Happili redirect

brianh9999 · April 25, 2012

Firefox is being hijacked by the Happili redirect. I've tried following the directions from prior posts but having no luck getting rid of this problem. A number of other malware/adware issues have been identified and resolved but this happili thing continues to return.

Here is my DDS log and Attach.txt is attached.

.

DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.2.1

Run by bhershberger at 17:54:23 on 2012-04-25

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3539.2911 [GMT -5:00]

.

AV: Symantec Endpoint Protection *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}

FW: COMODO Firewall *Enabled*

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

svchost.exe

C:\WINDOWS\system32\svchost.exe -k netsvcs

svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\Program Files\SUPERAntiSpyware\SASCORE.EXE

C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe

C:\WINDOWS\system32\notepad.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Mozilla Firefox\firefox.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

mStart Page = hxxp://www.yahoo.com

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe

mRun: [Apoint] c:\program files\delltpad\Apoint.exe

mRun: [sysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [iAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe

mRun: [DellControlPoint] "c:\program files\dell\dell controlpoint\Dell.ControlPoint.exe"

mRun: [ChangeTPMAuth] c:\program files\wave systems corp\common\ChangeTPMAuth.exe /T:NTRU12

mRun: [WavXMgr] c:\program files\wave systems corp\services manager\docmgr\bin\WavXDocMgr.exe

mRun: [uSCService] c:\program files\dell\dell controlpoint\security manager\BcmDeviceAndTaskStatusService.exe

mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"

mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot

mRun: [synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [AESTFltr] "c:\windows\system32\AESTFltr.exe" /NoDlg

mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h

mRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t

mRun: [Anvi Smart Defender] c:\program files\anvisoft\anvi smart defender\ASDTray.exe

dRunOnce: [RunNarrator] Narrator.exe

IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll

IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

Trusted Zone: prmia.org\smweb

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} - hxxp://srtest-cdn.systemrequirementslab.com.s3.amazonaws.com/bin/sysreqlabdetect.cab

DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1259696327182

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://zone.msn.com/bingame/popcaploader_v10.cab

DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://zmfs.webex.com/client/T27L/sales/ieatgpc.cab

TCP: DhcpNameServer = 10.1.100.200

TCP: Interfaces\{211DBFCA-464A-43D9-B010-4F99BC718F5D} : NameServer = 10.1.100.200

TCP: Interfaces\{211DBFCA-464A-43D9-B010-4F99BC718F5D} : DhcpNameServer = 10.1.100.200

TCP: Interfaces\{A7541705-6C9B-4A97-BD45-A8B23253D65D} : DhcpNameServer = 192.168.0.1

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL

Notify: GoToAssist Express Customer - c:\program files\citrix\gotoassist express customer\274\g2ax_winlogon.dll

Notify: igfxcui - igfxdev.dll

AppInit_DLLs: c:\windows\system32\guard32.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

LSA: Authentication Packages = msv1_0 wvauth

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\bhershberger.csc\application data\mozilla\firefox\profiles\kmptt6fy.default\

FF - prefs.js: browser.startup.homepage - www.google.com

FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll

FF - plugin: c:\documents and settings\bhershberger.csc\application data\mozilla\plugins\npatgpc.dll

FF - plugin: c:\documents and settings\bhershberger\application data\move networks\plugins\npqmp071705000014.dll

FF - plugin: c:\program files\adobe\acrobat 9.0\acrobat\air\nppdf32.dll

FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\java\jre7\bin\new_plugin\npjp2.dll

FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll

FF - plugin: c:\program files\microsoft\office live\npOLW.dll

FF - plugin: c:\program files\oracle\javafx 2.0 runtime\bin\new_plugin\npjp2.dll

FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll

FF - plugin: c:\program files\virtual earth 3d\npVE3D.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_233.dll

FF - plugin: c:\windows\system32\npdeployJava1.dll

FF - plugin: c:\windows\system32\npptools.dll

.

============= SERVICES / DRIVERS ===============

.

R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2012-3-11 31704]

R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]

R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2010-6-28 108392]

R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2010-6-28 108392]

R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2010-6-28 1831024]

S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2012-3-11 494968]

S1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]

S1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]

S2 asdsrv;Anvi Smart Defender Realtime Guard Service;c:\program files\anvisoft\anvi smart defender\ASDSrv.exe [2012-4-19 643880]

S2 ATService;AuthenTec Fingerprint Service;c:\program files\fingerprint sensor\AtService.exe [2009-5-15 1803512]

S2 avhips;AntiMalware Host-based Intrusion Prevention System;c:\windows\system32\drivers\avhips.sys [2012-4-25 23848]

S2 buttonsvc32;Dell ControlPoint Button Service;c:\program files\dell\dell controlpoint\DCPButtonSvc.exe [2009-4-27 293968]

S2 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\comodo internet security\cmdagent.exe [2012-3-11 1983232]

S2 dcpsysmgrsvc;Dell ControlPoint System Manager;c:\program files\dell\dell controlpoint\system manager\DCPSysMgrSvc.exe [2009-7-16 376096]

S2 DragonUpdater;COMODO Dragon Update Service;c:\program files\comodo\dragon\dragon_updater.exe [2012-4-13 409232]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-9-23 136176]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-4 253088]

S3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2009-11-3 112512]

S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2009-10-28 23888]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-2-21 106104]

S3 GoToAssist Express Customer;GoToAssist Express Customer;c:\program files\citrix\gotoassist express customer\274\g2ax_service.exe [2011-3-1 161144]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-9-23 136176]

S3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2009-11-3 109568]

S3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20120425.002\NAVENG.SYS [2012-4-25 86136]

S3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20120425.002\NAVEX15.SYS [2012-4-25 1576312]

S3 NvtSp50;NvtSp50 NDIS Protocol Driver;c:\windows\system32\drivers\nvtsp50.sys --> c:\windows\system32\drivers\NvtSp50.sys [?]

S3 SRS_PremiumSound_Service;SRS Labs Premium Sound;c:\windows\system32\drivers\SRS_PremiumSound_i386.sys [2009-11-2 232744]

S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2008-8-15 47128]

S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [2008-7-10 242712]

S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2008-8-15 369688]

.

=============== Created Last 30 ================

.

2012-04-25 22:38:54 98816 ----a-w- c:\windows\sed.exe

2012-04-25 22:38:54 518144 ----a-w- c:\windows\SWREG.exe

2012-04-25 22:38:54 256000 ----a-w- c:\windows\PEV.exe

2012-04-25 22:38:54 208896 ----a-w- c:\windows\MBR.exe

2012-04-25 22:12:44 -------- d-----w- c:\documents and settings\bhershberger.csc\application data\Anvisoft

2012-04-25 22:08:06 23848 ----a-w- c:\windows\system32\drivers\avhips.sys

2012-04-25 22:08:06 17704 ----a-w- c:\windows\system32\drivers\avfsmn.sys

2012-04-25 22:07:45 -------- d-----w- c:\program files\Anvisoft

2012-04-25 14:42:55 -------- d-----w- c:\documents and settings\bhershberger.csc\application data\SUPERAntiSpyware.com

2012-04-25 14:42:15 -------- d-----w- c:\program files\SUPERAntiSpyware

2012-04-25 14:42:15 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com

2012-04-25 00:30:58 -------- d-sha-r- C:\cmdcons

2012-04-25 00:20:40 -------- d-----w- c:\windows\setup.pss

2012-04-25 00:20:17 -------- d-----w- c:\windows\setupupd

2012-04-25 00:06:36 -------- d-----w- c:\documents and settings\all users\application data\CPA_VA

2012-04-24 23:59:18 -------- d-----w- c:\documents and settings\all users\application data\Comodo

2012-04-24 23:59:04 -------- d-----w- c:\documents and settings\bhershberger.csc\local settings\application data\COMODO

2012-04-24 23:59:02 42760 ----a-w- c:\windows\system32\certsentry.dll

2012-04-24 23:58:56 -------- d-----w- c:\program files\Comodo

2012-04-24 23:51:10 -------- d-----w- c:\program files\SpywareBlaster

2012-04-24 19:07:46 -------- d-----w- c:\documents and settings\bhershberger.csc\local settings\application data\{70C385F0-8E41-11E1-826D-B8AC6F996F26}

2012-04-18 13:46:13 103864 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll

2012-04-13 17:56:05 4139680 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe

2012-04-12 00:26:33 -------- d-----w- c:\documents and settings\bhershberger.csc\application data\com.digitaldm.editions.10016940

2012-04-12 00:26:19 -------- d-----w- c:\program files\DigitalDM

2012-04-04 14:08:24 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe

.

==================== Find3M ====================

.

2012-04-13 18:56:07 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-04-04 20:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-03-12 02:13:46 494968 ----a-w- c:\windows\system32\drivers\cmdGuard.sys

2012-03-12 02:13:46 31704 ----a-w- c:\windows\system32\drivers\cmdhlp.sys

2012-03-12 02:13:44 18056 ----a-w- c:\windows\system32\drivers\cmderd.sys

2012-03-12 02:13:20 33984 ----a-w- c:\windows\system32\cmdcsr.dll

2012-03-12 02:13:20 301224 ----a-w- c:\windows\system32\guard32.dll

2012-03-01 11:01:32 916992 ----a-w- c:\windows\system32\wininet.dll

2012-03-01 11:01:32 43520 ----a-w- c:\windows\system32\licmgr10.dll

2012-03-01 11:01:32 1469440 ------w- c:\windows\system32\inetcpl.cpl

2012-02-29 14:10:16 177664 ----a-w- c:\windows\system32\wintrust.dll

2012-02-29 14:10:16 148480 ----a-w- c:\windows\system32\imagehlp.dll

2012-02-29 12:17:40 385024 ----a-w- c:\windows\system32\html.iec

2012-02-03 09:26:17 1869184 ----a-w- c:\windows\system32\win32k.sys

.

============= FINISH: 17:54:41.20 ===============

attach.txt

Elise · April 26, 2012

Hello and :welcome:

It looks like you also ran Combofix. Can you please post me the log at c:\combofix.txt?

brianh9999 · April 26, 2012

I've run ComboFix twice, it appeared to take care of everything the first time but then the redirect started again and endpoint protection started catching trojan.Dowiex!inf corrupted files in the temp directory. The first time the recurring virus was bloodhound.MALpe.

Here is the combofix log...

ComboFix 12-04-25.02 - bhershberger 04/25/2012 17:40:34.2.2 - x86 NETWORK

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3539.2935 [GMT -5:00]

Running from: c:\documents and settings\bhershberger.CSC\Desktop\ComboFix.exe

AV: Symantec Endpoint Protection *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}

FW: COMODO Firewall *Enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\All Users\Application Data\TEMP

c:\documents and settings\bhershberger.CSC\Application Data\Mozilla\Firefox\Profiles\kmptt6fy.default\weave\toFetch

c:\documents and settings\bhershberger.CSC\Local Settings\Application Data\assembly\tmp

c:\windows\Downloaded Program Files\popcaploader.dll

c:\windows\Downloaded Program Files\popcaploader.inf

c:\windows\EventSystem.log

.

((((((((((((((((((((((((( Files Created from 2012-03-25 to 2012-04-25 )))))))))))))))))))))))))))))))

.

