Jump to content

hello all..newbie with strange bug

kjhabit
 Share

Recommended Posts

kjhabit

kjhabit

Posted
Posted

could be a reminant of the scvhost virus I had a while back...I recently noticed unusual computer activity,so I had to shut down group policy which was not supposed to be running anyway on win 7 home premium..and stop remote access service,which kept starting back up resstarts. then early this week i stumble on the scvhost virus and removed it(hopefully)..ran malwarebytes to double check things and there were a few issues that it fixed..but strange ports open in tcpview and i am alomost to the point where i should role back to an acronis image from a couple months ago and go from there..thanks any help would be appreciated...kjh!

had o rename and use basic upload to post these logs

dds1.txt

ddsattach.txt

Link to post
Share on other sites
Maurice Naggar

Maurice Naggar

Posted
Posted

Hello kjhabit,

First, remove (uninstall) BitTorrent and any other 'torrent or peer-to-peer filesharing program.

Confirm having done so.

all peer-to-peer have to be removed before we continue forward.

filesharing/downloading from unknown sources is one of the leading causes of transmission of malware.

Risks of File-Sharing Technology.

P2P file sharing: Know the risks

Link to post
Share on other sites
Maurice Naggar

Maurice Naggar

Posted
Posted

Hi,

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

Next, download my Security Check from here .

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

Link to post
Share on other sites
kjhabit

kjhabit

Posted
  • Author
Posted (edited)

ok thanks here are the txt files...also there is a HKCR entry in reg that ccleaner cannot remove and I cannot take ownership over the objet to remove it.

Unused File Extension NortonAntiVirus.OfficeAntiVirus.1 HKCR\NortonAntiVirus.OfficeAntiVirus.1

ESET log

C:\Users\owner\Desktop\cellphone forensics\cnet2_ds-demo_exe.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined

C:\Users\owner\Desktop\MY MRI\nettyPE_2011_11_07.zip Win32/HideRun.A application deleted - quarantined

Results of screen317's Security Check version 0.99.43

Windows 7 Service Pack 1 x64 (UAC is enabled)

Internet Explorer 9

``````````````Antivirus/Firewall Check:``````````````

Windows Security Center service is not running! This report may not be accurate!

Norton Internet Security

WMI entry may not exist for antivirus; attempting automatic update.

`````````Anti-malware/Other Utilities Check:`````````

Malwarebytes Anti-Malware version 1.62.0.1300

nCleaner second 2.3.4.0

Java 6 Update 30

Java version out of Date!

Adobe Reader X (10.1.3)

Mozilla Firefox (14.0.1)

````````Process Check: objlist.exe by Laurent````````

Norton ccSvcHst.exe

Malwarebytes Anti-Malware mbamservice.exe

Malwarebytes Anti-Malware mbamgui.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 1%

````````````````````End of Log``````````````````````

Edited by Maurice Naggar
Logs placed In-line
Link to post
Share on other sites
Maurice Naggar

Maurice Naggar

Posted
Posted

Do not use ccleaner, nor ncleaner, or any other registry "cleaner" or "tweaker".

Registry "cleaners" can often do more harm than good, especially if one is unfamiliar with the full consequences.

Step 1

1. Go >> Here << and download ERUNT

(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)

2. Install ERUNT by following the prompts

(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)

3. Start ERUNT

(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)

4. Choose a location for the backup

(the default location is C:\WINDOWS\ERDNT which is acceptable).

5. Make sure that at least the first two check boxes are ticked

6. Press OK

7. Press YES to create the folder.

Step 2

To show all files:

  • Go to your Desktop
  • Double-Click the Computer icon.
  • From the menu options, Select Tools, then Folder Options.
  • Next click the View tab.
  • Locate and uncheck Hide file extensions for known file types.
  • Locate and uncheck Hide protected operating system files (Recommended).
  • Locate and click Show hidden files and folders and drives.
  • Click Apply > OK.

Step 3

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

Download aswMBR.exe ( 511KB ) to your desktop.

On Windows 7 or Vista, RIGHT click on aswMBR.exe and select Run As Administrator to start.

On Windows XP, double click the exe to start.

change the a-v scan to None.

uncheck trace disk IO calls

Click the "Scan" button to start scan

On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply

Do not use any FIX button. This is just initial run.

Step 4

Please read carefully and follow these steps.

  • Delete the prior copies of TDSSKILLER.zip & TDSSKILLER.exe that you may have.
  • Download TDSSKiller and save it to your Desktop.
  • If on Windows 7 or Vista, RIGHT-Click on TDSSKiller.exe and select Run As Administrator to run the application.
    If on Windows XP, double-click to start.
  • Click on "Change parameters" and place a checkmark next to Verify Driver Digital Signature and Detect TDLFS file system, then click OK
  • Then press Start Scan

When the scan is done, it will display a summary screen.

  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Do not use any FIX button. This is just initial run.

Step 5

RE-Enable your antivirus program. :excl:

Download OTL by OldTimer to your desktop: http://oldtimer.geekstogo.com/OTL.exe

  • Close all open windows on the Task Bar. Click the icon (for Vista, or Windows 7 Right click the icon and Run as Administrator) to start the program.
  • In the lower right corner, checkmark "LOP Check" and checkmark "Purity Check".
  • Now click Run Scan at Top left and let the program run uninterrupted. It will take about 4 minutes.
  • It will produce two logs for you, one will pop up called OTL.txt, the other will be saved on your desktop and called Extras.txt.
  • Exit Notepad. Remember where you've saved these 2 files as we will need both of them shortly!
  • Exit OTL by clicking the X at top right.

Then copy/paste the following into your post (in order):

  • the contents of aswMBR report;
  • the contents of TDSSKILLER log;
  • the contents of OTL.txt;
  • the contents of Extras.txt

Be sure to do a Preview prior to pressing Submit because all reports may not fit into 1 single reply. You may have to do more than 1 reply.

Do not use the attachment feature to place any of your reports. Always put them in-line inside the body of reply.

Link to post
Share on other sites
kjhabit

kjhabit

Posted
  • Author
Posted

here is aswMBR with no fix button enabled:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software

Run date: 2012-08-05 12:11:22

-----------------------------

12:11:22.162 OS Version: Windows x64 6.1.7601 Service Pack 1

12:11:22.162 Number of processors: 2 586 0x4B02

12:11:22.162 ComputerName: OWNER-PC UserName: owner

12:11:23.363 Initialize success

12:12:15.548 AVAST engine defs: 12080500

12:12:28.823 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000070

12:12:28.823 Disk 0 Vendor: SAMSUNG_ VT10 Size: 238475MB BusType: 6

12:12:28.823 Disk 0 MBR read successfully

12:12:28.839 Disk 0 MBR scan

12:12:28.839 Disk 0 Windows 7 default MBR code

12:12:28.855 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048

12:12:28.870 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 212456 MB offset 206848

12:12:28.886 Disk 0 scanning C:\Windows\system32\drivers

12:12:40.648 Service scanning

12:13:05.951 Modules scanning

12:13:05.967 Scan finished successfully

12:13:14.313 Disk 0 MBR has been saved successfully to "C:\Users\owner\Desktop\MBR.dat"

12:13:14.313 The log file has been saved successfully to "C:\Users\owner\Desktop\aswMBR.txt"

tdsskiller:

12:17:59.0354 3044 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32

12:17:59.0620 3044 ============================================================

12:17:59.0620 3044 Current date / time: 2012/08/05 12:17:59.0620

12:17:59.0620 3044 SystemInfo:

12:17:59.0620 3044

12:17:59.0620 3044 OS Version: 6.1.7601 ServicePack: 1.0

12:17:59.0620 3044 Product type: Workstation

12:17:59.0620 3044 ComputerName: OWNER-PC

12:17:59.0620 3044 UserName: owner

12:17:59.0620 3044 Windows directory: C:\Windows

12:17:59.0620 3044 System windows directory: C:\Windows

12:17:59.0620 3044 Running under WOW64

12:17:59.0620 3044 Processor architecture: Intel x64

12:17:59.0620 3044 Number of processors: 2

12:17:59.0620 3044 Page size: 0x1000

12:17:59.0620 3044 Boot type: Normal boot

12:17:59.0620 3044 ============================================================

12:18:00.0134 3044 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x7E2D, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040

12:18:00.0166 3044 ============================================================

12:18:00.0166 3044 \Device\Harddisk0\DR0:

12:18:00.0166 3044 MBR partitions:

12:18:00.0166 3044 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000

12:18:00.0166 3044 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x19EF4000

12:18:00.0166 3044 ============================================================

12:18:00.0197 3044 C: <-> \Device\Harddisk0\DR0\Partition1

12:18:00.0197 3044 ============================================================

12:18:00.0197 3044 Initialize success

12:18:00.0197 3044 ============================================================

12:19:40.0832 2080 ============================================================

12:19:40.0832 2080 Scan started

12:19:40.0832 2080 Mode: Manual; SigCheck; TDLFS;

12:19:40.0832 2080 ============================================================

12:19:41.0410 2080 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys

12:19:41.0550 2080 1394ohci - ok

12:19:41.0628 2080 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

12:19:41.0644 2080 ACPI - ok

12:19:41.0690 2080 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

12:19:41.0784 2080 AcpiPmi - ok

12:19:41.0924 2080 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

12:19:41.0956 2080 AdobeARMservice - ok

12:19:42.0112 2080 AdobeFlashPlayerUpdateSvc (6c40d5ed8951ab7b90d08af655224ee4) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

12:19:42.0127 2080 AdobeFlashPlayerUpdateSvc - ok

12:19:42.0221 2080 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys

12:19:42.0252 2080 adp94xx - ok

12:19:42.0314 2080 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys

12:19:42.0361 2080 adpahci - ok

12:19:42.0392 2080 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys

12:19:42.0424 2080 adpu320 - ok

12:19:42.0470 2080 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll

12:19:42.0626 2080 AeLookupSvc - ok

12:19:42.0704 2080 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys

12:19:42.0767 2080 AFD - ok

12:19:42.0829 2080 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

12:19:42.0860 2080 agp440 - ok

12:19:42.0892 2080 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe

12:19:42.0970 2080 ALG - ok

12:19:43.0001 2080 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

12:19:43.0016 2080 aliide - ok

12:19:43.0048 2080 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

12:19:43.0063 2080 amdide - ok

12:19:43.0126 2080 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys

12:19:43.0172 2080 AmdK8 - ok

12:19:43.0204 2080 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

12:19:43.0235 2080 AmdPPM - ok

12:19:43.0282 2080 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys

12:19:43.0297 2080 amdsata - ok

12:19:43.0328 2080 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys

12:19:43.0344 2080 amdsbs - ok

12:19:43.0360 2080 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys

12:19:43.0375 2080 amdxata - ok

12:19:43.0406 2080 Andbus - ok

12:19:43.0406 2080 AndDiag - ok

12:19:43.0422 2080 AndGps - ok

12:19:43.0438 2080 ANDModem - ok

12:19:43.0500 2080 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

12:19:43.0562 2080 AppID - ok

12:19:43.0594 2080 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll

12:19:43.0687 2080 AppIDSvc - ok

12:19:43.0750 2080 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll

12:19:43.0859 2080 Appinfo - ok

12:19:43.0984 2080 Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

12:19:43.0999 2080 Apple Mobile Device - ok

12:19:44.0046 2080 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys

12:19:44.0077 2080 arc - ok

12:19:44.0093 2080 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys

12:19:44.0108 2080 arcsas - ok

12:19:44.0140 2080 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

12:19:44.0249 2080 AsyncMac - ok

12:19:44.0296 2080 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

12:19:44.0311 2080 atapi - ok

12:19:44.0405 2080 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

12:19:44.0483 2080 AudioEndpointBuilder - ok

12:19:44.0498 2080 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

12:19:44.0545 2080 AudioSrv - ok

12:19:44.0608 2080 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll

12:19:44.0701 2080 AxInstSV - ok

12:19:44.0779 2080 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys

12:19:44.0826 2080 b06bdrv - ok

12:19:44.0888 2080 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

12:19:44.0935 2080 b57nd60a - ok

12:19:44.0982 2080 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll

12:19:45.0029 2080 BDESVC - ok

12:19:45.0044 2080 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

12:19:45.0107 2080 Beep - ok

12:19:45.0232 2080 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll

12:19:45.0310 2080 BFE - ok

12:19:45.0528 2080 BHDrvx64 (c8ab71a5102d0fc103f6dfc750005137) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120711.002\BHDrvx64.sys

12:19:45.0575 2080 BHDrvx64 - ok

12:19:45.0746 2080 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll

12:19:45.0840 2080 BITS - ok

12:19:45.0918 2080 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

12:19:45.0934 2080 blbdrive - ok

12:19:45.0996 2080 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys

12:19:46.0012 2080 bowser - ok

12:19:46.0058 2080 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys

12:19:46.0152 2080 BrFiltLo - ok

12:19:46.0168 2080 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys

12:19:46.0199 2080 BrFiltUp - ok

12:19:46.0230 2080 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll

12:19:46.0292 2080 Browser - ok

12:19:46.0339 2080 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

12:19:46.0402 2080 Brserid - ok

12:19:46.0417 2080 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

12:19:46.0448 2080 BrSerWdm - ok

12:19:46.0495 2080 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

12:19:46.0526 2080 BrUsbMdm - ok

12:19:46.0542 2080 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

12:19:46.0573 2080 BrUsbSer - ok

12:19:46.0589 2080 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

12:19:46.0636 2080 BTHMODEM - ok

12:19:46.0682 2080 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll

12:19:46.0745 2080 bthserv - ok

12:19:46.0838 2080 ccSet_NIS (0e1737a63aec0f6de231bb59836c0a11) C:\Windows\system32\drivers\NISx64\1307010.005\ccSetx64.sys

12:19:46.0870 2080 ccSet_NIS - ok

12:19:46.0932 2080 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

12:19:47.0010 2080 cdfs - ok

12:19:47.0072 2080 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys

12:19:47.0104 2080 cdrom - ok

12:19:47.0150 2080 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

12:19:47.0228 2080 CertPropSvc - ok

12:19:47.0244 2080 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

12:19:47.0275 2080 circlass - ok

12:19:47.0338 2080 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

12:19:47.0353 2080 CLFS - ok

12:19:47.0431 2080 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

12:19:47.0462 2080 clr_optimization_v2.0.50727_32 - ok

12:19:47.0509 2080 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

12:19:47.0540 2080 clr_optimization_v2.0.50727_64 - ok

12:19:47.0618 2080 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

12:19:47.0650 2080 clr_optimization_v4.0.30319_32 - ok

12:19:47.0681 2080 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

12:19:47.0696 2080 clr_optimization_v4.0.30319_64 - ok

12:19:47.0759 2080 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

12:19:47.0774 2080 CmBatt - ok

12:19:47.0806 2080 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

12:19:47.0821 2080 cmdide - ok

12:19:47.0884 2080 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys

12:19:47.0930 2080 CNG - ok

12:19:47.0946 2080 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

12:19:47.0962 2080 Compbatt - ok

12:19:48.0008 2080 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys

12:19:48.0040 2080 CompositeBus - ok

12:19:48.0055 2080 COMSysApp - ok

12:19:48.0086 2080 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys

12:19:48.0102 2080 crcdisk - ok

12:19:48.0164 2080 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll

12:19:48.0227 2080 CryptSvc - ok

12:19:48.0289 2080 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

12:19:48.0383 2080 DcomLaunch - ok

12:19:48.0445 2080 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll

12:19:48.0570 2080 defragsvc - ok

12:19:48.0601 2080 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys

12:19:48.0664 2080 DfsC - ok

12:19:48.0726 2080 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll

12:19:48.0804 2080 Dhcp - ok

12:19:48.0820 2080 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

12:19:48.0882 2080 discache - ok

12:19:48.0944 2080 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys

12:19:48.0960 2080 Disk - ok

12:19:49.0007 2080 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll

12:19:49.0054 2080 Dnscache - ok

12:19:49.0116 2080 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll

12:19:49.0225 2080 dot3svc - ok

12:19:49.0256 2080 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll

12:19:49.0319 2080 DPS - ok

12:19:49.0366 2080 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

12:19:49.0397 2080 drmkaud - ok

12:19:49.0490 2080 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys

12:19:49.0537 2080 DXGKrnl - ok

12:19:49.0568 2080 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll

12:19:49.0631 2080 EapHost - ok

12:19:49.0927 2080 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys

12:19:50.0021 2080 ebdrv - ok

12:19:50.0130 2080 eeCtrl (ba6420c1f7070ed8f1ba372844f3e1ec) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys

12:19:50.0146 2080 eeCtrl - ok

12:19:50.0270 2080 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe

12:19:50.0348 2080 EFS - ok

12:19:50.0442 2080 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe

12:19:50.0520 2080 ehRecvr - ok

12:19:50.0551 2080 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe

12:19:50.0598 2080 ehSched - ok

12:19:50.0707 2080 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys

12:19:50.0723 2080 elxstor - ok

12:19:50.0863 2080 EraserUtilRebootDrv (1343df3451bc0c442dc69837c6fba21b) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

12:19:50.0894 2080 EraserUtilRebootDrv - ok

12:19:50.0926 2080 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

12:19:50.0957 2080 ErrDev - ok

12:19:51.0035 2080 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll

12:19:51.0097 2080 EventSystem - ok

12:19:51.0144 2080 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

12:19:51.0206 2080 exfat - ok

12:19:51.0238 2080 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

12:19:51.0300 2080 fastfat - ok

12:19:51.0394 2080 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe

12:19:51.0487 2080 Fax - ok

12:19:51.0534 2080 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

12:19:51.0581 2080 fdc - ok

12:19:51.0612 2080 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll

12:19:51.0690 2080 fdPHost - ok

12:19:51.0721 2080 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll

12:19:51.0784 2080 FDResPub - ok

12:19:51.0815 2080 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

12:19:51.0830 2080 FileInfo - ok

12:19:51.0830 2080 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

12:19:51.0908 2080 Filetrace - ok

12:19:51.0924 2080 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys

12:19:51.0940 2080 flpydisk - ok

12:19:52.0018 2080 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys

12:19:52.0049 2080 FltMgr - ok

12:19:52.0174 2080 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll

12:19:52.0252 2080 FontCache - ok

12:19:52.0392 2080 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

12:19:52.0408 2080 FontCache3.0.0.0 - ok

12:19:52.0548 2080 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

12:19:52.0564 2080 FsDepends - ok

12:19:52.0595 2080 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys

12:19:52.0610 2080 Fs_Rec - ok

12:19:52.0673 2080 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys

12:19:52.0704 2080 fvevol - ok

12:19:52.0751 2080 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys

12:19:52.0766 2080 gagp30kx - ok

12:19:52.0813 2080 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

12:19:52.0829 2080 GEARAspiWDM - ok

12:19:52.0907 2080 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll

12:19:53.0000 2080 gpsvc - ok

12:19:53.0125 2080 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

12:19:53.0141 2080 gupdate - ok

12:19:53.0156 2080 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

12:19:53.0172 2080 gupdatem - ok

12:19:53.0219 2080 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

12:19:53.0266 2080 hcw85cir - ok

12:19:53.0344 2080 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys

12:19:53.0375 2080 HdAudAddService - ok

12:19:53.0422 2080 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys

12:19:53.0453 2080 HDAudBus - ok

12:19:53.0484 2080 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys

12:19:53.0515 2080 HidBatt - ok

12:19:53.0546 2080 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

12:19:53.0593 2080 HidBth - ok

12:19:53.0624 2080 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys

12:19:53.0640 2080 HidIr - ok

12:19:53.0656 2080 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll

12:19:53.0734 2080 hidserv - ok

12:19:53.0765 2080 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys

12:19:53.0780 2080 HidUsb - ok

12:19:53.0812 2080 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll

12:19:53.0874 2080 hkmsvc - ok

12:19:53.0936 2080 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll

12:19:53.0983 2080 HomeGroupListener - ok

12:19:54.0014 2080 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll

12:19:54.0046 2080 HomeGroupProvider - ok

12:19:54.0092 2080 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys

12:19:54.0108 2080 HpSAMD - ok

12:19:54.0217 2080 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys

12:19:54.0295 2080 HTTP - ok

12:19:54.0342 2080 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys

12:19:54.0342 2080 hwpolicy - ok

12:19:54.0436 2080 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys

12:19:54.0451 2080 i8042prt - ok

12:19:54.0529 2080 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys

12:19:54.0560 2080 iaStorV - ok

12:19:54.0701 2080 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

12:19:54.0748 2080 idsvc - ok

12:19:54.0888 2080 IDSVia64 (ce0bf35c79e03bb89da6b14fac838605) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120803.002\IDSvia64.sys

12:19:54.0919 2080 IDSVia64 - ok

12:19:55.0028 2080 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys

12:19:55.0044 2080 iirsp - ok

12:19:55.0122 2080 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll

12:19:55.0200 2080 IKEEXT - ok

12:19:55.0418 2080 IntcAzAudAddService (bfbabcb231628a4551dbb10d0ea25d62) C:\Windows\system32\drivers\RTKVHD64.sys

12:19:55.0481 2080 IntcAzAudAddService - ok

12:19:55.0621 2080 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

12:19:55.0637 2080 intelide - ok

12:19:55.0668 2080 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

12:19:55.0684 2080 intelppm - ok

12:19:55.0715 2080 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll

12:19:55.0793 2080 IPBusEnum - ok

12:19:55.0824 2080 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys

12:19:55.0886 2080 IpFilterDriver - ok

12:19:55.0949 2080 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll

12:19:56.0011 2080 iphlpsvc - ok

12:19:56.0042 2080 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys

12:19:56.0074 2080 IPMIDRV - ok

12:19:56.0120 2080 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

12:19:56.0183 2080 IPNAT - ok

12:19:56.0339 2080 iPod Service (a9ab99ee7d39725eafec82732d2b3271) C:\Program Files (x86)\iPod\bin\iPodService.exe

12:19:56.0386 2080 iPod Service - ok

12:19:56.0432 2080 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

12:19:56.0510 2080 IRENUM - ok

12:19:56.0573 2080 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

12:19:56.0588 2080 isapnp - ok

12:19:56.0620 2080 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\DRIVERS\msiscsi.sys

12:19:56.0651 2080 iScsiPrt - ok

12:19:56.0698 2080 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys

12:19:56.0713 2080 kbdclass - ok

12:19:56.0744 2080 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys

12:19:56.0776 2080 kbdhid - ok

12:19:56.0807 2080 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

12:19:56.0822 2080 KeyIso - ok

12:19:56.0854 2080 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys

12:19:56.0869 2080 KSecDD - ok

12:19:56.0916 2080 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys

12:19:56.0963 2080 KSecPkg - ok

12:19:57.0025 2080 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

12:19:57.0103 2080 ksthunk - ok

12:19:57.0150 2080 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll

12:19:57.0228 2080 KtmRm - ok

12:19:57.0306 2080 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll

12:19:57.0384 2080 LanmanServer - ok

12:19:57.0462 2080 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll

12:19:57.0524 2080 LanmanWorkstation - ok

12:19:57.0680 2080 LightScribeService (71c6a95a5f0ccc87298c4dd0f2c3635a) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

12:19:57.0712 2080 LightScribeService ( UnsignedFile.Multi.Generic ) - warning

12:19:57.0712 2080 LightScribeService - detected UnsignedFile.Multi.Generic (1)

12:19:57.0774 2080 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

12:19:57.0868 2080 lltdio - ok

12:19:57.0914 2080 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll

12:19:57.0977 2080 lltdsvc - ok

12:19:57.0992 2080 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll

12:19:58.0039 2080 lmhosts - ok

12:19:58.0086 2080 LMIInfo - ok

12:19:58.0117 2080 lmimirr (413ecdcfad9a82804d3674c8d7eec24e) C:\Windows\system32\DRIVERS\lmimirr.sys

12:19:58.0133 2080 lmimirr - ok

12:19:58.0148 2080 LMIRfsClientNP - ok

12:19:58.0164 2080 LMIRfsDriver - ok

12:19:58.0211 2080 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys

12:19:58.0226 2080 LSI_FC - ok

12:19:58.0242 2080 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys

12:19:58.0258 2080 LSI_SAS - ok

12:19:58.0289 2080 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys

12:19:58.0304 2080 LSI_SAS2 - ok

12:19:58.0320 2080 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys

12:19:58.0336 2080 LSI_SCSI - ok

12:19:58.0382 2080 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

12:19:58.0492 2080 luafv - ok

12:19:58.0554 2080 MBAMProtector (dc8490812a3b72811ae534f423b4c206) C:\Windows\system32\drivers\mbam.sys

