PC acting weird

[zalloy]

I recently upgraded my MWAB to the pro version. It's supposed to start automatically with Windows, but when I reboot, I get a device open error of 2, and I have to start MWAB manually. When I start it manually, the protection is disabled, and I have to enable it. Is this normal? My browsers are both running kind of slow, and they keep hogging memory until they crash. I've had this happen with both Chrome and Firefox. Also, sometimes while posting to forums, it slows down to the point where I'm typing faster than it can keep up, then the last few words of a sentence come up all garbled together.

I ran the MWAB full scan, and it came up with nothing. I also ran Norton Security Suite, with the full scan, and that came up empty as well. I tried running Roguekiller, but it tried to kill my MagicJack software, as well as a few other apps that look pretty normal to me. I didn't see anything else obvious in the logs.

On a side note, I tried the other day to update my Yahoo Messenger, and I got a page from Panda Cloud Antivirus saying that I was trying to go to a malicious site. The people at Yahoo said that I was somehow redirected to a non-Yahoo site, and that's why I got that message. I don't even use Panda, so I'm not sure why I got the message, but it's probably a good thing I got the message instead of whatever malware was at that link.

I'm suspecting that there's something going on here, but I'm not sure what. Help, please. TIA!

[MrCharlie]

Welcome to the forum, please start at the link below:

http://forums.malwar...?showtopic=9573

Post back the 2 logs here.....DDS.txt and Attach.txt

<====><====><====><====><====><====><====><====>

Next.......

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller to your desktop.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

MrC

[zalloy]

Okay. Here are the log files. Thank you for your help :

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_33

Run by Laurie at 19:18:32 on 2012-08-16

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3839.500 [GMT -4:00]

.

AV: Norton Security Suite *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Norton Security Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

FW: Norton Security Suite *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe

C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Program Files (x86)\Nuance\Nuance Cloud Connector\GladFileMonSvc.exe

C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe

C:\Program Files (x86)\Nuance\Nuance Cloud Connector\WOSVSSSvr.exe

C:\Windows\system32\conhost.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

C:\Program Files (x86)\CA\PPRT\bin\ITMRTSVC.exe

C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe

C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe

C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

C:\Program Files (x86)\Norton Security Suite\Engine\6.2.1.5\ccSvcHst.exe

C:\Program Files (x86)\NetRatingsNetSight\NetSight\NielsenUpdate.exe

C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe

C:\Program Files (x86)\Common Files\Motive\pcCMService.exe

C:\Program Files\Common Files\Motive\pcCMService.exe

C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.12.27\ccSvcHst.exe

C:\Program Files (x86)\Common Files\Motive\pcServiceHost.exe

C:\Program Files (x86)\PDF Suite 2012\HelperService.exe

C:\Program Files (x86)\PDF Suite 2012\ConversionService.exe

C:\Windows\system32\svchost.exe -k regsvc

C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe

C:\Program Files (x86)\Comcast\Desktop Doctor\bin\sprtsvc.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe

C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.12.27\ccSvcHst.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe

C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe

C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

C:\Program Files (x86)\Norton Security Suite\Engine\6.2.1.5\ccSvcHst.exe

C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe

C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\WUDFHost.exe

C:\Program Files (x86)\NetRatingsNetSight\NetSight\NielsenOnline.exe

C:\Program Files (x86)\NetRatingsNetSight\NetSight\NielsenOnline.exe

C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter9\NielsenOnline64.exe

C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

C:\Program Files (x86)\SFT\GuardedID\gidd.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\SFT\GuardedID\x64\GIDD.exe

C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.12.27\SymcPCCULaunchSvc.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Users\Laurie\AppData\Local\Google\Update\1.3.21.115\GoogleCrashHandler.exe

C:\Users\Laurie\AppData\Local\Google\Update\1.3.21.115\GoogleCrashHandler64.exe

C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe

C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe

C:\Program Files\Comcast\pcTrayApp.exe

C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpy.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files (x86)\Common Files\Motive\pcContextHookShim.exe

C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe

C:\Program Files (x86)\Upromise\dca-ua.exe

C:\Program Files (x86)\Upromise\UpromiseTray.exe

C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe

C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe

C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe

C:\Program Files (x86)\Comcast\Desktop Doctor\bin\sprtcmd.exe

C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe

C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing-tray.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Users\Laurie\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe

C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin

C:\Program Files (x86)\Nuance\Nuance Cloud Connector\GladinetClient.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files (x86)\Nuance\PDF Create 7\PdfCreate7Hook.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Iminent\Iminent.exe

C:\Program Files (x86)\Iminent\Iminent.Messengers.exe

C:\Program Files (x86)\Inbox Toolbar\Inbox.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe

C:\Windows\system32\conhost.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Windows\system32\DllHost.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Users\Laurie\AppData\Roaming\mjusbsp\magicJack.exe

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe

C:\Windows\system32\msiexec.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://xfinity.comcast.net/?cid=cgps02122012

uSearch Page =

uSearch Bar =

uInternet Settings,ProxyOverride = 127.0.0.1;*.local

uURLSearchHooks: Coupons.com Toolbar: {37153479-1976-43c3-a1ee-557513977b64} - C:\Program Files (x86)\Coupons.com\prxtbCou0.dll

uURLSearchHooks: H - No File

uURLSearchHooks: H - No File

uURLSearchHooks: H - No File

uURLSearchHooks: H - No File

uURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll

uURLSearchHooks: H - No File

uURLSearchHooks: YTNavAssist.YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\YTNavAssist.dll

mURLSearchHooks: Coupons.com Toolbar: {37153479-1976-43c3-a1ee-557513977b64} - C:\Program Files (x86)\Coupons.com\prxtbCou0.dll

mURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll

mWinlogon: Userinit=userinit.exe,

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

BHO: Coupons.com Toolbar: {37153479-1976-43c3-a1ee-557513977b64} - C:\Program Files (x86)\Coupons.com\prxtbCou0.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Security Suite\Engine\6.2.1.5\coIEPlg.dll

BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Security Suite\Engine\6.2.1.5\IPS\IPSBHO.DLL

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: IMinent WebBooster (BHO): {a09ab6eb-31b5-454c-97ec-9b294d92ee2a} - C:\Program Files (x86)\Iminent\Iminent.WebBooster.InternetExplorer.dll

BHO: PDF Suite 2012 Helper: {a938761b-202b-4828-87e4-f21fec37d02d} - C:\Program Files (x86)\PDF Suite 2012\PDFIEHelper.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

BHO: Constant Guard Protection Suite (COM): {b84cdbe7-1b46-494b-a188-01d4c52deb61} - C:\ProgramData\White Sky, Inc\ID Vault\IEBHO1.1.716.0\NativeBHO.dll

BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll

BHO: Inbox Toolbar: {d3d233d5-9f6d-436c-b6c7-e63f77503b30} - C:\PROGRA~2\INBOXT~1\Inbox.dll

BHO: WeCareReminder Class: {d824f0de-3d60-4f57-9eb1-66033ecd8abb} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: Xfinity.com Toolbar: {dcc70a83-e184-40a3-906b-779af5e941c4} - C:\Program Files (x86)\xfinitytb\xfinitydx.dll

BHO: Updater For Xfinity.com Toolbar 3.5: {e6d0b79e-ecac-411b-8bf6-7a574981af30} - C:\Program Files (x86)\xfinitytb\auxi\xfinityAu.dll

BHO: Upromise TurboSaver: {edc0f17f-f4b7-47e4-b73e-887faeb376fa} - C:\Program Files (x86)\Upromise\upromisetoolbar.dll

BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll

TB: The Weather Channel Toolbar: {2e5e800e-6ac0-411e-940a-369530a35e43} - C:\Windows\SysWow64\TwcToolbarIe7.dll

TB: Coupons.com Toolbar: {37153479-1976-43c3-a1ee-557513977b64} - C:\Program Files (x86)\Coupons.com\prxtbCou0.dll

TB: Upromise TurboSaver: {06e58e5e-f8cb-4049-991e-a41c03bd419e} - C:\Program Files (x86)\Upromise\upromisetoolbar.dll

TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll

TB: Xfinity.com Toolbar: {dcc70a83-e184-40a3-906b-779af5e941c4} - C:\Program Files (x86)\xfinitytb\xfinitydx.dll

TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Security Suite\Engine\6.2.1.5\coIEPlg.dll

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll"