2012-04-25 22:12 . 2012-04-25 22:12 -------- d-----w- c:\documents and settings\bhershberger.CSC\Application Data\Anvisoft

2012-04-25 22:08 . 2012-01-09 08:26 23848 ----a-w- c:\windows\system32\drivers\avhips.sys

2012-04-25 22:08 . 2012-01-09 08:26 17704 ----a-w- c:\windows\system32\drivers\avfsmn.sys

2012-04-25 22:07 . 2012-04-25 22:07 -------- d-----w- c:\program files\Anvisoft

2012-04-25 15:11 . 2012-04-25 15:11 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\COMODO

2012-04-25 14:42 . 2012-04-25 14:42 -------- d-----w- c:\documents and settings\bhershberger.CSC\Application Data\SUPERAntiSpyware.com

2012-04-25 14:42 . 2012-04-25 14:42 -------- d-----w- c:\program files\SUPERAntiSpyware

2012-04-25 14:42 . 2012-04-25 14:42 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

2012-04-25 00:06 . 2012-04-25 01:52 -------- d-----w- c:\documents and settings\All Users\Application Data\CPA_VA

2012-04-24 23:59 . 2012-04-25 00:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Comodo

2012-04-24 23:59 . 2012-04-24 23:59 -------- d-----w- c:\documents and settings\bhershberger.CSC\Local Settings\Application Data\COMODO

2012-04-24 23:59 . 2012-04-24 23:59 42760 ----a-w- c:\windows\system32\certsentry.dll

2012-04-24 23:58 . 2012-04-25 01:52 -------- d-----w- c:\program files\Comodo

2012-04-24 23:51 . 2012-04-24 23:56 -------- d-----w- c:\program files\SpywareBlaster

2012-04-24 19:07 . 2012-04-24 19:07 -------- d-----w- c:\documents and settings\bhershberger.CSC\Local Settings\Application Data\{70C385F0-8E41-11E1-826D-B8AC6F996F26}

2012-04-18 13:46 . 2012-03-26 13:41 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll

2012-04-13 17:56 . 2012-04-13 18:56 4139680 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe

2012-04-12 00:26 . 2012-04-12 00:26 -------- d-----w- c:\documents and settings\bhershberger.CSC\Application Data\com.digitaldm.editions.10016940

2012-04-12 00:26 . 2012-04-12 00:26 -------- d-----w- c:\program files\Common Files\Adobe AIR

2012-04-12 00:26 . 2012-04-12 00:26 -------- d-----w- c:\program files\DigitalDM

2012-04-04 14:08 . 2012-04-13 18:56 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-04-25 17:20 . 2011-01-31 02:12 0 ----a-w- c:\documents and settings\bhershberger.CSC\Local Settings\Application Data\WavXMapDrive.bat

2012-04-13 18:56 . 2011-05-18 13:37 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-04-04 20:56 . 2011-09-02 14:04 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-03-12 02:13 . 2012-03-12 02:13 97760 ----a-w- c:\windows\system32\drivers\inspect.sys

2012-03-12 02:13 . 2012-03-12 02:13 494968 ----a-w- c:\windows\system32\drivers\cmdGuard.sys

2012-03-12 02:13 . 2012-03-12 02:13 31704 ----a-w- c:\windows\system32\drivers\cmdhlp.sys

2012-03-12 02:13 . 2012-03-12 02:13 18056 ----a-w- c:\windows\system32\drivers\cmderd.sys

2012-03-12 02:13 . 2012-03-12 02:13 33984 ----a-w- c:\windows\system32\cmdcsr.dll

2012-03-12 02:13 . 2012-03-12 02:13 301224 ----a-w- c:\windows\system32\guard32.dll

2012-03-01 11:01 . 2008-04-25 16:16 916992 ----a-w- c:\windows\system32\wininet.dll

2012-03-01 11:01 . 2008-04-25 16:16 43520 ----a-w- c:\windows\system32\licmgr10.dll

2012-03-01 11:01 . 2008-04-25 16:16 1469440 ------w- c:\windows\system32\inetcpl.cpl

2012-02-29 14:10 . 2008-04-25 16:16 177664 ----a-w- c:\windows\system32\wintrust.dll

2012-02-29 14:10 . 2008-04-25 16:16 148480 ----a-w- c:\windows\system32\imagehlp.dll

2012-02-29 12:17 . 2008-04-25 16:16 385024 ----a-w- c:\windows\system32\html.iec

2012-02-03 09:26 . 2008-04-25 16:16 1869184 ----a-w- c:\windows\system32\win32k.sys

2012-03-20 13:37 . 2012-01-09 14:41 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]

@="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"

[HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]

2009-06-12 00:41 49152 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]

@="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"

[HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]

2009-06-12 00:41 49152 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-03-07 3905920]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-02-22 200704]

"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-03-17 483420]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-02-26 134656]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-02-26 166912]

"Persistence"="c:\windows\system32\igfxpers.exe" [2009-02-26 134656]

"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-02-11 186904]

"DellControlPoint"="c:\program files\Dell\Dell ControlPoint\Dell.ControlPoint.exe" [2009-06-12 656384]

"ChangeTPMAuth"="c:\program files\Wave Systems Corp\Common\ChangeTPMAuth.exe" [2009-06-03 184320]

"WavXMgr"="c:\program files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe" [2009-05-18 145920]

"USCService"="c:\program files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe" [2009-07-05 15872]

"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2012-03-27 40376]

"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2010-06-28 115560]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-11 49152]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-07-20 202256]

"Synchronization Manager"="c:\windows\system32\mobsync.exe" [2008-04-14 143360]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-09-30 252296]

"AESTFltr"="c:\windows\system32\AESTFltr.exe" [2009-03-17 729088]

"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-03-12 6749512]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2011-07-27 434080]

"Anvi Smart Defender"="c:\program files\Anvisoft\Anvi Smart Defender\ASDTray.exe" [2012-04-20 625024]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"RunNarrator"="Narrator.exe" [2008-04-14 53760]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist Express Customer]

2011-03-01 16:09 147832 ----a-w- c:\program files\Citrix\GoToAssist Express Customer\274\g2ax_winlogon.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\system32\guard32.dll

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Authentication Packages REG_MULTI_SZ msv1_0 wvauth

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\srv15EC]

@="service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=

"c:\\Program Files\\Microsoft Office\\Live Meeting 8\\Console\\PWConsole.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"58837:TCP"= 58837:TCP:Pando Media Booster

"58837:UDP"= 58837:UDP:Pando Media Booster

.

R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [3/11/2012 9:13 PM 31704]

R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 6:38 PM 116608]

S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [3/11/2012 9:13 PM 494968]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 11:27 AM 12880]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 4:55 PM 67664]

S2 asdsrv;Anvi Smart Defender Realtime Guard Service;c:\program files\Anvisoft\Anvi Smart Defender\ASDSrv.exe [4/19/2012 10:23 PM 643880]

S2 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\AtService.exe [5/15/2009 6:33 PM 1803512]

S2 avhips;AntiMalware Host-based Intrusion Prevention System;c:\windows\system32\drivers\avhips.sys [4/25/2012 5:08 PM 23848]

S2 buttonsvc32;Dell ControlPoint Button Service;c:\program files\Dell\Dell ControlPoint\DCPButtonSvc.exe [4/27/2009 2:40 PM 293968]

S2 dcpsysmgrsvc;Dell ControlPoint System Manager;c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe [7/16/2009 1:04 PM 376096]

S2 DragonUpdater;COMODO Dragon Update Service;c:\program files\Comodo\Dragon\dragon_updater.exe [4/13/2012 7:59 AM 409232]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [9/23/2010 2:33 PM 136176]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/4/2012 9:08 AM 253088]

S3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [11/3/2009 12:18 AM 112512]

S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [10/28/2009 11:52 AM 23888]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2/21/2012 9:48 AM 106104]

S3 GoToAssist Express Customer;GoToAssist Express Customer;c:\program files\Citrix\GoToAssist Express Customer\274\g2ax_service.exe [3/1/2011 11:09 AM 161144]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [9/23/2010 2:33 PM 136176]

S3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [11/3/2009 12:19 AM 109568]

S3 NvtSp50;NvtSp50 NDIS Protocol Driver;c:\windows\system32\Drivers\NvtSp50.sys --> c:\windows\system32\Drivers\NvtSp50.sys [?]

S3 SRS_PremiumSound_Service;SRS Labs Premium Sound;c:\windows\system32\drivers\SRS_PremiumSound_i386.sys [11/2/2009 10:57 PM 232744]

S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [8/15/2008 2:47 PM 47128]

S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [7/10/2008 2:49 AM 242712]

S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [8/15/2008 2:47 PM 369688]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - ASDSRV

*NewlyCreated* - AVHIPS

*NewlyCreated* - SRTSPL

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

srv15EC

.

Contents of the 'Scheduled Tasks' folder

.

2012-04-25 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 18:56]

.

2012-04-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cc08f6ec31d842.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-23 19:33]

.

2012-04-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA1cc08f6ec402688.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-23 19:33]

.

2012-04-25 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2719337179-821044013-2112406857-1012.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 08:02]

.

2012-04-25 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-453876738-3065766259-2469240769-1116.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 08:02]

.

2012-04-25 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-823518204-1770027372-839522115-3159.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 08:02]

.

2011-11-04 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2719337179-821044013-2112406857-1012.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 08:02]

.

2012-04-25 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-453876738-3065766259-2469240769-1116.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 08:02]

.

2011-01-30 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-823518204-1770027372-839522115-3159.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 08:02]

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

mStart Page = hxxp://www.yahoo.com

IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

Trusted Zone: prmia.org\smweb

TCP: DhcpNameServer = 10.1.100.200

TCP: Interfaces\{211DBFCA-464A-43D9-B010-4F99BC718F5D}: NameServer = 10.1.100.200

FF - ProfilePath - c:\documents and settings\bhershberger.CSC\Application Data\Mozilla\Firefox\Profiles\kmptt6fy.default\

FF - prefs.js: browser.startup.homepage - www.google.com

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-04-25 17:44

Windows 5.1.2600 Service Pack 3 NTFS

.

detected NTDLL code modification:

ZwClose

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(856)

c:\windows\system32\guard32.dll

c:\program files\SUPERAntiSpyware\SASWINLO.DLL

c:\windows\system32\WININET.dll

c:\program files\Citrix\GoToAssist Express Customer\274\g2ax_winlogon.dll

c:\windows\system32\NetProvCredMan.dll

.

- - - - - - - > 'lsass.exe'(912)

c:\windows\system32\guard32.dll

c:\windows\system32\wvauth.dll

c:\windows\system32\WININET.dll

.

Completion time: 2012-04-25 17:46:35

ComboFix-quarantined-files.txt 2012-04-25 22:46

ComboFix2.txt 2012-04-25 00:42

.

Pre-Run: 86,503,170,048 bytes free

Post-Run: 86,497,017,856 bytes free

.

- - End Of File - - 1B88B601F688DEF8603BCC98B852686F

Elise · April 26, 2012

Hi again,

Lets first do an additional rootkit scan too.

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!

Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
Vista/Windows 7 users right-click and select Run As Administrator.
If TDSSKiller does not run, try renaming it.
To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
Click the Start Scan button.
Do not use the computer during the scan
If the scan completes with nothing found, click Close to exit.
If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
Copy and paste the contents of that file in your next reply.

brianh9999 · April 26, 2012

The TDSS log...

09:56:21.0125 3292 TDSS rootkit removing tool 2.7.33.0 Apr 24 2012 18:43:43

09:56:21.0406 3292 ============================================================

09:56:21.0406 3292 Current date / time: 2012/04/26 09:56:21.0406

09:56:21.0406 3292 SystemInfo:

09:56:21.0406 3292

09:56:21.0406 3292 OS Version: 5.1.2600 ServicePack: 3.0

09:56:21.0406 3292 Product type: Workstation

09:56:21.0406 3292 ComputerName: DFNKC-5JQ35L1

09:56:21.0406 3292 UserName: bhershberger

09:56:21.0406 3292 Windows directory: C:\WINDOWS

09:56:21.0406 3292 System windows directory: C:\WINDOWS

09:56:21.0406 3292 Processor architecture: Intel x86

09:56:21.0406 3292 Number of processors: 2

09:56:21.0406 3292 Page size: 0x1000

09:56:21.0406 3292 Boot type: Normal boot

09:56:21.0406 3292 ============================================================

09:56:21.0687 3292 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

09:56:21.0703 3292 ============================================================

09:56:21.0703 3292 \Device\Harddisk0\DR0:

09:56:21.0703 3292 MBR partitions:

09:56:21.0703 3292 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2B24B, BlocksNum 0x129ED876

09:56:21.0703 3292 ============================================================

09:56:21.0734 3292 C: <-> \Device\Harddisk0\DR0\Partition0

09:56:21.0734 3292 ============================================================

09:56:21.0734 3292 Initialize success

09:56:21.0734 3292 ============================================================

09:56:45.0500 0692 ============================================================

09:56:45.0500 0692 Scan started

09:56:45.0500 0692 Mode: Manual;

09:56:45.0500 0692 ============================================================

09:56:45.0937 0692 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE

09:56:45.0937 0692 !SASCORE - ok

09:56:46.0062 0692 Abiosdsk - ok

09:56:46.0078 0692 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS

09:56:46.0093 0692 abp480n5 - ok

09:56:46.0109 0692 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

09:56:46.0109 0692 ACPI - ok

09:56:46.0109 0692 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys

09:56:46.0109 0692 ACPIEC - ok

09:56:46.0187 0692 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

09:56:46.0187 0692 AdobeFlashPlayerUpdateSvc - ok

09:56:46.0218 0692 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys

09:56:46.0218 0692 adpu160m - ok

09:56:46.0250 0692 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

09:56:46.0250 0692 aec - ok

09:56:46.0265 0692 AESTAud (f21d5e93a94514be9f5b6ebf74a696b2) C:\WINDOWS\system32\drivers\AESTAud.sys

09:56:46.0281 0692 AESTAud - ok

09:56:46.0312 0692 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys

09:56:46.0312 0692 AFD - ok

09:56:46.0328 0692 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys

09:56:46.0328 0692 agp440 - ok

09:56:46.0343 0692 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys

09:56:46.0343 0692 agpCPQ - ok

09:56:46.0343 0692 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys

09:56:46.0343 0692 Aha154x - ok

09:56:46.0343 0692 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys

09:56:46.0359 0692 aic78u2 - ok

09:56:46.0359 0692 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys

09:56:46.0359 0692 aic78xx - ok

09:56:46.0390 0692 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll

09:56:46.0390 0692 Alerter - ok

09:56:46.0421 0692 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe

09:56:46.0421 0692 ALG - ok

09:56:46.0437 0692 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys

09:56:46.0437 0692 AliIde - ok

09:56:46.0437 0692 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys

09:56:46.0437 0692 alim1541 - ok

09:56:46.0453 0692 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys

09:56:46.0453 0692 amdagp - ok

09:56:46.0453 0692 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys

09:56:46.0453 0692 amsint - ok

09:56:46.0500 0692 ApfiltrService (b83f9da84f7079451c1c6a4a2f140920) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys

09:56:46.0500 0692 ApfiltrService - ok

09:56:46.0546 0692 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll

09:56:46.0546 0692 AppMgmt - ok

09:56:46.0562 0692 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

09:56:46.0578 0692 Arp1394 - ok

09:56:46.0578 0692 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys

09:56:46.0578 0692 asc - ok

09:56:46.0593 0692 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys

09:56:46.0593 0692 asc3350p - ok

09:56:46.0593 0692 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys

09:56:46.0593 0692 asc3550 - ok

09:56:46.0687 0692 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

09:56:46.0687 0692 aspnet_state - ok

09:56:46.0703 0692 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

09:56:46.0703 0692 AsyncMac - ok

09:56:46.0734 0692 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

09:56:46.0734 0692 atapi - ok

09:56:46.0734 0692 Atdisk - ok

09:56:46.0750 0692 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

09:56:46.0765 0692 Atmarpc - ok

09:56:47.0046 0692 ATService (f6e8ccf14b84507497d3108518dbb4cc) C:\Program Files\Fingerprint Sensor\AtService.exe

09:56:47.0062 0692 ATService - ok

09:56:47.0156 0692 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll

09:56:47.0156 0692 AudioSrv - ok

09:56:47.0187 0692 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

09:56:47.0187 0692 audstub - ok

09:56:47.0234 0692 b57w2k (ea377a8e8e1000877210259750cbbf5f) C:\WINDOWS\system32\DRIVERS\b57xp32.sys

09:56:47.0234 0692 b57w2k - ok

09:56:47.0328 0692 BcmSqlStartupSvc (6163664c7e9cd110af70180c126c3fdc) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe

09:56:47.0328 0692 BcmSqlStartupSvc - ok

09:56:47.0343 0692 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

09:56:47.0343 0692 Beep - ok

09:56:47.0421 0692 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll

09:56:47.0437 0692 BITS - ok

09:56:47.0468 0692 Blfp (a341cdb0beb6880f11678944f292dd16) C:\WINDOWS\system32\DRIVERS\baspxp32.sys

09:56:47.0468 0692 Blfp - ok

09:56:47.0500 0692 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll

09:56:47.0500 0692 Browser - ok

09:56:47.0578 0692 buttonsvc32 (9aad3fea7c3efa529ca40057428edc9c) C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe

09:56:47.0578 0692 buttonsvc32 - ok

09:56:47.0656 0692 catchme - ok

09:56:47.0687 0692 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys

09:56:47.0687 0692 cbidf - ok

09:56:47.0703 0692 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

09:56:47.0703 0692 cbidf2k - ok

09:56:47.0718 0692 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

09:56:47.0734 0692 CCDECODE - ok

09:56:47.0781 0692 ccEvtMgr (260a069f403da226d18c058ad14fd3a3) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

09:56:47.0781 0692 ccEvtMgr - ok

09:56:47.0796 0692 ccSetMgr (260a069f403da226d18c058ad14fd3a3) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

09:56:47.0796 0692 ccSetMgr - ok

09:56:47.0796 0692 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys

09:56:47.0812 0692 cd20xrnt - ok

09:56:47.0828 0692 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

09:56:47.0828 0692 Cdaudio - ok

09:56:47.0843 0692 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

09:56:47.0843 0692 Cdfs - ok

09:56:47.0890 0692 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys

09:56:47.0890 0692 Cdrom - ok

09:56:47.0906 0692 Changer - ok

09:56:47.0921 0692 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe

09:56:47.0921 0692 CiSvc - ok

09:56:47.0937 0692 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe

09:56:47.0937 0692 ClipSrv - ok

09:56:47.0984 0692 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

09:56:47.0984 0692 clr_optimization_v2.0.50727_32 - ok

09:56:48.0031 0692 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys

09:56:48.0031 0692 CmBatt - ok

09:56:48.0281 0692 cmdAgent (907324001ae25ac5959c91eaa34cabae) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe

09:56:48.0312 0692 cmdAgent - ok

09:56:48.0453 0692 cmdGuard (bee235831f8e3f0baaca18b39d285cf5) C:\WINDOWS\system32\DRIVERS\cmdguard.sys

09:56:48.0453 0692 cmdGuard - ok

09:56:48.0484 0692 cmdHlp (de548946f36cab62fec2e6aa0149a619) C:\WINDOWS\system32\DRIVERS\cmdhlp.sys

09:56:48.0484 0692 cmdHlp - ok

09:56:48.0484 0692 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys

09:56:48.0484 0692 CmdIde - ok

09:56:48.0531 0692 COH_Mon (86a22dff16e8ca67601044efe6825537) C:\WINDOWS\system32\Drivers\COH_Mon.sys

09:56:48.0531 0692 COH_Mon - ok

09:56:48.0546 0692 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys

09:56:48.0546 0692 Compbatt - ok

09:56:48.0546 0692 COMSysApp - ok

09:56:48.0578 0692 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys

09:56:48.0578 0692 Cpqarray - ok

09:56:48.0609 0692 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll

09:56:48.0625 0692 CryptSvc - ok

09:56:48.0640 0692 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys

09:56:48.0640 0692 dac2w2k - ok

09:56:48.0640 0692 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys

09:56:48.0640 0692 dac960nt - ok

09:56:48.0703 0692 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll

09:56:48.0718 0692 DcomLaunch - ok

09:56:48.0859 0692 dcpsysmgrsvc (0324175c7c824a69d3240484d492b11b) c:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe

09:56:48.0875 0692 dcpsysmgrsvc - ok

09:56:48.0890 0692 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll

09:56:48.0890 0692 Dhcp - ok

09:56:48.0921 0692 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

09:56:48.0921 0692 Disk - ok

09:56:48.0937 0692 dmadmin - ok

09:56:49.0000 0692 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

09:56:49.0015 0692 dmboot - ok

09:56:49.0031 0692 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

09:56:49.0031 0692 dmio - ok

09:56:49.0046 0692 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

09:56:49.0046 0692 dmload - ok

09:56:49.0062 0692 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll

09:56:49.0062 0692 dmserver - ok

09:56:49.0093 0692 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

09:56:49.0109 0692 DMusic - ok

09:56:49.0125 0692 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll

09:56:49.0125 0692 Dnscache - ok

09:56:49.0156 0692 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll

09:56:49.0156 0692 Dot3svc - ok

09:56:49.0171 0692 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys

09:56:49.0171 0692 dpti2o - ok

09:56:49.0234 0692 DragonUpdater (0036e686ca66bd1b005776ac8064640b) C:\Program Files\Comodo\Dragon\dragon_updater.exe

09:56:49.0234 0692 DragonUpdater - ok

09:56:49.0234 0692 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

09:56:49.0234 0692 drmkaud - ok

09:56:49.0265 0692 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll

09:56:49.0265 0692 EapHost - ok

09:56:49.0343 0692 eeCtrl (579a6b6135d32b857faf0e3a974535d8) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys

09:56:49.0359 0692 eeCtrl - ok

09:56:49.0390 0692 EraserUtilRebootDrv (028d50f059bd0d2ccb209e9011b9a9a4) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

09:56:49.0390 0692 EraserUtilRebootDrv - ok

09:56:49.0406 0692 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll

09:56:49.0406 0692 ERSvc - ok

09:56:49.0453 0692 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe

09:56:49.0453 0692 Eventlog - ok

09:56:49.0515 0692 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll

09:56:49.0515 0692 EventSystem - ok

09:56:49.0671 0692 EvtEng (87a32636c84555525700e623662e34d9) c:\Program Files\Intel\WiFi\bin\EvtEng.exe

09:56:49.0687 0692 EvtEng - ok

09:56:49.0781 0692 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

09:56:49.0781 0692 Fastfat - ok

09:56:49.0812 0692 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll

09:56:49.0812 0692 FastUserSwitchingCompatibility - ok

09:56:49.0875 0692 Fax (e97d6a8684466df94ff3bc24fb787a07) C:\WINDOWS\system32\fxssvc.exe

09:56:49.0890 0692 Fax - ok

09:56:49.0906 0692 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys

09:56:49.0906 0692 Fdc - ok

09:56:49.0937 0692 FilterService (1edc0df2da14e04504dd3bac21aa32cd) C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys

09:56:49.0937 0692 FilterService - ok

09:56:49.0953 0692 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

09:56:49.0953 0692 Fips - ok

09:56:50.0062 0692 FLEXnet Licensing Service (f76d04f7413b07daa029f6520b64b4e8) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

09:56:50.0078 0692 FLEXnet Licensing Service - ok

09:56:50.0187 0692 FlipShare Service (e6ba1ceb107ad2663554942a3b090b43) C:\Program Files\Flip Video\FlipShare\FlipShareService.exe

09:56:50.0187 0692 FlipShare Service - ok

09:56:50.0203 0692 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys

09:56:50.0218 0692 Flpydisk - ok

09:56:50.0250 0692 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys

09:56:50.0250 0692 FltMgr - ok

09:56:50.0328 0692 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

09:56:50.0328 0692 FontCache3.0.0.0 - ok

09:56:50.0359 0692 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

09:56:50.0359 0692 Fs_Rec - ok

09:56:50.0406 0692 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

09:56:50.0406 0692 Ftdisk - ok

09:56:50.0437 0692 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

09:56:50.0437 0692 GEARAspiWDM - ok

09:56:50.0515 0692 GoToAssist Express Customer (d080a3d550ed79f8ea1ec79d47131478) C:\Program Files\Citrix\GoToAssist Express Customer\274\g2ax_service.exe

09:56:50.0531 0692 GoToAssist Express Customer - ok

09:56:50.0546 0692 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

09:56:50.0546 0692 Gpc - ok

09:56:50.0609 0692 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe

09:56:50.0609 0692 gupdate - ok

09:56:50.0609 0692 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe

09:56:50.0625 0692 gupdatem - ok

09:56:50.0671 0692 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

09:56:50.0671 0692 HDAudBus - ok

09:56:50.0734 0692 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll

09:56:50.0734 0692 helpsvc - ok

09:56:50.0765 0692 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll

09:56:50.0765 0692 HidServ - ok

09:56:50.0796 0692 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

09:56:50.0796 0692 hidusb - ok

09:56:50.0828 0692 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll

09:56:50.0843 0692 hkmsvc - ok

09:56:50.0859 0692 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys

09:56:50.0859 0692 hpn - ok

09:56:50.0984 0692 hpqcxs08 (af81f7ba6a09119006fe041a2f2f3ece) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll

09:56:50.0984 0692 hpqcxs08 - ok

09:56:51.0015 0692 hpqddsvc (7244f63db8ea883b3dc8e730c645d073) C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll

09:56:51.0015 0692 hpqddsvc - ok

09:56:51.0062 0692 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys

09:56:51.0062 0692 HPZid412 - ok

09:56:51.0093 0692 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys

09:56:51.0093 0692 HPZipr12 - ok

09:56:51.0125 0692 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys

09:56:51.0125 0692 HPZius12 - ok

09:56:51.0203 0692 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

09:56:51.0203 0692 HTTP - ok

09:56:51.0234 0692 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll

09:56:51.0250 0692 HTTPFilter - ok

09:56:51.0281 0692 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys

09:56:51.0281 0692 i2omgmt - ok

09:56:51.0296 0692 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys

09:56:51.0296 0692 i2omp - ok

09:56:51.0328 0692 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

09:56:51.0328 0692 i8042prt - ok

09:56:51.0437 0692 IAANTMON (52e8a3cc8269adb27d25182284c5e650) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

09:56:51.0453 0692 IAANTMON - ok

09:56:51.0937 0692 ialm (3b743262b6456167888d15f1121b3bf7) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys

09:56:51.0984 0692 ialm - ok

09:56:52.0156 0692 iaStor (71ecc07bc7c5e24c3dd01d8a29a24054) C:\WINDOWS\system32\drivers\iaStor.sys

09:56:52.0156 0692 iaStor - ok

09:56:52.0359 0692 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

09:56:52.0359 0692 idsvc - ok

09:56:52.0390 0692 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

09:56:52.0390 0692 Imapi - ok

09:56:52.0437 0692 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe

09:56:52.0437 0692 ImapiService - ok

09:56:52.0468 0692 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys

09:56:52.0468 0692 ini910u - ok

09:56:52.0500 0692 Inspect (f89849cf13805ef49da64a8a63193af7) C:\WINDOWS\system32\DRIVERS\inspect.sys