12:19:58.0570 2080 MBAMProtector - ok

12:19:58.0663 2080 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

12:19:58.0694 2080 MBAMService - ok

12:19:58.0726 2080 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll

12:19:58.0757 2080 Mcx2Svc - ok

12:19:58.0788 2080 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys

12:19:58.0804 2080 megasas - ok

12:19:58.0835 2080 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys

12:19:58.0866 2080 MegaSR - ok

12:19:58.0913 2080 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

12:19:58.0975 2080 MMCSS - ok

12:19:59.0006 2080 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

12:19:59.0069 2080 Modem - ok

12:19:59.0084 2080 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

12:19:59.0116 2080 monitor - ok

12:19:59.0162 2080 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys

12:19:59.0194 2080 mouclass - ok

12:19:59.0240 2080 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

12:19:59.0287 2080 mouhid - ok

12:19:59.0334 2080 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys

12:19:59.0350 2080 mountmgr - ok

12:19:59.0459 2080 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

12:19:59.0474 2080 MozillaMaintenance - ok

12:19:59.0521 2080 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys

12:19:59.0537 2080 mpio - ok

12:19:59.0568 2080 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

12:19:59.0615 2080 mpsdrv - ok

12:19:59.0693 2080 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll

12:19:59.0771 2080 MpsSvc - ok

12:19:59.0802 2080 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys

12:19:59.0849 2080 MRxDAV - ok

12:19:59.0896 2080 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys

12:19:59.0942 2080 mrxsmb - ok

12:19:59.0989 2080 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys

12:20:00.0036 2080 mrxsmb10 - ok

12:20:00.0067 2080 mrxsmb20 (c04b3d627f12bd4574e1636dbf045635) C:\Windows\system32\DRIVERS\mrxsmb20.sys

12:20:00.0176 2080 mrxsmb20 ( UnsignedFile.Multi.Generic ) - warning

12:20:00.0176 2080 mrxsmb20 - detected UnsignedFile.Multi.Generic (1)

12:20:00.0223 2080 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys

12:20:00.0254 2080 msahci - ok

12:20:00.0301 2080 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys

12:20:00.0317 2080 msdsm - ok

12:20:00.0364 2080 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe

12:20:00.0395 2080 MSDTC - ok

12:20:00.0426 2080 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

12:20:00.0473 2080 Msfs - ok

12:20:00.0488 2080 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

12:20:00.0535 2080 mshidkmdf - ok

12:20:00.0551 2080 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

12:20:00.0566 2080 msisadrv - ok

12:20:00.0613 2080 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll

12:20:00.0676 2080 MSiSCSI - ok

12:20:00.0691 2080 msiserver - ok

12:20:00.0722 2080 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

12:20:00.0816 2080 MSKSSRV - ok

12:20:00.0832 2080 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

12:20:00.0925 2080 MSPCLOCK - ok

12:20:00.0941 2080 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

12:20:01.0003 2080 MSPQM - ok

12:20:01.0050 2080 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys

12:20:01.0081 2080 MsRPC - ok

12:20:01.0112 2080 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys

12:20:01.0128 2080 mssmbios - ok

12:20:01.0144 2080 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

12:20:01.0206 2080 MSTEE - ok

12:20:01.0222 2080 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys

12:20:01.0253 2080 MTConfig - ok

12:20:01.0300 2080 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

12:20:01.0331 2080 Mup - ok

12:20:01.0409 2080 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll

12:20:01.0487 2080 napagent - ok

12:20:01.0565 2080 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

12:20:01.0596 2080 NativeWifiP - ok

12:20:01.0783 2080 NAVENG (8043d41f881d6ace40b854ad6e32217f) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120804.009\ENG64.SYS

12:20:01.0799 2080 NAVENG - ok

12:20:02.0002 2080 NAVEX15 (9a9ab2fc45d701daed465d14980f1305) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120804.009\EX64.SYS

12:20:02.0080 2080 NAVEX15 - ok

12:20:02.0298 2080 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys

12:20:02.0345 2080 NDIS - ok

12:20:02.0392 2080 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

12:20:02.0485 2080 NdisCap - ok

12:20:02.0516 2080 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

12:20:02.0563 2080 NdisTapi - ok

12:20:02.0626 2080 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys

12:20:02.0672 2080 Ndisuio - ok

12:20:02.0719 2080 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys

12:20:02.0782 2080 NdisWan - ok

12:20:02.0813 2080 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys

12:20:02.0860 2080 NDProxy - ok

12:20:02.0906 2080 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

12:20:03.0000 2080 NetBIOS - ok

12:20:03.0047 2080 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys

12:20:03.0109 2080 NetBT - ok

12:20:03.0140 2080 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

12:20:03.0156 2080 Netlogon - ok

12:20:03.0234 2080 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll

12:20:03.0296 2080 Netman - ok

12:20:03.0359 2080 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll

12:20:03.0437 2080 netprofm - ok

12:20:03.0546 2080 netr28ux (883269c1ca478658f1334f3c39b0c7ac) C:\Windows\system32\DRIVERS\netr28ux.sys

12:20:03.0624 2080 netr28ux - ok

12:20:03.0718 2080 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

12:20:03.0733 2080 NetTcpPortSharing - ok

12:20:03.0780 2080 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys

12:20:03.0796 2080 nfrd960 - ok

12:20:03.0889 2080 NIS (c6948f034d7edabcfa2234d399fc78bc) C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe

12:20:03.0905 2080 NIS - ok

12:20:03.0983 2080 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll

12:20:04.0061 2080 NlaSvc - ok

12:20:04.0108 2080 NPF (3ceee0be85d24d911b9c02714817774c) C:\Windows\system32\drivers\npf.sys

12:20:04.0123 2080 NPF - ok

12:20:04.0154 2080 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

12:20:04.0201 2080 Npfs - ok

12:20:04.0232 2080 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll

12:20:04.0279 2080 nsi - ok

12:20:04.0310 2080 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

12:20:04.0373 2080 nsiproxy - ok

12:20:04.0529 2080 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys

12:20:04.0591 2080 Ntfs - ok

12:20:04.0716 2080 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

12:20:04.0778 2080 Null - ok

12:20:04.0841 2080 NVENETFD (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys

12:20:04.0872 2080 NVENETFD - ok

12:20:05.0777 2080 nvlddmkm (dd81fbc57ab9134cddc5ce90880bfd80) C:\Windows\system32\DRIVERS\nvlddmkm.sys

12:20:06.0182 2080 nvlddmkm - ok

12:20:06.0354 2080 NVNET (909eedcbd365bb81027d8e742e6b3416) C:\Windows\system32\DRIVERS\nvmf6264.sys

12:20:06.0401 2080 NVNET - ok

12:20:06.0463 2080 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys

12:20:06.0479 2080 nvraid - ok

12:20:06.0510 2080 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys

12:20:06.0526 2080 nvstor - ok

12:20:06.0557 2080 nvstor64 (0996a440d510904b79935a91155b0e4c) C:\Windows\system32\DRIVERS\nvstor64.sys

12:20:06.0572 2080 nvstor64 - ok

12:20:06.0588 2080 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys

12:20:06.0604 2080 nv_agp - ok

12:20:06.0744 2080 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

12:20:06.0791 2080 odserv - ok

12:20:06.0822 2080 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys

12:20:06.0853 2080 ohci1394 - ok

12:20:06.0916 2080 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

12:20:06.0931 2080 ose - ok

12:20:06.0978 2080 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

12:20:07.0040 2080 p2pimsvc - ok

12:20:07.0087 2080 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll

12:20:07.0134 2080 p2psvc - ok

12:20:07.0181 2080 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys

12:20:07.0212 2080 Parport - ok

12:20:07.0243 2080 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys

12:20:07.0259 2080 partmgr - ok

12:20:07.0274 2080 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll

12:20:07.0321 2080 PcaSvc - ok

12:20:07.0384 2080 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys

12:20:07.0399 2080 pci - ok

12:20:07.0446 2080 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

12:20:07.0446 2080 pciide - ok

12:20:07.0493 2080 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys

12:20:07.0508 2080 pcmcia - ok

12:20:07.0524 2080 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

12:20:07.0555 2080 pcw - ok

12:20:07.0618 2080 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

12:20:07.0711 2080 PEAUTH - ok

12:20:07.0789 2080 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe

12:20:07.0820 2080 PerfHost - ok

12:20:07.0945 2080 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll

12:20:08.0039 2080 pla - ok

12:20:08.0086 2080 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll

12:20:08.0148 2080 PlugPlay - ok

12:20:08.0179 2080 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll

12:20:08.0210 2080 PNRPAutoReg - ok

12:20:08.0257 2080 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

12:20:08.0288 2080 PNRPsvc - ok

12:20:08.0382 2080 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll

12:20:08.0460 2080 PolicyAgent - ok

12:20:08.0538 2080 PORTMON - ok

12:20:08.0585 2080 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll

12:20:08.0647 2080 Power - ok

12:20:08.0725 2080 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys

12:20:08.0803 2080 PptpMiniport - ok

12:20:08.0834 2080 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys

12:20:08.0866 2080 Processor - ok

12:20:08.0975 2080 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll

12:20:09.0006 2080 ProfSvc - ok

12:20:09.0053 2080 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

12:20:09.0068 2080 ProtectedStorage - ok

12:20:09.0131 2080 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys

12:20:09.0209 2080 Psched - ok

12:20:09.0256 2080 PxHlpa64 (46851bc18322da70f3f2299a1007c479) C:\Windows\system32\Drivers\PxHlpa64.sys

12:20:09.0271 2080 PxHlpa64 - ok

12:20:09.0380 2080 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys

12:20:09.0427 2080 ql2300 - ok

12:20:09.0568 2080 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys

12:20:09.0599 2080 ql40xx - ok

12:20:09.0646 2080 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll

12:20:09.0692 2080 QWAVE - ok

12:20:09.0708 2080 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

12:20:09.0739 2080 QWAVEdrv - ok

12:20:09.0755 2080 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

12:20:09.0817 2080 RasAcd - ok

12:20:09.0864 2080 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

12:20:09.0911 2080 RasAgileVpn - ok

12:20:09.0926 2080 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll

12:20:09.0989 2080 RasAuto - ok

12:20:10.0036 2080 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys

12:20:10.0129 2080 Rasl2tp - ok

12:20:10.0176 2080 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll

12:20:10.0238 2080 RasMan - ok

12:20:10.0270 2080 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

12:20:10.0316 2080 RasPppoe - ok

12:20:10.0348 2080 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

12:20:10.0410 2080 RasSstp - ok

12:20:10.0472 2080 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys

12:20:10.0566 2080 rdbss - ok

12:20:10.0597 2080 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

12:20:10.0628 2080 rdpbus - ok

12:20:10.0644 2080 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

12:20:10.0691 2080 RDPCDD - ok

12:20:10.0738 2080 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

12:20:10.0800 2080 RDPENCDD - ok

12:20:10.0816 2080 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

12:20:10.0862 2080 RDPREFMP - ok

12:20:10.0909 2080 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys

12:20:10.0940 2080 RDPWD - ok

12:20:11.0003 2080 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys

12:20:11.0034 2080 rdyboost - ok

12:20:11.0081 2080 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll

12:20:11.0159 2080 RemoteAccess - ok

12:20:11.0206 2080 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll

12:20:11.0252 2080 RemoteRegistry - ok

12:20:11.0299 2080 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll

12:20:11.0362 2080 RpcEptMapper - ok

12:20:11.0377 2080 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe

12:20:11.0393 2080 RpcLocator - ok

12:20:11.0471 2080 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

12:20:11.0549 2080 RpcSs - ok

12:20:11.0611 2080 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

12:20:11.0658 2080 rspndr - ok

12:20:11.0689 2080 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

12:20:11.0705 2080 SamSs - ok

12:20:11.0736 2080 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys

12:20:11.0752 2080 sbp2port - ok

12:20:11.0798 2080 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll

12:20:11.0861 2080 SCardSvr - ok

12:20:11.0892 2080 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys

12:20:11.0986 2080 scfilter - ok

12:20:12.0095 2080 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll

12:20:12.0173 2080 Schedule - ok

12:20:12.0220 2080 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

12:20:12.0251 2080 SCPolicySvc - ok

12:20:12.0298 2080 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll

12:20:12.0360 2080 SDRSVC - ok

12:20:12.0438 2080 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

12:20:12.0500 2080 secdrv - ok

12:20:12.0532 2080 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll

12:20:12.0578 2080 seclogon - ok

12:20:12.0610 2080 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll

12:20:12.0672 2080 SENS - ok

12:20:12.0703 2080 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll

12:20:12.0750 2080 SensrSvc - ok

12:20:12.0781 2080 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

12:20:12.0828 2080 Serenum - ok

12:20:12.0875 2080 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

12:20:12.0906 2080 Serial - ok

12:20:12.0953 2080 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys

12:20:13.0000 2080 sermouse - ok

12:20:13.0046 2080 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll

12:20:13.0109 2080 SessionEnv - ok

12:20:13.0124 2080 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys

12:20:13.0156 2080 sffdisk - ok

12:20:13.0187 2080 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

12:20:13.0218 2080 sffp_mmc - ok

12:20:13.0234 2080 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys

12:20:13.0280 2080 sffp_sd - ok

12:20:13.0312 2080 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys

12:20:13.0343 2080 sfloppy - ok

12:20:13.0405 2080 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll

12:20:13.0468 2080 SharedAccess - ok

12:20:13.0530 2080 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll

12:20:13.0608 2080 ShellHWDetection - ok

12:20:13.0639 2080 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys

12:20:13.0655 2080 SiSRaid2 - ok

12:20:13.0670 2080 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys

12:20:13.0686 2080 SiSRaid4 - ok

12:20:13.0733 2080 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

12:20:13.0842 2080 Smb - ok

12:20:13.0904 2080 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe

12:20:13.0936 2080 SNMPTRAP - ok

12:20:13.0967 2080 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

12:20:13.0982 2080 spldr - ok

12:20:14.0045 2080 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe

12:20:14.0092 2080 Spooler - ok

12:20:14.0388 2080 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe

12:20:14.0544 2080 sppsvc - ok

12:20:14.0653 2080 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll

12:20:14.0700 2080 sppuinotify - ok

12:20:14.0840 2080 sptd (602884696850c86434530790b110e8eb) C:\Windows\system32\Drivers\sptd.sys

12:20:14.0887 2080 sptd - ok

12:20:15.0028 2080 SRTSP (06b9a7ba94356ec5207c5ddb59540378) C:\Windows\System32\Drivers\NISx64\1307010.005\SRTSP64.SYS

12:20:15.0059 2080 SRTSP - ok

12:20:15.0074 2080 SRTSPX (fbb8945a61e55a2345d12487c74a9d76) C:\Windows\system32\drivers\NISx64\1307010.005\SRTSPX64.SYS

12:20:15.0074 2080 SRTSPX - ok

12:20:15.0152 2080 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys

12:20:15.0199 2080 srv - ok

12:20:15.0246 2080 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys

12:20:15.0293 2080 srv2 - ok

12:20:15.0324 2080 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys

12:20:15.0355 2080 srvnet - ok

12:20:15.0418 2080 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll

12:20:15.0496 2080 SSDPSRV - ok

12:20:15.0527 2080 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll

12:20:15.0574 2080 SstpSvc - ok

12:20:15.0605 2080 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys

12:20:15.0620 2080 stexstor - ok

12:20:15.0698 2080 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll

12:20:15.0745 2080 stisvc - ok

12:20:15.0823 2080 stllssvr (1d0063597c3666404fcf97698abeb019) C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe

12:20:15.0854 2080 stllssvr - ok

12:20:15.0886 2080 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys

12:20:15.0901 2080 swenum - ok

12:20:15.0979 2080 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll

12:20:16.0042 2080 swprv - ok

12:20:16.0166 2080 SymDS (8b2430762099598da40686f754632efd) C:\Windows\system32\drivers\NISx64\1307010.005\SYMDS64.SYS

12:20:16.0182 2080 SymDS - ok

12:20:16.0291 2080 SymEFA (f90c7a190399165d3ab2245048d34786) C:\Windows\system32\drivers\NISx64\1307010.005\SYMEFA64.SYS

12:20:16.0338 2080 SymEFA - ok

12:20:16.0369 2080 SymEvent (894579207e39c465737e850a252ce4f2) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS

12:20:16.0385 2080 SymEvent - ok

12:20:16.0447 2080 SymIM (b681d1b0f9596684225dcc9b94c6bacf) C:\Windows\system32\DRIVERS\SymIMv.sys

12:20:16.0463 2080 SymIM - ok

12:20:16.0494 2080 SymIRON (5013a76caaa1d7cf1c55214b490b4e35) C:\Windows\system32\drivers\NISx64\1307010.005\Ironx64.SYS

12:20:16.0510 2080 SymIRON - ok

12:20:16.0572 2080 SymNetS (3911bd0e68c010e5438a87706abbe9ab) C:\Windows\System32\Drivers\NISx64\1307010.005\SYMNETS.SYS

12:20:16.0603 2080 SymNetS - ok

12:20:16.0775 2080 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll

12:20:16.0868 2080 SysMain - ok

12:20:16.0993 2080 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll

12:20:17.0024 2080 TabletInputService - ok

12:20:17.0087 2080 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll

12:20:17.0165 2080 TapiSrv - ok

12:20:17.0196 2080 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll

12:20:17.0243 2080 TBS - ok

12:20:17.0461 2080 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys

12:20:17.0570 2080 Tcpip - ok

12:20:17.0820 2080 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys

12:20:17.0867 2080 TCPIP6 - ok

12:20:17.0929 2080 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys

12:20:17.0992 2080 tcpipreg - ok

12:20:18.0038 2080 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

12:20:18.0085 2080 TDPIPE - ok

12:20:18.0116 2080 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys

12:20:18.0163 2080 TDTCP - ok

12:20:18.0226 2080 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys

12:20:18.0272 2080 tdx - ok

12:20:18.0304 2080 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys

12:20:18.0319 2080 TermDD - ok

12:20:18.0397 2080 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll

12:20:18.0475 2080 TermService - ok

12:20:18.0506 2080 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll

12:20:18.0553 2080 Themes - ok

12:20:18.0569 2080 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

12:20:18.0616 2080 THREADORDER - ok

12:20:18.0678 2080 TlntSvr (519cb7d7f697f4ba47de05845c20f158) C:\Windows\System32\tlntsvr.exe

12:20:18.0725 2080 TlntSvr - ok

12:20:18.0772 2080 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll

12:20:18.0818 2080 TrkWks - ok

12:20:18.0881 2080 truecrypt (8de922cd4fea6f83b10805df965b9a08) C:\Windows\system32\drivers\truecrypt.sys

12:20:18.0896 2080 truecrypt - ok

12:20:18.0974 2080 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe

12:20:19.0021 2080 TrustedInstaller - ok

12:20:19.0068 2080 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys

12:20:19.0130 2080 tssecsrv - ok

12:20:19.0177 2080 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys

12:20:19.0224 2080 TsUsbFlt - ok

12:20:19.0302 2080 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys

12:20:19.0380 2080 tunnel - ok

12:20:19.0411 2080 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys

12:20:19.0427 2080 uagp35 - ok

12:20:19.0489 2080 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys

12:20:19.0536 2080 udfs - ok

12:20:19.0567 2080 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe

12:20:19.0598 2080 UI0Detect - ok

12:20:19.0630 2080 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys

12:20:19.0645 2080 uliagpkx - ok

12:20:19.0692 2080 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys

12:20:19.0723 2080 umbus - ok

12:20:19.0754 2080 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys

12:20:19.0786 2080 UmPass - ok

12:20:19.0817 2080 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll

12:20:19.0895 2080 upnphost - ok

12:20:19.0942 2080 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys

12:20:19.0988 2080 USBAAPL64 - ok

12:20:20.0035 2080 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys

12:20:20.0082 2080 usbccgp - ok

12:20:20.0144 2080 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys

12:20:20.0160 2080 usbcir - ok

12:20:20.0191 2080 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys

12:20:20.0222 2080 usbehci - ok

12:20:20.0269 2080 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys

12:20:20.0300 2080 usbhub - ok

12:20:20.0316 2080 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys

12:20:20.0347 2080 usbohci - ok

12:20:20.0394 2080 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

12:20:20.0425 2080 usbprint - ok

12:20:20.0456 2080 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys

12:20:20.0503 2080 usbscan - ok

12:20:20.0534 2080 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS

12:20:20.0550 2080 USBSTOR - ok

12:20:20.0581 2080 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys

12:20:20.0597 2080 usbuhci - ok

12:20:20.0644 2080 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll

12:20:20.0706 2080 UxSms - ok

12:20:20.0722 2080 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

12:20:20.0737 2080 VaultSvc - ok

12:20:20.0800 2080 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys

12:20:20.0831 2080 vdrvroot - ok

12:20:20.0893 2080 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe

12:20:20.0971 2080 vds - ok

12:20:21.0018 2080 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

12:20:21.0034 2080 vga - ok

12:20:21.0065 2080 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

12:20:21.0127 2080 VgaSave - ok

12:20:21.0174 2080 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys

12:20:21.0190 2080 vhdmp - ok

12:20:21.0221 2080 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys

12:20:21.0236 2080 viaide - ok

12:20:21.0236 2080 vmci - ok

12:20:21.0268 2080 VMnetAdapter - ok

12:20:21.0283 2080 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys

12:20:21.0314 2080 volmgr - ok

12:20:21.0361 2080 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys

12:20:21.0392 2080 volmgrx - ok

12:20:21.0439 2080 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys

12:20:21.0470 2080 volsnap - ok

12:20:21.0533 2080 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys

12:20:21.0548 2080 vsmraid - ok

12:20:21.0704 2080 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe

12:20:21.0798 2080 VSS - ok

12:20:21.0923 2080 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys

12:20:21.0970 2080 vwifibus - ok

12:20:22.0001 2080 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys

12:20:22.0032 2080 vwififlt - ok

12:20:22.0079 2080 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll

12:20:22.0126 2080 W32Time - ok

12:20:22.0157 2080 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys

12:20:22.0172 2080 WacomPen - ok

12:20:22.0235 2080 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

12:20:22.0328 2080 WANARP - ok

12:20:22.0344 2080 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

12:20:22.0375 2080 Wanarpv6 - ok

12:20:22.0500 2080 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe

12:20:22.0578 2080 wbengine - ok

12:20:22.0703 2080 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll

12:20:22.0750 2080 WbioSrvc - ok

12:20:22.0796 2080 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll

12:20:22.0843 2080 wcncsvc - ok

12:20:22.0874 2080 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll

12:20:22.0921 2080 WcsPlugInService - ok

12:20:22.0984 2080 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys

12:20:22.0999 2080 Wd - ok

12:20:23.0062 2080 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

12:20:23.0124 2080 Wdf01000 - ok

12:20:23.0140 2080 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

12:20:23.0233 2080 WdiServiceHost - ok

12:20:23.0233 2080 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

12:20:23.0264 2080 WdiSystemHost - ok

12:20:23.0296 2080 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll

12:20:23.0358 2080 WebClient - ok

12:20:23.0405 2080 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll

12:20:23.0467 2080 Wecsvc - ok

12:20:23.0498 2080 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll

12:20:23.0561 2080 wercplsupport - ok

12:20:23.0608 2080 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll

12:20:23.0654 2080 WerSvc - ok

12:20:23.0732 2080 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

12:20:23.0795 2080 WfpLwf - ok

12:20:23.0842 2080 WimFltr (52ded146e4797e6ccf94799e8e22bb2a) C:\Windows\system32\DRIVERS\wimfltr.sys