TB: PDF Suite 2012 Toolbar: {11aa5c56-b4e2-4b8f-803a-d340415532f3} - C:\Program Files (x86)\PDF Suite 2012\PDFIEPlugin.dll

TB: &Inbox Toolbar: {d7e97865-918f-41e4-9cd0-25ab1c574ce8} - C:\PROGRA~2\INBOXT~1\Inbox.dll

TB: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File

TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File

TB: {26525CA7-F3FF-47C2-B829-09083718BEE1} - No File

TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

TB: {37483B40-C254-4A72-BDA4-22EE90182C1E} - No File

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

uRun: [ComcastAntispyClient] "C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntispy.exe" /hide

uRun: [cdloader] "C:\Users\Laurie\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK

uRun: [Typing Assistant (English)] C:\Program Files (x86)\Typing Assistant (English) 5.4\Typing Assistant (English).exe

uRun: [speechInk Transcription Alerter] C:\Program Files (x86)\SpeechInk Alerter\rss.exe

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

uRun: [uTorrent] "C:\Users\Laurie\Downloads\utorrent.exe" /MINIMIZED

uRun: [Google Update] "C:\Users\Laurie\AppData\Local\Google\Update\GoogleUpdate.exe" /c

uRun: [iSUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler

uRun: [upromise Update] C:\Program Files (x86)\Upromise\dca-ua.exe

uRun: [upromise Tray] C:\Program Files (x86)\Upromise\UpromiseTray.exe

uRun: [DW6] "C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe"

uRun: [DW7] "C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe"

uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe

uRun: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

mRun: [nmctxth] "C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe"

mRun: [ddoctorv2] "C:\Program Files (x86)\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2

mRun: [Anti-phishing Domain Advisor] "C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe"

mRun: [NielsenOnline] C:\Program Files (x86)\NetRatingsNetSight\NetSight\NielsenOnline.exe

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

mRun: [NBAgent] "C:\Program Files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe" /WinStart

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [GIDDesktop] C:\Program Files (x86)\SFT\GuardedID\gidd.exe /s

mRun: [PDF7 Registry Controller] C:\Program Files (x86)\Nuance\PDF Create 7\RegistryController.exe

mRun: [DNS7reminder] "C:\Program Files (x86)\Nuance\NaturallySpeaking11\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\NaturallySpeaking11\Ereg.ini

mRun: [iSUSPM] "C:\ProgramData\FLEXnet\Connect\11\isuspm.exe" -scheduler

mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe

mRun: [OmniPage Preload] C:\Program Files (x86)\Nuance\OmniPage18\OmniPage18.exe /preload

mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin

mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

mRun: [PDFHook] C:\Program Files (x86)\Nuance\PDF Create 7\pdfcreate7hook.exe

mRun: [Nuance OmniPage 18-reminder] "C:\Program Files (x86)\Nuance\OmniPage18\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\OmniPage 18\Ereg\Ereg.ini"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun: [Conime] %windir%\system32\conime.exe

mRun: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [iminent] C:\Program Files (x86)\Iminent\Iminent.exe /warmup "F77F87E5-A6BD-4922-A530-EDF63D7E9F8C"

mRun: [iminentMessenger] C:\Program Files (x86)\Iminent\Iminent.Messengers.exe /startup

mRun: [inboxToolbar] "C:\Program Files (x86)\Inbox Toolbar\Inbox.exe" /STARTUP

dRunOnce: [KodakHomeCenter] "C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe"

dRunOnce: [DeleteEngineAfterUpdate] reg DELETE HKCU\Software\AppDataLow\Software\ConduitEngine /f

StartupFolder: C:\Users\Laurie\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Laurie\AppData\Roaming\Dropbox\bin\Dropbox.exe

StartupFolder: C:\Users\Laurie\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MAGICJ~1.LNK - C:\Users\Laurie\AppData\Roaming\mjusbsp\magicJackLoader.exe

StartupFolder: C:\Users\Laurie\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\CONSTA~1.LNK - C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\NUANCE~1.LNK - C:\Program Files (x86)\Nuance\Nuance Cloud Connector\GladLauncher.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PHRASE~1.LNK - C:\Program Files (x86)\PhraseExpress\phraseexpress.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: EnableLinkedConnections = 1 (0x1)

IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html

IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105

IE: {06E58E5E-F8CB-4049-991E-A41C03BD419E} - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - C:\Program Files (x86)\Upromise\upromisetoolbar.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab

DPF: {8F6E7FB2-E56B-4F66-A4E1-9765D2565280} - hxxp://www.worldwinner.com/games/launcher/ie/v2.23.01.0/iewwload.cab

DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab

DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -

TCP: DhcpNameServer = 75.75.75.75 75.75.76.76

TCP: Interfaces\{33419AC7-9DA5-4358-B712-A2F59E883293} : DhcpNameServer = 10.1.10.1

TCP: Interfaces\{4AAE8CCC-600E-457C-AA28-C0D50643B0CA} : DhcpNameServer = 75.75.75.75 75.75.76.76

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\PROGRA~2\INBOXT~1\Inbox.dll

Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"

mASetup: {9191979D-821C-4EA8-B021-2DA1D859A7C5}-3Reg - C:\Program Files (x86)\SFT\GuardedID\gidi.exe /v

BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll

BHO-X64: 0x1 - No File

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

BHO-X64: Coupons.com Toolbar: {37153479-1976-43c3-a1ee-557513977b64} - C:\Program Files (x86)\Coupons.com\prxtbCou0.dll

BHO-X64: Coupons.com - No File

BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

BHO-X64: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\6.2.1.5\coIEPlg.dll

BHO-X64: Norton Identity Protection - No File

BHO-X64: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\6.2.1.5\IPS\IPSBHO.DLL

BHO-X64: Norton Vulnerability Protection - No File

BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: IMinent WebBooster (BHO): {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Program Files (x86)\Iminent\Iminent.WebBooster.InternetExplorer.dll

BHO-X64: IMinent WebBooster - No File

BHO-X64: PDF Suite 2012 Helper: {a938761b-202b-4828-87e4-f21fec37d02d} - C:\Program Files (x86)\PDF Suite 2012\PDFIEHelper.dll

BHO-X64: PDF Suite 2012 Helper - No File

BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

BHO-X64: URLRedirectionBHO - No File

BHO-X64: Constant Guard Protection Suite (COM): {B84CDBE7-1B46-494B-A188-01D4C52DEB61} - C:\ProgramData\White Sky, Inc\ID Vault\IEBHO1.1.716.0\NativeBHO.dll

BHO-X64: Constant Guard Protection Suite (COM) - No File

BHO-X64: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll

BHO-X64: Vuze Remote - No File

BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll

BHO-X64: Inbox Toolbar: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\PROGRA~2\INBOXT~1\Inbox.dll

BHO-X64: WeCareReminder Class: {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll

BHO-X64: WeCareReminder - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO-X64: Xfinity.com Toolbar: {dcc70a83-e184-40a3-906b-779af5e941c4} - C:\Program Files (x86)\xfinitytb\xfinitydx.dll

BHO-X64: Xfinity.com Toolbar - No File

BHO-X64: Updater For Xfinity.com Toolbar 3.5: {e6d0b79e-ecac-411b-8bf6-7a574981af30} - C:\Program Files (x86)\xfinitytb\auxi\xfinityAu.dll

BHO-X64: Updater For Xfinity.com Toolbar 3.5 - No File

BHO-X64: Upromise TurboSaver: {EDC0F17F-F4B7-47e4-B73E-887FAEB376FA} - C:\Program Files (x86)\Upromise\upromisetoolbar.dll

BHO-X64: ToolHelper - No File

BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll

TB-X64: The Weather Channel Toolbar: {2E5E800E-6AC0-411E-940A-369530A35E43} - C:\Windows\SysWow64\TwcToolbarIe7.dll

TB-X64: Coupons.com Toolbar: {37153479-1976-43c3-a1ee-557513977b64} - C:\Program Files (x86)\Coupons.com\prxtbCou0.dll

TB-X64: Upromise TurboSaver: {06E58E5E-F8CB-4049-991E-A41C03BD419E} - C:\Program Files (x86)\Upromise\upromisetoolbar.dll

TB-X64: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll

TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll

TB-X64: Xfinity.com Toolbar: {dcc70a83-e184-40a3-906b-779af5e941c4} - C:\Program Files (x86)\xfinitytb\xfinitydx.dll

TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\6.2.1.5\coIEPlg.dll

TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll"