09:56:52.0500 0692 Inspect - ok

09:56:52.0546 0692 IntcHdmiAddService (f32a62c765885bd8e4352a1565f702a6) C:\WINDOWS\system32\drivers\IntcHdmi.sys

09:56:52.0546 0692 IntcHdmiAddService - ok

09:56:52.0562 0692 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys

09:56:52.0562 0692 IntelIde - ok

09:56:52.0593 0692 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

09:56:52.0593 0692 intelppm - ok

09:56:52.0625 0692 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys

09:56:52.0625 0692 Ip6Fw - ok

09:56:52.0656 0692 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

09:56:52.0656 0692 IpFilterDriver - ok

09:56:52.0687 0692 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

09:56:52.0687 0692 IpInIp - ok

09:56:52.0718 0692 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

09:56:52.0718 0692 IpNat - ok

09:56:52.0734 0692 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

09:56:52.0734 0692 IPSec - ok

09:56:52.0765 0692 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

09:56:52.0765 0692 IRENUM - ok

09:56:52.0781 0692 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

09:56:52.0781 0692 isapnp - ok

09:56:52.0921 0692 JavaQuickStarterService (973db7ac74c554c546f8b0b7b98fb855) C:\Program Files\Java\jre7\bin\jqs.exe

09:56:52.0921 0692 JavaQuickStarterService - ok

09:56:52.0937 0692 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

09:56:52.0937 0692 Kbdclass - ok

09:56:52.0968 0692 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

09:56:52.0968 0692 kbdhid - ok

09:56:53.0000 0692 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

09:56:53.0000 0692 kmixer - ok

09:56:53.0031 0692 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

09:56:53.0031 0692 KSecDD - ok

09:56:53.0078 0692 LanmanServer (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll

09:56:53.0078 0692 LanmanServer - ok

09:56:53.0125 0692 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll

09:56:53.0140 0692 lanmanworkstation - ok

09:56:53.0140 0692 lbrtfdc - ok

09:56:53.0421 0692 LiveUpdate (6105b28f5d03c4affa7197b228768849) C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

09:56:53.0468 0692 LiveUpdate - ok

09:56:53.0609 0692 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll

09:56:53.0609 0692 LmHosts - ok

09:56:53.0671 0692 LVPr2Mon (f96cfb47903854f228baaf3e2d41a0a3) C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys

09:56:53.0671 0692 LVPr2Mon - ok

09:56:53.0781 0692 LVPrcSrv (ff23862146a682fcc3dbaa002e22f958) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

09:56:53.0781 0692 LVPrcSrv - ok

09:56:53.0890 0692 LVRS (e22fd7852e74f04cceb6b8a684a51f3e) C:\WINDOWS\system32\DRIVERS\lvrs.sys

09:56:53.0906 0692 LVRS - ok

09:56:53.0937 0692 LVUSBSta (5f987fc1aad215ec2c60cf07719b1cce) C:\WINDOWS\system32\DRIVERS\LVUSBSta.sys

09:56:53.0937 0692 LVUSBSta - ok

09:56:54.0359 0692 LVUVC (e89df2b88ee659954de79827ddf46dc9) C:\WINDOWS\system32\DRIVERS\lvuvc.sys

09:56:54.0453 0692 LVUVC - ok

09:56:54.0531 0692 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll

09:56:54.0531 0692 Messenger - ok

09:56:54.0578 0692 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

09:56:54.0578 0692 mnmdd - ok

09:56:54.0609 0692 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe

09:56:54.0609 0692 mnmsrvc - ok

09:56:54.0640 0692 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

09:56:54.0640 0692 Modem - ok

09:56:54.0671 0692 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

09:56:54.0671 0692 Mouclass - ok

09:56:54.0687 0692 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

09:56:54.0687 0692 mouhid - ok

09:56:54.0703 0692 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

09:56:54.0703 0692 MountMgr - ok

09:56:54.0734 0692 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys

09:56:54.0734 0692 mraid35x - ok

09:56:54.0750 0692 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

09:56:54.0750 0692 MRxDAV - ok

09:56:54.0812 0692 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

09:56:54.0812 0692 MRxSmb - ok

09:56:54.0828 0692 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe

09:56:54.0828 0692 MSDTC - ok

09:56:54.0843 0692 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

09:56:54.0843 0692 Msfs - ok

09:56:54.0843 0692 MSIServer - ok

09:56:54.0859 0692 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

09:56:54.0859 0692 MSKSSRV - ok

09:56:54.0875 0692 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

09:56:54.0875 0692 MSPCLOCK - ok

09:56:54.0906 0692 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

09:56:54.0906 0692 MSPQM - ok

09:56:54.0906 0692 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

09:56:54.0906 0692 mssmbios - ok

09:56:55.0015 0692 MSSQL$MSSMLBIZ - ok

09:56:55.0062 0692 MSSQL$SQLEXPRESS - ok

09:56:55.0125 0692 MSSQLServerADHelper (1d89eb4e2a99cabd4e81225f4f4c4b25) c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe

09:56:55.0125 0692 MSSQLServerADHelper - ok

09:56:55.0171 0692 MSSQLServerADHelper100 (f1761c8fb2b25a32c6d63e36bb88c3ae) c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE

09:56:55.0171 0692 MSSQLServerADHelper100 - ok

09:56:55.0203 0692 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

09:56:55.0203 0692 MSTEE - ok

09:56:55.0234 0692 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

09:56:55.0234 0692 Mup - ok

09:56:55.0281 0692 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

09:56:55.0281 0692 NABTSFEC - ok

09:56:55.0343 0692 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll

09:56:55.0343 0692 napagent - ok

09:56:55.0437 0692 NAVENG (862f55824ac81295837b0ab63f91071f) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20120425.032\NAVENG.SYS

09:56:55.0453 0692 NAVENG - ok

09:56:55.0625 0692 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20120425.032\NAVEX15.SYS

09:56:55.0640 0692 NAVEX15 - ok

09:56:55.0843 0692 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

09:56:55.0843 0692 NDIS - ok

09:56:55.0859 0692 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

09:56:55.0859 0692 NdisIP - ok

09:56:55.0875 0692 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

09:56:55.0875 0692 NdisTapi - ok

09:56:55.0890 0692 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

09:56:55.0890 0692 Ndisuio - ok

09:56:55.0921 0692 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

09:56:55.0921 0692 NdisWan - ok

09:56:55.0953 0692 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

09:56:55.0968 0692 NDProxy - ok

09:56:56.0000 0692 Net Driver HPZ12 (51c6d8bfbd4ea5b62a1ba7f4469250d3) C:\WINDOWS\system32\HPZinw12.dll

09:56:56.0000 0692 Net Driver HPZ12 - ok

09:56:56.0015 0692 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

09:56:56.0015 0692 NetBIOS - ok

09:56:56.0062 0692 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

09:56:56.0062 0692 NetBT - ok

09:56:56.0093 0692 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe

09:56:56.0093 0692 NetDDE - ok

09:56:56.0093 0692 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe

09:56:56.0093 0692 NetDDEdsdm - ok

09:56:56.0125 0692 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

09:56:56.0125 0692 Netlogon - ok

09:56:56.0156 0692 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll

09:56:56.0156 0692 Netman - ok

09:56:56.0265 0692 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

09:56:56.0265 0692 NetTcpPortSharing - ok

09:56:56.0515 0692 NETw5x32 (a3b69acd14051ae87ab9e1823a508b6d) C:\WINDOWS\system32\DRIVERS\NETw5x32.sys

09:56:56.0546 0692 NETw5x32 - ok

09:56:56.0687 0692 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

09:56:56.0687 0692 NIC1394 - ok

09:56:56.0750 0692 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll

09:56:56.0750 0692 Nla - ok

09:56:56.0765 0692 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

09:56:56.0765 0692 Npfs - ok

09:56:56.0812 0692 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

09:56:56.0812 0692 Ntfs - ok

09:56:56.0828 0692 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

09:56:56.0828 0692 NtLmSsp - ok

09:56:56.0875 0692 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll

09:56:56.0875 0692 NtmsSvc - ok

09:56:56.0890 0692 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

09:56:56.0890 0692 Null - ok

09:56:56.0890 0692 NvtSp50 - ok

09:56:56.0921 0692 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

09:56:56.0921 0692 NwlnkFlt - ok

09:56:56.0937 0692 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

09:56:56.0937 0692 NwlnkFwd - ok

09:56:57.0062 0692 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

09:56:57.0062 0692 odserv - ok

09:56:57.0093 0692 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

09:56:57.0093 0692 ohci1394 - ok

09:56:57.0140 0692 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

09:56:57.0140 0692 ose - ok

09:56:57.0171 0692 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys

09:56:57.0171 0692 Parport - ok

09:56:57.0171 0692 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

09:56:57.0171 0692 PartMgr - ok

09:56:57.0187 0692 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

09:56:57.0187 0692 ParVdm - ok

09:56:57.0203 0692 PBADRV (4088c1ecd1f54281a92fa663b0fdc36f) C:\WINDOWS\system32\DRIVERS\PBADRV.sys

09:56:57.0203 0692 PBADRV - ok

09:56:57.0218 0692 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

09:56:57.0218 0692 PCI - ok

09:56:57.0218 0692 PCIDump - ok

09:56:57.0234 0692 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

09:56:57.0234 0692 PCIIde - ok

09:56:57.0250 0692 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys

09:56:57.0250 0692 Pcmcia - ok

09:56:57.0250 0692 PDCOMP - ok

09:56:57.0250 0692 PDFRAME - ok

09:56:57.0265 0692 PDRELI - ok

09:56:57.0265 0692 PDRFRAME - ok

09:56:57.0265 0692 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys

09:56:57.0265 0692 perc2 - ok

09:56:57.0281 0692 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys

09:56:57.0296 0692 perc2hib - ok

09:56:57.0312 0692 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe

09:56:57.0312 0692 PlugPlay - ok

09:56:57.0359 0692 Pml Driver HPZ12 (79834aa2fbf9fe81eebb229024f6f7fc) C:\WINDOWS\system32\HPZipm12.dll

09:56:57.0359 0692 Pml Driver HPZ12 - ok

09:56:57.0359 0692 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

09:56:57.0359 0692 PolicyAgent - ok

09:56:57.0375 0692 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

09:56:57.0375 0692 PptpMiniport - ok

09:56:57.0375 0692 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

09:56:57.0375 0692 ProtectedStorage - ok

09:56:57.0406 0692 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

09:56:57.0406 0692 PSched - ok

09:56:57.0421 0692 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

09:56:57.0421 0692 Ptilink - ok

09:56:57.0437 0692 PxHelp20 (03e0fe281823ba64b3782f5b38950e73) C:\WINDOWS\system32\Drivers\PxHelp20.sys

09:56:57.0437 0692 PxHelp20 - ok

09:56:57.0453 0692 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys

09:56:57.0453 0692 ql1080 - ok

09:56:57.0468 0692 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys

09:56:57.0468 0692 Ql10wnt - ok

09:56:57.0484 0692 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys

09:56:57.0484 0692 ql12160 - ok

09:56:57.0484 0692 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys

09:56:57.0484 0692 ql1240 - ok

09:56:57.0500 0692 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys

09:56:57.0515 0692 ql1280 - ok

09:56:57.0515 0692 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

09:56:57.0515 0692 RasAcd - ok

09:56:57.0546 0692 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll

09:56:57.0546 0692 RasAuto - ok

09:56:57.0562 0692 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

09:56:57.0562 0692 Rasl2tp - ok

09:56:57.0593 0692 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll

09:56:57.0593 0692 RasMan - ok

09:56:57.0625 0692 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

09:56:57.0625 0692 RasPppoe - ok

09:56:57.0625 0692 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

09:56:57.0625 0692 Raspti - ok

09:56:57.0656 0692 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

09:56:57.0656 0692 Rdbss - ok

09:56:57.0671 0692 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

09:56:57.0671 0692 RDPCDD - ok

09:56:57.0687 0692 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

09:56:57.0687 0692 rdpdr - ok

09:56:57.0718 0692 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys

09:56:57.0718 0692 RDPWD - ok

09:56:57.0765 0692 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe

09:56:57.0765 0692 RDSessMgr - ok

09:56:57.0796 0692 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

09:56:57.0796 0692 redbook - ok

09:56:57.0921 0692 RegSrvc (d1875727d04eae948f139022dcad3d47) c:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

09:56:57.0921 0692 RegSrvc - ok

09:56:57.0953 0692 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll

09:56:57.0953 0692 RemoteAccess - ok

09:56:57.0968 0692 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll

09:56:57.0968 0692 RemoteRegistry - ok

09:56:58.0015 0692 rimmptsk (ea885e7a56f1be1f14c372337c42fe48) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys

09:56:58.0015 0692 rimmptsk - ok

09:56:58.0046 0692 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe

09:56:58.0046 0692 RpcLocator - ok

09:56:58.0078 0692 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll

09:56:58.0093 0692 RpcSs - ok

09:56:58.0125 0692 RsFx0102 (fedd2710b75be3ecf078adace790c423) C:\WINDOWS\system32\DRIVERS\RsFx0102.sys

09:56:58.0125 0692 RsFx0102 - ok

09:56:58.0156 0692 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe

09:56:58.0156 0692 RSVP - ok

09:56:58.0296 0692 S24EventMonitor (8b4459365c254196f498a3cbc2898dbb) c:\Program Files\Intel\WiFi\bin\S24EvMon.exe

09:56:58.0312 0692 S24EventMonitor - ok

09:56:58.0328 0692 s24trans (87940243ea2ad3ebe274f5409c5e9072) C:\WINDOWS\system32\DRIVERS\s24trans.sys

09:56:58.0328 0692 s24trans - ok

09:56:58.0343 0692 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

09:56:58.0343 0692 SamSs - ok

09:56:58.0406 0692 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS

09:56:58.0406 0692 SASDIFSV - ok

09:56:58.0421 0692 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS

09:56:58.0421 0692 SASKUTIL - ok

09:56:58.0453 0692 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe

09:56:58.0453 0692 SCardSvr - ok

09:56:58.0500 0692 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll

09:56:58.0500 0692 Schedule - ok

09:56:58.0515 0692 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys

09:56:58.0515 0692 sdbus - ok

09:56:58.0531 0692 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

09:56:58.0531 0692 Secdrv - ok

09:56:58.0546 0692 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll

09:56:58.0546 0692 seclogon - ok

09:56:58.0703 0692 SecureStorageService (d7f978c1b6387544fe132eb5b915ed1a) C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe

09:56:58.0703 0692 SecureStorageService - ok

09:56:58.0718 0692 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll

09:56:58.0718 0692 SENS - ok

09:56:58.0734 0692 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

09:56:58.0734 0692 Serenum - ok

09:56:58.0750 0692 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

09:56:58.0750 0692 Serial - ok

09:56:58.0765 0692 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

09:56:58.0765 0692 Sfloppy - ok

09:56:58.0812 0692 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll

09:56:58.0812 0692 SharedAccess - ok

09:56:58.0859 0692 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll

09:56:58.0859 0692 ShellHWDetection - ok

09:56:58.0859 0692 Simbad - ok

09:56:58.0875 0692 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys

09:56:58.0875 0692 sisagp - ok

09:56:58.0906 0692 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

09:56:58.0906 0692 SLIP - ok

09:56:59.0109 0692 SmcService (0dc94380be7d36ae241029c72807692e) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe

09:56:59.0109 0692 SmcService - ok

09:56:59.0156 0692 SNAC (65e1ebf379856b677979802c8d5bcd87) C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE

09:56:59.0156 0692 SNAC - ok

09:56:59.0296 0692 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys

09:56:59.0296 0692 Sparrow - ok

09:56:59.0343 0692 SPBBCDrv (e87cf104f12c92401c4d33c50a3d5dc8) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys

09:56:59.0343 0692 SPBBCDrv - ok

09:56:59.0375 0692 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

09:56:59.0375 0692 splitter - ok

09:56:59.0406 0692 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe

09:56:59.0421 0692 Spooler - ok

09:56:59.0515 0692 SQLAgent$SQLEXPRESS (eb2fd937449b7aceb39372f875eb8e78) c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE

09:56:59.0515 0692 SQLAgent$SQLEXPRESS - ok

09:56:59.0593 0692 SQLBrowser (b54b48f6d92423440c264e91225c5ff1) c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe

09:56:59.0593 0692 SQLBrowser - ok

09:56:59.0625 0692 SQLWriter (637a0f23f9012358e92e6f99835494d1) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

09:56:59.0625 0692 SQLWriter - ok

09:56:59.0671 0692 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

09:56:59.0671 0692 sr - ok

09:56:59.0718 0692 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll

09:56:59.0718 0692 srservice - ok

09:56:59.0765 0692 SRS_PremiumSound_Service (584477fdfa731af4635f5875c6b52531) C:\WINDOWS\system32\drivers\srs_PremiumSound_i386.sys

09:56:59.0765 0692 SRS_PremiumSound_Service - ok

09:56:59.0781 0692 SRTSP (5a293729e1f9fce3a2106d1f5dc5e98a) C:\WINDOWS\system32\Drivers\SRTSP.SYS

09:56:59.0781 0692 SRTSP - ok

09:56:59.0828 0692 SRTSPL (0ddb7fba32be09d8057063c0cee24137) C:\WINDOWS\system32\Drivers\SRTSPL.SYS

09:56:59.0828 0692 SRTSPL - ok

09:56:59.0843 0692 SRTSPX (a99719dfb61b61aa5026341bbb733c0a) C:\WINDOWS\system32\Drivers\SRTSPX.SYS

09:56:59.0843 0692 SRTSPX - ok

09:56:59.0890 0692 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

09:56:59.0890 0692 Srv - ok

09:56:59.0921 0692 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll

09:56:59.0921 0692 SSDPSRV - ok

09:56:59.0968 0692 STacSV (3603f3db9fba2a8fa91829681ba25afa) c:\drivers\audio\r213367\stacsv.exe

09:56:59.0968 0692 STacSV - ok

09:57:00.0093 0692 STHDA (1b76479b80ff0f6e245ba590a64102be) C:\WINDOWS\system32\drivers\sthda.sys

09:57:00.0093 0692 STHDA - ok

09:57:00.0218 0692 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll

09:57:00.0218 0692 stisvc - ok

09:57:00.0296 0692 stllssvr (e476c66713c842f58e61a95826ed1d57) c:\Program Files\Common Files\SureThing Shared\stllssvr.exe

09:57:00.0296 0692 stllssvr - ok

09:57:00.0343 0692 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

09:57:00.0343 0692 streamip - ok

09:57:00.0375 0692 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

09:57:00.0375 0692 swenum - ok

09:57:00.0421 0692 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

09:57:00.0421 0692 swmidi - ok

09:57:00.0421 0692 SwPrv - ok

09:57:00.0593 0692 Symantec AntiVirus (f3a4ead0b3946e439f0397f7a4d09952) C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe

09:57:00.0609 0692 Symantec AntiVirus - ok

09:57:00.0656 0692 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys

09:57:00.0656 0692 symc810 - ok

09:57:00.0671 0692 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys

09:57:00.0671 0692 symc8xx - ok

09:57:00.0718 0692 SymEvent (a54ff04bd6e75dc4d8cb6f3e352635e0) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS

09:57:00.0718 0692 SymEvent - ok

09:57:00.0734 0692 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys

09:57:00.0734 0692 sym_hi - ok

09:57:00.0734 0692 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys

09:57:00.0734 0692 sym_u3 - ok

09:57:00.0765 0692 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

09:57:00.0765 0692 sysaudio - ok

09:57:00.0796 0692 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe

09:57:00.0796 0692 SysmonLog - ok

09:57:00.0828 0692 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll

09:57:00.0828 0692 TapiSrv - ok

09:57:00.0890 0692 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

09:57:00.0890 0692 Tcpip - ok

09:57:01.0015 0692 tcsd_win32.exe (69f1a38a6dbfe682491cb61a596662e3) C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe

09:57:01.0015 0692 tcsd_win32.exe - ok

09:57:01.0140 0692 TdmService (a62f1de032e59c4bb35557a2219cb160) C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe

09:57:01.0156 0692 TdmService - ok

09:57:01.0203 0692 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

09:57:01.0203 0692 TDPIPE - ok

09:57:01.0234 0692 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

09:57:01.0234 0692 TDTCP - ok

09:57:01.0250 0692 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

09:57:01.0250 0692 TermDD - ok

09:57:01.0281 0692 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll

09:57:01.0281 0692 TermService - ok

09:57:01.0328 0692 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll

09:57:01.0328 0692 Themes - ok

09:57:01.0343 0692 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe

09:57:01.0343 0692 TlntSvr - ok

09:57:01.0359 0692 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys

09:57:01.0359 0692 TosIde - ok

09:57:01.0390 0692 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll

09:57:01.0390 0692 TrkWks - ok

09:57:01.0421 0692 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

09:57:01.0421 0692 Udfs - ok

09:57:01.0437 0692 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys

09:57:01.0437 0692 ultra - ok

09:57:01.0468 0692 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

09:57:01.0468 0692 Update - ok

09:57:01.0500 0692 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll

09:57:01.0500 0692 upnphost - ok

09:57:01.0515 0692 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe

09:57:01.0515 0692 UPS - ok

09:57:01.0546 0692 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys

09:57:01.0546 0692 usbaudio - ok

09:57:01.0578 0692 usbccgp (c18d6c74953621346df6b0a11f80c1cc) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

09:57:01.0578 0692 usbccgp - ok

09:57:01.0593 0692 usbehci (4bac8df07f1d8434fc640e677a62204e) C:\WINDOWS\system32\DRIVERS\usbehci.sys

09:57:01.0593 0692 usbehci - ok

09:57:01.0609 0692 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

09:57:01.0609 0692 usbhub - ok

09:57:01.0656 0692 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

09:57:01.0656 0692 usbprint - ok

09:57:01.0703 0692 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

09:57:01.0703 0692 usbscan - ok

09:57:01.0718 0692 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

09:57:01.0718 0692 USBSTOR - ok

09:57:01.0750 0692 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

09:57:01.0750 0692 usbuhci - ok

09:57:01.0781 0692 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys

09:57:01.0781 0692 usbvideo - ok

09:57:01.0781 0692 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

09:57:01.0781 0692 VgaSave - ok

09:57:01.0812 0692 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys

09:57:01.0812 0692 viaagp - ok

09:57:01.0828 0692 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys

09:57:01.0828 0692 ViaIde - ok

09:57:01.0843 0692 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

09:57:01.0843 0692 VolSnap - ok

09:57:01.0890 0692 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe

09:57:01.0890 0692 VSS - ok

09:57:01.0937 0692 w32time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll

09:57:01.0937 0692 w32time - ok

09:57:01.0968 0692 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

09:57:01.0968 0692 Wanarp - ok

09:57:02.0000 0692 WavxDMgr (e1369c7a53c76eb681afd0eba348b45a) C:\WINDOWS\system32\DRIVERS\WavxDMgr.sys

09:57:02.0000 0692 WavxDMgr - ok

09:57:02.0046 0692 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys

09:57:02.0062 0692 Wdf01000 - ok

09:57:02.0062 0692 WDICA - ok

09:57:02.0078 0692 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

09:57:02.0078 0692 wdmaud - ok

09:57:02.0109 0692 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll

09:57:02.0109 0692 WebClient - ok

09:57:02.0171 0692 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll

09:57:02.0171 0692 winmgmt - ok

09:57:02.0328 0692 wlidsvc (d9250b31b353ee3322c1cad411997e38) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

09:57:02.0343 0692 wlidsvc - ok

09:57:02.0453 0692 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll

09:57:02.0453 0692 WmdmPmSN - ok

09:57:02.0531 0692 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll

09:57:02.0531 0692 Wmi - ok

09:57:02.0593 0692 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys

09:57:02.0593 0692 WmiAcpi - ok

09:57:02.0625 0692 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe

09:57:02.0625 0692 WmiApSrv - ok

09:57:02.0718 0692 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe

09:57:02.0734 0692 WMPNetworkSvc - ok

09:57:02.0750 0692 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys

09:57:02.0750 0692 WS2IFSL - ok

09:57:02.0781 0692 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll

09:57:02.0781 0692 wscsvc - ok

09:57:02.0781 0692 WSearch - ok

09:57:02.0828 0692 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

09:57:02.0828 0692 WSTCODEC - ok

09:57:02.0843 0692 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll

09:57:02.0843 0692 wuauserv - ok

09:57:02.0875 0692 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

09:57:02.0875 0692 WudfPf - ok

09:57:02.0906 0692 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

09:57:02.0906 0692 WudfRd - ok

09:57:02.0921 0692 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll

09:57:02.0937 0692 WudfSvc - ok

09:57:02.0968 0692 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll

09:57:02.0968 0692 WZCSVC - ok

09:57:03.0015 0692 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll

09:57:03.0015 0692 xmlprov - ok

09:57:03.0109 0692 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

09:57:03.0109 0692 YahooAUService - ok

09:57:03.0156 0692 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0

09:57:03.0203 0692 \Device\Harddisk0\DR0 - ok

09:57:03.0203 0692 Boot (0x1200) (8ff7ec3d9758ae9c2cec3216b369c762) \Device\Harddisk0\DR0\Partition0

09:57:03.0203 0692 \Device\Harddisk0\DR0\Partition0 - ok

09:57:03.0203 0692 ============================================================

09:57:03.0203 0692 Scan finished

09:57:03.0203 0692 ============================================================

09:57:03.0218 1464 Detected object count: 0

09:57:03.0218 1464 Actual detected object count: 0

09:57:06.0671 4624 Deinitialize success

brianh9999 · April 26, 2012

Used the following code on recommendation of a coworker who had a similar problem:

================

Copy and paste these lines in Note pad.