12:20:23.0873 2080 WimFltr - ok

12:20:23.0888 2080 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

12:20:23.0904 2080 WIMMount - ok

12:20:23.0935 2080 WinDefend - ok

12:20:23.0935 2080 WinHttpAutoProxySvc - ok

12:20:23.0998 2080 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll

12:20:24.0060 2080 Winmgmt - ok

12:20:24.0247 2080 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll

12:20:24.0356 2080 WinRM - ok

12:20:24.0528 2080 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys

12:20:24.0544 2080 WinUsb - ok

12:20:24.0637 2080 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll

12:20:24.0668 2080 Wlansvc - ok

12:20:24.0700 2080 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys

12:20:24.0731 2080 WmiAcpi - ok

12:20:24.0824 2080 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe

12:20:24.0887 2080 wmiApSrv - ok

12:20:24.0918 2080 WMPNetworkSvc - ok

12:20:24.0949 2080 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll

12:20:24.0996 2080 WPCSvc - ok

12:20:25.0027 2080 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll

12:20:25.0074 2080 WPDBusEnum - ok

12:20:25.0105 2080 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

12:20:25.0152 2080 ws2ifsl - ok

12:20:25.0168 2080 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll

12:20:25.0214 2080 wscsvc - ok

12:20:25.0214 2080 WSearch - ok

12:20:25.0448 2080 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll

12:20:25.0526 2080 wuauserv - ok

12:20:25.0651 2080 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys

12:20:25.0714 2080 WudfPf - ok

12:20:25.0760 2080 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys

12:20:25.0854 2080 WUDFRd - ok

12:20:25.0885 2080 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll

12:20:25.0932 2080 wudfsvc - ok

12:20:25.0979 2080 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll

12:20:26.0026 2080 WwanSvc - ok

12:20:26.0057 2080 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

12:20:26.0431 2080 \Device\Harddisk0\DR0 - ok

12:20:26.0462 2080 Boot (0x1200) (71b88620ec48a720d5fb9e4bf48fe4eb) \Device\Harddisk0\DR0\Partition0

12:20:26.0462 2080 \Device\Harddisk0\DR0\Partition0 - ok

12:20:26.0478 2080 Boot (0x1200) (b948cdffd632c8911070778bc9a6c3d9) \Device\Harddisk0\DR0\Partition1

12:20:26.0478 2080 \Device\Harddisk0\DR0\Partition1 - ok

12:20:26.0478 2080 ============================================================

12:20:26.0478 2080 Scan finished

12:20:26.0478 2080 ============================================================

12:20:26.0509 0984 Detected object count: 2

12:20:26.0509 0984 Actual detected object count: 2

12:20:38.0662 0984 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user

12:20:38.0662 0984 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip

12:20:38.0662 0984 mrxsmb20 ( UnsignedFile.Multi.Generic ) - skipped by user

12:20:38.0662 0984 mrxsmb20 ( UnsignedFile.Multi.Generic ) - User select action: Skip

Link to post
Share on other sites
kjhabit

kjhabit

Posted
  • Author
Posted

here is OTL only one txt created each time I ran the scan (2) just otl log

OTL logfile created on: 8/5/2012 12:38:23 PM - Run 3

OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\owner\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.87 Gb Total Physical Memory | 1.62 Gb Available Physical Memory | 56.39% Memory free

5.75 Gb Paging File | 4.67 Gb Available in Paging File | 81.30% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 207.48 Gb Total Space | 101.16 Gb Free Space | 48.76% Space Free | Partition Type: NTFS

Computer Name: OWNER-PC | User Name: owner | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/05 12:26:09 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\owner\Desktop\OTL.exe

PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2012/03/27 19:14:06 | 000,138,232 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\ccsvchst.exe

========== Modules (No Company Name) ==========

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV:64bit: - [2009/07/13 21:39:47 | 000,081,920 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\tlntsvr.exe -- (TlntSvr)

SRV - [2012/07/27 15:08:32 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012/07/27 14:28:29 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2012/03/27 19:14:06 | 000,138,232 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe -- (NIS)

SRV - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)

DRV:64bit: - [2012/06/26 16:10:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)

DRV:64bit: - [2012/06/12 16:12:09 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)

DRV:64bit: - [2012/04/25 12:11:36 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)

DRV:64bit: - [2012/03/29 02:28:38 | 000,405,624 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1307010.005\symnets.sys -- (SymNetS)

DRV:64bit: - [2012/03/29 02:28:34 | 000,043,640 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SymIMV.sys -- (SymIM)

DRV:64bit: - [2012/03/29 02:28:30 | 001,092,728 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1307010.005\symefa64.sys -- (SymEFA)

DRV:64bit: - [2012/03/29 02:06:25 | 000,190,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1307010.005\ironx64.sys -- (SymIRON)

DRV:64bit: - [2012/03/29 02:03:27 | 000,737,912 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1307010.005\srtsp64.sys -- (SRTSP)

DRV:64bit: - [2012/03/29 02:03:27 | 000,037,496 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1307010.005\srtspx64.sys -- (SRTSPX)

DRV:64bit: - [2012/03/23 02:33:10 | 000,175,736 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)

DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2012/02/14 00:15:43 | 000,230,864 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt)

DRV:64bit: - [2012/01/31 22:31:08 | 000,087,456 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\LMIRfsClientNP.dll -- (LMIRfsClientNP)

DRV:64bit: - [2011/11/29 18:44:29 | 000,167,048 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1307010.005\ccsetx64.sys -- (ccSet_NIS)

DRV:64bit: - [2011/09/16 15:10:24 | 000,011,552 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lmimirr.sys -- (lmimirr)

DRV:64bit: - [2011/07/25 22:18:36 | 000,451,192 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1307010.005\symds64.sys -- (SymDS)

DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2009/07/31 00:12:56 | 000,339,744 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)

DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/06/10 16:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)

DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009/05/25 04:38:20 | 000,966,144 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)

DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV:64bit: - [2007/11/14 03:00:00 | 000,053,488 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)

DRV:64bit: - [2007/11/06 16:23:14 | 000,040,464 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)

DRV - [2012/08/04 22:49:42 | 002,068,600 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120804.009\ex64.sys -- (NAVEX15)

DRV - [2012/08/04 22:49:42 | 000,120,440 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120804.009\eng64.sys -- (NAVENG)

DRV - [2012/07/04 04:15:54 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)

DRV - [2012/06/18 20:01:13 | 001,161,376 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120711.002\BHDrvx64.sys -- (BHDrvx64)

DRV - [2012/06/14 14:39:24 | 000,509,088 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120803.002\IDSviA64.sys -- (IDSVia64)

DRV - [2012/05/30 22:54:54 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)

DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [binary data over 100 bytes]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D0 55 A5 46 15 DD CC 01 [binary data]

IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKCU\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/web?q={SEARCHTERMS}&o=15527&l=dis&prt=NIS&chn=retail&geo=US&ver=19

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.google.com"

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_268.dll File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPlgn\ [2012/02/12 18:57:39 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\coFFPlgn\ [2012/08/04 10:18:09 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/27 14:28:29 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/27 14:28:29 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012/01/27 13:12:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\owner\AppData\Roaming\Mozilla\Extensions

[2012/07/30 16:33:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\ttz7prjd.default\extensions

[2012/06/06 09:58:35 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\ttz7prjd.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}

[2012/01/27 14:27:04 | 000,000,000 | ---D | M] (IE Tab +) -- C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\ttz7prjd.default\extensions\coralietab@mozdev.org

[2012/06/18 09:20:23 | 000,002,464 | ---- | M] () -- C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\ttz7prjd.default\searchplugins\safesearch.xml

[2012/02/12 19:56:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2012/08/04 10:18:09 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\COFFPLGN

[2012/02/12 18:57:39 | 000,000,000 | ---D | M] (Norton Vulnerability Protection) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPLGN

[2012/07/30 16:33:49 | 000,526,190 | ---- | M] () (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\TTZ7PRJD.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI

[2012/07/27 14:28:29 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2012/06/28 22:28:12 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2012/06/28 22:28:12 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/07/01 09:27:06 | 000,001,070 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: 127.0.0.1 gs.apple.com

O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\coieplg.dll (Symantec Corporation)

O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\ips\ipsbho.dll (Symantec Corporation)

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\coieplg.dll (Symantec Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\coieplg.dll (Symantec Corporation)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 0

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O15 - HKCU\..Trusted Ranges: Range37 ([*] in Local intranet)

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)

O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1C97E4E8-EEEB-4726-B765-780123AF218A}: DhcpNameServer = 192.168.1.1

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - Unable to read "AutoRun" value or value not present!

O33 - MountPoints2\{9b9f3286-b7be-11e1-a872-001da209dda5}\Shell - "" = AutoRun

O33 - MountPoints2\{9b9f3286-b7be-11e1-a872-001da209dda5}\Shell\AutoRun\command - "" = L:\LaunchU3.exe -a

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/05 12:26:09 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\owner\Desktop\OTL.exe

[2012/08/05 12:17:26 | 002,136,664 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\owner\Desktop\tdsskiller.exe

[2012/08/05 12:09:52 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\owner\Desktop\aswMBR.exe

[2012/08/05 12:08:30 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT

[2012/08/05 12:07:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\erunt

[2012/08/05 12:07:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT

[2012/08/05 12:02:06 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\owner\Desktop\erunt-setup.exe

[2012/08/02 10:47:46 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\CrashDumps

[2012/08/02 09:26:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET

[2012/08/01 11:07:56 | 000,000,000 | ---D | C] -- C:\Users\owner\Desktop\WinOwnership

[2012/08/01 09:09:22 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\Citrix

[2012/07/30 11:31:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes

[2012/07/30 11:31:53 | 000,126,312 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\GEARAspi64.dll

[2012/07/30 11:31:53 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysWow64\GEARAspi.dll

[2012/07/30 11:31:53 | 000,034,152 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys

[2012/07/30 11:31:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iPod

[2012/07/30 11:31:20 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes

[2012/07/30 11:31:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes

[2012/07/30 11:30:59 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\Apple Computer

[2012/07/30 11:30:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update

[2012/07/30 11:29:28 | 000,000,000 | -HSD | C] -- C:\Config.Msi

[2012/07/30 11:23:05 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\Apple

[2012/07/30 11:22:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple

[2012/07/30 11:22:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple

[2012/07/29 12:53:03 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\NPE

[2012/07/29 12:48:58 | 002,841,104 | ---- | C] (Symantec Corporation) -- C:\Users\owner\Desktop\NPE.exe

[2012/07/29 09:50:12 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\owner\Desktop\dds.com

[2012/07/29 09:50:06 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\owner\Desktop\dds(1).scr

[2012/07/28 23:35:39 | 000,000,000 | ---D | C] -- C:\Users\owner\Desktop\usbwifihack!

[2012/07/28 23:08:35 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\Adobe

[2012/07/28 19:09:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TULP2G

[2012/07/27 17:31:10 | 000,000,000 | ---D | C] -- C:\Users\owner\Documents\MOBILedit! Forensic

[2012/07/27 16:24:09 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Roaming\Malwarebytes

[2012/07/27 16:23:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012/07/27 16:23:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012/07/27 16:23:55 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2012/07/27 16:23:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2012/07/27 16:22:58 | 010,652,120 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\owner\Desktop\mbam-setup-1.62.0.1300.exe

[2012/07/27 12:42:43 | 000,000,000 | ---D | C] -- C:\Users\owner\Desktop\mobiledit

[2012/07/27 12:10:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Windows Genuine Advantage

[2012/07/27 12:02:34 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Roaming\MOBILeditForensic

[2012/07/27 12:01:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\COMPELSON Labs

[2012/07/27 12:01:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MOBILedit!4 Forensic

[2012/07/27 12:01:13 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\MOBILedit! Forensic

[2012/07/27 12:00:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MOBILedit!4 Forensic

[2012/07/27 11:25:34 | 000,000,000 | ---D | C] -- C:\Users\owner\Desktop\forte downloads

[2012/07/27 10:21:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Forte Agent

[2012/07/27 10:17:54 | 000,000,000 | ---D | C] -- C:\Users\owner\Desktop\password crackers

[2012/07/27 10:17:13 | 000,000,000 | ---D | C] -- C:\Users\owner\Desktop\FORTEJUNK!!

[2012/07/26 12:31:56 | 000,000,000 | ---D | C] -- C:\Users\owner\Desktop\cellphone forensics

[2012/07/24 14:33:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoScape

[2012/07/24 14:33:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PhotoScape

[2012/07/23 14:15:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NirSoft

[2012/07/23 14:04:55 | 000,000,000 | ---D | C] -- C:\Users\owner\Desktop\Nirsoft utilities

[2012/07/11 09:13:20 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll

[2012/07/11 09:13:20 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll

[2012/07/11 09:13:20 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll

[2012/07/11 09:13:20 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll

[2012/07/11 09:13:18 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll

[2012/07/11 09:13:18 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll

[2012/07/11 09:13:18 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe

[2012/07/11 09:13:18 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe

[2012/07/11 09:13:15 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll

[2012/07/11 09:13:15 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl

[2012/07/11 09:13:15 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl

[2012/07/11 09:13:15 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll

[2012/07/11 09:13:15 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll

[2012/07/11 00:24:17 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll

[2012/07/11 00:24:17 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll

[2012/07/11 00:24:12 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll

[2012/07/11 00:24:10 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll

[2012/07/11 00:24:10 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll

[2012/07/10 16:14:47 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\VMware

[2012/07/10 16:14:06 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Roaming\VMware

[2012/07/10 16:09:58 | 000,000,000 | ---D | C] -- C:\ProgramData\VMware

[2012/07/10 15:08:42 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Roaming\ImgBurn

[2012/07/09 19:06:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip

[2012/07/09 19:06:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip

[2012/07/09 13:01:21 | 000,000,000 | ---D | C] -- C:\Projects

[2012/07/09 12:47:43 | 000,000,000 | ---D | C] -- C:\Users\owner\Desktop\nettyPE_2011_11_07

[2012/07/07 13:04:39 | 000,000,000 | ---D | C] -- C:\Windows\Minidump

[2012/07/07 12:24:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tor

========== Files - Modified Within 30 Days ==========

[2012/08/05 12:26:09 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\owner\Desktop\OTL.exe

[2012/08/05 12:17:27 | 002,136,664 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\owner\Desktop\tdsskiller.exe

[2012/08/05 12:13:14 | 000,000,512 | ---- | M] () -- C:\Users\owner\Desktop\MBR.dat

[2012/08/05 12:10:26 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\owner\Desktop\aswMBR.exe

[2012/08/05 12:07:33 | 000,000,928 | ---- | M] () -- C:\Users\owner\Desktop\NTREGOPT.lnk

[2012/08/05 12:07:33 | 000,000,909 | ---- | M] () -- C:\Users\owner\Desktop\ERUNT.lnk

[2012/08/05 12:02:06 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\owner\Desktop\erunt-setup.exe

[2012/08/04 10:25:24 | 000,023,376 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/08/04 10:25:24 | 000,023,376 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/08/04 10:22:25 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012/08/04 10:22:25 | 000,623,940 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012/08/04 10:22:25 | 000,106,316 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012/08/04 10:16:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/08/03 22:08:39 | 000,032,313 | ---- | M] () -- C:\Users\owner\Desktop\merp___-471565.jpg

[2012/08/03 22:07:31 | 000,008,201 | ---- | M] () -- C:\Users\owner\Desktop\merppp.jpg

[2012/08/03 22:05:21 | 000,057,858 | ---- | M] () -- C:\Users\owner\Desktop\come_at_me_bro-7650.jpg

[2012/08/02 09:32:33 | 000,881,494 | ---- | M] () -- C:\Users\owner\Desktop\SecurityCheck.exe

[2012/08/02 09:29:34 | 523,237,157 | ---- | M] () -- C:\Users\owner\Desktop\dart_v1.0.zip

[2012/08/01 11:06:04 | 002,150,033 | ---- | M] () -- C:\Users\owner\Desktop\WinOwnership(1).7z

[2012/08/01 11:05:35 | 002,150,033 | ---- | M] () -- C:\Users\owner\Desktop\WinOwnership.7z

[2012/08/01 10:28:44 | 000,021,504 | -H-- | M] () -- C:\Users\owner\Desktop\photothumb.db

[2012/08/01 10:06:35 | 000,011,152 | ---- | M] () -- C:\Users\owner\Desktop\firewa4ll.csv

[2012/08/01 09:58:24 | 000,403,616 | ---- | M] () -- C:\Users\owner\Desktop\Wireless Broadband Route22r.conf

[2012/08/01 09:47:20 | 000,011,032 | ---- | M] () -- C:\Users\owner\Desktop\firewal2l.csv

[2012/08/01 08:55:04 | 000,461,440 | ---- | M] () -- C:\Users\owner\Desktop\Wireless Broadband Router.conf

[2012/08/01 08:32:38 | 000,172,720 | ---- | M] () -- C:\Users\owner\Desktop\firewall(1).csv

[2012/07/31 19:53:54 | 000,133,869 | ---- | M] () -- C:\Users\owner\Desktop\firewall.csv

[2012/07/31 10:27:42 | 000,162,667 | ---- | M] () -- C:\Users\owner\Desktop\quote 1.png

[2012/07/30 12:02:35 | 019,517,952 | ---- | M] () -- C:\redsn0w.exe

[2012/07/30 11:31:57 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk

[2012/07/30 09:09:50 | 000,083,632 | ---- | M] () -- C:\Users\owner\Desktop\cover photo.jpg

[2012/07/30 09:00:42 | 000,018,318 | ---- | M] () -- C:\Users\owner\Desktop\facebook.jpg

[2012/07/30 08:48:30 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012/07/30 08:48:30 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012/07/29 12:57:56 | 000,335,656 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2012/07/29 12:48:58 | 002,841,104 | ---- | M] (Symantec Corporation) -- C:\Users\owner\Desktop\NPE.exe

[2012/07/29 11:08:53 | 000,080,299 | ---- | M] () -- C:\Users\owner\Desktop\562860_10151112702870977_1122763594_n.jpg

[2012/07/29 11:08:42 | 000,074,462 | ---- | M] () -- C:\Users\owner\Desktop\418323_10151112702780977_590408167_n.jpg

[2012/07/29 11:08:35 | 000,100,448 | ---- | M] () -- C:\Users\owner\Desktop\531576_10151112700045977_1594803034_n.jpg

[2012/07/29 10:46:59 | 000,167,034 | ---- | M] () -- C:\Users\owner\Desktop\fileassassin-setup-1.06.exe

[2012/07/29 09:50:14 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\owner\Desktop\dds.com

[2012/07/29 09:50:06 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\owner\Desktop\dds(1).scr

[2012/07/27 19:33:16 | 000,000,346 | ---- | M] () -- C:\Users\owner\Desktop\TOM'S EBAY.url

[2012/07/27 16:23:57 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/07/27 16:22:58 | 010,652,120 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\owner\Desktop\mbam-setup-1.62.0.1300.exe

[2012/07/27 15:08:29 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe

[2012/07/27 15:08:29 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

[2012/07/27 12:59:18 | 000,010,380 | ---- | M] () -- C:\Users\owner\Documents\cc_20120727_125910.reg

[2012/07/27 12:01:14 | 000,001,017 | ---- | M] () -- C:\Users\Public\Desktop\MOBILedit!4 Forensic.lnk

[2012/07/27 10:21:12 | 000,000,669 | ---- | M] () -- C:\Users\Public\Desktop\Forte Agent.lnk

[2012/07/24 17:14:37 | 000,001,324 | ---- | M] () -- C:\Users\owner\Documents\cc_20120724_171434.reg

[2012/07/24 08:47:42 | 000,134,716 | ---- | M] () -- C:\Users\owner\Desktop\dartdocument.h

[2012/07/13 16:11:15 | 000,302,592 | ---- | M] () -- C:\g5dm2s33.exe

[2012/07/13 15:40:13 | 000,010,940 | ---- | M] () -- C:\Users\owner\Documents\cc_20120713_154010.reg

[2012/07/11 10:15:25 | 000,743,066 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2012/07/10 16:10:50 | 000,001,024 | ---- | M] () -- C:\.rnd

[2012/07/08 14:41:27 | 000,000,008 | ---- | M] () -- C:\Windows\SysWow64\w32apiw.dll

[2012/07/08 14:03:54 | 178,702,424 | ---- | M] () -- C:\Users\owner\Documents\regbackupncleaner.reg

[2012/07/08 12:03:17 | 000,000,979 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk

[2012/07/06 19:36:41 | 000,012,316 | ---- | M] () -- C:\Users\owner\Documents\cc_20120706_193638.reg

========== Files Created - No Company Name ==========

[2012/08/05 12:13:14 | 000,000,512 | ---- | C] () -- C:\Users\owner\Desktop\MBR.dat

[2012/08/05 12:07:33 | 000,000,928 | ---- | C] () -- C:\Users\owner\Desktop\NTREGOPT.lnk

[2012/08/05 12:07:33 | 000,000,909 | ---- | C] () -- C:\Users\owner\Desktop\ERUNT.lnk

[2012/08/03 22:08:46 | 000,032,313 | ---- | C] () -- C:\Users\owner\Desktop\merp___-471565.jpg

[2012/08/03 22:07:44 | 000,008,201 | ---- | C] () -- C:\Users\owner\Desktop\merppp.jpg

[2012/08/03 22:05:33 | 000,057,858 | ---- | C] () -- C:\Users\owner\Desktop\come_at_me_bro-7650.jpg

[2012/08/02 09:32:32 | 000,881,494 | ---- | C] () -- C:\Users\owner\Desktop\SecurityCheck.exe

[2012/08/01 11:06:04 | 002,150,033 | ---- | C] () -- C:\Users\owner\Desktop\WinOwnership(1).7z

[2012/08/01 11:05:35 | 002,150,033 | ---- | C] () -- C:\Users\owner\Desktop\WinOwnership.7z

[2012/08/01 10:06:35 | 000,011,152 | ---- | C] () -- C:\Users\owner\Desktop\firewa4ll.csv

[2012/08/01 09:58:24 | 000,403,616 | ---- | C] () -- C:\Users\owner\Desktop\Wireless Broadband Route22r.conf

[2012/08/01 09:47:20 | 000,011,032 | ---- | C] () -- C:\Users\owner\Desktop\firewal2l.csv

[2012/08/01 08:55:04 | 000,461,440 | ---- | C] () -- C:\Users\owner\Desktop\Wireless Broadband Router.conf

[2012/08/01 08:32:38 | 000,172,720 | ---- | C] () -- C:\Users\owner\Desktop\firewall(1).csv

[2012/07/31 19:53:54 | 000,133,869 | ---- | C] () -- C:\Users\owner\Desktop\firewall.csv

[2012/07/31 10:28:00 | 000,162,667 | ---- | C] () -- C:\Users\owner\Desktop\quote 1.png

[2012/07/30 11:31:57 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk

[2012/07/30 11:22:58 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk

[2012/07/30 09:10:23 | 000,083,632 | ---- | C] () -- C:\Users\owner\Desktop\cover photo.jpg

[2012/07/30 09:01:21 | 000,018,318 | ---- | C] () -- C:\Users\owner\Desktop\facebook.jpg

[2012/07/29 17:08:31 | 000,021,504 | -H-- | C] () -- C:\Users\owner\Desktop\photothumb.db

[2012/07/29 12:56:13 | 000,335,656 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2012/07/29 11:08:53 | 000,080,299 | ---- | C] () -- C:\Users\owner\Desktop\562860_10151112702870977_1122763594_n.jpg

[2012/07/29 11:08:42 | 000,074,462 | ---- | C] () -- C:\Users\owner\Desktop\418323_10151112702780977_590408167_n.jpg

[2012/07/29 11:08:35 | 000,100,448 | ---- | C] () -- C:\Users\owner\Desktop\531576_10151112700045977_1594803034_n.jpg

[2012/07/29 10:46:59 | 000,167,034 | ---- | C] () -- C:\Users\owner\Desktop\fileassassin-setup-1.06.exe

[2012/07/27 16:23:57 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/07/27 12:59:16 | 000,010,380 | ---- | C] () -- C:\Users\owner\Documents\cc_20120727_125910.reg

[2012/07/27 12:01:14 | 000,001,017 | ---- | C] () -- C:\Users\Public\Desktop\MOBILedit!4 Forensic.lnk

[2012/07/27 10:21:12 | 000,000,669 | ---- | C] () -- C:\Users\Public\Desktop\Forte Agent.lnk

[2012/07/25 09:46:52 | 000,302,592 | ---- | C] () -- C:\g5dm2s33.exe

[2012/07/24 17:14:36 | 000,001,324 | ---- | C] () -- C:\Users\owner\Documents\cc_20120724_171434.reg

[2012/07/24 08:50:46 | 523,237,157 | ---- | C] () -- C:\Users\owner\Desktop\dart_v1.0.zip

[2012/07/24 08:47:42 | 000,134,716 | ---- | C] () -- C:\Users\owner\Desktop\dartdocument.h

[2012/07/13 22:33:38 | 000,000,898 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012/07/13 15:40:12 | 000,010,940 | ---- | C] () -- C:\Users\owner\Documents\cc_20120713_154010.reg

[2012/07/10 16:10:42 | 000,743,066 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2012/07/08 14:03:41 | 178,702,424 | ---- | C] () -- C:\Users\owner\Documents\regbackupncleaner.reg

[2012/07/06 19:36:40 | 000,012,316 | ---- | C] () -- C:\Users\owner\Documents\cc_20120706_193638.reg

[2012/06/29 17:27:15 | 000,000,353 | ---- | C] () -- C:\Windows\VVFPlayer_V2_6_4B.INI

[2012/06/14 16:17:47 | 000,000,008 | ---- | C] () -- C:\Windows\SysWow64\w32apiw.dll

[2012/06/13 16:56:29 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\CommonDL.dll

[2012/06/13 16:56:29 | 000,002,413 | ---- | C] () -- C:\Windows\SysWow64\lgAxconfig.ini

[2012/01/29 22:04:57 | 000,080,896 | ---- | C] () -- C:\Windows\SysWow64\QUTIL.DLL

========== LOP Check ==========

[2012/06/17 11:47:33 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Acronis

[2012/06/06 07:38:24 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Forte

[2012/06/06 09:59:16 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Garmin

[2012/07/10 15:08:42 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\ImgBurn

[2012/07/27 12:02:34 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\MOBILeditForensic

[2012/06/26 19:53:42 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\nCleaner

[2012/07/28 22:47:51 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Notepad++

[2012/02/01 15:58:44 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\OpenOffice.org

[2012/06/09 11:36:14 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Philipp Winterberg

[2012/02/02 14:30:29 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\PhotoFiltre 7

[2012/07/24 16:44:23 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\PhotoScape

[2012/06/09 12:12:21 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\QFX Software

[2012/06/27 23:03:44 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\redsn0w

[2012/06/27 23:48:00 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Seas0nPass

[2012/07/07 22:54:42 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\TrueCrypt

[2012/07/01 18:25:00 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\WinBatch

[2012/06/07 11:04:43 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\YourFileDownloader

[2012/07/06 19:26:45 | 000,019,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:E0258CAE

< End of report >

Link to post
Share on other sites
Maurice Naggar

Maurice Naggar

Posted
Posted (edited)

I did not notice unusual item in the OTL log.

javaicon.gifYour Java runtime is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

  • Download the latest version of >> Windows Offline << from here and save it to your desktop.
  • Get the Offline version that corresponds to your "bit-tedness" of your Windows (32-bit or 64-bit)
    How to determine whether a computer is running a 32-bit version or 64-bit version of the Windows operating system
  • Close any programs you may have running - especially your web browser(s).
  • Go to Start > Settings > Control Panel, select Programs and Features and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed. :excl:
  • Then from your desktop double-click on jre-7u5-windows-i586.exe to install the newest version.
    ( jre-7u5-windows-x64.exe if this is a 64-bit Windows o.s.)