TB-X64: PDF Suite 2012 Toolbar: {11aa5c56-b4e2-4b8f-803a-d340415532f3} - C:\Program Files (x86)\PDF Suite 2012\PDFIEPlugin.dll

TB-X64: &Inbox Toolbar: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\PROGRA~2\INBOXT~1\Inbox.dll

TB-X64: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File

TB-X64: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File

TB-X64: {26525CA7-F3FF-47C2-B829-09083718BEE1} - No File

TB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

TB-X64: {37483B40-C254-4A72-BDA4-22EE90182C1E} - No File

TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

mRun-x64: [nmctxth] "C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe"

mRun-x64: [ddoctorv2] "C:\Program Files (x86)\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2

mRun-x64: [Anti-phishing Domain Advisor] "C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe"

mRun-x64: [NielsenOnline] C:\Program Files (x86)\NetRatingsNetSight\NetSight\NielsenOnline.exe

mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun-x64: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

mRun-x64: [NBAgent] "C:\Program Files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe" /WinStart

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun-x64: [GIDDesktop] C:\Program Files (x86)\SFT\GuardedID\gidd.exe /s

mRun-x64: [PDF7 Registry Controller] C:\Program Files (x86)\Nuance\PDF Create 7\RegistryController.exe

mRun-x64: [DNS7reminder] "C:\Program Files (x86)\Nuance\NaturallySpeaking11\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\NaturallySpeaking11\Ereg.ini

mRun-x64: [iSUSPM] "C:\ProgramData\FLEXnet\Connect\11\isuspm.exe" -scheduler

mRun-x64: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe

mRun-x64: [OmniPage Preload] C:\Program Files (x86)\Nuance\OmniPage18\OmniPage18.exe /preload

mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin

mRun-x64: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

mRun-x64: [PDFHook] C:\Program Files (x86)\Nuance\PDF Create 7\pdfcreate7hook.exe

mRun-x64: [Nuance OmniPage 18-reminder] "C:\Program Files (x86)\Nuance\OmniPage18\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\OmniPage 18\Ereg\Ereg.ini"

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun-x64: [Conime] %windir%\system32\conime.exe

mRun-x64: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [iminent] C:\Program Files (x86)\Iminent\Iminent.exe /warmup "F77F87E5-A6BD-4922-A530-EDF63D7E9F8C"

mRun-x64: [iminentMessenger] C:\Program Files (x86)\Iminent\Iminent.Messengers.exe /startup

mRun-x64: [inboxToolbar] "C:\Program Files (x86)\Inbox Toolbar\Inbox.exe" /STARTUP

SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Laurie\AppData\Roaming\Mozilla\Firefox\Profiles\6hkwwsku.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2801948&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - NCH EN Customized Web Search

FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2801948&SearchSource=13

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Common Files\Motive\npMotive.dll

FF - plugin: C:\Program Files (x86)\Common Files\Motive\npMotiveRequest.dll

FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Millisecond Software\Inquisit 3.0 Mozilla Plugin\npInquisit_3050.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\np32asw.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol400.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\nprpplugin.dll

FF - plugin: C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter9\FirefoxAddOns\npfirefoxtracker.dll

FF - plugin: C:\Program Files (x86)\PDF Suite 2012\firefoxextension2012\plugins\NPPdfExt2012.dll

FF - plugin: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll

FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll

FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

FF - plugin: C:\Users\Laurie\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll

FF - plugin: C:\Users\Laurie\AppData\Local\HuluDesktop\instances\0.9.14.1\nphdplg.dll

FF - plugin: C:\Users\Laurie\AppData\Local\RunRev\Components\LiveCodePlayer\9\nplcplugin.dll

FF - plugin: C:\Users\Laurie\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll

FF - plugin: C:\Users\Laurie\AppData\Roaming\Mozilla\Firefox\Profiles\6hkwwsku.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}\plugins\npAclmPlugin.dll

FF - plugin: C:\Users\Laurie\AppData\Roaming\Mozilla\Firefox\Profiles\6hkwwsku.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}\plugins\npProductDetectPlugin.dll

FF - plugin: C:\Users\Laurie\AppData\Roaming\Mozilla\Firefox\Profiles\6hkwwsku.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\plugins\np-mswmp.dll

FF - plugin: C:\Users\Laurie\AppData\Roaming\Mozilla\plugins\np-mswmp.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll

FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll

FF - plugin: C:\Windows\SysWOW64\npmproxy.dll

.