@Echo on

pushd\windows\system32\drivers\etc

attrib -h -s -r hosts

echo 127.0.0.1 localhost>HOSTS

attrib +r +h +s hosts

popd

ipconfig /release

ipconfig /renew

ipconfig /flushdns

netsh winsock reset all

netsh int ip reset all

shutdown -r -t 1

del %0

Save as flush.bat to your desktop.

===========================

Can't get the redirect to occur now. Not sure I've taken care of any underlying problems that may be on my computer but at least firefox isn't redirecting my searches (for now).

That said, I'll keep running scans if you think I should.

Elise · April 26, 2012

That resets most common internet components, some of which can indeed be involved in a redirect.

Please let me know if you have any problems left and/or the redirect reoccurs.

brianh9999 · April 26, 2012

Thanks for your help on this. I will certainly seek out qualified assistance first if I get any reoccurences as opposed to blindly installing and running utilities for multiple days hoping for a solution. My lack of patience and frustration got the best of me this time.

Elise · April 26, 2012

To be sure everything is okay, lets also run one last scan.

ESET ONLINE SCANNER

----------------------------

I'd like us to scan your machine with ESET OnlineScan

Hold down Control and click on this link to open ESET OnlineScan in a new window.
Click the button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
2. Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
3. Double click on the
  icon on your desktop.
4. Check "YES, I accept the Terms of Use."
5. Click the Start button.
6. Accept any security warnings from your browser.
7. Under scan settings, check "Scan Archives" and "Remove found threats"
8. Click Advanced settings and select the following:
  - Scan potentially unwanted applications
  - Scan for potentially unsafe applications
  - Enable Anti-Stealth technology

[*]ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

[*]When the scan completes, click List Threats

[*]Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

[*]Click the Back button.

[*]Click the Finish button.

brianh9999 · April 27, 2012

Scanning now. ESET found 5 problems and is only half way finished. I'll post the log when it is done.

Did a quick test to see if the redirect would occur again, and it did. If I search for "happili" using google and firefox it redirects the first security site link I click on. I tried the exact same thing in IE and the redirect doesn't occur. I could use the flush.bat again but it seems like the problem is tied to firefox. What if I uninstall those the program and try a fresh install?

Looks like I have more work to do on this.

Elise · April 27, 2012

The following scan should reveal the entries that cause the redirect.

OTL

-----

Please download OTL from one of the following mirrors:

- This is THE Mirror

[*]Save it to your desktop.

[*]Double click on the icon on your desktop.

[*]Click the "Scan All Users" checkbox.

[*]Push the button.

[*]Two reports will open, copy and paste them in a reply here:

OTL.txt <-- Will be opened
Extra.txt <-- Will be minimized

brianh9999 · April 27, 2012

ESET scan

C:\Documents and Settings\bhershberger.CSC\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\19\33c334d3-5ef9f19e Java/Exploit.CVE-2012-0507.Y trojan cleaned by deleting - quarantined

C:\Documents and Settings\bhershberger.CSC\My Documents\Downloads\cnet_FCTBSetup_exe.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined

C:\Documents and Settings\bhershberger.CSC\My Documents\Downloads\FCTBSetup.exe Win32/OpenCandy application deleted - quarantined

C:\Documents and Settings\bhershberger.CSC\My Documents\Downloads\winzip155.exe Win32/OpenCandy application deleted - quarantined

C:\Documents and Settings\bhershberger.CSC\My Documents\Downloads\winzip160.exe Win32/OpenCandy application deleted - quarantined

Elise · April 27, 2012

Please see my previous post.

brianh9999 · April 27, 2012

Installed the BrowserProtect add-on for firefox which is supposed to prevent hijacks at the browser level. After numerous attempts to recreate the redirect the add-on seems to be working but like yesterday I'm probably not addressing the underlying problem.

OTL log...

OTL logfile created on: 4/27/2012 11:16:58 AM - Run 1

OTL by OldTimer - Version 3.2.42.1 Folder = C:\Documents and Settings\bhershberger.CSC\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.46 Gb Total Physical Memory | 2.20 Gb Available Physical Memory | 63.71% Memory free

5.29 Gb Paging File | 3.85 Gb Available in Paging File | 72.76% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 148.96 Gb Total Space | 75.68 Gb Free Space | 50.81% Space Free | Partition Type: NTFS

Drive V: | 40.00 Gb Total Space | 10.12 Gb Free Space | 25.30% Space Free | Partition Type: NTFS

Drive W: | 40.00 Gb Total Space | 4.43 Gb Free Space | 11.07% Space Free | Partition Type: NTFS

Drive X: | 836.62 Gb Total Space | 783.00 Gb Free Space | 93.59% Space Free | Partition Type: NTFS

Drive Y: | 793.58 Gb Total Space | 492.10 Gb Free Space | 62.01% Space Free | Partition Type: NTFS

Drive Z: | 836.62 Gb Total Space | 783.00 Gb Free Space | 93.59% Space Free | Partition Type: NTFS

Computer Name: DFNKC-5JQ35L1 | User Name: bhershberger | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/27 11:15:39 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\bhershberger.CSC\Desktop\OTL(1).exe

PRC - [2012/04/15 16:04:44 | 000,374,368 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe

PRC - [2012/04/13 07:59:46 | 000,409,232 | ---- | M] () -- C:\Program Files\Comodo\Dragon\dragon_updater.exe

PRC - [2012/03/20 08:37:33 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe

PRC - [2012/03/11 21:13:22 | 001,983,232 | ---- | M] (COMODO) -- C:\Program Files\Comodo\COMODO Internet Security\cmdagent.exe

PRC - [2012/03/11 21:13:02 | 006,749,512 | ---- | M] (COMODO) -- C:\Program Files\Comodo\COMODO Internet Security\cfp.exe

PRC - [2012/03/07 16:27:25 | 003,905,920 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

PRC - [2012/01/20 10:44:35 | 000,161,664 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe

PRC - [2011/09/30 09:28:08 | 000,546,464 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Online Scanner\OnlineScannerApp.exe

PRC - [2011/09/30 09:28:06 | 000,884,304 | ---- | M] () -- C:\Program Files\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe

PRC - [2011/08/11 18:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe

PRC - [2010/06/28 10:17:16 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

PRC - [2010/06/28 10:17:12 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe

PRC - [2010/06/28 10:16:45 | 001,459,528 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe

PRC - [2010/06/28 10:16:44 | 001,881,368 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe

PRC - [2010/06/28 10:16:39 | 001,831,024 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe

PRC - [2009/07/16 13:04:56 | 000,376,096 | ---- | M] (Dell Inc.) -- c:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe

PRC - [2009/07/05 17:56:34 | 000,015,872 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe

PRC - [2009/06/11 22:46:46 | 000,656,384 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe

PRC - [2009/06/11 19:43:08 | 001,622,016 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe

PRC - [2009/05/18 09:36:00 | 000,145,920 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe

PRC - [2009/05/15 18:33:40 | 001,803,512 | ---- | M] (AuthenTec, Inc.) -- C:\Program Files\Fingerprint Sensor\AtService.exe

PRC - [2009/04/27 14:40:26 | 000,293,968 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe

PRC - [2009/03/16 20:57:38 | 000,483,420 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe

PRC - [2009/03/16 20:57:26 | 000,254,034 | ---- | M] (IDT, Inc.) -- c:\drivers\audio\R213367\stacsv.exe

PRC - [2009/03/16 20:57:14 | 000,729,088 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\system32\AESTFltr.exe

PRC - [2009/02/22 16:51:40 | 000,049,250 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe

PRC - [2009/02/22 16:51:24 | 000,200,704 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe

PRC - [2009/02/22 16:51:22 | 000,050,472 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe

PRC - [2009/02/22 16:51:22 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe

PRC - [2009/02/11 18:38:40 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe

PRC - [2009/02/11 18:38:38 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

PRC - [2008/10/02 12:26:42 | 000,860,160 | ---- | M] (Intel® Corporation) -- c:\Program Files\Intel\WiFi\bin\EvtEng.exe

PRC - [2008/10/02 12:06:56 | 000,905,216 | ---- | M] (Intel® Corporation) -- c:\Program Files\Intel\WiFi\bin\S24EvMon.exe

PRC - [2008/10/02 11:56:44 | 000,466,944 | ---- | M] (Intel® Corporation) -- c:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

PRC - [2008/04/14 07:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2008/01/11 18:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe

========== Modules (No Company Name) ==========

MOD - [2012/04/27 08:32:02 | 000,065,024 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll

MOD - [2012/04/27 08:32:02 | 000,052,736 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll

MOD - [2012/04/25 09:43:07 | 000,117,760 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL

MOD - [2012/04/25 09:43:07 | 000,052,224 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll

MOD - [2012/04/13 07:59:46 | 000,409,232 | ---- | M] () -- C:\Program Files\Comodo\Dragon\dragon_updater.exe

MOD - [2012/04/11 16:09:30 | 002,359,808 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.BusinessS#\fb15ea43309da95f2ad525edd0b2b258\Microsoft.BusinessSolutions.eCRM.OutlookAddIn.ni.dll

MOD - [2012/04/11 16:09:25 | 004,466,688 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.BusinessS#\f9b9607d3dcc58ce953aa6217a607a92\Microsoft.BusinessSolutions.eCRM.OutlookAddIn.CSUtils.ni.dll

MOD - [2012/04/11 16:09:22 | 001,712,128 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\3ec4a3f74cb80c9b9581d778e8645b2c\Microsoft.VisualBasic.ni.dll

MOD - [2012/04/11 16:09:19 | 000,391,168 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Iris.Mapi.MessageSt#\266a0723d8e88a12ff4dba5c0607be7a\Iris.Mapi.MessageStore.ni.dll

MOD - [2012/04/11 16:09:18 | 000,462,336 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.BusinessS#\e0ebc8cc3e2541c2c24c8d1d83521359\Microsoft.BusinessSolutions.eCRM.DataSync.ni.dll

MOD - [2012/04/11 16:09:15 | 003,826,176 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\BusinessLayer\0e1da55e310125471d0f726ba4f338b4\BusinessLayer.ni.dll

MOD - [2012/04/11 16:09:09 | 001,039,872 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Interop.M#\99c5f05fec424a6f34f19eda882a2f6d\Microsoft.Interop.Mapi.Impl.ni.dll

MOD - [2012/04/11 16:09:08 | 001,526,272 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\BCMRes\5887ad6ee72e304efdfcccb62cefc9c7\BCMRes.ni.dll

MOD - [2012/04/11 15:07:22 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\56e433394df8d44e43690a855e403555\System.ServiceProcess.ni.dll

MOD - [2012/04/11 15:06:20 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d96906db18e87ffe2e08f6cda7e2be0f\System.Windows.Forms.ni.dll

MOD - [2012/04/11 15:06:10 | 001,591,808 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\8d886cdc2ca5f0ff97cd1afe8773bb6e\System.Drawing.ni.dll

MOD - [2012/04/11 15:04:59 | 000,069,120 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll

MOD - [2012/04/11 15:04:56 | 000,372,736 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll

MOD - [2012/03/26 08:39:03 | 002,666,496 | ---- | M] () -- C:\Program Files\Adobe\Acrobat 9.0\PDFMaker\Common\AdobePDFMakerX.dll

MOD - [2012/03/20 08:37:32 | 001,969,080 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll

MOD - [2012/02/21 09:47:45 | 000,484,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\BCMCommon\d15f9a0db4361af008e88b6439902c1c\BCMCommon.ni.dll

MOD - [2012/02/21 09:47:39 | 000,998,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\a2a14380e8c9149d5b212d0100ef588a\System.Management.ni.dll

MOD - [2012/02/21 09:44:30 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\77e1279cbf4eecfb0284b63316fe43fe\System.Xml.ni.dll

MOD - [2012/02/21 09:44:23 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\94a40f415bfa947e251888bbe88bb973\System.Configuration.ni.dll

MOD - [2012/02/21 09:44:11 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\9e3803cd2a11f056291862e306a8e2b2\System.ni.dll

MOD - [2011/10/13 11:24:50 | 000,220,672 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\3e6deccf191ab943d3a0812a38ab5c97\CustomMarshalers.ni.dll

MOD - [2011/10/13 10:13:23 | 000,014,336 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Extensibility\8e52c5321a132fde4236c5f17929a733\Extensibility.ni.dll

MOD - [2011/10/13 10:13:02 | 002,267,648 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.In#\a9942828767c5549849c82accbdbcedc\Microsoft.Office.Interop.Outlook.ni.dll