  • After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup) javaicon.gif
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cache - Leave BOTH Checked
      • Applications and Applets
        Trace and Log Files

      [*]Click OK on Delete Temporary Files Window

      Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.

      [*]Click OK to leave the Temporary Files Window

Small tweaks for Java runtime, since most all users do not need to load Java at each Windows startup:

Click Advanced Tab. Expand the Miscellaneous item.

UN-check the line Java quick starter

Press Apply then OK. Close the applet when done.

Save and close any work documents, close any apps that you started.

Start your MBAM MalwareBytes' Anti-Malware.

Click the Settings Tab and then the General Settings sub-tab. Make sure all option lines have a checkmark.

Then click the Scanner settings sub-tab in second row of tabs. Make sure all option lines have a checkmark.

Next, Click the Update tab. Press the "Check for Updates" button.

If prompted for a Restart, do that.

When done, click the Scanner tab.

Do a FULL Scan.

When the scan is complete, click OK, then Show Results to view the results.

Make sure that everything is checked, and click Remove Selected.

When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.

The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Copy and Paste the MBAM scan log and, tell me, How is the system now :excl:

Edited by Maurice Naggar
Link to post
Share on other sites
kjhabit

kjhabit

Posted
  • Author
Posted

Thanks for the help here is the log and also there is a gold lock in the rh taskbar by the clock that disappears when you move the mouse over it?:

Malwarebytes Anti-Malware (Trial) 1.62.0.1300

www.malwarebytes.org

Database version: v2012.08.06.11

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

owner :: OWNER-PC [administrator]

Protection: Enabled

8/6/2012 1:10:31 PM

mbam-log-2012-08-06 (13-10-31).txt

Scan type: Full scan (C:\|D:\|)

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P

Scan options disabled:

Objects scanned: 340142

Time elapsed: 52 minute(s), 20 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 2

C:\Users\owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5WCJ89DW\gimp_freely_1790.exe (PUP.BundleOffers.IIQ) -> Quarantined and deleted successfully.

C:\Users\owner\Desktop\Nirsoft utilities\passrec\VNCPassView.exe (PUP.VNCPasswordTool) -> Quarantined and deleted successfully.

(end)

Link to post
Share on other sites
Maurice Naggar

Maurice Naggar

Posted
Posted

On the

there is a gold lock in the rh taskbar by the clock

Don't have any idea ! Without clicking on it, just hover the mouse pointer over it, and see What (if any) text description shows ?

Going forth:

Download TFC by OldTimer and SAVE it to your desktop

  • Double-click TFC.exe to run it. (Note: If you are running on Vista or Windows 7, right-click on the file and choose Run As Administrator).
  • It will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
  • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

You will want to print out or copy these instructions to Notepad for offline reference!

These steps are for member kjhabit only. If you are a casual viewer, do NOT try this on your system!

If you are not and have a similar problem, do NOT post here; start your own topic

Do not run or start any other programs while these utilities and tools are in use!

Do NOT run any other tools on your own or do any fixes other than what is listed here.

If you have questions, please ask before you do something on your own.

But it is important that you get going on these following steps.

=

Close any of your open programs while you run these tools.

On most all of the following programs and tools, you will need to do a right-click on the program link or shortcut or desktop icon (as appropriate) and then select "Run as Administrator". Please remember that as you go along and use these tools, each in turn.

If you have a prior copy of Combofix, delete it now

Download Combofix from any of the links below, and SAVE it to your Desktop.

Link 1

Link 2

**Note: It is important that it is saved directly to your Desktop and not run straight away from download **

Turn OFF your antivirus, otherwise it will interfere. How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Have infinite patience during the run & scan by Combofix. It has many phases: some 50+ stages

It will display it's "stage" within the Command prompt window. Do NOT panic if it seems slow to change ! It has lots of work.

You may notice the desktop icons disappear. Do NOT panic, as that is expected behavior.

Combofix my take as little as 10 minutes and perhaps as much as 30-40 minutes. Time taken will depend on speed of your system and how much there is to scan & how much it needs to clean.

If this is on a notebook system, make sure first the notebook is connected to wall-power (AC power)or a UPS system

Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.

Right- click on Combo-Fix.exe on your Desktop cf-icon.jpg and select "Run as Administrator".

  • A window may open with a warning or prompts. Accept the EULA and follow the prompts during the start phase of Combofix.
    When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.

A caution - Do not run Combofix more than once.

Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock.

The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled.

If this occurs, please reboot to restore the desktop.

A file will be created at => C:\Combofix.txt.

Notes:

[1] IF after Combofix reboot you get the message

Illegal operation attempted on registry key that has been marked for deletion

....please reboot the computer, this should resolve the problem. You may have reboot the pc a second time if needed.

[2] Do not mouseclick combofix's window nor run any program while Combofix is running.

That may cause it to stall.

[3]When all done, IF Combofix did not do a Restart...then ... I need for you to Restart the system fresh :!:

Reply & attach the C:\Combofix.txt log and tell me, How is the system now ?

Re-enable your antivirus program.

Link to post
Share on other sites
kjhabit

kjhabit

Posted
  • Author
Posted

Thanks...gold lock just dissappears when you hover the mouse tab over it..here the log

ComboFix 12-08-07.05 - owner 08/08/2012 10:16:50.1.2 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2943.1922 [GMT -4:00]

Running from: c:\users\owner\Desktop\ComboFix.exe

AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\owner\AppData\Roaming\DefaultTab\DefaultTab

c:\users\owner\AppData\Roaming\DefaultTab\DefaultTab\addon.ico

c:\users\owner\AppData\Roaming\DefaultTab\DefaultTab\amazon_ie.ico

c:\users\owner\AppData\Roaming\DefaultTab\DefaultTab\bing.ico

c:\users\owner\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll

c:\users\owner\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabStart.exe

c:\users\owner\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabWrap.dll

c:\users\owner\AppData\Roaming\DefaultTab\DefaultTab\DT.ico

c:\users\owner\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe

c:\users\owner\AppData\Roaming\DefaultTab\DefaultTab\facebook_ie.ico

c:\users\owner\AppData\Roaming\DefaultTab\DefaultTab\google.ico

c:\users\owner\AppData\Roaming\DefaultTab\DefaultTab\search_here_ie.ico

c:\users\owner\AppData\Roaming\DefaultTab\DefaultTab\searchhere.ico

c:\users\owner\AppData\Roaming\DefaultTab\DefaultTab\twitter_ie.ico

c:\users\owner\AppData\Roaming\DefaultTab\DefaultTab\uninstalldt.exe

c:\users\owner\AppData\Roaming\DefaultTab\DefaultTab\wikipedia_ie.ico

c:\users\owner\AppData\Roaming\DefaultTab\DefaultTab\yahoo.ico

c:\users\owner\AppData\Roaming\DefaultTab\DefaultTab\youtube_ie.ico

c:\windows\SysWow64\install

c:\windows\SysWow64\w32apiw.dll

c:\windows\WindowsUpdate.log

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Service_DefaultTabUpdate

-------\Service_DefaultTabUpdate

.

.

((((((((((((((((((((((((( Files Created from 2012-07-08 to 2012-08-08 )))))))))))))))))))))))))))))))

.

.

2012-08-08 14:22 . 2012-08-08 14:22 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-08-07 14:05 . 2012-08-07 14:05 -------- d-sh--w- c:\windows\system32\%APPDATA%

2012-08-06 17:03 . 2012-08-06 17:02 955888 ----a-w- c:\windows\system32\npDeployJava1.dll

2012-08-06 17:03 . 2012-08-06 17:02 839152 ----a-w- c:\windows\system32\deployJava1.dll

2012-08-06 17:03 . 2012-08-06 17:02 268784 ----a-w- c:\windows\system32\javaws.exe

2012-08-06 17:03 . 2012-08-06 17:02 189424 ----a-w- c:\windows\system32\javaw.exe

2012-08-06 17:03 . 2012-08-06 17:02 188912 ----a-w- c:\windows\system32\java.exe

2012-08-06 17:02 . 2012-08-06 17:02 -------- d-----w- c:\program files\Java

2012-08-05 21:40 . 2012-08-05 21:40 18944 ----a-r- c:\users\owner\AppData\Roaming\Microsoft\Installer\{297DCADA-86A1-4A42-8A13-66B7D7A09FD2}\IconBB6A16301.exe

2012-08-05 21:38 . 2012-08-05 21:38 -------- d-----w- c:\program files (x86)\Free Offers from Freeze.com

2012-08-05 21:38 . 2012-08-06 16:57 -------- d-----w- c:\programdata\Tarma Installer

2012-08-05 21:38 . 2012-08-08 14:22 -------- d-----w- c:\users\owner\AppData\Roaming\DefaultTab

2012-08-05 21:38 . 2012-08-06 16:51 -------- d-----w- c:\programdata\Yahoo!

2012-08-05 21:38 . 2012-08-06 16:59 -------- d-----w- c:\program files (x86)\Yahoo!

2012-08-05 16:07 . 2012-08-05 16:07 -------- d-----w- c:\program files (x86)\ERUNT

2012-08-02 14:47 . 2012-08-02 14:47 -------- d-----w- c:\users\owner\AppData\Local\CrashDumps

2012-08-02 13:26 . 2012-08-02 13:26 -------- d-----w- c:\program files (x86)\ESET

2012-08-01 13:09 . 2012-08-01 13:09 -------- d-----w- c:\users\owner\AppData\Local\Citrix

2012-07-30 15:31 . 2009-05-18 17:17 34152 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys

2012-07-30 15:31 . 2008-04-17 16:12 126312 ----a-w- c:\windows\system32\GEARAspi64.dll

2012-07-30 15:31 . 2008-04-17 16:12 107368 ----a-w- c:\windows\SysWow64\GEARAspi.dll

2012-07-30 15:31 . 2012-07-30 15:31 -------- d-----w- c:\program files (x86)\iPod

2012-07-30 15:31 . 2012-07-30 15:31 -------- d-----w- c:\program files\iTunes

2012-07-30 15:31 . 2012-07-30 15:31 -------- d-----w- c:\program files (x86)\iTunes

2012-07-30 15:30 . 2012-07-30 15:30 -------- d-----w- c:\users\owner\AppData\Local\Apple Computer

2012-07-30 15:30 . 2012-07-30 15:30 -------- d-----w- c:\program files (x86)\Apple Software Update

2012-07-30 15:23 . 2012-07-30 15:23 -------- d-----w- c:\users\owner\AppData\Local\Apple

2012-07-30 15:22 . 2012-07-30 15:22 -------- d-----w- c:\program files\Common Files\Apple

2012-07-30 15:22 . 2012-07-30 15:31 -------- d-----w- c:\program files (x86)\Common Files\Apple

2012-07-29 16:53 . 2012-08-01 21:16 -------- d-----w- c:\users\owner\AppData\Local\NPE

2012-07-29 03:08 . 2012-07-29 03:08 -------- d-----w- c:\users\owner\AppData\Local\Adobe

2012-07-28 23:09 . 2012-07-28 23:12 -------- d-----w- c:\program files (x86)\TULP2G

2012-07-27 20:24 . 2012-07-27 20:24 -------- d-----w- c:\users\owner\AppData\Roaming\Malwarebytes

2012-07-27 20:23 . 2012-07-27 20:23 -------- d-----w- c:\programdata\Malwarebytes

2012-07-27 20:23 . 2012-07-27 20:23 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-07-27 20:23 . 2012-07-03 17:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-07-27 16:02 . 2012-07-27 16:02 -------- d-----w- c:\users\owner\AppData\Roaming\MOBILeditForensic

2012-07-27 16:01 . 2012-07-27 16:01 -------- d-----w- c:\program files (x86)\COMPELSON Labs

2012-07-27 16:00 . 2012-07-27 16:01 -------- d-----w- c:\program files (x86)\MOBILedit!4 Forensic

2012-07-25 13:46 . 2012-07-13 20:11 302592 ----a-w- C:\g5dm2s33.exe

2012-07-24 18:33 . 2012-07-24 18:33 -------- d-----w- c:\program files (x86)\PhotoScape

2012-07-23 18:15 . 2012-07-24 21:14 -------- d-----w- c:\program files (x86)\NirSoft

2012-07-11 16:04 . 2012-07-11 16:07 -------- d-----w- c:\users\mypc

2012-07-11 13:18 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys

2012-07-11 04:24 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll

2012-07-10 20:14 . 2012-07-10 21:54 -------- d-----w- c:\users\owner\AppData\Local\VMware

2012-07-10 20:14 . 2012-07-11 13:40 -------- d-----w- c:\users\owner\AppData\Roaming\VMware

2012-07-10 20:11 . 2012-07-10 20:11 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Roaming\VMware

2012-07-10 20:09 . 2012-07-13 19:38 -------- d-----w- c:\programdata\VMware

2012-07-10 19:08 . 2012-07-10 19:08 -------- d-----w- c:\users\owner\AppData\Roaming\ImgBurn

2012-07-09 23:06 . 2012-07-09 23:06 -------- d-----w- c:\program files (x86)\7-Zip

2012-07-09 17:01 . 2012-07-09 17:01 -------- d-----w- C:\Projects

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-07-30 16:02 . 2011-08-09 03:31 19517952 ----a-w- C:\redsn0w.exe

2012-07-27 19:08 . 2012-04-06 13:18 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-07-27 19:08 . 2012-01-27 17:56 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-07-11 13:14 . 2012-01-31 21:28 59701280 ----a-w- c:\windows\system32\MRT.exe

2012-06-28 03:13 . 2012-06-28 03:17 445952 ----a-w- C:\cinject.exe

2012-06-26 20:10 . 2012-06-26 20:53 154168 ----a-w- c:\windows\system32\drivers\WimFltr.sys

2012-06-17 15:42 . 2012-06-17 15:42 1263200 ----a-w- c:\windows\system32\drivers\tdrpm273.sys

2012-06-17 15:42 . 2012-06-17 15:42 970336 ----a-w- c:\windows\system32\drivers\timntr.sys

2012-06-12 20:12 . 2012-06-12 20:12 834544 ----a-w- c:\windows\system32\drivers\sptd.sys

2012-06-02 22:19 . 2012-06-24 10:39 38424 ----a-w- c:\windows\system32\wups.dll

2012-06-02 22:19 . 2012-06-24 10:39 2428952 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-02 22:19 . 2012-06-24 10:39 57880 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-02 22:19 . 2012-06-24 10:39 44056 ----a-w- c:\windows\system32\wups2.dll

2012-06-02 22:19 . 2012-06-24 10:39 701976 ----a-w- c:\windows\system32\wuapi.dll

2012-06-02 22:15 . 2012-06-24 10:39 2622464 ----a-w- c:\windows\system32\wucltux.dll

2012-06-02 22:15 . 2012-06-24 10:39 99840 ----a-w- c:\windows\system32\wudriver.dll

2012-06-02 19:19 . 2012-06-24 10:38 186752 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-02 19:15 . 2012-06-24 10:38 36864 ----a-w- c:\windows\system32\wuapp.exe

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

"EnableLinkedConnections"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe

.

R0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys [x]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-02 136176]

R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [x]

R3 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-27 250056]

R3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\DRIVERS\lgandbus64.sys [x]

R3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\DRIVERS\lganddiag64.sys [x]

R3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\DRIVERS\lgandgps64.sys [x]

R3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\DRIVERS\lgandmodem64.sys [x]

R3 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-02 136176]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-27 113120]

R3 netr28ux;RT2870 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr28ux.sys [2009-05-25 966144]

R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-06 40464]

R3 PORTMON;PORTMON;c:\users\owner\Desktop\SysinternalsSuite\PORTMSYS.SYS [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-04-25 52736]

R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2012-06-12 834544]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2007-11-14 53488]

S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1307010.005\SYMDS64.SYS [2011-07-26 451192]

S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1307010.005\SYMEFA64.SYS [2012-03-29 1092728]

S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120803.001\BHDrvx64.sys [2012-06-19 1161376]

S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1307010.005\ccSetx64.sys [2011-11-29 167048]

S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120807.001\IDSvia64.sys [2012-06-14 509088]

S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1307010.005\Ironx64.SYS [2012-03-29 190072]

S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1307010.005\SYMNETS.SYS [2012-03-29 405624]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]

S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe [2012-03-27 138232]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-07-04 138912]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2011-06-20 19:05 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe

.

Contents of the 'Scheduled Tasks' folder

.

2012-07-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-02 18:11]

.

2012-07-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-02 18:11]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"combofix"="c:\combofix\CF4385.3XE" [2010-11-20 345088]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.yahoo.com/

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.1.1

FF - ProfilePath - c:\users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\ttz7prjd.default\

FF - prefs.js: browser.startup.homepage - www.google.com

FF - user.js: extensions.autoDisableScopes - 14

.

- - - - ORPHANS REMOVED - - - -

.

BHO-{7F6AFBF1-E065-4627-A2FD-810366367D01} - c:\users\owner\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll

AddRemove-DefaultTab - c:\users\owner\AppData\Roaming\DefaultTab\DefaultTab\uninstalldt.exe

.

.

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NIS]

"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\19.7.1.5\diMaster.dll\" /prefetch:1"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

.

**************************************************************************

.

Completion time: 2012-08-08 10:30:42 - machine was rebooted

ComboFix-quarantined-files.txt 2012-08-08 14:30

.

Pre-Run: 101,285,208,064 bytes free

Post-Run: 101,057,736,704 bytes free

.

- - End Of File - - F156EF02FC3A21391B6E79000ED9163E

Link to post
Share on other sites
Maurice Naggar

Maurice Naggar

Posted
Posted

Submissions for online analysis

Use your Internet Explorer browser to go here at Virustotal website

Click the Choose File button and then navigate to C:\redsn0w.exe, then click the Scan it button.

The various virus scanners will identify the file and if it is not identified, the AV vendors will then have a copy of it for analysis. Save the results, and post back here in a reply.

Repeat the same steps for C:\cinject.exe

Save the results, and post back here in a reply.

==

Use your Internet Explorer browser to go here at VirSCAN.org website

Click the Browse button and then navigate to C:\redsn0w.exe, then click the Upload button.

Save the results, and post back here in a reply.

Repeat the same steps for C:\cinject.exe

Save the results, and post back here in a reply.

Dr Web Cure-it scan

Download Dr.Web CureIt to the desktop.

  • Turn OFF your antivirus program.
    How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
  • Doubleclick the drweb-cureit.exe file, then on Start and allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, chose the Complete Scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow drweb.jpg at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, look and see if you can click the following icon next to the files found:
    check.gif
  • If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
    move.gif
  • This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
  • After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
  • Reboot your computer to allow files that were in use to be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web you saved previously in your next reply.

NOTE: During the scan, a pop-up window will open asking for full version purchase. Simply close the window by clicking on X in upper right corner.

Re-Enable your antivirus program when all done.

Next

I suggest you get and run the Microsoft Windows Defender Offline. This is an "offline" tool that you boot the pc with and scan your system for malware.

To get started, find a blank CD, DVD, or USB flash drive with at least 250 MB of free space and then download and run the tool—the tool will help you create the removable media.

The basic sequence of steps are

a) Download and SAVE the tool to a unique folder/location on your pc

b) Create the CD/DVD/USB-flash drive with tool

c) Set pc to boot from the offline media

d) Place media in & restart system

e) Run the tool. Have infinite patience & have it scan the entire system. Remove any malware that is found.

Download & info link http://windows.micro...efender-offline

The frequently asked questions for this tool

http://windows.micro...der-offline-faq

The log should be located in this folder. Copy and paste contents of that log.

c:\windows\windows defender offline\summit\mssWrapper.log

Also, tell me, How is the system now ?

Link to post
Share on other sites
kjhabit

kjhabit

Posted
  • Author
Posted

thanks heres the files:

SHA256: 50935f1101e7c712399cee8565f2a244f7a657eec296a92afc05552d92a26a8e

SHA1: 689bb1735f888fa813dafae17a08fcea1196862e

MD5: df81bda711ebc1005e114f43350cecea

File size: 18.6 MB ( 19517952 bytes )

File name: file-2723057_exe

File type: Win32 EXE

Detection ratio: 0 / 44

Analysis date: 2011-09-01 17:37:34 UTC ( 11 months, 1 week ago )

SHA256: 88176347d3cac73434807944f85460341f41f38e818a4e89a198081777be6987

SHA1: d823d78d6d08df732e7f267321fe24d1f15de87d

MD5: 4bcd01f7772410dd29df8f25c9321010

File size: 435.5 KB ( 445952 bytes )

File name: smona_88176347d3cac73434807944f85460341f41f38e818a4e89a198081777be6987.bin

File type: Win32 EXE

Detection ratio: 0 / 42

Analysis date: 2012-05-26 04:03:54 UTC ( 2 months, 2 weeks ago )

00

VirSCAN.org Scanned Report :

Scanned time : 2012/08/09 10:17:40 (EDT)

Scanner results: Scanners did not find malware!

