210 4280 WdiServiceHost - ok 15:12:48.0215 4280 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll 15:12:48.0217 4280 WdiSystemHost - ok 15:12:48.0237 4280 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll 15:12:48.0243 4280 WebClient - ok 15:12:48.0265 4280 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll 15:12:48.0270 4280 Wecsvc - ok 15:12:48.0289 4280 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll 15:12:48.0292 4280 wercplsupport - ok 15:12:48.0305 4280 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll 15:12:48.0308 4280 WerSvc - ok 15:12:48.0355 4280 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys 15:12:48.0358 4280 WfpLwf - ok 15:12:48.0379 4280 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys 15:12:48.0382 4280 WIMMount - ok 15:12:48.0416 4280 WinDefend - ok 15:12:48.0429 4280 WinHttpAutoProxySvc - ok 15:12:48.0479 4280 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 15:12:48.0487 4280 Winmgmt - ok 15:12:48.0569 4280 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll 15:12:48.0611 4280 WinRM - ok 15:12:48.0728 4280 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys 15:12:48.0731 4280 WinUsb - ok 15:12:48.0790 4280 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll 15:12:48.0811 4280 Wlansvc - ok 15:12:48.0834 4280 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys 15:12:48.0835 4280 WmiAcpi - ok 15:12:48.0861 4280 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 15:12:48.0864 4280 wmiApSrv - ok 15:12:48.0918 4280 WMPNetworkSvc - ok 15:12:48.0968 4280 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll 15:12:48.0973 4280 WPCSvc - ok 15:12:49.0003 4280 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 15:12:49.0007 4280 WPDBusEnum - ok 15:12:49.0029 4280 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 15:12:49.0031 4280 ws2ifsl - ok 15:12:49.0048 4280 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll 15:12:49.0051 4280 wscsvc - ok 15:12:49.0056 4280 WSearch - ok 15:12:49.0117 4280 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll 15:12:49.0161 4280 wuauserv - ok 15:12:49.0186 4280 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 15:12:49.0188 4280 WudfPf - ok 15:12:49.0228 4280 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 15:12:49.0234 4280 WUDFRd - ok 15:12:49.0262 4280 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll 15:12:49.0269 4280 wudfsvc - ok 15:12:49.0309 4280 [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc C:\Windows\System32\wwansvc.dll 15:12:49.0326 4280 WwanSvc - ok 15:12:49.0343 4280 ================ Scan global =============================== 15:12:49.0376 4280 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll 15:12:49.0400 4280 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll 15:12:49.0417 4280 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll 15:12:49.0436 4280 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll 15:12:49.0467 4280 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe 15:12:49.0473 4280 [Global] - ok 15:12:49.0474 4280 ================ Scan MBR ================================== 15:12:49.0480 4280 [ 0D1A73F8575FCA9A1439616AA43205AD ] \Device\Harddisk0\DR0 15:12:49.0759 4280 \Device\Harddisk0\DR0 - ok 15:12:49.0760 4280 ================ Scan VBR ================================== 15:12:49.0762 4280 [ 42720FBFC405E0703077B10BC7EC2AF3 ] \Device\Harddisk0\DR0\Partition1 15:12:49.0763 4280 \Device\Harddisk0\DR0\Partition1 - ok 15:12:49.0774 4280 [ C9A7F743D1846C89D56302726BD69B76 ] \Device\Harddisk0\DR0\Partition2 15:12:49.0775 4280 \Device\Harddisk0\DR0\Partition2 - ok 15:12:49.0808 4280 [ 7487A744CEEEA8B11B91C308A3BF3A90 ] \Device\Harddisk0\DR0\Partition3 15:12:49.0810 4280 \Device\Harddisk0\DR0\Partition3 - ok 15:12:49.0810 4280 ============================================================ 15:12:49.0810 4280 Scan finished 15:12:49.0810 4280 ============================================================ 15:12:49.0820 2836 Detected object count: 0 15:12:49.0821 2836 Actual detected object count: 0 15:12:59.0473 5436 Deinitialize success