MOD - [2011/10/13 10:13:00 | 000,177,664 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Interop.M#\07021d10c3bc8a0ea378435a258f7b1b\Microsoft.Interop.Mapi.PropTags.ni.dll

MOD - [2011/10/13 10:12:58 | 000,963,072 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\office\e004a967869320dece615cb985e09ea5\office.ni.dll

MOD - [2011/10/13 10:12:58 | 000,044,032 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\stdole\f7080b25913a525c5a0c561c57864d17\stdole.ni.dll

MOD - [2011/10/13 10:12:57 | 000,152,064 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Interop.M#\daa68c80020eb582452ec3173450505d\Microsoft.Interop.Mapi.Interfaces.ni.dll

MOD - [2011/10/13 10:12:57 | 000,062,976 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Interop.e#\00cc95b92fb21663d07f94e15cab3be0\Microsoft.Interop.eCRM.Ole.ni.dll

MOD - [2011/10/12 18:25:26 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll

MOD - [2011/10/05 04:52:30 | 000,756,048 | ---- | M] () -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL

MOD - [2011/09/30 09:28:06 | 000,884,304 | ---- | M] () -- C:\Program Files\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe

MOD - [2011/06/22 12:46:12 | 000,434,016 | ---- | M] () -- C:\Program Files\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll

MOD - [2011/04/14 20:01:33 | 000,548,854 | ---- | M] () -- C:\Program Files\BillP Studios\WinPatrol\sqlite3.dll

MOD - [2009/12/01 16:48:45 | 000,310,720 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\BCMCommon\3.0.0.0__31bf3856ad364e35\BCMCommon.dll

MOD - [2009/12/01 15:16:38 | 000,591,976 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\Microsoft.Interop.Mapi.Impl\3.0.0.0__31bf3856ad364e35\Microsoft.Interop.Mapi.Impl.dll

MOD - [2009/11/02 23:04:04 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Status Lib\1.6.320.13950__f25c74fcad379103\Status Lib.dll

MOD - [2009/11/02 23:04:04 | 000,008,192 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\StatusInterfaces\1.6.320.13949__4ca2a925deedf37d\StatusInterfaces.dll

MOD - [2009/06/03 13:07:50 | 000,010,752 | ---- | M] () -- C:\WINDOWS\system32\Wavx_ESC_Logging.dll

MOD - [2009/05/18 09:34:04 | 000,249,856 | ---- | M] () -- C:\WINDOWS\system32\wxvault.dll

MOD - [2009/02/26 14:46:56 | 000,064,344 | ---- | M] () -- C:\Program Files\Microsoft Office\Office12\ADDINS\ColleagueImport.dll

MOD - [2008/11/12 14:24:40 | 000,004,608 | ---- | M] () -- C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\TspPopup_ENU.dll

MOD - [2008/10/02 11:59:30 | 000,200,704 | ---- | M] () -- c:\Program Files\Intel\WiFi\bin\iWMSProv.dll

MOD - [2008/01/11 18:50:32 | 000,529,512 | ---- | M] () -- C:\Program Files\Microsoft Small Business\Business Contact Manager\en-US\BCMRes.resources.dll

========== Win32 Services (SafeList) ==========

SRV - [2012/04/13 13:56:07 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012/04/13 07:59:46 | 000,409,232 | ---- | M] () [Auto | Running] -- C:\Program Files\Comodo\Dragon\dragon_updater.exe -- (DragonUpdater)

SRV - [2012/03/11 21:13:22 | 001,983,232 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\Comodo\COMODO Internet Security\cmdagent.exe -- (cmdAgent)

SRV - [2012/01/20 10:44:35 | 000,161,664 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)

SRV - [2011/08/11 18:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)

SRV - [2011/03/01 11:09:14 | 000,161,144 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist Express Customer\274\g2ax_service.exe -- (GoToAssist Express Customer)

SRV - [2010/06/28 10:17:16 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)

SRV - [2010/06/28 10:17:16 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)

SRV - [2010/06/28 10:16:44 | 001,881,368 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)

SRV - [2010/06/28 10:16:40 | 000,349,512 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -- (SNAC)

SRV - [2010/06/28 10:16:39 | 001,831,024 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)

SRV - [2010/02/17 10:53:18 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)

SRV - [2009/11/02 23:10:36 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2009/08/19 10:09:40 | 000,451,904 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe -- (FlipShare Service)

SRV - [2009/07/16 13:04:56 | 000,376,096 | ---- | M] (Dell Inc.) [Auto | Running] -- c:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe -- (dcpsysmgrsvc)

SRV - [2009/06/11 19:43:08 | 001,622,016 | ---- | M] (Wave Systems Corp.) [Auto | Running] -- C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe -- (TdmService)

SRV - [2009/06/03 13:15:24 | 001,019,904 | ---- | M] (Wave Systems Corp.) [On_Demand | Stopped] -- C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe -- (SecureStorageService)

SRV - [2009/05/15 18:33:40 | 001,803,512 | ---- | M] (AuthenTec, Inc.) [Auto | Running] -- C:\Program Files\Fingerprint Sensor\AtService.exe -- (ATService)

SRV - [2009/04/27 14:40:26 | 000,293,968 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe -- (buttonsvc32)

SRV - [2009/03/16 20:57:26 | 000,254,034 | ---- | M] (IDT, Inc.) [Auto | Running] -- c:\drivers\audio\R213367\stacsv.exe -- (STacSV)

SRV - [2009/02/11 18:38:40 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®

SRV - [2008/12/16 22:59:50 | 000,150,040 | ---- | M] (Logitech Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)

SRV - [2008/11/12 14:25:48 | 001,273,856 | ---- | M] () [Auto | Stopped] -- C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe -- (tcsd_win32.exe)

SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Disabled | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)

SRV - [2008/10/02 12:26:42 | 000,860,160 | ---- | M] (Intel® Corporation) [Auto | Running] -- c:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)

SRV - [2008/10/02 12:06:56 | 000,905,216 | ---- | M] (Intel® Corporation) [Auto | Running] -- c:\Program Files\Intel\WiFi\bin\S24EvMon.exe -- (S24EventMonitor)

SRV - [2008/10/02 11:56:44 | 000,466,944 | ---- | M] (Intel® Corporation) [Auto | Running] -- c:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)

SRV - [2008/01/11 18:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)

DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\NvtSp50.sys -- (NvtSp50)

DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)

DRV - File not found [Kernel | System | Stopped] -- -- (Changer)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\BHERSH~1.CSC\LOCALS~1\Temp\catchme.sys -- (catchme)

DRV - [2012/04/23 08:51:05 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20120426.032\NAVEX15.SYS -- (NAVEX15)

DRV - [2012/04/23 08:51:05 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20120426.032\NAVENG.SYS -- (NAVENG)

DRV - [2012/03/11 21:13:48 | 000,097,760 | ---- | M] (COMODO) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\inspect.sys -- (Inspect)

DRV - [2012/03/11 21:13:46 | 000,494,968 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\cmdGuard.sys -- (cmdGuard)

DRV - [2012/03/11 21:13:46 | 000,031,704 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cmdhlp.sys -- (cmdHlp)

DRV - [2012/02/21 09:48:17 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)

DRV - [2012/02/21 09:48:17 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)

DRV - [2011/07/22 11:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)

DRV - [2011/07/12 16:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)

DRV - [2010/06/28 10:21:02 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)

DRV - [2010/06/28 10:17:18 | 000,320,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\srtspl.sys -- (SRTSPL)

DRV - [2010/06/28 10:17:18 | 000,283,184 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\srtsp.sys -- (SRTSP)

DRV - [2010/06/28 10:17:18 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srtspx.sys -- (SRTSPX)

DRV - [2010/06/28 10:16:28 | 000,421,424 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)

DRV - [2009/10/28 11:52:14 | 000,023,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\COH_Mon.sys -- (COH_Mon)

DRV - [2009/06/12 16:51:00 | 000,208,824 | ---- | M] (Wave Systems Corp.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\WavxDMgr.sys -- (WavxDMgr)

DRV - [2009/04/02 23:25:50 | 000,048,128 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)

DRV - [2009/03/31 23:22:34 | 000,187,392 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)

DRV - [2009/03/24 16:33:38 | 000,232,744 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SRS_PremiumSound_i386.sys -- (SRS_PremiumSound_Service)

DRV - [2009/03/16 20:57:30 | 001,545,795 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)

DRV - [2009/03/16 20:57:12 | 000,112,512 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AESTAud.sys -- (AESTAud)

DRV - [2009/02/26 16:08:52 | 000,109,568 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®

DRV - [2009/02/22 16:51:20 | 000,170,032 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)

DRV - [2008/12/17 01:02:08 | 000,023,832 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)

DRV - [2008/12/17 01:01:44 | 006,364,440 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) Logitech QuickCam Pro 9000(UVC)

DRV - [2008/12/17 01:01:22 | 000,041,752 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)

DRV - [2008/12/17 01:00:14 | 000,768,024 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)

DRV - [2008/12/16 22:58:54 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)

DRV - [2008/10/28 16:39:44 | 000,089,600 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\baspxp32.sys -- (Blfp)

DRV - [2008/09/25 08:22:02 | 003,634,688 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) Intel®

DRV - [2008/08/04 12:32:26 | 000,011,904 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)

DRV - [2008/07/10 02:49:14 | 000,242,712 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\RsFx0102.sys -- (RsFx0102)

DRV - [2008/06/04 15:14:00 | 000,026,608 | ---- | M] (Dell Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PBADRV.sys -- (PBADRV)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://g.msn.com/USREL/1

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://g.msn.com/USREL/1

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USREL/1

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USREL/1

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2719337179-821044013-2112406857-1012\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USREL/1

IE - HKU\S-1-5-21-2719337179-821044013-2112406857-1012\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/sphome.aspx

IE - HKU\S-1-5-21-2719337179-821044013-2112406857-1012\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.live.com

IE - HKU\S-1-5-21-2719337179-821044013-2112406857-1012\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USREL/1

IE - HKU\S-1-5-21-2719337179-821044013-2112406857-1012\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-2719337179-821044013-2112406857-1012\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC

IE - HKU\S-1-5-21-2719337179-821044013-2112406857-1012\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-453876738-3065766259-2469240769-1116\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

IE - HKU\S-1-5-21-453876738-3065766259-2469240769-1116\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-453876738-3065766259-2469240769-1116\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKU\S-1-5-21-453876738-3065766259-2469240769-1116\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.update: false

FF - prefs.js..browser.startup.homepage: "www.google.com"

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23

FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.5

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: testpilot@labs.mozilla.com:1.1.3

FF - prefs.js..extensions.enabledItems: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.15.1

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.9

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.2.1: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.2.1: C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\new_plugin\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files\Virtual Earth 3D\ [2009/11/23 18:10:38 | 000,000,000 | ---D | M]

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\bhershberger\Application Data\Move Networks\plugins\npqmp071705000014.dll File not found

FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.775: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.775: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=1.0.0.0: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.775: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/07/20 13:52:41 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/20 08:37:34 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/04/18 08:46:14 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{70C385F0-8E41-11E1-826D-B8AC6F996F26}: C:\Documents and Settings\bhershberger.CSC\Local Settings\Application Data\{70C385F0-8E41-11E1-826D-B8AC6F996F26}\ [2012/04/24 14:07:46 | 000,000,000 | ---D | M]

[2011/02/04 09:50:21 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\bhershberger.CSC\Application Data\Mozilla\Extensions

[2012/04/27 10:18:33 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\bhershberger.CSC\Application Data\Mozilla\Firefox\Profiles\kmptt6fy.default\extensions

[2011/03/03 13:25:57 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\bhershberger.CSC\Application Data\Mozilla\Firefox\Profiles\kmptt6fy.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2011/09/22 08:52:28 | 000,000,000 | ---D | M] (Flashblock) -- C:\Documents and Settings\bhershberger.CSC\Application Data\Mozilla\Firefox\Profiles\kmptt6fy.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}

[2012/03/05 12:41:17 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\bhershberger.CSC\Application Data\Mozilla\Firefox\Profiles\kmptt6fy.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}

[2012/02/15 09:17:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

() (No name found) -- C:\DOCUMENTS AND SETTINGS\BHERSHBERGER.CSC\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMPTT6FY.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI

() (No name found) -- C:\DOCUMENTS AND SETTINGS\BHERSHBERGER.CSC\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMPTT6FY.DEFAULT\EXTENSIONS\BROWSERPROTECT@BROWSERPROTECT.COM.XPI

[2012/04/24 14:07:46 | 000,000,000 | ---D | M] (Mozilla Safe Browsing) -- C:\DOCUMENTS AND SETTINGS\BHERSHBERGER.CSC\LOCAL SETTINGS\APPLICATION DATA\{70C385F0-8E41-11E1-826D-B8AC6F996F26}

[2012/03/20 08:37:33 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2012/01/09 09:40:59 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2012/01/09 09:40:59 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/04/26 09:05:50 | 000,000,021 | RHS- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.