File Name : redsn0w.exe

File Size : 19517952 byte

File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit

MD5 : df81bda711ebc1005e114f43350cecea

SHA1 : 689bb1735f888fa813dafae17a08fcea1196862e

Online report : http://r.virscan.org...918a4148eaa66a4

Scanner Engine Ver Sig Ver Sig Date Time Scan result

a-squared 5.1.0.4 20120809110502 2012-08-09 7.34 -

AhnLab V3 ... .. -- 0.15 -

AntiVir 8.2.10.80 7.11.32.106 2012-06-09 0.00 -

Antiy 2.0.18 20120803.20230192 2012-08-03 0.00 -

Arcavir 2011 201206041805 2012-06-04 0.00 -

Authentium 5.1.1 201208070244 2012-08-07 0.00 -

AVAST! 4.7.4 120806-1 2012-08-06 0.00 -

AVG 12.0.1787 2437/5182 2012-08-06 0.00 -

BitDefender 7.90123.7330300 7.42746 2012-06-27 0.00 -

ClamAV 0.97.3 15226 2012-08-07 0.00 -

Comodo 5.1 13186 2012-08-08 2.70 -

CP Secure 1.3.0.5 2012.08.06 2012-08-06 0.00 -

Dr.Web 7.0.2.4281 2012.08.07 2012-08-07 0.00 -

F-Prot 4.6.2.117 20120806 2012-08-06 0.00 -

F-Secure 7.02.73807 2012.08.07.01 2012-08-07 0.00 -

Fortinet 4.3.392 16.5 2012-08-09 0.99 -

GData 22.5755 20120809 2012-08-09 5.99 -

ViRobot 20120809 2012.08.09 2012-08-09 0.37 -

Ikarus T3.1.32.20.0 ..1.32.20.0. --1.32.20.0 0.00 -

JiangMin 13.0.900 2012.08.09 2012-08-09 2.24 -

Kaspersky 5.5.10 2012.08.07 2012-08-07 0.00 -

KingSoft 2009.2.5.15 2012.8.9.9 2012-08-09 1.67 -

McAfee 5400.1158 6795 2012-08-06 0.00 -

Microsoft 1.8601 2012.08.09 2012-08-09 7.33 -

NOD32 3.0.21 7353 2012-08-03 0.00 -

Panda 9.05.01 2012.08.09 2012-08-09 2.68 -

Trend Micro 9.500-1005 9.308.05 2012-08-06 0.00 -

Quick Heal 11.00 2012.08.08 2012-08-08 6.45 -

Rising 20.0 24.22.02.05 2012-08-08 3.04 -

Sophos 3.33.2 4.79 2012-08-07 0.00 -

Sunbelt 3.9.2544.2 12550 2012-08-08 3.58 -

Symantec 1.3.0.24 20120805.009 2012-08-05 0.00 -

nProtect 20120809.01 11678306 2012-08-09 1.73 -

The Hacker 6.8.0.0 v00074 2012-08-08 0.63 -

VBA32 3.12.18.1 20120806.0754 2012-08-06 0.00 -

VirusBuster 5.5.2.13 15.0.133.1/92354842012-08-07 0.00 -

VirSCAN.org Scanned Report :

Scanned time : 2012/08/09 10:20:49 (EDT)

Scanner results: Scanners did not find malware!