---- FIREFOX POLICIES ----

.

FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(yahoo.ytff.general.dontshowhpoffer, true

FF - user.js: network.http.max-persistent-connections-per-server - 4

FF - user.js: nglayout.initialpaint.delay - 600

FF - user.js: content.notify.interval - 600000

FF - user.js: content.max.tokenizing.time - 1800000

FF - user.js: content.switch.threshold - 600000

.

============= SERVICES / DRIVERS ===============

.

R0 amd_sata;amd_sata;C:\Windows\system32\drivers\amd_sata.sys --> C:\Windows\system32\drivers\amd_sata.sys [?]

R0 amd_xata;amd_xata;C:\Windows\system32\drivers\amd_xata.sys --> C:\Windows\system32\drivers\amd_xata.sys [?]

R0 NBVol;Nero Backup Volume Filter Driver;C:\Windows\system32\DRIVERS\NBVol.sys --> C:\Windows\system32\DRIVERS\NBVol.sys [?]

R0 NBVolUp;Nero Backup Volume Upper Filter Driver;C:\Windows\system32\DRIVERS\NBVolUp.sys --> C:\Windows\system32\DRIVERS\NBVolUp.sys [?]

R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\N360x64\0602010.005\SYMDS64.SYS --> C:\Windows\system32\drivers\N360x64\0602010.005\SYMDS64.SYS [?]

R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\N360x64\0602010.005\SYMEFA64.SYS --> C:\Windows\system32\drivers\N360x64\0602010.005\SYMEFA64.SYS [?]

R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\BASHDefs\20120811.003\BHDrvx64.sys [2012-8-10 1385120]

R1 ccSet_N360;Norton Security Suite Settings Manager;C:\Windows\system32\drivers\N360x64\0602010.005\ccSetx64.sys --> C:\Windows\system32\drivers\N360x64\0602010.005\ccSetx64.sys [?]

R1 GIDv2;GIDv2;C:\Windows\system32\drivers\GIDv2.sys --> C:\Windows\system32\drivers\GIDv2.sys [?]

R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\IPSDefs\20120815.002\IDSviA64.sys [2012-8-15 509088]

R1 nnfwdk;Nielsen WFP Driver;C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter9\nnfwdk64.sys [2012-6-25 25648]

R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\N360x64\0602010.005\Ironx64.SYS --> C:\Windows\system32\drivers\N360x64\0602010.005\Ironx64.SYS [?]

R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\N360x64\0602010.005\SYMNETS.SYS --> C:\Windows\system32\Drivers\N360x64\0602010.005\SYMNETS.SYS [?]

R2 AODDriver4.01;AODDriver4.01;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2011-6-24 55424]

R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]

R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]

R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]

R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-8-13 138912]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\drivers\usbfilter.sys --> C:\Windows\system32\drivers\usbfilter.sys [?]

S3 AODDriver4.0;AODDriver4.0;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2011-6-24 55424]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

.

=============== Created Last 30 ================

.

2012-08-16 17:39:33 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy

2012-08-16 17:39:33 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy

2012-08-15 08:58:34 9826504 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe

2012-08-13 21:54:02 -------- d-----w- C:\Program Files (x86)\Inbox Toolbar

2012-08-12 16:21:25 -------- d-----w- C:\Users\Laurie\AppData\Roaming\PDF Software

2012-08-12 15:52:55 -------- d-----w- C:\Program Files (x86)\PDF Suite 2012

2012-08-10 22:01:44 -------- d-----w- C:\Program Files (x86)\Free YouTube Downloader

2012-08-10 21:57:04 -------- d-----w- C:\Users\Laurie\AppData\Roaming\Iminent

2012-08-10 21:56:30 -------- d-----w- C:\ProgramData\Iminent

2012-08-10 21:54:46 -------- d-----w- C:\Program Files (x86)\Iminent

2012-07-28 22:31:32 -------- d-----w- C:\Users\Laurie\AppData\Local\CRE

2012-07-27 00:37:00 476976 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll

2012-07-21 16:01:46 -------- d-----w- C:\Windows\SysWow64\kodak

.