O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)

O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.

O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKU\S-1-5-21-2719337179-821044013-2112406857-1012\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.

O3 - HKU\S-1-5-21-2719337179-821044013-2112406857-1012\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKU\S-1-5-21-453876738-3065766259-2469240769-1116\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.

O3 - HKU\S-1-5-21-453876738-3065766259-2469240769-1116\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [AESTFltr] C:\WINDOWS\System32\AESTFltr.exe (Andrea Electronics Corporation)

O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)

O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)

O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)

O4 - HKLM..\Run: [DellControlPoint] c:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe (Dell Inc.)

O4 - HKLM..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)

O4 - HKLM..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)

O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)

O4 - HKLM..\Run: [uSCService] C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe (Broadcom Corporation)

O4 - HKLM..\Run: [WavXMgr] C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe (Wave Systems Corp.)

O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)

O4 - HKU\S-1-5-21-2719337179-821044013-2112406857-1012..\Run: [skype] rundll32.exe "C:\Documents and Settings\bhershberger.CSC\Local Settings\Application Data\Skype\bbtpezrp.dll",DllMain File not found

O4 - HKU\S-1-5-21-453876738-3065766259-2469240769-1116..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)

O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)

O4 - HKU\S-1-5-18..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-2719337179-821044013-2112406857-1012\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-2719337179-821044013-2112406857-1012\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-453876738-3065766259-2469240769-1116\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-453876738-3065766259-2469240769-1116\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-21-453876738-3065766259-2469240769-1116\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-21-453876738-3065766259-2469240769-1116\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)

O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} http://srtest-cdn.systemrequirementslab.com.s3.amazonaws.com/bin/sysreqlabdetect.cab (Reg Error: Key error.)

O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bitdefender.com/qsax/qsax.cab (Bitdefender QuickScan Control)

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (Symantec RuFSI Utility Class)

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1259696327182 (MUWebControl Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)

O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.7.0_02)

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://zone.msn.com/bingame/popcaploader_v10.cab (PopCapLoader Object)

O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://zmfs.webex.com/client/T27L/sales/ieatgpc.cab (GpcContainer Class)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.100.200

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = csc.server.local

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{211DBFCA-464A-43D9-B010-4F99BC718F5D}: DhcpNameServer = 10.1.100.200

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A7541705-6C9B-4A97-BD45-A8B23253D65D}: DhcpNameServer = 192.168.0.1

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O20 - AppInit_DLLs: (C:\WINDOWS\system32\guard32.dll) - C:\WINDOWS\system32\guard32.dll (COMODO)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)

O20 - Winlogon\Notify\GoToAssist Express Customer: DllName - (C:\Program Files\Citrix\GoToAssist Express Customer\274\g2ax_winlogon.dll) - C:\Program Files\Citrix\GoToAssist Express Customer\274\g2ax_winlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)

O24 - Desktop WallPaper: C:\Documents and Settings\bhershberger.CSC\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\bhershberger.CSC\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)

O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)

O30 - LSA: Authentication Packages - (wvauth) - C:\WINDOWS\System32\wvauth.dll (Wave Systems Corp.)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2008/04/25 16:29:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2011/08/31 11:40:37 | 000,000,750 | RHS- | M] () - X:\autorun.inf2 -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/04/27 11:15:32 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\bhershberger.CSC\Desktop\OTL(1).exe

[2012/04/27 09:01:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bhershberger.CSC\Application Data\WinPatrol

[2012/04/27 09:01:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinPatrol

[2012/04/27 09:01:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\InstallMate

[2012/04/27 09:01:35 | 000,000,000 | ---D | C] -- C:\Program Files\BillP Studios

[2012/04/27 08:41:10 | 000,000,000 | ---D | C] -- C:\Program Files\ESET

[2012/04/27 08:39:47 | 002,322,184 | ---- | C] (ESET) -- C:\Documents and Settings\bhershberger.CSC\Desktop\esetsmartinstaller_enu.exe

[2012/04/26 10:38:58 | 000,000,000 | -HSD | C] -- C:\RECYCLER

[2012/04/26 09:53:53 | 000,000,000 | --SD | C] -- C:\ComboFix

[2012/04/26 07:34:36 | 000,106,928 | ---- | C] (GEAR Software Inc.) -- C:\WINDOWS\System32\GEARAspi.dll

[2012/04/26 07:34:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NBRTWizard

[2012/04/26 07:34:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NBRTWizard\0405000.022

[2012/04/26 07:34:16 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Bootable Recovery Tool Wizard

[2012/04/26 07:34:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Norton Bootable Recovery Tool Wizard

[2012/04/26 07:33:17 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller

[2012/04/26 07:33:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller

[2012/04/26 07:28:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bhershberger.CSC\Start Menu\Programs\Norton

[2012/04/26 07:28:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Norton

[2012/04/26 07:19:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bhershberger.CSC\Application Data\FixZeroAccess

[2012/04/25 19:13:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bhershberger.CSC\Application Data\QuickScan

[2012/04/25 18:49:33 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro

[2012/04/25 18:49:33 | 000,000,000 | ---D | C] -- C:\rsit

[2012/04/25 18:46:46 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT

[2012/04/25 18:46:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT

[2012/04/25 17:46:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp

[2012/04/25 17:12:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bhershberger.CSC\Application Data\Anvisoft

[2012/04/25 17:08:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bhershberger.CSC\Start Menu\Programs\Anvisoft

[2012/04/25 17:07:45 | 000,000,000 | ---D | C] -- C:\Program Files\Anvisoft

[2012/04/25 10:11:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\COMODO

[2012/04/25 09:42:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bhershberger.CSC\Application Data\SUPERAntiSpyware.com

[2012/04/25 09:42:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware

[2012/04/25 09:42:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com

[2012/04/25 09:42:15 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware

[2012/04/24 19:30:58 | 000,000,000 | RHSD | C] -- C:\cmdcons

[2012/04/24 19:24:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT

[2012/04/24 19:20:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\setup.pss

[2012/04/24 19:20:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\setupupd

[2012/04/24 19:06:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\CPA_VA

[2012/04/24 19:04:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\COMODO

[2012/04/24 18:59:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Comodo

[2012/04/24 18:59:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Comodo

[2012/04/24 18:59:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bhershberger.CSC\Local Settings\Application Data\COMODO

[2012/04/24 18:59:02 | 000,042,760 | ---- | C] (COMODO CA Limited) -- C:\WINDOWS\System32\certsentry.dll

[2012/04/24 18:58:56 | 000,000,000 | ---D | C] -- C:\Program Files\Comodo

[2012/04/24 18:51:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SpywareBlaster

[2012/04/24 18:51:10 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster

[2012/04/24 14:07:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bhershberger.CSC\Local Settings\Application Data\{70C385F0-8E41-11E1-826D-B8AC6F996F26}

[2012/04/19 15:44:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bhershberger.CSC\Desktop\2012_03

[2012/04/18 08:49:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office Live Add-in

[2012/04/13 17:26:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bhershberger.CSC\Desktop\MarionNationalBank

[2012/04/13 12:56:05 | 004,139,680 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerInstaller.exe

[2012/04/11 19:26:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bhershberger.CSC\Application Data\com.digitaldm.editions.10016940

[2012/04/11 19:26:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Digital Editions

[2012/04/11 19:26:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR

[2012/04/11 19:26:19 | 000,000,000 | ---D | C] -- C:\Program Files\DigitalDM

[2012/04/04 09:08:24 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe

[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/04/27 11:15:39 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\bhershberger.CSC\Desktop\OTL(1).exe

[2012/04/27 11:08:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA1cc08f6ec402688.job

[2012/04/27 10:56:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job

[2012/04/27 09:51:47 | 000,000,300 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-453876738-3065766259-2469240769-1116.job

[2012/04/27 09:51:47 | 000,000,292 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-453876738-3065766259-2469240769-1116.job

[2012/04/27 08:39:51 | 002,322,184 | ---- | M] (ESET) -- C:\Documents and Settings\bhershberger.CSC\Desktop\esetsmartinstaller_enu.exe

[2012/04/27 08:31:27 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2012/04/27 08:31:15 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\bhershberger.CSC\Local Settings\Application Data\WavXMapDrive.bat

[2012/04/27 08:30:31 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cc08f6ec31d842.job

[2012/04/27 08:30:31 | 000,000,292 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-823518204-1770027372-839522115-3159.job

[2012/04/27 08:30:31 | 000,000,292 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2719337179-821044013-2112406857-1012.job

[2012/04/27 08:29:57 | 000,001,024 | ---- | M] () -- C:\.rnd

[2012/04/27 08:29:51 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2012/04/27 08:29:30 | 3711,082,496 | -HS- | M] () -- C:\hiberfil.sys

[2012/04/26 09:05:50 | 000,000,021 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2012/04/26 07:29:01 | 000,001,042 | ---- | M] () -- C:\Documents and Settings\bhershberger.CSC\Desktop\Norton Installation Files.lnk

[2012/04/25 21:43:10 | 000,000,327 | RHS- | M] () -- C:\boot.ini

[2012/04/25 21:37:23 | 000,581,842 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2012/04/25 21:37:23 | 000,124,438 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2012/04/25 18:46:46 | 000,000,594 | ---- | M] () -- C:\Documents and Settings\bhershberger.CSC\Desktop\ERUNT.lnk

[2012/04/24 19:20:46 | 000,000,282 | ---- | M] () -- C:\Boot.bak

[2012/04/24 18:59:02 | 000,042,760 | ---- | M] (COMODO CA Limited) -- C:\WINDOWS\System32\certsentry.dll

[2012/04/24 18:04:22 | 000,001,919 | ---- | M] () -- C:\WINDOWS\epplauncher.mif

[2012/04/23 10:37:46 | 000,001,732 | -H-- | M] () -- C:\Documents and Settings\bhershberger.CSC\My Documents\Default.rdp

[2012/04/13 13:56:07 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe

[2012/04/13 13:56:07 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl

[2012/04/13 13:56:05 | 004,139,680 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerInstaller.exe

[2012/04/11 15:00:48 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2012/04/10 16:53:05 | 000,269,617 | ---- | M] () -- C:\Documents and Settings\bhershberger.CSC\Desktop\BAF Feb Mar 2008 Risky Business.pdf

[2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2012/04/03 09:49:21 | 000,996,678 | ---- | M] () -- C:\Documents and Settings\bhershberger.CSC\Desktop\keen-steve-berlin-paper.pdf

[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/04/27 08:29:57 | 000,001,024 | ---- | C] () -- C:\.rnd

[2012/04/26 07:34:19 | 000,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\NBRTWizard\0405000.022\isolate.ini

[2012/04/26 07:28:59 | 000,001,042 | ---- | C] () -- C:\Documents and Settings\bhershberger.CSC\Desktop\Norton Installation Files.lnk

[2012/04/25 18:46:46 | 000,000,594 | ---- | C] () -- C:\Documents and Settings\bhershberger.CSC\Desktop\ERUNT.lnk

[2012/04/25 18:12:44 | 3711,082,496 | -HS- | C] () -- C:\hiberfil.sys

[2012/04/24 19:20:45 | 000,000,282 | ---- | C] () -- C:\Boot.bak

[2012/04/24 19:20:44 | 000,260,288 | RHS- | C] () -- C:\cmldr

[2012/04/24 18:04:22 | 000,001,919 | ---- | C] () -- C:\WINDOWS\epplauncher.mif

[2012/04/10 16:53:05 | 000,269,617 | ---- | C] () -- C:\Documents and Settings\bhershberger.CSC\Desktop\BAF Feb Mar 2008 Risky Business.pdf

[2012/04/04 09:08:25 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job

[2012/04/03 09:49:21 | 000,996,678 | ---- | C] () -- C:\Documents and Settings\bhershberger.CSC\Desktop\keen-steve-berlin-paper.pdf

[2012/02/15 16:10:56 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll

[2011/03/24 16:59:54 | 000,159,680 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat

[2011/02/28 21:43:22 | 000,011,264 | ---- | C] () -- C:\WINDOWS\System32\KOAZCS_L.DLL

[2011/02/28 21:37:18 | 000,011,264 | ---- | C] () -- C:\WINDOWS\System32\KOAZCA_L.DLL

[2011/02/23 17:03:43 | 000,005,632 | ---- | C] () -- C:\Documents and Settings\bhershberger.CSC\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011/02/21 10:48:53 | 000,000,139 | ---- | C] () -- C:\Documents and Settings\bhershberger.CSC\Local Settings\Application Data\fusioncache.dat

[2011/01/30 21:12:16 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\bhershberger.CSC\Local Settings\Application Data\WavXMapDrive.bat

[2010/08/31 15:51:55 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI

[2010/06/24 14:17:30 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

< End of report >

brianh9999 · April 27, 2012

Extras log....

OTL Extras logfile created on: 4/27/2012 11:16:58 AM - Run 1