File Name : cinject.exe

File Size : 445952 byte

File Type : PE32 executable for MS Windows (console) Intel 80386 32-bit

MD5 : 4bcd01f7772410dd29df8f25c9321010

SHA1 : d823d78d6d08df732e7f267321fe24d1f15de87d

Online report : http://r.virscan.org...63664a05b0b4f58

Scanner Engine Ver Sig Ver Sig Date Time Scan result

a-squared 5.1.0.4 20120809110502 2012-08-09 11.63 -

AhnLab V3 ... .. -- 0.21 -

AntiVir 8.2.10.80 7.11.32.106 2012-06-09 0.00 -

Antiy 2.0.18 20120803.20230192 2012-08-03 0.00 -

Arcavir 2011 201206041805 2012-06-04 0.00 -

Authentium 5.1.1 201208070244 2012-08-07 0.00 -

AVAST! 4.7.4 120806-1 2012-08-06 0.00 -

AVG 12.0.1787 2437/5182 2012-08-06 0.00 -

BitDefender 7.90123.7330300 7.42746 2012-06-27 0.00 -

ClamAV 0.97.3 15226 2012-08-07 0.00 -

Comodo 5.1 13186 2012-08-08 2.50 -

CP Secure 1.3.0.5 2012.08.06 2012-08-06 0.00 -

Dr.Web 7.0.2.4281 2012.08.07 2012-08-07 0.00 -

F-Prot 4.6.2.117 20120806 2012-08-06 0.00 -

F-Secure 7.02.73807 2012.08.07.01 2012-08-07 0.00 -

Fortinet 4.3.392 16.5 2012-08-09 0.26 -

GData 22.5755 20120809 2012-08-09 5.35 -

ViRobot 20120809 2012.08.09 2012-08-09 0.37 -

Ikarus T3.1.32.20.0 ..1.32.20.0. --1.32.20.0 0.00 -

JiangMin 13.0.900 2012.08.09 2012-08-09 2.27 -

Kaspersky 5.5.10 2012.08.07 2012-08-07 0.00 -

KingSoft 2009.2.5.15 2012.8.9.9 2012-08-09 0.98 -

McAfee 5400.1158 6795 2012-08-06 0.00 -

Microsoft 1.8601 2012.08.09 2012-08-09 3.61 -

NOD32 3.0.21 7353 2012-08-03 0.00 -

Panda 9.05.01 2012.08.09 2012-08-09 2.68 -

Trend Micro 9.500-1005 9.308.05 2012-08-06 0.00 -

Quick Heal 11.00 2012.08.08 2012-08-08 1.47 -

Rising 20.0 24.22.02.05 2012-08-08 3.38 -

Sophos 3.33.2 4.79 2012-08-07 0.00 -

Sunbelt 3.9.2544.2 12550 2012-08-08 1.64 -

Symantec 1.3.0.24 20120805.009 2012-08-05 0.00 -

nProtect 20120809.01 11678306 2012-08-09 1.40 -

The Hacker 6.8.0.0 v00074 2012-08-08 0.65 -

VBA32 3.12.18.1 20120806.0754 2012-08-06 0.00 -

VirusBuster 5.5.2.13 15.0.133.1/92354842012-08-07 0.00 -

{41EDF389-CDDC-41DD-94C2-50114B8D1290}.qbd\data001;C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{0179D;Tool.PassView.604;; {41EDF389-CDDC-41DD-94C2-50114B8D1290}.qbd;C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{0179D;Container contains infected objects;Will be deleted after restart.; {336D336C-8C51-4373-8628-156E134FEC4B}.qbd\data001;C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{0437C;Tool.ShowPass;; {336D336C-8C51-4373-8628-156E134FEC4B}.qbd;C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{0437C;Container contains infected objects;Will be deleted after restart.; {73582721-8EB3-499C-A0E0-68A9B7F83CE0}.qbd\data001;C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{1E0DA;Tool.PassView.604;; {73582721-8EB3-499C-A0E0-68A9B7F83CE0}.qbd;C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{1E0DA;Container contains infected objects;Will be deleted after restart.; {9B26E2A9-CDF7-48C6-8815-4438779DB2BB}.qbd\data001;C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{1FCB4;Tool.ShowPass;; {9B26E2A9-CDF7-48C6-8815-4438779DB2BB}.qbd;C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{1FCB4;Container contains infected objects;Will be deleted after restart.; {96E2D1AA-1605-449E-B968-0349827FB077}.qbd\data001;C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{2239D;Tool.ShowPass;; {96E2D1AA-1605-449E-B968-0349827FB077}.qbd;C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{2239D;Container contains infected objects;Will be deleted after restart.; {30252591-5D6A-4A7D-9831-2D9D4D4F63B0}.qbd\data001;C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{2E23F;Tool.MailPassView.218;; {30252591-5D6A-4A7D-9831-2D9D4D4F63B0}.qbd;C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{2E23F;Container contains infected objects;Will be deleted after restart.; {75D30958-F1A0-4879-8967-20F833BBAC23}.qbd\data001;C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{2E562;Tool.MailPassView.218;; {75D30958-F1A0-4879-8967-20F833BBAC23}.qbd;C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{2E562;Container contains infected objects;Will be deleted after restart.; {FF52887A-4422-4C6E-B80B-7A1DB684A70D}.qbd\data001;C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{31BB6;Tool.PassView.663;; {FF52887A-4422-4C6E-B80B-7A1DB684A70D}.qbd;C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{31BB6;Container contains infected objects;Will be deleted after restart.; {D1EFA2D5-0927-449D-99D0-93C2E14E5C4F}.qbd\data001;C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{4A959;Tool.PassView.604;; {D1EFA2D5-0927-449D-99D0-93C2E14E5C4F}.qbd;C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{4A959;Container contains infected objects;Will be deleted after restart.; {EF7E881D-2955-421F-B1AE-6D3F630684B3}.qbd\data001;C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{4CED6;Tool.PassView.663;; {EF7E881D-2955-421F-B1AE-6D3F630684B3}.qbd;C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{4CED6;Container contains infected objects;Will be deleted after restart.; {FDCD9A2D-4046-497B-96C4-D5BF8B29EDC6}.qbd\data001;C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{607DC;Tool.ShowPass;; {FDCD9A2D-4046-497B-96C4-D5BF8B29EDC6}.qbd;C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{607DC;Container contains infected objects;Will be deleted after restart.; {A69A2F1F-1C4E-4128-A461-35B261C25BDB}.qbd\data001;C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{9D1EF;Tool.MailPassView.218;; {A69A2F1F-1C4E-4128-A461-35B261C25BDB}.qbd;C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{9D1EF;Container contains infected objects;Will be deleted after restart.; {3BCB2260-BA62-4D52-BD16-F78CF9461053}.qbd\data001;C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{ACF49;Tool.MailPass.7;; {3BCB2260-BA62-4D52-BD16-F78CF9461053}.qbd;C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{ACF49;Container contains infected objects;Will be deleted after restart.; {2F3B84D4-592E-4362-AF44-E6A48C7AE15A}.qbd\data001;C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{C126B;Tool.ShowPass;; {2F3B84D4-592E-4362-AF44-E6A48C7AE15A}.qbd;C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{C126B;Container contains infected objects;Will be deleted after restart.; {5E3B33F5-93F3-4BD4-9506-4259845A5B93}.qbd\data001;C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{DA2C6;Tool.PassView.604;; {5E3B33F5-93F3-4BD4-9506-4259845A5B93}.qbd;C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{DA2C6;Container contains infected objects;Will be deleted after restart.; {03F24764-056A-4E14-95FD-1513FB5441B1}.qbd\data001;C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{E5A8B;Tool.PassView.663;; {03F24764-056A-4E14-95FD-1513FB5441B1}.qbd;C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{E5A8B;Container contains infected objects;Will be deleted after restart.; {41EDF389-CDDC-41DD-94C2-50114B8D1290}.qbd\data001;C:\Documents and Settings\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{0179D260-D925-4FAD-9CE;Tool.PassView.604;; {41EDF389-CDDC-41DD-94C2-50114B8D1290}.qbd;C:\Documents and Settings\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{0179D260-D925-4FAD-9CE;Container contains infected objects;Will be deleted after restart.; {336D336C-8C51-4373-8628-156E134FEC4B}.qbd\data001;C:\Documents and Settings\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{0437CF22-96F0-4FB2-B3C;Tool.ShowPass;; {336D336C-8C51-4373-8628-156E134FEC4B}.qbd;C:\Documents and Settings\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{0437CF22-96F0-4FB2-B3C;Container contains infected objects;Will be deleted after restart.; {73582721-8EB3-499C-A0E0-68A9B7F83CE0}.qbd\data001;C:\Documents and Settings\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{1E0DAA98-9C1D-4F34-B76;Tool.PassView.604;; {73582721-8EB3-499C-A0E0-68A9B7F83CE0}.qbd;C:\Documents and Settings\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{1E0DAA98-9C1D-4F34-B76;Container contains infected objects;Will be deleted after restart.; {9B26E2A9-CDF7-48C6-8815-4438779DB2BB}.qbd\data001;C:\Documents and Settings\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{1FCB473C-091A-4026-ABE;Tool.ShowPass;; {9B26E2A9-CDF7-48C6-8815-4438779DB2BB}.qbd;C:\Documents and Settings\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{1FCB473C-091A-4026-ABE;Container contains infected objects;Will be deleted after restart.; {96E2D1AA-1605-449E-B968-0349827FB077}.qbd\data001;C:\Documents and Settings\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{2239DC28-8367-4E02-A07;Tool.ShowPass;; {96E2D1AA-1605-449E-B968-0349827FB077}.qbd;C:\Documents and Settings\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{2239DC28-8367-4E02-A07;Container contains infected objects;Will be deleted after restart.; {30252591-5D6A-4A7D-9831-2D9D4D4F63B0}.qbd\data001;C:\Documents and Settings\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{2E23F33D-3575-477F-BBB;Tool.MailPassView.218;; {30252591-5D6A-4A7D-9831-2D9D4D4F63B0}.qbd;C:\Documents and Settings\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{2E23F33D-3575-477F-BBB;Container contains infected objects;Will be deleted after restart.; {75D30958-F1A0-4879-8967-20F833BBAC23}.qbd\data001;C:\Documents and Settings\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{2E56211E-308D-46C5-A0A;Tool.MailPassView.218;; {75D30958-F1A0-4879-8967-20F833BBAC23}.qbd;C:\Documents and Settings\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{2E56211E-308D-46C5-A0A;Container contains infected objects;Will be deleted after restart.; {FF52887A-4422-4C6E-B80B-7A1DB684A70D}.qbd\data001;C:\Documents and Settings\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{31BB6F5E-2AF2-4614-89F;Tool.PassView.663;; {FF52887A-4422-4C6E-B80B-7A1DB684A70D}.qbd;C:\Documents and Settings\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{31BB6F5E-2AF2-4614-89F;Container contains infected objects;Will be deleted after restart.; {D1EFA2D5-0927-449D-99D0-93C2E14E5C4F}.qbd\data001;C:\Documents and Settings\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{4A959C0B-9D31-44F0-89F;Tool.PassView.604;; {D1EFA2D5-0927-449D-99D0-93C2E14E5C4F}.qbd;C:\Documents and Settings\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{4A959C0B-9D31-44F0-89F;Container contains infected objects;Will be deleted after restart.; {EF7E881D-2955-421F-B1AE-6D3F630684B3}.qbd\data001;C:\Documents and Settings\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{4CED6AA8-4B09-4988-800;Tool.PassView.663;; {EF7E881D-2955-421F-B1AE-6D3F630684B3}.qbd;C:\Documents and Settings\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{4CED6AA8-4B09-4988-800;Container contains infected objects;Will be deleted after restart.; {FDCD9A2D-4046-497B-96C4-D5BF8B29EDC6}.qbd\data001;C:\Documents and Settings\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{607DC1A2-6442-48B0-907;Tool.ShowPass;; {FDCD9A2D-4046-497B-96C4-D5BF8B29EDC6}.qbd;C:\Documents and Settings\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{607DC1A2-6442-48B0-907;Container contains infected objects;Will be deleted after restart.; {A69A2F1F-1C4E-4128-A461-35B261C25BDB}.qbd\data001;C:\Documents and Settings\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{9D1EF5CF-DA7C-4C8F-AAC;Tool.MailPassView.218;; {A69A2F1F-1C4E-4128-A461-35B261C25BDB}.qbd;C:\Documents and Settings\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{9D1EF5CF-DA7C-4C8F-AAC;Container contains infected objects;Will be deleted after restart.; {3BCB2260-BA62-4D52-BD16-F78CF9461053}.qbd\data001;C:\Documents and Settings\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{ACF49A6D-917F-4FCE-AB8;Tool.MailPass.7;; {3BCB2260-BA62-4D52-BD16-F78CF9461053}.qbd;C:\Documents and Settings\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{ACF49A6D-917F-4FCE-AB8;Container contains infected objects;Will be deleted after restart.; {2F3B84D4-592E-4362-AF44-E6A48C7AE15A}.qbd\data001;C:\Documents and Settings\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{C126B276-A67E-4332-966;Tool.ShowPass;; {2F3B84D4-592E-4362-AF44-E6A48C7AE15A}.qbd;C:\Documents and Settings\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{C126B276-A67E-4332-966;Container contains infected objects;Will be deleted after restart.; {5E3B33F5-93F3-4BD4-9506-4259845A5B93}.qbd\data001;C:\Documents and Settings\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{DA2C626B-AEB0-4F95-B06;Tool.PassView.604;; {5E3B33F5-93F3-4BD4-9506-4259845A5B93}.qbd;C:\Documents and Settings\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{DA2C626B-AEB0-4F95-B06;Container contains infected objects;Will be deleted after restart.; {03F24764-056A-4E14-95FD-1513FB5441B1}.qbd\data001;C:\Documents and Settings\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{E5A8B5DA-8186-48EC-8A1;Tool.PassView.663;; {03F24764-056A-4E14-95FD-1513FB5441B1}.qbd;C:\Documents and Settings\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{E5A8B5DA-8186-48EC-8A1;Container contains infected objects;Will be deleted after restart.; install.rdf;C:\Documents and Settings\owner\AppData\Roaming\Mozilla\Firefox\Profiles\ttz7prjd.default\extensions\{6cfa2c5b-274f-4d68-a6e4-b;Adware.FreeCause.3;Invalid path to file ; const.js;C:\Documents and Settings\owner\AppData\Roaming\Mozilla\Firefox\Profiles\ttz7prjd.default\extensions\{6cfa2c5b-274f-4d68-a6e4-b;Adware.Bho.3783;Invalid path to file ; settings.xml;C:\Documents and Settings\owner\AppData\Roaming\Mozilla\Firefox\Profiles\ttz7prjd.default\extensions\{6cfa2c5b-274f-4d68-a6e4-b;Adware.Shopper.232;Invalid path to file ; install.rdf;C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\ttz7prjd.default\extensions\{6cfa2c5b-274f-4d68-a6e4-;Adware.FreeCause.3;Invalid path to file ; const.js;C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\ttz7prjd.default\extensions\{6cfa2c5b-274f-4d68-a6e4-;Adware.Bho.3783;Invalid path to file ; settings.xml;C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\ttz7prjd.default\extensions\{6cfa2c5b-274f-4d68-a6e4-;Adware.Shopper.232;Invalid path to file ; OTL.exe;C:\Documents and Settings\owner\Desktop;Trojan.Siggen4.14927;Incurable.Moved.; mzcv.exe;C:\Documents and Settings\owner\Desktop\MY MRI\brtools;Tool.CookieView.2;Invalid path to file ; tftpd32.exe;C:\Documents and Settings\owner\Desktop\nettyPE_2011_11_07\winbuilder project folder!\Programs\Tftpd32;Program.Ftpd.2 - read error;Invalid path to file ; BadPlugin.exe;C:\Documents and Settings\owner\Desktop\new junk\Joeys Junk II\Tor Browser\FirefoxPortable\App\Firefox;Trojan.Click2.25892;Deleted.; BadPlugin.exe;C:\Documents and Settings\owner\Desktop\new junk\Tor Browser\FirefoxPortable\App\Firefox;Trojan.Click2.25892;Deleted.; mzcv.exe;C:\Documents and Settings\owner\Desktop\Nirsoft utilities\brtools;Tool.CookieView.2;Invalid path to file ; mzcv.exe;C:\Documents and Settings\owner\Desktop\Nirsoft utilities\mzcv;Tool.CookieView.2;Invalid path to file ; BulletsPassView.exe;C:\Documents and Settings\owner\Desktop\Nirsoft utilities\passrec;Tool.PassView.614;Invalid path to file ; OTL.exe;C:\Documents and Settings\owner\DoctorWeb\Quarantine;Trojan.Siggen4.14927;Incurable.Moved.; {03F24764-056A-4E14-95FD-1513FB5441B10.qbd\data001;C:\Documents and Settings\owner\DoctorWeb\Quarantine\{03F24764-056A-4E14-95FD-1513FB5441B10.qbd;Tool.PassView.663;; {03F24764-056A-4E14-95FD-1513FB5441B10.qbd;C:\Documents and Settings\owner\DoctorWeb\Quarantine;Container contains infected objects;Moved.; {03F24764-056A-4E14-95FD-1513FB5441B1}.qbd\data001;C:\Documents and Settings\owner\DoctorWeb\Quarantine\{03F24764-056A-4E14-95FD-1513FB5441B1}.qbd;Tool.PassView.663;; {03F24764-056A-4E14-95FD-1513FB5441B1}.qbd;C:\Documents and Settings\owner\DoctorWeb\Quarantine;Container contains infected objects;Moved.; {2F3B84D4-592E-4362-AF44-E6A48C7AE15A0.qbd\data001;C:\Documents and Settings\owner\DoctorWeb\Quarantine\{2F3B84D4-592E-4362-AF44-E6A48C7AE15A0.qbd;Tool.ShowPass;; {2F3B84D4-592E-4362-AF44-E6A48C7AE15A0.qbd;C:\Documents and Settings\owner\DoctorWeb\Quarantine;Container contains infected objects;Moved.; {2F3B84D4-592E-4362-AF44-E6A48C7AE15A}.qbd\data001;C:\Documents and Settings\owner\DoctorWeb\Quarantine\{2F3B84D4-592E-4362-AF44-E6A48C7AE15A}.qbd;Tool.ShowPass;; {2F3B84D4-592E-4362-AF44-E6A48C7AE15A}.qbd;C:\Documents and Settings\owner\DoctorWeb\Quarantine;Container contains infected objects;Moved.; {30252591-5D6A-4A7D-9831-2D9D4D4F63B00.qbd\data001;C:\Documents and Settings\owner\DoctorWeb\Quarantine\{30252591-5D6A-4A7D-9831-2D9D4D4F63B00.qbd;Tool.MailPassView.218;; {30252591-5D6A-4A7D-9831-2D9D4D4F63B00.qbd;C:\Documents and Settings\owner\DoctorWeb\Quarantine;Container contains infected objects;Moved.; {30252591-5D6A-4A7D-9831-2D9D4D4F63B0}.qbd\data001;C:\Documents and Settings\owner\DoctorWeb\Quarantine\{30252591-5D6A-4A7D-9831-2D9D4D4F63B0}.qbd;Tool.MailPassView.218;; {30252591-5D6A-4A7D-9831-2D9D4D4F63B0}.qbd;C:\Documents and Settings\owner\DoctorWeb\Quarantine;Container contains infected objects;Moved.; {336D336C-8C51-4373-8628-156E134FEC4B0.qbd\data001;C:\Documents and Settings\owner\DoctorWeb\Quarantine\{336D336C-8C51-4373-8628-156E134FEC4B0.qbd;Tool.ShowPass;; {336D336C-8C51-4373-8628-156E134FEC4B0.qbd;C:\Documents and Settings\owner\DoctorWeb\Quarantine;Container contains infected objects;Moved.; {336D336C-8C51-4373-8628-156E134FEC4B}.qbd\data001;C:\Documents and Settings\owner\DoctorWeb\Quarantine\{336D336C-8C51-4373-8628-156E134FEC4B}.qbd;Tool.ShowPass;; {336D336C-8C51-4373-8628-156E134FEC4B}.qbd;C:\Documents and Settings\owner\DoctorWeb\Quarantine;Container contains infected objects;Moved.; {3BCB2260-BA62-4D52-BD16-F78CF94610530.qbd\data001;C:\Documents and Settings\owner\DoctorWeb\Quarantine\{3BCB2260-BA62-4D52-BD16-F78CF94610530.qbd;Tool.MailPass.7;; {3BCB2260-BA62-4D52-BD16-F78CF94610530.qbd;C:\Documents and Settings\owner\DoctorWeb\Quarantine;Container contains infected objects;Moved.; {3BCB2260-BA62-4D52-BD16-F78CF9461053}.qbd\data001;C:\Documents and Settings\owner\DoctorWeb\Quarantine\{3BCB2260-BA62-4D52-BD16-F78CF9461053}.qbd;Tool.MailPass.7;; {3BCB2260-BA62-4D52-BD16-F78CF9461053}.qbd;C:\Documents and Settings\owner\DoctorWeb\Quarantine;Container contains infected objects;Moved.; {41EDF389-CDDC-41DD-94C2-50114B8D12900.qbd\data001;C:\Documents and Settings\owner\DoctorWeb\Quarantine\{41EDF389-CDDC-41DD-94C2-50114B8D12900.qbd;Tool.PassView.604;; {41EDF389-CDDC-41DD-94C2-50114B8D12900.qbd;C:\Documents and Settings\owner\DoctorWeb\Quarantine;Container contains infected objects;Moved.; {41EDF389-CDDC-41DD-94C2-50114B8D1290}.qbd\data001;C:\Documents and Settings\owner\DoctorWeb\Quarantine\{41EDF389-CDDC-41DD-94C2-50114B8D1290}.qbd;Tool.PassView.604;; {41EDF389-CDDC-41DD-94C2-50114B8D1290}.qbd;C:\Documents and Settings\owner\DoctorWeb\Quarantine;Container contains infected objects;Moved.; {5E3B33F5-93F3-4BD4-9506-4259845A5B930.qbd\data001;C:\Documents and Settings\owner\DoctorWeb\Quarantine\{5E3B33F5-93F3-4BD4-9506-4259845A5B930.qbd;Tool.PassView.604;; {5E3B33F5-93F3-4BD4-9506-4259845A5B930.qbd;C:\Documents and Settings\owner\DoctorWeb\Quarantine;Container contains infected objects;Moved.; {5E3B33F5-93F3-4BD4-9506-4259845A5B93}.qbd\data001;C:\Documents and Settings\owner\DoctorWeb\Quarantine\{5E3B33F5-93F3-4BD4-9506-4259845A5B93}.qbd;Tool.PassView.604;; {5E3B33F5-93F3-4BD4-9506-4259845A5B93}.qbd;C:\Documents and Settings\owner\DoctorWeb\Quarantine;Container contains infected objects;Moved.; {73582721-8EB3-499C-A0E0-68A9B7F83CE00.qbd\data001;C:\Documents and Settings\owner\DoctorWeb\Quarantine\{73582721-8EB3-499C-A0E0-68A9B7F83CE00.qbd;Tool.PassView.604;; {73582721-8EB3-499C-A0E0-68A9B7F83CE00.qbd;C:\Documents and Settings\owner\DoctorWeb\Quarantine;Container contains infected objects;Moved.; {73582721-8EB3-499C-A0E0-68A9B7F83CE0}.qbd\data001;C:\Documents and Settings\owner\DoctorWeb\Quarantine\{73582721-8EB3-499C-A0E0-68A9B7F83CE0}.qbd;Tool.PassView.604;; {73582721-8EB3-499C-A0E0-68A9B7F83CE0}.qbd;C:\Documents and Settings\owner\DoctorWeb\Quarantine;Container contains infected objects;Moved.; {75D30958-F1A0-4879-8967-20F833BBAC230.qbd\data001;C:\Documents and Settings\owner\DoctorWeb\Quarantine\{75D30958-F1A0-4879-8967-20F833BBAC230.qbd;Tool.MailPassView.218;; {75D30958-F1A0-4879-8967-20F833BBAC230.qbd;C:\Documents and Settings\owner\DoctorWeb\Quarantine;Container contains infected objects;Moved.; {75D30958-F1A0-4879-8967-20F833BBAC23}.qbd\data001;C:\Documents and Settings\owner\DoctorWeb\Quarantine\{75D30958-F1A0-4879-8967-20F833BBAC23}.qbd;Tool.MailPassView.218;; {75D30958-F1A0-4879-8967-20F833BBAC23}.qbd;C:\Documents and Settings\owner\DoctorWeb\Quarantine;Container contains infected objects;Moved.; {96E2D1AA-1605-449E-B968-0349827FB0770.qbd\data001;C:\Documents and Settings\owner\DoctorWeb\Quarantine\{96E2D1AA-1605-449E-B968-0349827FB0770.qbd;Tool.ShowPass;; {96E2D1AA-1605-449E-B968-0349827FB0770.qbd;C:\Documents and Settings\owner\DoctorWeb\Quarantine;Container contains infected objects;Moved.; {96E2D1AA-1605-449E-B968-0349827FB077}.qbd\data001;C:\Documents and Settings\owner\DoctorWeb\Quarantine\{96E2D1AA-1605-449E-B968-0349827FB077}.qbd;Tool.ShowPass;; {96E2D1AA-1605-449E-B968-0349827FB077}.qbd;C:\Documents and Settings\owner\DoctorWeb\Quarantine;Container contains infected objects;Moved.; {9B26E2A9-CDF7-48C6-8815-4438779DB2BB0.qbd\data001;C:\Documents and Settings\owner\DoctorWeb\Quarantine\{9B26E2A9-CDF7-48C6-8815-4438779DB2BB0.qbd;Tool.ShowPass;; {9B26E2A9-CDF7-48C6-8815-4438779DB2BB0.qbd;C:\Documents and Settings\owner\DoctorWeb\Quarantine;Container contains infected objects;Moved.; {9B26E2A9-CDF7-48C6-8815-4438779DB2BB}.qbd\data001;C:\Documents and Settings\owner\DoctorWeb\Quarantine\{9B26E2A9-CDF7-48C6-8815-4438779DB2BB}.qbd;Tool.ShowPass;; {9B26E2A9-CDF7-48C6-8815-4438779DB2BB}.qbd;C:\Documents and Settings\owner\DoctorWeb\Quarantine;Container contains infected objects;Moved.; {A69A2F1F-1C4E-4128-A461-35B261C25BDB0.qbd\data001;C:\Documents and Settings\owner\DoctorWeb\Quarantine\{A69A2F1F-1C4E-4128-A461-35B261C25BDB0.qbd;Tool.MailPassView.218;; {A69A2F1F-1C4E-4128-A461-35B261C25BDB0.qbd;C:\Documents and Settings\owner\DoctorWeb\Quarantine;Container contains infected objects;Moved.; {A69A2F1F-1C4E-4128-A461-35B261C25BDB}.qbd\data001;C:\Documents and Settings\owner\DoctorWeb\Quarantine\{A69A2F1F-1C4E-4128-A461-35B261C25BDB}.qbd;Tool.MailPassView.218;; {A69A2F1F-1C4E-4128-A461-35B261C25BDB}.qbd;C:\Documents and Settings\owner\DoctorWeb\Quarantine;Container contains infected objects;Moved.; {D1EFA2D5-0927-449D-99D0-93C2E14E5C4F0.qbd\data001;C:\Documents and Settings\owner\DoctorWeb\Quarantine\{D1EFA2D5-0927-449D-99D0-93C2E14E5C4F0.qbd;Tool.PassView.604;; {D1EFA2D5-0927-449D-99D0-93C2E14E5C4F0.qbd;C:\Documents and Settings\owner\DoctorWeb\Quarantine;Container contains infected objects;Moved.; {D1EFA2D5-0927-449D-99D0-93C2E14E5C4F}.qbd\data001;C:\Documents and Settings\owner\DoctorWeb\Quarantine\{D1EFA2D5-0927-449D-99D0-93C2E14E5C4F}.qbd;Tool.PassView.604;; {D1EFA2D5-0927-449D-99D0-93C2E14E5C4F}.qbd;C:\Documents and Settings\owner\DoctorWeb\Quarantine;Container contains infected objects;Moved.; {EF7E881D-2955-421F-B1AE-6D3F630684B30.qbd\data001;C:\Documents and Settings\owner\DoctorWeb\Quarantine\{EF7E881D-2955-421F-B1AE-6D3F630684B30.qbd;Tool.PassView.663;; {EF7E881D-2955-421F-B1AE-6D3F630684B30.qbd;C:\Documents and Settings\owner\DoctorWeb\Quarantine;Container contains infected objects;Moved.; {EF7E881D-2955-421F-B1AE-6D3F630684B3}.qbd\data001;C:\Documents and Settings\owner\DoctorWeb\Quarantine\{EF7E881D-2955-421F-B1AE-6D3F630684B3}.qbd;Tool.PassView.663;; {EF7E881D-2955-421F-B1AE-6D3F630684B3}.qbd;C:\Documents and Settings\owner\DoctorWeb\Quarantine;Container contains infected objects;Moved.; {FDCD9A2D-4046-497B-96C4-D5BF8B29EDC60.qbd\data001;C:\Documents and Settings\owner\DoctorWeb\Quarantine\{FDCD9A2D-4046-497B-96C4-D5BF8B29EDC60.qbd;Tool.ShowPass;; {FDCD9A2D-4046-497B-96C4-D5BF8B29EDC60.qbd;C:\Documents and Settings\owner\DoctorWeb\Quarantine;Container contains infected objects;Moved.; {FDCD9A2D-4046-497B-96C4-D5BF8B29EDC6}.qbd\data001;C:\Documents and Settings\owner\DoctorWeb\Quarantine\{FDCD9A2D-4046-497B-96C4-D5BF8B29EDC6}.qbd;Tool.ShowPass;; {FDCD9A2D-4046-497B-96C4-D5BF8B29EDC6}.qbd;C:\Documents and Settings\owner\DoctorWeb\Quarantine;Container contains infected objects;Moved.; {FF52887A-4422-4C6E-B80B-7A1DB684A70D0.qbd\data001;C:\Documents and Settings\owner\DoctorWeb\Quarantine\{FF52887A-4422-4C6E-B80B-7A1DB684A70D0.qbd;Tool.PassView.663;; {FF52887A-4422-4C6E-B80B-7A1DB684A70D0.qbd;C:\Documents and Settings\owner\DoctorWeb\Quarantine;Container contains infected objects;Moved.; {FF52887A-4422-4C6E-B80B-7A1DB684A70D}.qbd\data001;C:\Documents and Settings\owner\DoctorWeb\Quarantine\{FF52887A-4422-4C6E-B80B-7A1DB684A70D}.qbd;Tool.PassView.663;; {FF52887A-4422-4C6E-B80B-7A1DB684A70D}.qbd;C:\Documents and Settings\owner\DoctorWeb\Quarantine;Container contains infected objects;Moved.; tftpd32.exe;C:\nettyPE_2011_11_07\Temp\Win7PE_SE\Tftpd32;Program.Ftpd.2 - read error;Invalid path to file ; {41EDF389-CDDC-41DD-94C2-50114B8D1290}.qbd\data001;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{0179D260-D925-4FAD-9CE1-E5E5EE774829}\{41ED;Tool.PassView.604;; {41EDF389-CDDC-41DD-94C2-50114B8D1290}.qbd;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{0179D260-D925-4FAD-9CE1-E5E5EE774829};Container contains infected objects;Will be deleted after restart.; {336D336C-8C51-4373-8628-156E134FEC4B}.qbd\data001;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{0437CF22-96F0-4FB2-B3C6-C0224BE65E68}\{336D;Tool.ShowPass;; {336D336C-8C51-4373-8628-156E134FEC4B}.qbd;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{0437CF22-96F0-4FB2-B3C6-C0224BE65E68};Container contains infected objects;Will be deleted after restart.; {73582721-8EB3-499C-A0E0-68A9B7F83CE0}.qbd\data001;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{1E0DAA98-9C1D-4F34-B765-13861B475964}\{7358;Tool.PassView.604;; {73582721-8EB3-499C-A0E0-68A9B7F83CE0}.qbd;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{1E0DAA98-9C1D-4F34-B765-13861B475964};Container contains infected objects;Will be deleted after restart.; {9B26E2A9-CDF7-48C6-8815-4438779DB2BB}.qbd\data001;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{1FCB473C-091A-4026-ABE4-EBF8D57EA767}\{9B26;Tool.ShowPass;; {9B26E2A9-CDF7-48C6-8815-4438779DB2BB}.qbd;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{1FCB473C-091A-4026-ABE4-EBF8D57EA767};Container contains infected objects;Will be deleted after restart.; {96E2D1AA-1605-449E-B968-0349827FB077}.qbd\data001;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{2239DC28-8367-4E02-A07F-9EF25B1BD9F0}\{96E2;Tool.ShowPass;; {96E2D1AA-1605-449E-B968-0349827FB077}.qbd;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{2239DC28-8367-4E02-A07F-9EF25B1BD9F0};Container contains infected objects;Will be deleted after restart.; {30252591-5D6A-4A7D-9831-2D9D4D4F63B0}.qbd\data001;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{2E23F33D-3575-477F-BBB4-014604B8C410}\{3025;Tool.MailPassView.218;; {30252591-5D6A-4A7D-9831-2D9D4D4F63B0}.qbd;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{2E23F33D-3575-477F-BBB4-014604B8C410};Container contains infected objects;Will be deleted after restart.; {75D30958-F1A0-4879-8967-20F833BBAC23}.qbd\data001;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{2E56211E-308D-46C5-A0A9-D25D09A338DB}\{75D3;Tool.MailPassView.218;; {75D30958-F1A0-4879-8967-20F833BBAC23}.qbd;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{2E56211E-308D-46C5-A0A9-D25D09A338DB};Container contains infected objects;Will be deleted after restart.; {FF52887A-4422-4C6E-B80B-7A1DB684A70D}.qbd\data001;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{31BB6F5E-2AF2-4614-89FA-1F1687E3770A}\{FF52;Tool.PassView.663;; {FF52887A-4422-4C6E-B80B-7A1DB684A70D}.qbd;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{31BB6F5E-2AF2-4614-89FA-1F1687E3770A};Container contains infected objects;Will be deleted after restart.; {D1EFA2D5-0927-449D-99D0-93C2E14E5C4F}.qbd\data001;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{4A959C0B-9D31-44F0-89FF-6D1F711BAB95}\{D1EF;Tool.PassView.604;; {D1EFA2D5-0927-449D-99D0-93C2E14E5C4F}.qbd;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{4A959C0B-9D31-44F0-89FF-6D1F711BAB95};Container contains infected objects;Will be deleted after restart.; {EF7E881D-2955-421F-B1AE-6D3F630684B3}.qbd\data001;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{4CED6AA8-4B09-4988-8006-C092D900BC0F}\{EF7E;Tool.PassView.663;; {EF7E881D-2955-421F-B1AE-6D3F630684B3}.qbd;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{4CED6AA8-4B09-4988-8006-C092D900BC0F};Container contains infected objects;Will be deleted after restart.; {FDCD9A2D-4046-497B-96C4-D5BF8B29EDC6}.qbd\data001;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{607DC1A2-6442-48B0-9077-2F46AC497961}\{FDCD;Tool.ShowPass;; {FDCD9A2D-4046-497B-96C4-D5BF8B29EDC6}.qbd;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{607DC1A2-6442-48B0-9077-2F46AC497961};Container contains infected objects;Will be deleted after restart.; {A69A2F1F-1C4E-4128-A461-35B261C25BDB}.qbd\data001;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{9D1EF5CF-DA7C-4C8F-AACF-9C426D07AAA9}\{A69A;Tool.MailPassView.218;; {A69A2F1F-1C4E-4128-A461-35B261C25BDB}.qbd;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{9D1EF5CF-DA7C-4C8F-AACF-9C426D07AAA9};Container contains infected objects;Will be deleted after restart.; {3BCB2260-BA62-4D52-BD16-F78CF9461053}.qbd\data001;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{ACF49A6D-917F-4FCE-AB8D-30142D26C632}\{3BCB;Tool.MailPass.7;; {3BCB2260-BA62-4D52-BD16-F78CF9461053}.qbd;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{ACF49A6D-917F-4FCE-AB8D-30142D26C632};Container contains infected objects;Will be deleted after restart.; {2F3B84D4-592E-4362-AF44-E6A48C7AE15A}.qbd\data001;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{C126B276-A67E-4332-9666-683563B93C97}\{2F3B;Tool.ShowPass;; {2F3B84D4-592E-4362-AF44-E6A48C7AE15A}.qbd;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{C126B276-A67E-4332-9666-683563B93C97};Container contains infected objects;Will be deleted after restart.; {5E3B33F5-93F3-4BD4-9506-4259845A5B93}.qbd\data001;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{DA2C626B-AEB0-4F95-B06D-0DF7BA6DCB1E}\{5E3B;Tool.PassView.604;; {5E3B33F5-93F3-4BD4-9506-4259845A5B93}.qbd;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{DA2C626B-AEB0-4F95-B06D-0DF7BA6DCB1E};Container contains infected objects;Will be deleted after restart.; {03F24764-056A-4E14-95FD-1513FB5441B1}.qbd\data001;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{E5A8B5DA-8186-48EC-8A14-3B43B5821120}\{03F2;Tool.PassView.663;; {03F24764-056A-4E14-95FD-1513FB5441B1}.qbd;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{E5A8B5DA-8186-48EC-8A14-3B43B5821120};Container contains infected objects;Will be deleted after restart.; {41EDF389-CDDC-41DD-94C2-50114B8D1290}.qbd\data001;C:\Users\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{0179D260-D925-4FAD-9CE1-E5E5EE774829}\{;Tool.PassView.604;; {41EDF389-CDDC-41DD-94C2-50114B8D1290}.qbd;C:\Users\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{0179D260-D925-4FAD-9CE1-E5E5EE774829};Container contains infected objects;Will be deleted after restart.; {336D336C-8C51-4373-8628-156E134FEC4B}.qbd\data001;C:\Users\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{0437CF22-96F0-4FB2-B3C6-C0224BE65E68}\{;Tool.ShowPass;; {336D336C-8C51-4373-8628-156E134FEC4B}.qbd;C:\Users\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{0437CF22-96F0-4FB2-B3C6-C0224BE65E68};Container contains infected objects;Will be deleted after restart.; {73582721-8EB3-499C-A0E0-68A9B7F83CE0}.qbd\data001;C:\Users\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{1E0DAA98-9C1D-4F34-B765-13861B475964}\{;Tool.PassView.604;; {73582721-8EB3-499C-A0E0-68A9B7F83CE0}.qbd;C:\Users\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{1E0DAA98-9C1D-4F34-B765-13861B475964};Container contains infected objects;Will be deleted after restart.; {9B26E2A9-CDF7-48C6-8815-4438779DB2BB}.qbd\data001;C:\Users\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{1FCB473C-091A-4026-ABE4-EBF8D57EA767}\{;Tool.ShowPass;; {9B26E2A9-CDF7-48C6-8815-4438779DB2BB}.qbd;C:\Users\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{1FCB473C-091A-4026-ABE4-EBF8D57EA767};Container contains infected objects;Will be deleted after restart.; {96E2D1AA-1605-449E-B968-0349827FB077}.qbd\data001;C:\Users\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{2239DC28-8367-4E02-A07F-9EF25B1BD9F0}\{;Tool.ShowPass;; {96E2D1AA-1605-449E-B968-0349827FB077}.qbd;C:\Users\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{2239DC28-8367-4E02-A07F-9EF25B1BD9F0};Container contains infected objects;Will be deleted after restart.; {30252591-5D6A-4A7D-9831-2D9D4D4F63B0}.qbd\data001;C:\Users\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{2E23F33D-3575-477F-BBB4-014604B8C410}\{;Tool.MailPassView.218;; {30252591-5D6A-4A7D-9831-2D9D4D4F63B0}.qbd;C:\Users\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{2E23F33D-3575-477F-BBB4-014604B8C410};Container contains infected objects;Will be deleted after restart.; {75D30958-F1A0-4879-8967-20F833BBAC23}.qbd\data001;C:\Users\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{2E56211E-308D-46C5-A0A9-D25D09A338DB}\{;Tool.MailPassView.218;; {75D30958-F1A0-4879-8967-20F833BBAC23}.qbd;C:\Users\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{2E56211E-308D-46C5-A0A9-D25D09A338DB};Container contains infected objects;Will be deleted after restart.; {FF52887A-4422-4C6E-B80B-7A1DB684A70D}.qbd\data001;C:\Users\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{31BB6F5E-2AF2-4614-89FA-1F1687E3770A}\{;Tool.PassView.663;; {FF52887A-4422-4C6E-B80B-7A1DB684A70D}.qbd;C:\Users\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{31BB6F5E-2AF2-4614-89FA-1F1687E3770A};Container contains infected objects;Will be deleted after restart.; {D1EFA2D5-0927-449D-99D0-93C2E14E5C4F}.qbd\data001;C:\Users\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{4A959C0B-9D31-44F0-89FF-6D1F711BAB95}\{;Tool.PassView.604;; {D1EFA2D5-0927-449D-99D0-93C2E14E5C4F}.qbd;C:\Users\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{4A959C0B-9D31-44F0-89FF-6D1F711BAB95};Container contains infected objects;Will be deleted after restart.; {EF7E881D-2955-421F-B1AE-6D3F630684B3}.qbd\data001;C:\Users\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{4CED6AA8-4B09-4988-8006-C092D900BC0F}\{;Tool.PassView.663;; {EF7E881D-2955-421F-B1AE-6D3F630684B3}.qbd;C:\Users\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{4CED6AA8-4B09-4988-8006-C092D900BC0F};Container contains infected objects;Will be deleted after restart.; {FDCD9A2D-4046-497B-96C4-D5BF8B29EDC6}.qbd\data001;C:\Users\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{607DC1A2-6442-48B0-9077-2F46AC497961}\{;Tool.ShowPass;; {FDCD9A2D-4046-497B-96C4-D5BF8B29EDC6}.qbd;C:\Users\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{607DC1A2-6442-48B0-9077-2F46AC497961};Container contains infected objects;Will be deleted after restart.; {A69A2F1F-1C4E-4128-A461-35B261C25BDB}.qbd\data001;C:\Users\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{9D1EF5CF-DA7C-4C8F-AACF-9C426D07AAA9}\{;Tool.MailPassView.218;; {A69A2F1F-1C4E-4128-A461-35B261C25BDB}.qbd;C:\Users\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{9D1EF5CF-DA7C-4C8F-AACF-9C426D07AAA9};Container contains infected objects;Will be deleted after restart.; {3BCB2260-BA62-4D52-BD16-F78CF9461053}.qbd\data001;C:\Users\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{ACF49A6D-917F-4FCE-AB8D-30142D26C632}\{;Tool.MailPass.7;; {3BCB2260-BA62-4D52-BD16-F78CF9461053}.qbd;C:\Users\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{ACF49A6D-917F-4FCE-AB8D-30142D26C632};Container contains infected objects;Will be deleted after restart.; {2F3B84D4-592E-4362-AF44-E6A48C7AE15A}.qbd\data001;C:\Users\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{C126B276-A67E-4332-9666-683563B93C97}\{;Tool.ShowPass;; {2F3B84D4-592E-4362-AF44-E6A48C7AE15A}.qbd;C:\Users\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{C126B276-A67E-4332-9666-683563B93C97};Container contains infected objects;Will be deleted after restart.; {5E3B33F5-93F3-4BD4-9506-4259845A5B93}.qbd\data001;C:\Users\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{DA2C626B-AEB0-4F95-B06D-0DF7BA6DCB1E}\{;Tool.PassView.604;; {5E3B33F5-93F3-4BD4-9506-4259845A5B93}.qbd;C:\Users\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{DA2C626B-AEB0-4F95-B06D-0DF7BA6DCB1E};Container contains infected objects;Will be deleted after restart.; {03F24764-056A-4E14-95FD-1513FB5441B1}.qbd\data001;C:\Users\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{E5A8B5DA-8186-48EC-8A14-3B43B5821120}\{;Tool.PassView.663;; {03F24764-056A-4E14-95FD-1513FB5441B1}.qbd;C:\Users\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{E5A8B5DA-8186-48EC-8A14-3B43B5821120};Container contains infected objects;Will be deleted after restart.; install.rdf;C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\ttz7prjd.default\extensions\{6cfa2c5b-274f-4d68-a6e4-bfb31acd5ee4};Adware.FreeCause.3;Incurable.Moved.; const.js;C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\ttz7prjd.default\extensions\{6cfa2c5b-274f-4d68-a6e4-bfb31acd5ee4}\chro;Adware.Bho.3783;Incurable.Moved.; settings.xml;C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\ttz7prjd.default\extensions\{6cfa2c5b-274f-4d68-a6e4-bfb31acd5ee4}\chro;Adware.Shopper.232;Incurable.Moved.; mzcv.exe;C:\Users\owner\Desktop\MY MRI\brtools;Tool.CookieView.2;Incurable.Moved.; mzcv.exe;C:\Users\owner\Desktop\Nirsoft utilities\brtools;Tool.CookieView.2;Incurable.Moved.; mzcv.exe;C:\Users\owner\Desktop\Nirsoft utilities\mzcv;Tool.CookieView.2;Incurable.Moved.; BulletsPassView.exe;C:\Users\owner\Desktop\Nirsoft utilities\passrec;Tool.PassView.614;Incurable.Moved.;

Link to post
Share on other sites
kjhabit

kjhabit

Posted
  • Author
Posted

thanks trying to repost this csv correctly....