  11. Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2013.07.29.06 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16635 tom :: TOM-PC [administrator] 7/29/2013 2:48:14 PM mbam-log-2013-07-29 (14-48-14).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 236826 Time elapsed: 4 minute(s), 18 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) .DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 10.0.9200.16635 BrowserJavaVersion: 10.7.2 Run by tom at 14:59:02 on 2013-07-29 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3839.2312 [GMT -7:00] . AV: AVG Anti-Virus 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9} AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: AVG Anti-Virus 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664} SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} . ============== Running Processes =============== . C:\PROGRA~2\AVG\AVG2013\avgrsa.exe C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\nvvsvc.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe C:\PROGRA~2\RADIOR~2\bar\1.bin\4jbarsvc.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exe C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\loggingserver.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\System32\WUDFHost.exe C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe C:\Program Files (x86)\AVG\AVG2013\avgemca.exe C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe C:\Windows\system32\taskhost.exe C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe C:\Program Files\Microsoft Device Center\itype.exe C:\Program Files\Microsoft Device Center\ipoint.exe C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe C:\Windows\system32\RunDll32.exe C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe C:\Program Files (x86)\RadioRage_4j\bar\1.bin\4jbrmon.exe C:\Program Files (x86)\AVG\AVG2013\avgui.exe C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin C:\Program Files\iPod\bin\iPodService.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\taskeng.exe c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\svchost.exe -k SDRSVC C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\notepad.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Windows\system32\taskeng.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uURLSearchHooks: <No Name>: {3c35ad63-af1d-4e21-b484-b6651a8efcf9} - C:\Program Files (x86)\RadioRage_4j\bar\1.bin\4jSrcAs.dll mWinlogon: Userinit = userinit.exe BHO: Toolbar BHO: {48909954-14fb-4971-a7b3-47e7af10b38a} - C:\Program Files (x86)\RadioRage_4j\bar\1.bin\4jbar.dll BHO: Search Assistant BHO: {5848763c-2668-44ca-adbe-2999a6ee2858} - C:\Program Files (x86)\RadioRage_4j\bar\1.bin\4jSrcAs.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned> BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\coieplg.dll BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ips\ipsbho.dll BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: AVG SafeGuard toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\15.4.0.5\AVG SafeGuard toolbar_toolbar.dll BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll TB: RadioRage: {78BA36C9-6036-482B-B48D-ECCA6F964B84} - C:\Program Files (x86)\RadioRage_4j\bar\1.bin\4jbar.dll TB: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll TB: RadioRage: {78ba36c9-6036-482b-b48d-ecca6f964b84} - C:\Program Files (x86)\RadioRage_4j\bar\1.bin\4jbar.dll TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\coieplg.dll TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll TB: AVG SafeGuard toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\15.4.0.5\AVG SafeGuard toolbar_toolbar.dll uRun: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun mRun: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe mRun: [HP Remote Solution] C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe mRun: [RadioRage Search Scope Monitor] "C:\PROGRA~2\RADIOR~2\bar\1.bin\4jsrchmn.exe" /m=2 /w /h mRun: [RadioRage_4j Browser Plugin Loader] C:\PROGRA~2\RADIOR~2\bar\1.bin\4jbrmon.exe mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY mRun: [vProt] "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe" mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent dRunOnce: [sPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 StartupFolder: C:\Users\tom\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MONITO~1.LNK - C:\Windows\System32\RunDll32.exe StartupFolder: C:\Users\tom\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\IMAGEB~1.LNK - C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe TCP: NameServer = 192.168.10.1 TCP: Interfaces\{3732DE0D-B102-4A88-8953-629A26D219D7} : DHCPNameServer = 192.168.10.1 Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.4.0\ViProtocol.dll SSODL: WebCheck - <orphaned> mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll x64-Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\System32\NvCpl.dll,NvStartup x64-Run: [smartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background x64-Run: [PC-Doctor for Windows localizer] C:\Program Files\PC-Doctor for Windows\localizer.exe x64-Run: [intelliType Pro] "c:\Program Files\Microsoft Device Center\itype.exe" x64-Run: [intelliPoint] "c:\Program Files\Microsoft Device Center\ipoint.exe" x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned> x64-SSODL: WebCheck - <orphaned> . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\tom\AppData\Roaming\Mozilla\Firefox\Profiles\1g6y8xph.default\ FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.4.0\npsitesafety.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll FF - plugin: C:\Program Files (x86)\RadioRage_4j\bar\1.bin\NP4jStub.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Users\Default\AppData\Local\HuluDesktop\instances\0.9.9.1\nphdplg.dll FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll FF - plugin: C:\Windows\SysWOW64\npmproxy.dll FF - ExtSQL: !HIDDEN! 2013-02-08 11:46; 4jffxtbr@RadioRage_4j.com; C:\Program Files (x86)\RadioRage_4j\bar\1.bin . ============= SERVICES / DRIVERS =============== . R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2012-10-15 63328] R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2012-9-21 225120] R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2012-11-15 111968] R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2012-9-14 40800] R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\N360x64\1404000.028\symds64.sys [2013-6-8 493656] R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\N360x64\1404000.028\symefa64.sys [2013-6-8 1139800] R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2012-10-22 154464] R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2012-10-2 185696] R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2012-9-21 200032] R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2013-7-26 45856] R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\BASHDefs\20130715.001_8e\BHDrvx64.sys [2013-7-15 1393240] R1 ccSet_N360;Norton 360 Settings Manager;C:\Windows\System32\drivers\N360x64\1404000.028\ccsetx64.sys [2013-6-8 169048] R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\IPSDefs\20130726.001\IDSviA64.sys [2013-7-28 513184] R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\N360x64\1404000.028\ironx64.sys [2013-6-8 224416] R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\N360x64\1404000.028\symnets.sys [2013-6-8 433752] R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-15 5814904] R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664] R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528] R2 N360;Norton 360;C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ccsvchst.exe [2013-6-8 144368] R2 RadioRage_4jService;RadioRageService;C:\PROGRA~2\RADIOR~2\bar\1.bin\4jbarsvc.exe [2013-2-8 42504] R2 vToolbarUpdater15.4.0;vToolbarUpdater15.4.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exe [2013-7-29 1616048] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-11-11 138912] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S3 PCDSRVC{F36B3A4C-F95654BD-06000000}_0;PCDSRVC{F36B3A4C-F95654BD-06000000}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\PC-Doctor for Windows\pcdsrvc_x64.pkms [2009-9-16 23536] S3 rcmirror;rcmirror;C:\Windows\System32\drivers\rcmirror.sys [2010-1-18 4608] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-11-11 59392] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-9-13 1255736] . =============== Created Last 30 ================ . 2013-07-29 21:47:00 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys 2013-07-29 21:47:00 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-07-29 21:46:20 -------- d-----w- C:\Users\tom\AppData\Local\Programs 2013-07-26 15:43:17 -------- d-----w- C:\Users\tom\AppData\Roaming\AVG2013 2013-07-26 15:42:23 -------- d-----w- C:\Users\tom\AppData\Local\AVG SafeGuard toolbar 2013-07-26 15:41:49 -------- d-----w- C:\Users\tom\AppData\Roaming\TuneUp Software 2013-07-26 15:41:32 45856 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys 2013-07-26 15:41:25 -------- d-----w- C:\ProgramData\AVG SafeGuard toolbar 2013-07-26 15:41:23 -------- d-----w- C:\Program Files (x86)\Common Files\AVG Secure Search 2013-07-26 15:41:22 -------- d-----w- C:\Program Files (x86)\AVG SafeGuard toolbar 2013-07-26 15:40:03 -------- d--h--w- C:\$AVG 2013-07-26 15:40:03 -------- d-----w- C:\ProgramData\AVG2013 2013-07-26 15:39:27 -------- d-----w- C:\Program Files (x86)\AVG 2013-07-26 15:33:12 -------- d--h--w- C:\ProgramData\Common Files 2013-07-26 15:33:12 -------- d-----w- C:\Users\tom\AppData\Local\MFAData 2013-07-26 15:33:12 -------- d-----w- C:\Users\tom\AppData\Local\Avg2013 2013-07-26 15:33:12 -------- d-----w- C:\ProgramData\MFAData 2013-07-26 15:19:04 9216 ----a-w- C:\Program Files (x86)\Windows Defender\MpAsDesc.dll 2013-07-26 15:19:04 571904 ----a-w- C:\Program Files\Windows Defender\MpClient.dll 2013-07-26 15:19:04 54784 ----a-w- C:\Program Files (x86)\Windows Defender\MpOAV.dll 2013-07-26 15:19:04 392704 ----a-w- C:\Program Files (x86)\Windows Defender\MpClient.dll 2013-07-26 15:19:04 314880 ----a-w- C:\Program Files\Windows Defender\MpCommu.dll 2013-07-26 15:19:04 1011712 ----a-w- C:\Program Files\Windows Defender\MpSvc.dll 2013-07-26 15:19:03 624128 ----a-w- C:\Windows\System32\qedit.dll 2013-07-26 15:19:03 509440 ----a-w- C:\Windows\SysWow64\qedit.dll 2013-07-26 15:19:01 1620480 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL 2013-07-26 05:55:01 -------- d-----w- C:\Users\tom\AppData\Roaming\SparkTrust 2013-07-26 05:54:31 -------- d-----w- C:\Program Files (x86)\Common Files\SparkTrust 2013-07-26 05:54:24 -------- d-----w- C:\ProgramData\SparkTrust 2013-07-26 05:54:24 -------- d-----w- C:\Program Files (x86)\SparkTrust 2013-07-10 06:37:03 4608 ----a-w- C:\Program Files (x86)\Windows Defender\MsMpLics.dll 2013-07-10 06:37:02 1887744 ----a-w- C:\Windows\System32\WMVDECOD.DLL 2013-07-10 06:36:46 3153920 ----a-w- C:\Windows\System32\win32k.sys 2013-07-10 06:36:44 1732608 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL 2013-07-10 06:36:44 1393152 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll 2013-07-10 06:36:44 1367040 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll 2013-07-10 06:36:43 936448 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll 2013-07-10 06:36:43 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll 2013-07-10 06:36:32 1643520 ----a-w- C:\Windows\System32\DWrite.dll 2013-07-10 06:36:32 1247744 ----a-w- C:\Windows\SysWow64\DWrite.dll . ==================== Find3M ==================== . 2013-06-18 17:32:20 177312 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS 2013-06-18 06:49:28 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll 2013-06-11 23:43:37 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll 2013-06-11 23:43:00 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll 2013-06-11 23:42:58 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll 2013-06-11 23:42:58 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll 2013-06-11 23:26:20 2241024 ----a-w- C:\Windows\System32\wininet.dll 2013-06-11 23:25:16 3958784 ----a-w- C:\Windows\System32\jscript9.dll 2013-06-11 23:25:13 67072 ----a-w- C:\Windows\System32\iesetup.dll 2013-06-11 23:25:13 136704 ----a-w- C:\Windows\System32\iesysprep.dll 2013-06-11 22:51:45 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe 2013-06-11 22:50:58 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe 2013-06-11 19:56:15 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2013-06-11 19:56:15 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2013-06-07 03:22:18 2706432 ----a-w- C:\Windows\System32\mshtml.tlb 2013-06-07 02:37:52 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2013-05-23 05:25:28 1139800 ----a-w- C:\Windows\System32\drivers\N360x64\1404000.028\symefa64.sys 2013-05-21 05:02:00 493656 ----a-w- C:\Windows\System32\drivers\N360x64\1404000.028\symds64.sys 2013-05-16 05:02:14 796760 ----a-w- C:\Windows\System32\drivers\N360x64\1404000.028\srtsp64.sys 2013-05-13 05:51:01 184320 ----a-w- C:\Windows\System32\cryptsvc.dll 2013-05-13 05:51:00 1464320 ----a-w- C:\Windows\System32\crypt32.dll 2013-05-13 05:51:00 139776 ----a-w- C:\Windows\System32\cryptnet.dll 2013-05-13 05:50:40 52224 ----a-w- C:\Windows\System32\certenc.dll 2013-05-13 04:45:55 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll 2013-05-13 04:45:55 1160192 ----a-w- C:\Windows\SysWow64\crypt32.dll 2013-05-13 04:45:55 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll 2013-05-13 03:43:55 1192448 ----a-w- C:\Windows\System32\certutil.exe 2013-05-13 03:08:10 903168 ----a-w- C:\Windows\SysWow64\certutil.exe 2013-05-13 03:08:06 43008 ----a-w- C:\Windows\SysWow64\certenc.dll 2013-05-10 05:49:27 30720 ----a-w- C:\Windows\System32\cryptdlg.dll 2013-05-10 03:20:54 24576 ----a-w- C:\Windows\SysWow64\cryptdlg.dll 2013-05-08 06:39:01 1910632 ----a-w- C:\Windows\System32\drivers\tcpip.sys . ============= FINISH: 14:59:39.58 =============== UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 9/11/2012 3:59:13 PM System Uptime: 7/29/2013 2:37:19 PM (0 hours ago) . Motherboard: PEGATRON CORPORATION | | Narra6 Processor: AMD Athlon II X2 250 Processor | CPU 1 | 3000/200mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 585 GiB total, 532.378 GiB free. D: is FIXED (NTFS) - 11 GiB total, 1.57 GiB free. E: is CDROM () F: is Removable G: is Removable H: is Removable I: is Removable . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP52: 7/9/2013 11:37:09 PM - Windows Update RP53: 7/10/2013 10:39:20 AM - Windows Update RP54: 7/25/2013 11:26:24 PM - SparkTrust PC Cleaner Plus Backup RP55: 7/26/2013 8:14:24 AM - Windows Update RP56: 7/26/2013 8:29:05 AM - Windows Update RP57: 7/26/2013 8:39:15 AM - Installed AVG 2013 RP58: 7/26/2013 8:39:37 AM - Installed AVG 2013 RP59: 7/26/2013 10:14:25 AM - Windows Update RP60: 7/27/2013 11:54:26 PM - Windows Update RP61: 7/29/2013 10:36:49 AM - Windows Backup . ==== Installed Programs ====================== . Adobe Flash Player 11 ActiveX Adobe Reader X (10.1.7) Apple Application Support Apple Mobile Device Support Apple Software Update AVG 2013 Bonjour Canon PowerShot A4000 IS and A3400 IS and A2400 IS and A2300 and A1300 and A810 Camera User Guide Canon Utilities CameraWindow DC 8 Canon Utilities ImageBrowser EX Canon Utilities PhotoStitch Compatibility Pack for the 2007 Office system Coupon Printer for Windows CyberLink DVD Suite Deluxe DirectX for Managed Code Update (Summer 2004) DVD Menu Pack for HP MediaSmart Video GIMP 2.8.2 Google Chrome Google Toolbar for Internet Explorer Google Update Helper Hardware Diagnostic Tools Hewlett-Packard ACLM.NET v1.2.1.1 HP Advisor HP Customer Experience Enhancements HP FWUpdateEDO2 HP Games HP MediaSmart Demo HP MediaSmart DVD HP MediaSmart Music/Photo/Video HP MediaSmart SmartMenu HP MediaSmart/TouchSmart Netflix HP Odometer HP Officejet 6700 Basic Device Software HP Officejet 6700 Help HP Officejet 6700 Product Improvement Study HP Photo Creations HP Photosmart 7520 series Basic Device Software HP Photosmart 7520 series Help HP Photosmart 7520 series Product Improvement Study HP Remote Solution HP Setup HP Support Assistant HP Support Information HP Update HPDiagnosticAlert Hulu Desktop I.R.I.S. OCR iTunes Java 7 Update 7 Java Auto Updater Junk Mail filter update LabelPrint LightScribe System Software Malwarebytes Anti-Malware version 1.75.0.1300 Microsoft .NET Framework 4 Client Profile Microsoft Application Error Reporting Microsoft Choice Guard Microsoft Live Search Toolbar Microsoft Mouse and Keyboard Center Microsoft Office Home and Student 60 day trial Microsoft Office PowerPoint Viewer 2007 (English) Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Works Movie Theme Pack for HP MediaSmart Video Mozilla Firefox 15.0.1 (x86 en-US) Mozilla Maintenance Service MSVCRT MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Norton 360 Norton Online Backup NVIDIA Drivers OpenOffice.org 3.4.1 PictureMover PlayReady PC Runtime amd64 Power2Go PowerDirector RadioRage Toolbar Realtek High Definition Audio Driver Recovery Manager Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576) Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393) Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Client Profile (KB2836939) Visual Studio 2010 x64 Redistributables Windows Live Call Windows Live Communications Platform Windows Live Essentials Windows Live Mail Windows Live Messenger Windows Live Photo Gallery Windows Live Sign-in Assistant Windows Live Sync Windows Live Upload Tool Windows Live Writer . ==== Event Viewer Messages From Past Week ======== . 7/29/2013 2:38:18 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied. 7/26/2013 9:55:51 AM, Error: nvstor64 [3] - Data error on device. Device: \Device\RaidPort0 Model: WDC WD6400AAKS-65A7B2 Firmware Version: 01.0 Serial Number: WD-WCASY9955662 Port: 0 7/26/2013 8:16:28 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070002: Windows Malicious Software Removal Tool x64 - July 2013 (KB890830). 7/26/2013 8:11:03 AM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. 7/26/2013 8:11:03 AM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535. 7/26/2013 8:10:14 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx64 7/26/2013 7:32:32 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start. 7/26/2013 6:42:59 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start. 7/26/2013 6:42:59 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 7/26/2013 6:42:59 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 7/26/2013 6:42:56 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 7/26/2013 6:42:51 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} 7/26/2013 6:42:39 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx64 ccSet_N360 discache eeCtrl IDSVia64 spldr SRTSPX SymIRON SymNetS Wanarpv6 . ==== End Of File ===========================
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.