{41EDF389-CDDC-41DD-94C2-50114B8D1290}.qbd\data001;C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{0179D;Tool.PassView.604;;

{41EDF389-CDDC-41DD-94C2-50114B8D1290}.qbd;C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{0179D;Container contains infected objects;Will be deleted after restart.;

{336D336C-8C51-4373-8628-156E134FEC4B}.qbd\data001;C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{0437C;Tool.ShowPass;;

{336D336C-8C51-4373-8628-156E134FEC4B}.qbd;C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{0437C;Container contains infected objects;Will be deleted after restart.;

{73582721-8EB3-499C-A0E0-68A9B7F83CE0}.qbd\data001;C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{1E0DA;Tool.PassView.604;;

{73582721-8EB3-499C-A0E0-68A9B7F83CE0}.qbd;C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{1E0DA;Container contains infected objects;Will be deleted after restart.;

{9B26E2A9-CDF7-48C6-8815-4438779DB2BB}.qbd\data001;C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{1FCB4;Tool.ShowPass;;

{9B26E2A9-CDF7-48C6-8815-4438779DB2BB}.qbd;C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{1FCB4;Container contains infected objects;Will be deleted after restart.;

{96E2D1AA-1605-449E-B968-0349827FB077}.qbd\data001;C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{2239D;Tool.ShowPass;;

{96E2D1AA-1605-449E-B968-0349827FB077}.qbd;C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{2239D;Container contains infected objects;Will be deleted after restart.;

{30252591-5D6A-4A7D-9831-2D9D4D4F63B0}.qbd\data001;C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{2E23F;Tool.MailPassView.218;;

{30252591-5D6A-4A7D-9831-2D9D4D4F63B0}.qbd;C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{2E23F;Container contains infected objects;Will be deleted after restart.;

{75D30958-F1A0-4879-8967-20F833BBAC23}.qbd\data001;C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{2E562;Tool.MailPassView.218;;

{75D30958-F1A0-4879-8967-20F833BBAC23}.qbd;C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{2E562;Container contains infected objects;Will be deleted after restart.;

{FF52887A-4422-4C6E-B80B-7A1DB684A70D}.qbd\data001;C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{31BB6;Tool.PassView.663;;

{FF52887A-4422-4C6E-B80B-7A1DB684A70D}.qbd;C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{31BB6;Container contains infected objects;Will be deleted after restart.;

{D1EFA2D5-0927-449D-99D0-93C2E14E5C4F}.qbd\data001;C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{4A959;Tool.PassView.604;;

{D1EFA2D5-0927-449D-99D0-93C2E14E5C4F}.qbd;C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{4A959;Container contains infected objects;Will be deleted after restart.;

{EF7E881D-2955-421F-B1AE-6D3F630684B3}.qbd\data001;C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{4CED6;Tool.PassView.663;;

{EF7E881D-2955-421F-B1AE-6D3F630684B3}.qbd;C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{4CED6;Container contains infected objects;Will be deleted after restart.;

{FDCD9A2D-4046-497B-96C4-D5BF8B29EDC6}.qbd\data001;C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{607DC;Tool.ShowPass;;

{FDCD9A2D-4046-497B-96C4-D5BF8B29EDC6}.qbd;C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{607DC;Container contains infected objects;Will be deleted after restart.;

{A69A2F1F-1C4E-4128-A461-35B261C25BDB}.qbd\data001;C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{9D1EF;Tool.MailPassView.218;;

{A69A2F1F-1C4E-4128-A461-35B261C25BDB}.qbd;C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{9D1EF;Container contains infected objects;Will be deleted after restart.;

{3BCB2260-BA62-4D52-BD16-F78CF9461053}.qbd\data001;C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{ACF49;Tool.MailPass.7;;

{3BCB2260-BA62-4D52-BD16-F78CF9461053}.qbd;C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{ACF49;Container contains infected objects;Will be deleted after restart.;

{2F3B84D4-592E-4362-AF44-E6A48C7AE15A}.qbd\data001;C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{C126B;Tool.ShowPass;;

{2F3B84D4-592E-4362-AF44-E6A48C7AE15A}.qbd;C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{C126B;Container contains infected objects;Will be deleted after restart.;

{5E3B33F5-93F3-4BD4-9506-4259845A5B93}.qbd\data001;C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{DA2C6;Tool.PassView.604;;

{5E3B33F5-93F3-4BD4-9506-4259845A5B93}.qbd;C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{DA2C6;Container contains infected objects;Will be deleted after restart.;

{03F24764-056A-4E14-95FD-1513FB5441B1}.qbd\data001;C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{E5A8B;Tool.PassView.663;;

{03F24764-056A-4E14-95FD-1513FB5441B1}.qbd;C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{E5A8B;Container contains infected objects;Will be deleted after restart.;

{41EDF389-CDDC-41DD-94C2-50114B8D1290}.qbd\data001;C:\Documents and Settings\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{0179D260-D925-4FAD-9CE;Tool.PassView.604;;

{41EDF389-CDDC-41DD-94C2-50114B8D1290}.qbd;C:\Documents and Settings\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{0179D260-D925-4FAD-9CE;Container contains infected objects;Will be deleted after restart.;

{336D336C-8C51-4373-8628-156E134FEC4B}.qbd\data001;C:\Documents and Settings\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{0437CF22-96F0-4FB2-B3C;Tool.ShowPass;;

{336D336C-8C51-4373-8628-156E134FEC4B}.qbd;C:\Documents and Settings\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{0437CF22-96F0-4FB2-B3C;Container contains infected objects;Will be deleted after restart.;

{73582721-8EB3-499C-A0E0-68A9B7F83CE0}.qbd\data001;C:\Documents and Settings\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{1E0DAA98-9C1D-4F34-B76;Tool.PassView.604;;

{73582721-8EB3-499C-A0E0-68A9B7F83CE0}.qbd;C:\Documents and Settings\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{1E0DAA98-9C1D-4F34-B76;Container contains infected objects;Will be deleted after restart.;

{9B26E2A9-CDF7-48C6-8815-4438779DB2BB}.qbd\data001;C:\Documents and Settings\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{1FCB473C-091A-4026-ABE;Tool.ShowPass;;

{9B26E2A9-CDF7-48C6-8815-4438779DB2BB}.qbd;C:\Documents and Settings\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{1FCB473C-091A-4026-ABE;Container contains infected objects;Will be deleted after restart.;

{96E2D1AA-1605-449E-B968-0349827FB077}.qbd\data001;C:\Documents and Settings\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{2239DC28-8367-4E02-A07;Tool.ShowPass;;

{96E2D1AA-1605-449E-B968-0349827FB077}.qbd;C:\Documents and Settings\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{2239DC28-8367-4E02-A07;Container contains infected objects;Will be deleted after restart.;

{30252591-5D6A-4A7D-9831-2D9D4D4F63B0}.qbd\data001;C:\Documents and Settings\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{2E23F33D-3575-477F-BBB;Tool.MailPassView.218;;

{30252591-5D6A-4A7D-9831-2D9D4D4F63B0}.qbd;C:\Documents and Settings\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{2E23F33D-3575-477F-BBB;Container contains infected objects;Will be deleted after restart.;

{75D30958-F1A0-4879-8967-20F833BBAC23}.qbd\data001;C:\Documents and Settings\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{2E56211E-308D-46C5-A0A;Tool.MailPassView.218;;

{75D30958-F1A0-4879-8967-20F833BBAC23}.qbd;C:\Documents and Settings\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{2E56211E-308D-46C5-A0A;Container contains infected objects;Will be deleted after restart.;

{FF52887A-4422-4C6E-B80B-7A1DB684A70D}.qbd\data001;C:\Documents and Settings\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{31BB6F5E-2AF2-4614-89F;Tool.PassView.663;;

{FF52887A-4422-4C6E-B80B-7A1DB684A70D}.qbd;C:\Documents and Settings\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{31BB6F5E-2AF2-4614-89F;Container contains infected objects;Will be deleted after restart.;

{D1EFA2D5-0927-449D-99D0-93C2E14E5C4F}.qbd\data001;C:\Documents and Settings\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{4A959C0B-9D31-44F0-89F;Tool.PassView.604;;

{D1EFA2D5-0927-449D-99D0-93C2E14E5C4F}.qbd;C:\Documents and Settings\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{4A959C0B-9D31-44F0-89F;Container contains infected objects;Will be deleted after restart.;

{EF7E881D-2955-421F-B1AE-6D3F630684B3}.qbd\data001;C:\Documents and Settings\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{4CED6AA8-4B09-4988-800;Tool.PassView.663;;

{EF7E881D-2955-421F-B1AE-6D3F630684B3}.qbd;C:\Documents and Settings\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{4CED6AA8-4B09-4988-800;Container contains infected objects;Will be deleted after restart.;

{FDCD9A2D-4046-497B-96C4-D5BF8B29EDC6}.qbd\data001;C:\Documents and Settings\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{607DC1A2-6442-48B0-907;Tool.ShowPass;;

{FDCD9A2D-4046-497B-96C4-D5BF8B29EDC6}.qbd;C:\Documents and Settings\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{607DC1A2-6442-48B0-907;Container contains infected objects;Will be deleted after restart.;

{A69A2F1F-1C4E-4128-A461-35B261C25BDB}.qbd\data001;C:\Documents and Settings\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{9D1EF5CF-DA7C-4C8F-AAC;Tool.MailPassView.218;;

{A69A2F1F-1C4E-4128-A461-35B261C25BDB}.qbd;C:\Documents and Settings\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{9D1EF5CF-DA7C-4C8F-AAC;Container contains infected objects;Will be deleted after restart.;

{3BCB2260-BA62-4D52-BD16-F78CF9461053}.qbd\data001;C:\Documents and Settings\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{ACF49A6D-917F-4FCE-AB8;Tool.MailPass.7;;

{3BCB2260-BA62-4D52-BD16-F78CF9461053}.qbd;C:\Documents and Settings\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{ACF49A6D-917F-4FCE-AB8;Container contains infected objects;Will be deleted after restart.;

{2F3B84D4-592E-4362-AF44-E6A48C7AE15A}.qbd\data001;C:\Documents and Settings\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{C126B276-A67E-4332-966;Tool.ShowPass;;

{2F3B84D4-592E-4362-AF44-E6A48C7AE15A}.qbd;C:\Documents and Settings\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{C126B276-A67E-4332-966;Container contains infected objects;Will be deleted after restart.;

{5E3B33F5-93F3-4BD4-9506-4259845A5B93}.qbd\data001;C:\Documents and Settings\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{DA2C626B-AEB0-4F95-B06;Tool.PassView.604;;

{5E3B33F5-93F3-4BD4-9506-4259845A5B93}.qbd;C:\Documents and Settings\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{DA2C626B-AEB0-4F95-B06;Container contains infected objects;Will be deleted after restart.;

{03F24764-056A-4E14-95FD-1513FB5441B1}.qbd\data001;C:\Documents and Settings\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{E5A8B5DA-8186-48EC-8A1;Tool.PassView.663;;

{03F24764-056A-4E14-95FD-1513FB5441B1}.qbd;C:\Documents and Settings\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{E5A8B5DA-8186-48EC-8A1;Container contains infected objects;Will be deleted after restart.;

install.rdf;C:\Documents and Settings\owner\AppData\Roaming\Mozilla\Firefox\Profiles\ttz7prjd.default\extensions\{6cfa2c5b-274f-4d68-a6e4-b;Adware.FreeCause.3;Invalid path to file ;

const.js;C:\Documents and Settings\owner\AppData\Roaming\Mozilla\Firefox\Profiles\ttz7prjd.default\extensions\{6cfa2c5b-274f-4d68-a6e4-b;Adware.Bho.3783;Invalid path to file ;

settings.xml;C:\Documents and Settings\owner\AppData\Roaming\Mozilla\Firefox\Profiles\ttz7prjd.default\extensions\{6cfa2c5b-274f-4d68-a6e4-b;Adware.Shopper.232;Invalid path to file ;

install.rdf;C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\ttz7prjd.default\extensions\{6cfa2c5b-274f-4d68-a6e4-;Adware.FreeCause.3;Invalid path to file ;

const.js;C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\ttz7prjd.default\extensions\{6cfa2c5b-274f-4d68-a6e4-;Adware.Bho.3783;Invalid path to file ;

settings.xml;C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\ttz7prjd.default\extensions\{6cfa2c5b-274f-4d68-a6e4-;Adware.Shopper.232;Invalid path to file ;

OTL.exe;C:\Documents and Settings\owner\Desktop;Trojan.Siggen4.14927;Incurable.Moved.;

mzcv.exe;C:\Documents and Settings\owner\Desktop\MY MRI\brtools;Tool.CookieView.2;Invalid path to file ;

tftpd32.exe;C:\Documents and Settings\owner\Desktop\nettyPE_2011_11_07\winbuilder project folder!\Programs\Tftpd32;Program.Ftpd.2 - read error;Invalid path to file ;

BadPlugin.exe;C:\Documents and Settings\owner\Desktop\new junk\Joeys Junk II\Tor Browser\FirefoxPortable\App\Firefox;Trojan.Click2.25892;Deleted.;

BadPlugin.exe;C:\Documents and Settings\owner\Desktop\new junk\Tor Browser\FirefoxPortable\App\Firefox;Trojan.Click2.25892;Deleted.;

mzcv.exe;C:\Documents and Settings\owner\Desktop\Nirsoft utilities\brtools;Tool.CookieView.2;Invalid path to file ;

mzcv.exe;C:\Documents and Settings\owner\Desktop\Nirsoft utilities\mzcv;Tool.CookieView.2;Invalid path to file ;

BulletsPassView.exe;C:\Documents and Settings\owner\Desktop\Nirsoft utilities\passrec;Tool.PassView.614;Invalid path to file ;

OTL.exe;C:\Documents and Settings\owner\DoctorWeb\Quarantine;Trojan.Siggen4.14927;Incurable.Moved.;

{03F24764-056A-4E14-95FD-1513FB5441B10.qbd\data001;C:\Documents and Settings\owner\DoctorWeb\Quarantine\{03F24764-056A-4E14-95FD-1513FB5441B10.qbd;Tool.PassView.663;;

{03F24764-056A-4E14-95FD-1513FB5441B10.qbd;C:\Documents and Settings\owner\DoctorWeb\Quarantine;Container contains infected objects;Moved.;

{03F24764-056A-4E14-95FD-1513FB5441B1}.qbd\data001;C:\Documents and Settings\owner\DoctorWeb\Quarantine\{03F24764-056A-4E14-95FD-1513FB5441B1}.qbd;Tool.PassView.663;;

{03F24764-056A-4E14-95FD-1513FB5441B1}.qbd;C:\Documents and Settings\owner\DoctorWeb\Quarantine;Container contains infected objects;Moved.;

{2F3B84D4-592E-4362-AF44-E6A48C7AE15A0.qbd\data001;C:\Documents and Settings\owner\DoctorWeb\Quarantine\{2F3B84D4-592E-4362-AF44-E6A48C7AE15A0.qbd;Tool.ShowPass;;

{2F3B84D4-592E-4362-AF44-E6A48C7AE15A0.qbd;C:\Documents and Settings\owner\DoctorWeb\Quarantine;Container contains infected objects;Moved.;

{2F3B84D4-592E-4362-AF44-E6A48C7AE15A}.qbd\data001;C:\Documents and Settings\owner\DoctorWeb\Quarantine\{2F3B84D4-592E-4362-AF44-E6A48C7AE15A}.qbd;Tool.ShowPass;;

{2F3B84D4-592E-4362-AF44-E6A48C7AE15A}.qbd;C:\Documents and Settings\owner\DoctorWeb\Quarantine;Container contains infected objects;Moved.;

{30252591-5D6A-4A7D-9831-2D9D4D4F63B00.qbd\data001;C:\Documents and Settings\owner\DoctorWeb\Quarantine\{30252591-5D6A-4A7D-9831-2D9D4D4F63B00.qbd;Tool.MailPassView.218;;

{30252591-5D6A-4A7D-9831-2D9D4D4F63B00.qbd;C:\Documents and Settings\owner\DoctorWeb\Quarantine;Container contains infected objects;Moved.;

{30252591-5D6A-4A7D-9831-2D9D4D4F63B0}.qbd\data001;C:\Documents and Settings\owner\DoctorWeb\Quarantine\{30252591-5D6A-4A7D-9831-2D9D4D4F63B0}.qbd;Tool.MailPassView.218;;

{30252591-5D6A-4A7D-9831-2D9D4D4F63B0}.qbd;C:\Documents and Settings\owner\DoctorWeb\Quarantine;Container contains infected objects;Moved.;

{336D336C-8C51-4373-8628-156E134FEC4B0.qbd\data001;C:\Documents and Settings\owner\DoctorWeb\Quarantine\{336D336C-8C51-4373-8628-156E134FEC4B0.qbd;Tool.ShowPass;;

{336D336C-8C51-4373-8628-156E134FEC4B0.qbd;C:\Documents and Settings\owner\DoctorWeb\Quarantine;Container contains infected objects;Moved.;

{336D336C-8C51-4373-8628-156E134FEC4B}.qbd\data001;C:\Documents and Settings\owner\DoctorWeb\Quarantine\{336D336C-8C51-4373-8628-156E134FEC4B}.qbd;Tool.ShowPass;;

{336D336C-8C51-4373-8628-156E134FEC4B}.qbd;C:\Documents and Settings\owner\DoctorWeb\Quarantine;Container contains infected objects;Moved.;

{3BCB2260-BA62-4D52-BD16-F78CF94610530.qbd\data001;C:\Documents and Settings\owner\DoctorWeb\Quarantine\{3BCB2260-BA62-4D52-BD16-F78CF94610530.qbd;Tool.MailPass.7;;

{3BCB2260-BA62-4D52-BD16-F78CF94610530.qbd;C:\Documents and Settings\owner\DoctorWeb\Quarantine;Container contains infected objects;Moved.;

{3BCB2260-BA62-4D52-BD16-F78CF9461053}.qbd\data001;C:\Documents and Settings\owner\DoctorWeb\Quarantine\{3BCB2260-BA62-4D52-BD16-F78CF9461053}.qbd;Tool.MailPass.7;;

{3BCB2260-BA62-4D52-BD16-F78CF9461053}.qbd;C:\Documents and Settings\owner\DoctorWeb\Quarantine;Container contains infected objects;Moved.;

{41EDF389-CDDC-41DD-94C2-50114B8D12900.qbd\data001;C:\Documents and Settings\owner\DoctorWeb\Quarantine\{41EDF389-CDDC-41DD-94C2-50114B8D12900.qbd;Tool.PassView.604;;

{41EDF389-CDDC-41DD-94C2-50114B8D12900.qbd;C:\Documents and Settings\owner\DoctorWeb\Quarantine;Container contains infected objects;Moved.;

{41EDF389-CDDC-41DD-94C2-50114B8D1290}.qbd\data001;C:\Documents and Settings\owner\DoctorWeb\Quarantine\{41EDF389-CDDC-41DD-94C2-50114B8D1290}.qbd;Tool.PassView.604;;

{41EDF389-CDDC-41DD-94C2-50114B8D1290}.qbd;C:\Documents and Settings\owner\DoctorWeb\Quarantine;Container contains infected objects;Moved.;

{5E3B33F5-93F3-4BD4-9506-4259845A5B930.qbd\data001;C:\Documents and Settings\owner\DoctorWeb\Quarantine\{5E3B33F5-93F3-4BD4-9506-4259845A5B930.qbd;Tool.PassView.604;;

{5E3B33F5-93F3-4BD4-9506-4259845A5B930.qbd;C:\Documents and Settings\owner\DoctorWeb\Quarantine;Container contains infected objects;Moved.;

{5E3B33F5-93F3-4BD4-9506-4259845A5B93}.qbd\data001;C:\Documents and Settings\owner\DoctorWeb\Quarantine\{5E3B33F5-93F3-4BD4-9506-4259845A5B93}.qbd;Tool.PassView.604;;

{5E3B33F5-93F3-4BD4-9506-4259845A5B93}.qbd;C:\Documents and Settings\owner\DoctorWeb\Quarantine;Container contains infected objects;Moved.;

{73582721-8EB3-499C-A0E0-68A9B7F83CE00.qbd\data001;C:\Documents and Settings\owner\DoctorWeb\Quarantine\{73582721-8EB3-499C-A0E0-68A9B7F83CE00.qbd;Tool.PassView.604;;

{73582721-8EB3-499C-A0E0-68A9B7F83CE00.qbd;C:\Documents and Settings\owner\DoctorWeb\Quarantine;Container contains infected objects;Moved.;

{73582721-8EB3-499C-A0E0-68A9B7F83CE0}.qbd\data001;C:\Documents and Settings\owner\DoctorWeb\Quarantine\{73582721-8EB3-499C-A0E0-68A9B7F83CE0}.qbd;Tool.PassView.604;;

{73582721-8EB3-499C-A0E0-68A9B7F83CE0}.qbd;C:\Documents and Settings\owner\DoctorWeb\Quarantine;Container contains infected objects;Moved.;

{75D30958-F1A0-4879-8967-20F833BBAC230.qbd\data001;C:\Documents and Settings\owner\DoctorWeb\Quarantine\{75D30958-F1A0-4879-8967-20F833BBAC230.qbd;Tool.MailPassView.218;;

{75D30958-F1A0-4879-8967-20F833BBAC230.qbd;C:\Documents and Settings\owner\DoctorWeb\Quarantine;Container contains infected objects;Moved.;

{75D30958-F1A0-4879-8967-20F833BBAC23}.qbd\data001;C:\Documents and Settings\owner\DoctorWeb\Quarantine\{75D30958-F1A0-4879-8967-20F833BBAC23}.qbd;Tool.MailPassView.218;;

{75D30958-F1A0-4879-8967-20F833BBAC23}.qbd;C:\Documents and Settings\owner\DoctorWeb\Quarantine;Container contains infected objects;Moved.;

{96E2D1AA-1605-449E-B968-0349827FB0770.qbd\data001;C:\Documents and Settings\owner\DoctorWeb\Quarantine\{96E2D1AA-1605-449E-B968-0349827FB0770.qbd;Tool.ShowPass;;

{96E2D1AA-1605-449E-B968-0349827FB0770.qbd;C:\Documents and Settings\owner\DoctorWeb\Quarantine;Container contains infected objects;Moved.;

{96E2D1AA-1605-449E-B968-0349827FB077}.qbd\data001;C:\Documents and Settings\owner\DoctorWeb\Quarantine\{96E2D1AA-1605-449E-B968-0349827FB077}.qbd;Tool.ShowPass;;

{96E2D1AA-1605-449E-B968-0349827FB077}.qbd;C:\Documents and Settings\owner\DoctorWeb\Quarantine;Container contains infected objects;Moved.;

{9B26E2A9-CDF7-48C6-8815-4438779DB2BB0.qbd\data001;C:\Documents and Settings\owner\DoctorWeb\Quarantine\{9B26E2A9-CDF7-48C6-8815-4438779DB2BB0.qbd;Tool.ShowPass;;

{9B26E2A9-CDF7-48C6-8815-4438779DB2BB0.qbd;C:\Documents and Settings\owner\DoctorWeb\Quarantine;Container contains infected objects;Moved.;

{9B26E2A9-CDF7-48C6-8815-4438779DB2BB}.qbd\data001;C:\Documents and Settings\owner\DoctorWeb\Quarantine\{9B26E2A9-CDF7-48C6-8815-4438779DB2BB}.qbd;Tool.ShowPass;;

{9B26E2A9-CDF7-48C6-8815-4438779DB2BB}.qbd;C:\Documents and Settings\owner\DoctorWeb\Quarantine;Container contains infected objects;Moved.;

{A69A2F1F-1C4E-4128-A461-35B261C25BDB0.qbd\data001;C:\Documents and Settings\owner\DoctorWeb\Quarantine\{A69A2F1F-1C4E-4128-A461-35B261C25BDB0.qbd;Tool.MailPassView.218;;

{A69A2F1F-1C4E-4128-A461-35B261C25BDB0.qbd;C:\Documents and Settings\owner\DoctorWeb\Quarantine;Container contains infected objects;Moved.;

{A69A2F1F-1C4E-4128-A461-35B261C25BDB}.qbd\data001;C:\Documents and Settings\owner\DoctorWeb\Quarantine\{A69A2F1F-1C4E-4128-A461-35B261C25BDB}.qbd;Tool.MailPassView.218;;

{A69A2F1F-1C4E-4128-A461-35B261C25BDB}.qbd;C:\Documents and Settings\owner\DoctorWeb\Quarantine;Container contains infected objects;Moved.;

{D1EFA2D5-0927-449D-99D0-93C2E14E5C4F0.qbd\data001;C:\Documents and Settings\owner\DoctorWeb\Quarantine\{D1EFA2D5-0927-449D-99D0-93C2E14E5C4F0.qbd;Tool.PassView.604;;

{D1EFA2D5-0927-449D-99D0-93C2E14E5C4F0.qbd;C:\Documents and Settings\owner\DoctorWeb\Quarantine;Container contains infected objects;Moved.;

{D1EFA2D5-0927-449D-99D0-93C2E14E5C4F}.qbd\data001;C:\Documents and Settings\owner\DoctorWeb\Quarantine\{D1EFA2D5-0927-449D-99D0-93C2E14E5C4F}.qbd;Tool.PassView.604;;

{D1EFA2D5-0927-449D-99D0-93C2E14E5C4F}.qbd;C:\Documents and Settings\owner\DoctorWeb\Quarantine;Container contains infected objects;Moved.;

{EF7E881D-2955-421F-B1AE-6D3F630684B30.qbd\data001;C:\Documents and Settings\owner\DoctorWeb\Quarantine\{EF7E881D-2955-421F-B1AE-6D3F630684B30.qbd;Tool.PassView.663;;

{EF7E881D-2955-421F-B1AE-6D3F630684B30.qbd;C:\Documents and Settings\owner\DoctorWeb\Quarantine;Container contains infected objects;Moved.;

{EF7E881D-2955-421F-B1AE-6D3F630684B3}.qbd\data001;C:\Documents and Settings\owner\DoctorWeb\Quarantine\{EF7E881D-2955-421F-B1AE-6D3F630684B3}.qbd;Tool.PassView.663;;

{EF7E881D-2955-421F-B1AE-6D3F630684B3}.qbd;C:\Documents and Settings\owner\DoctorWeb\Quarantine;Container contains infected objects;Moved.;

{FDCD9A2D-4046-497B-96C4-D5BF8B29EDC60.qbd\data001;C:\Documents and Settings\owner\DoctorWeb\Quarantine\{FDCD9A2D-4046-497B-96C4-D5BF8B29EDC60.qbd;Tool.ShowPass;;

{FDCD9A2D-4046-497B-96C4-D5BF8B29EDC60.qbd;C:\Documents and Settings\owner\DoctorWeb\Quarantine;Container contains infected objects;Moved.;

{FDCD9A2D-4046-497B-96C4-D5BF8B29EDC6}.qbd\data001;C:\Documents and Settings\owner\DoctorWeb\Quarantine\{FDCD9A2D-4046-497B-96C4-D5BF8B29EDC6}.qbd;Tool.ShowPass;;

{FDCD9A2D-4046-497B-96C4-D5BF8B29EDC6}.qbd;C:\Documents and Settings\owner\DoctorWeb\Quarantine;Container contains infected objects;Moved.;

{FF52887A-4422-4C6E-B80B-7A1DB684A70D0.qbd\data001;C:\Documents and Settings\owner\DoctorWeb\Quarantine\{FF52887A-4422-4C6E-B80B-7A1DB684A70D0.qbd;Tool.PassView.663;;

{FF52887A-4422-4C6E-B80B-7A1DB684A70D0.qbd;C:\Documents and Settings\owner\DoctorWeb\Quarantine;Container contains infected objects;Moved.;

{FF52887A-4422-4C6E-B80B-7A1DB684A70D}.qbd\data001;C:\Documents and Settings\owner\DoctorWeb\Quarantine\{FF52887A-4422-4C6E-B80B-7A1DB684A70D}.qbd;Tool.PassView.663;;

{FF52887A-4422-4C6E-B80B-7A1DB684A70D}.qbd;C:\Documents and Settings\owner\DoctorWeb\Quarantine;Container contains infected objects;Moved.;

tftpd32.exe;C:\nettyPE_2011_11_07\Temp\Win7PE_SE\Tftpd32;Program.Ftpd.2 - read error;Invalid path to file ;

{41EDF389-CDDC-41DD-94C2-50114B8D1290}.qbd\data001;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{0179D260-D925-4FAD-9CE1-E5E5EE774829}\{41ED;Tool.PassView.604;;

{41EDF389-CDDC-41DD-94C2-50114B8D1290}.qbd;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{0179D260-D925-4FAD-9CE1-E5E5EE774829};Container contains infected objects;Will be deleted after restart.;

{336D336C-8C51-4373-8628-156E134FEC4B}.qbd\data001;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{0437CF22-96F0-4FB2-B3C6-C0224BE65E68}\{336D;Tool.ShowPass;;

{336D336C-8C51-4373-8628-156E134FEC4B}.qbd;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{0437CF22-96F0-4FB2-B3C6-C0224BE65E68};Container contains infected objects;Will be deleted after restart.;

{73582721-8EB3-499C-A0E0-68A9B7F83CE0}.qbd\data001;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{1E0DAA98-9C1D-4F34-B765-13861B475964}\{7358;Tool.PassView.604;;

{73582721-8EB3-499C-A0E0-68A9B7F83CE0}.qbd;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{1E0DAA98-9C1D-4F34-B765-13861B475964};Container contains infected objects;Will be deleted after restart.;

{9B26E2A9-CDF7-48C6-8815-4438779DB2BB}.qbd\data001;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{1FCB473C-091A-4026-ABE4-EBF8D57EA767}\{9B26;Tool.ShowPass;;

{9B26E2A9-CDF7-48C6-8815-4438779DB2BB}.qbd;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{1FCB473C-091A-4026-ABE4-EBF8D57EA767};Container contains infected objects;Will be deleted after restart.;

{96E2D1AA-1605-449E-B968-0349827FB077}.qbd\data001;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{2239DC28-8367-4E02-A07F-9EF25B1BD9F0}\{96E2;Tool.ShowPass;;

{96E2D1AA-1605-449E-B968-0349827FB077}.qbd;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{2239DC28-8367-4E02-A07F-9EF25B1BD9F0};Container contains infected objects;Will be deleted after restart.;

{30252591-5D6A-4A7D-9831-2D9D4D4F63B0}.qbd\data001;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{2E23F33D-3575-477F-BBB4-014604B8C410}\{3025;Tool.MailPassView.218;;

{30252591-5D6A-4A7D-9831-2D9D4D4F63B0}.qbd;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{2E23F33D-3575-477F-BBB4-014604B8C410};Container contains infected objects;Will be deleted after restart.;

{75D30958-F1A0-4879-8967-20F833BBAC23}.qbd\data001;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{2E56211E-308D-46C5-A0A9-D25D09A338DB}\{75D3;Tool.MailPassView.218;;

{75D30958-F1A0-4879-8967-20F833BBAC23}.qbd;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{2E56211E-308D-46C5-A0A9-D25D09A338DB};Container contains infected objects;Will be deleted after restart.;

{FF52887A-4422-4C6E-B80B-7A1DB684A70D}.qbd\data001;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{31BB6F5E-2AF2-4614-89FA-1F1687E3770A}\{FF52;Tool.PassView.663;;

{FF52887A-4422-4C6E-B80B-7A1DB684A70D}.qbd;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{31BB6F5E-2AF2-4614-89FA-1F1687E3770A};Container contains infected objects;Will be deleted after restart.;

{D1EFA2D5-0927-449D-99D0-93C2E14E5C4F}.qbd\data001;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{4A959C0B-9D31-44F0-89FF-6D1F711BAB95}\{D1EF;Tool.PassView.604;;

{D1EFA2D5-0927-449D-99D0-93C2E14E5C4F}.qbd;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{4A959C0B-9D31-44F0-89FF-6D1F711BAB95};Container contains infected objects;Will be deleted after restart.;

{EF7E881D-2955-421F-B1AE-6D3F630684B3}.qbd\data001;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{4CED6AA8-4B09-4988-8006-C092D900BC0F}\{EF7E;Tool.PassView.663;;

{EF7E881D-2955-421F-B1AE-6D3F630684B3}.qbd;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{4CED6AA8-4B09-4988-8006-C092D900BC0F};Container contains infected objects;Will be deleted after restart.;

{FDCD9A2D-4046-497B-96C4-D5BF8B29EDC6}.qbd\data001;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{607DC1A2-6442-48B0-9077-2F46AC497961}\{FDCD;Tool.ShowPass;;

{FDCD9A2D-4046-497B-96C4-D5BF8B29EDC6}.qbd;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{607DC1A2-6442-48B0-9077-2F46AC497961};Container contains infected objects;Will be deleted after restart.;

{A69A2F1F-1C4E-4128-A461-35B261C25BDB}.qbd\data001;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{9D1EF5CF-DA7C-4C8F-AACF-9C426D07AAA9}\{A69A;Tool.MailPassView.218;;

{A69A2F1F-1C4E-4128-A461-35B261C25BDB}.qbd;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{9D1EF5CF-DA7C-4C8F-AACF-9C426D07AAA9};Container contains infected objects;Will be deleted after restart.;

{3BCB2260-BA62-4D52-BD16-F78CF9461053}.qbd\data001;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{ACF49A6D-917F-4FCE-AB8D-30142D26C632}\{3BCB;Tool.MailPass.7;;

{3BCB2260-BA62-4D52-BD16-F78CF9461053}.qbd;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{ACF49A6D-917F-4FCE-AB8D-30142D26C632};Container contains infected objects;Will be deleted after restart.;

{2F3B84D4-592E-4362-AF44-E6A48C7AE15A}.qbd\data001;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{C126B276-A67E-4332-9666-683563B93C97}\{2F3B;Tool.ShowPass;;

{2F3B84D4-592E-4362-AF44-E6A48C7AE15A}.qbd;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{C126B276-A67E-4332-9666-683563B93C97};Container contains infected objects;Will be deleted after restart.;

{5E3B33F5-93F3-4BD4-9506-4259845A5B93}.qbd\data001;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{DA2C626B-AEB0-4F95-B06D-0DF7BA6DCB1E}\{5E3B;Tool.PassView.604;;

{5E3B33F5-93F3-4BD4-9506-4259845A5B93}.qbd;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{DA2C626B-AEB0-4F95-B06D-0DF7BA6DCB1E};Container contains infected objects;Will be deleted after restart.;

{03F24764-056A-4E14-95FD-1513FB5441B1}.qbd\data001;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{E5A8B5DA-8186-48EC-8A14-3B43B5821120}\{03F2;Tool.PassView.663;;

{03F24764-056A-4E14-95FD-1513FB5441B1}.qbd;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{E5A8B5DA-8186-48EC-8A14-3B43B5821120};Container contains infected objects;Will be deleted after restart.;

{41EDF389-CDDC-41DD-94C2-50114B8D1290}.qbd\data001;C:\Users\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{0179D260-D925-4FAD-9CE1-E5E5EE774829}\{;Tool.PassView.604;;

{41EDF389-CDDC-41DD-94C2-50114B8D1290}.qbd;C:\Users\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{0179D260-D925-4FAD-9CE1-E5E5EE774829};Container contains infected objects;Will be deleted after restart.;

{336D336C-8C51-4373-8628-156E134FEC4B}.qbd\data001;C:\Users\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{0437CF22-96F0-4FB2-B3C6-C0224BE65E68}\{;Tool.ShowPass;;

{336D336C-8C51-4373-8628-156E134FEC4B}.qbd;C:\Users\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{0437CF22-96F0-4FB2-B3C6-C0224BE65E68};Container contains infected objects;Will be deleted after restart.;

{73582721-8EB3-499C-A0E0-68A9B7F83CE0}.qbd\data001;C:\Users\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{1E0DAA98-9C1D-4F34-B765-13861B475964}\{;Tool.PassView.604;;

{73582721-8EB3-499C-A0E0-68A9B7F83CE0}.qbd;C:\Users\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{1E0DAA98-9C1D-4F34-B765-13861B475964};Container contains infected objects;Will be deleted after restart.;

{9B26E2A9-CDF7-48C6-8815-4438779DB2BB}.qbd\data001;C:\Users\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{1FCB473C-091A-4026-ABE4-EBF8D57EA767}\{;Tool.ShowPass;;

{9B26E2A9-CDF7-48C6-8815-4438779DB2BB}.qbd;C:\Users\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{1FCB473C-091A-4026-ABE4-EBF8D57EA767};Container contains infected objects;Will be deleted after restart.;

{96E2D1AA-1605-449E-B968-0349827FB077}.qbd\data001;C:\Users\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{2239DC28-8367-4E02-A07F-9EF25B1BD9F0}\{;Tool.ShowPass;;

{96E2D1AA-1605-449E-B968-0349827FB077}.qbd;C:\Users\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{2239DC28-8367-4E02-A07F-9EF25B1BD9F0};Container contains infected objects;Will be deleted after restart.;

{30252591-5D6A-4A7D-9831-2D9D4D4F63B0}.qbd\data001;C:\Users\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{2E23F33D-3575-477F-BBB4-014604B8C410}\{;Tool.MailPassView.218;;

{30252591-5D6A-4A7D-9831-2D9D4D4F63B0}.qbd;C:\Users\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{2E23F33D-3575-477F-BBB4-014604B8C410};Container contains infected objects;Will be deleted after restart.;

{75D30958-F1A0-4879-8967-20F833BBAC23}.qbd\data001;C:\Users\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{2E56211E-308D-46C5-A0A9-D25D09A338DB}\{;Tool.MailPassView.218;;

{75D30958-F1A0-4879-8967-20F833BBAC23}.qbd;C:\Users\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{2E56211E-308D-46C5-A0A9-D25D09A338DB};Container contains infected objects;Will be deleted after restart.;

{FF52887A-4422-4C6E-B80B-7A1DB684A70D}.qbd\data001;C:\Users\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{31BB6F5E-2AF2-4614-89FA-1F1687E3770A}\{;Tool.PassView.663;;

{FF52887A-4422-4C6E-B80B-7A1DB684A70D}.qbd;C:\Users\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{31BB6F5E-2AF2-4614-89FA-1F1687E3770A};Container contains infected objects;Will be deleted after restart.;

{D1EFA2D5-0927-449D-99D0-93C2E14E5C4F}.qbd\data001;C:\Users\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{4A959C0B-9D31-44F0-89FF-6D1F711BAB95}\{;Tool.PassView.604;;

{D1EFA2D5-0927-449D-99D0-93C2E14E5C4F}.qbd;C:\Users\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{4A959C0B-9D31-44F0-89FF-6D1F711BAB95};Container contains infected objects;Will be deleted after restart.;

{EF7E881D-2955-421F-B1AE-6D3F630684B3}.qbd\data001;C:\Users\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{4CED6AA8-4B09-4988-8006-C092D900BC0F}\{;Tool.PassView.663;;

{EF7E881D-2955-421F-B1AE-6D3F630684B3}.qbd;C:\Users\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{4CED6AA8-4B09-4988-8006-C092D900BC0F};Container contains infected objects;Will be deleted after restart.;

{FDCD9A2D-4046-497B-96C4-D5BF8B29EDC6}.qbd\data001;C:\Users\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{607DC1A2-6442-48B0-9077-2F46AC497961}\{;Tool.ShowPass;;

{FDCD9A2D-4046-497B-96C4-D5BF8B29EDC6}.qbd;C:\Users\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{607DC1A2-6442-48B0-9077-2F46AC497961};Container contains infected objects;Will be deleted after restart.;

{A69A2F1F-1C4E-4128-A461-35B261C25BDB}.qbd\data001;C:\Users\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{9D1EF5CF-DA7C-4C8F-AACF-9C426D07AAA9}\{;Tool.MailPassView.218;;

{A69A2F1F-1C4E-4128-A461-35B261C25BDB}.qbd;C:\Users\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{9D1EF5CF-DA7C-4C8F-AACF-9C426D07AAA9};Container contains infected objects;Will be deleted after restart.;

{3BCB2260-BA62-4D52-BD16-F78CF9461053}.qbd\data001;C:\Users\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{ACF49A6D-917F-4FCE-AB8D-30142D26C632}\{;Tool.MailPass.7;;

{3BCB2260-BA62-4D52-BD16-F78CF9461053}.qbd;C:\Users\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{ACF49A6D-917F-4FCE-AB8D-30142D26C632};Container contains infected objects;Will be deleted after restart.;

{2F3B84D4-592E-4362-AF44-E6A48C7AE15A}.qbd\data001;C:\Users\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{C126B276-A67E-4332-9666-683563B93C97}\{;Tool.ShowPass;;

{2F3B84D4-592E-4362-AF44-E6A48C7AE15A}.qbd;C:\Users\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{C126B276-A67E-4332-9666-683563B93C97};Container contains infected objects;Will be deleted after restart.;

{5E3B33F5-93F3-4BD4-9506-4259845A5B93}.qbd\data001;C:\Users\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{DA2C626B-AEB0-4F95-B06D-0DF7BA6DCB1E}\{;Tool.PassView.604;;

{5E3B33F5-93F3-4BD4-9506-4259845A5B93}.qbd;C:\Users\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{DA2C626B-AEB0-4F95-B06D-0DF7BA6DCB1E};Container contains infected objects;Will be deleted after restart.;

{03F24764-056A-4E14-95FD-1513FB5441B1}.qbd\data001;C:\Users\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{E5A8B5DA-8186-48EC-8A14-3B43B5821120}\{;Tool.PassView.663;;

{03F24764-056A-4E14-95FD-1513FB5441B1}.qbd;C:\Users\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\QBackup\{E5A8B5DA-8186-48EC-8A14-3B43B5821120};Container contains infected objects;Will be deleted after restart.;

install.rdf;C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\ttz7prjd.default\extensions\{6cfa2c5b-274f-4d68-a6e4-bfb31acd5ee4};Adware.FreeCause.3;Incurable.Moved.;

const.js;C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\ttz7prjd.default\extensions\{6cfa2c5b-274f-4d68-a6e4-bfb31acd5ee4}\chro;Adware.Bho.3783;Incurable.Moved.;

settings.xml;C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\ttz7prjd.default\extensions\{6cfa2c5b-274f-4d68-a6e4-bfb31acd5ee4}\chro;Adware.Shopper.232;Incurable.Moved.;

mzcv.exe;C:\Users\owner\Desktop\MY MRI\brtools;Tool.CookieView.2;Incurable.Moved.;

mzcv.exe;C:\Users\owner\Desktop\Nirsoft utilities\brtools;Tool.CookieView.2;Incurable.Moved.;

mzcv.exe;C:\Users\owner\Desktop\Nirsoft utilities\mzcv;Tool.CookieView.2;Incurable.Moved.;

BulletsPassView.exe;C:\Users\owner\Desktop\Nirsoft utilities\passrec;Tool.PassView.614;Incurable.Moved.;

Link to post
Share on other sites
kjhabit

kjhabit

Posted
  • Author
Posted

sorry..no the last two logs were drweb cureit..I had the system lock up after running defender offline twice...and no file log created...I will try again with windows defender...the first two were in order from your previous post..the online uploads..system stil taking time running HD in background..couple of services keep re-enabling themselves to automatic status even after I disable them and stop them from running..they restart when the computer restarts.....these are secondary logon and termserv/remote desktop service..thanks

Link to post
Share on other sites
Maurice Naggar

Maurice Naggar

Posted
Posted

Save and close any work documents, close any apps that you started.

Start your MBAM MalwareBytes' Anti-Malware.

Click the Settings Tab and then the General Settings sub-tab. Make sure all option lines have a checkmark.

Then click the Scanner settings sub-tab in second row of tabs. Make sure all option lines have a checkmark.

Next, Click the Update tab. Press the "Check for Updates" button.

If prompted for a Restart, do that.

When done, click the Scanner tab.

Do a Full Scan.

When the scan is complete, click OK, then Show Results to view the results.

Make sure that everything is checked, and click Remove Selected.

When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.

The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

At the end, the scan log will show in NOTEPAD.

Copy all and Paste into main-body of reply.

Online scan

You will want to print out or copy these instructions to Notepad for offline reference!

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

Close all open browsers at this point.

Start Internet Explorer (fresh) by pressing Start >> Internet Explorer >> Right-Click and select Run As Administrator.

Using Internet Explorer browser only, go to ESET Online Scanner website:

http://www.eset.com/onlinescan/

  • Accept the Terms of Use and press Start button;
  • Approve the install of the required ActiveX Control, then follow on-screen instructions;
  • Enable (check) the Remove found threats option, and run the scan.
  • After the scan completes, the Details tab in the Results window will display what was found and removed.
    • A logfile is created and located at C:\Program Files (x86)\Eset\EsetOnlineScanner\log.txt.

    Look at contents of this file using Notepad.

    The Frequently Asked Questions for ESET Online Scanner can be viewed here

    http://go.eset.com/u...ine-scanner/faq

    • It is emphasized to temporarily disable any pc-resident {active} antivirus program prior to any on-line scan by any on-line scanner.
      (And the prompt re-enabling when finished.)
    • If you use Firefox, you have to install IETab, an add-on. This is to enable ActiveX support.
    • Do not use the system while the scan is running. Once the full scan is underway, go take a long break popcorn.gifpepsi.gif

Re-enable the antivirus program.

Reply with copy of the Eset scan log

How is the system now ?

Link to post
Share on other sites
kjhabit

kjhabit

Posted
  • Author
Posted

malwarebytes ran out yesterday I will see about purchasing it today....also will finish your instructions today......Will my backups, copies, and images on my external need to be just scanned later or are they too compromised to save?I have acronis images from about 3 weeks ago and microsoft backups from then as well ..and some personal software backups.....thanks..kjh

Link to post
Share on other sites
Maurice Naggar

Maurice Naggar

Posted
Posted

OK. I am looking forward to the results of the 2 scans.

IF and only if you restore files from backup, then I would recommend you scan them with antivirus program and MBAM before "using" or opening them. Should be easily do-able by right-clicking the file and invoking a scan.

dunno what you mean by mbam ranout, unless you mean the Trial. Even so, MBAM can update and it will allow scanning.

Link to post
Share on other sites
kjhabit

kjhabit

Posted
  • Author
Posted

ok..here is the MBAM and ESET logs....both have items still in quarantine.....

MBAM

Malwarebytes Anti-Malware 1.62.0.1300

www.malwarebytes.org

Database version: v2012.08.12.04

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

owner :: OWNER-PC [administrator]

8/12/2012 10:51:25 AM

mbam-log-2012-08-12 (10-51-25).txt

Scan type: Full scan (C:\|D:\|)

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P

Scan options disabled:

Objects scanned: 347614

Time elapsed: 1 hour(s), 2 minute(s), 53 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

ESET

ESETSmartInstaller@High as CAB hook log:

OnlineScanner64.ocx - registred OK

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-08-13 11:45:45

# local_time=2012-08-13 07:45:45 (-0500, Eastern Daylight Time)

# country="United States"

# lang=1033

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=3588 16777214 85 67 204414 12642733 0 0

# compatibility_mode=5893 16776574 100 94 16252071 96397267 0 0

# compatibility_mode=8192 67108863 100 0 18234 18234 0 0

# scanned=163195

# found=4

# cleaned=4

# scan_time=4527

C:\Program Files (x86)\Smart PC Cleaner\SmartPCCleaner.exe a variant of Win32/SpeedingUpMyPC application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Users\owner\AppData\Local\Temp\YontooSetup-S.exe multiple threats (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Users\owner\Desktop\MY MRI\W7.061612pe builder (2).exe Win32/HideRun.A application (deleted - quarantined) 00000000000000000000000000000000 C

C:\Users\owner\Desktop\MY MRI\W7.061612pe builder.exe Win32/HideRun.A application (deleted - quarantined) 00000000000000000000000000000000 C

computer runs HD alot...especially when you open a browser....thanks kjh

Link to post
Share on other sites
Maurice Naggar

Maurice Naggar

Posted
Posted

MBAM results is very very good. No items detected. You can (if you want) permanently delete any items in MBAM Quarantine.

The ESET deleted some undesirable programs.

Your HD running issue may well be due to your HDD needing defragmentation. You might consider getting & using Defragler from http://www.piriform.com/defraggler

On "slow-ness" issue: See Quietman7's Slow Computer/browser? Check Here First

http://www.bleepingcomputer.com/forums/topic87058.html

See Miekiemoes' Help! My computer is slow!

http://users.telenet.be/bluepatchy/miekiemoes/slowcomputer.html

Link to post
Share on other sites
Maurice Naggar

Maurice Naggar

Posted
Posted

We can wrap this up now. I see that you are clear of your original issues.

If you have a problem with these steps, or something does not quite work here, do let me know.

The following few steps will remove tools we used. Advise me after you have completed the cleanups.

We have to remove Combofix and all its associated folders. By whichever name you named it, ( you had named it ComboFix icon_exclaim.gif),

put that name in the RUN box stated just below.

The "/uninstall" in the Run line below is to start Combofix for it's cleanup & removal function.

Note the space before the slash mark.

The utility must be removed to prevent any un-intentional or accidental usage, PLUS, to free up much space on your hard disk.

  • Highlight the line in this CODEBOX.
    Select & Copy the entire line within this codebox (so that it is in Windows clipboard memory)
    c:\users\owner\Desktop\ComboFix.exe /uninstall


  • Start >> type in cmd >> press the Ctrl+Shift+Enter keyboard combination and cmd.exe will be launched as if you selected Run as Administrator. You will then see a User Account Control prompt asking if you would like to allow the Command Prompt to be able to make changes on your computer. Click on the Yes button and you will now be at the Elevated Command Prompt.
    Do a Right click within the command prompt window and select Paste. This must show the line from Codebox above.
    Then tap Enter

IF in the case Combofix un-install has an issue, skip that step.

NEXT

  • Download OTC to your desktop and run it
  • Click Yes to beginning the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.

ERUNT you should keep and use periodically to backup Windows registry.

Delete the following if still present:

aswMBR.exe

TDSSKILLER.exe

SecurityCheck.exe

Dr Web Cure-It

Windows Defender Offline

You may go to Control Panel >> Programs and Features, and then uninstall

ESET Online scanner

Safer practices & malware prevention

We are finished here. Best regards. cool.gif

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.