==================== Find3M ====================

.

2012-08-15 08:58:39 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-08-15 08:58:39 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-07-27 00:36:20 472880 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2012-07-18 18:15:06 3148800 ----a-w- C:\Windows\System32\win32k.sys

2012-07-16 21:14:02 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll

2012-07-16 21:14:02 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll

2012-07-04 22:13:27 59392 ----a-w- C:\Windows\System32\browcli.dll

2012-07-04 22:13:27 136704 ----a-w- C:\Windows\System32\browser.dll

2012-07-04 21:14:34 41984 ----a-w- C:\Windows\SysWow64\browcli.dll

2012-07-03 17:46:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-06-30 21:47:04 175736 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS

2012-06-29 03:56:34 2312704 ----a-w- C:\Windows\System32\jscript9.dll

2012-06-29 03:49:11 1392128 ----a-w- C:\Windows\System32\wininet.dll

2012-06-29 03:48:07 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-06-29 03:43:49 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2012-06-29 03:39:48 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-06-29 00:16:58 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-06-29 00:09:01 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-06-29 00:08:59 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-06-29 00:04:43 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2012-06-29 00:00:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-06-18 13:48:14 122368 ----a-w- C:\Windows\System32\EKaio2WiaCoInst.dll

2012-06-18 13:48:10 10240 ----a-w- C:\Windows\System32\EKaio2WiaCoInstRes.dll

2012-06-12 13:42:52 1644544 ----a-w- C:\Windows\System32\EKAiO2MON.dll

2012-06-12 13:41:40 177664 ----a-w- C:\Windows\System32\EKAiO2COI09.dll

2012-06-06 12:49:52 1070152 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX

2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll

2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll

2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll

2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll

2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll

2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll

2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll

2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll

2012-06-02 19:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll

2012-06-02 19:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe

2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys

2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys

2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys

2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll

2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll

2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll

2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll

2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll

2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll

.

============= FINISH: 19:23:01.46 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 7/21/2011 4:14:38 PM

System Uptime: 8/16/2012 3:09:35 PM (4 hours ago)

.

Motherboard: FOXCONN | | 2AB1

Processor: AMD Phenom II X2 521 Processor | CPU 1 | 3500/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 920 GiB total, 299.639 GiB free.

D: is FIXED (NTFS) - 11 GiB total, 1.372 GiB free.

E: is CDROM (UDF)

F: is Removable

G: is Removable

H: is Removable

I: is Removable

J: is CDROM ()

K: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP184: 8/12/2012 12:00:03 PM - Installed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411

RP185: 8/12/2012 12:04:31 PM - Installed OpenOffice.org 3.4

RP186: 8/12/2012 12:14:15 PM - Installed OpenOffice.org 3.4

RP187: 8/14/2012 11:18:26 PM - Windows Update

RP188: 8/16/2012 7:02:06 PM - Removed Adobe Acrobat X Pro - English, Français, Deutsch.

.

==== Installed Programs ======================

.

Adobe AIR

Adobe Community Help

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Media Player

Adobe Photoshop CS5

Adobe Reader X (10.1.3)

Agatha Christie - Peril at End House

aioscnnr

AMD VISION Engine Control Center

Anonymous Guest v4.20 Pro Multilanguage

Anti-phishing Domain Advisor

Apple Application Support

Apple Software Update

ASPCA Reminder by We-Care.com v5.0.5.1

Audacity 1.3.13 (Unicode)

Bejeweled 2 Deluxe

Bejeweled 3

Bing Bar

Bing Rewards Client Installer

Bitvise Tunnelier 4.40 (remove only)

Blackhawk Striker 2

Blasterball 3

Blio

Bounce Symphony

Build-a-lot 2

C4USelfUpdater

CA Pest Patrol Realtime Protection

Cake Mania

Catalyst Control Center - Branding

Catalyst Control Center Graphics Previews Common

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

center

Chrometa version 2.0.2.3.61

Chuzzle Deluxe

Classic Doom 3 1.3.1

Comcast Desktop Software (v1.2.1)

Constant Guard Protection Suite

Coupon Printer for Windows

Coupons.com Toolbar

D3DX10

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

Desktop Doctor

Diner Dash 2 Restaurant Rescue

Dora's World Adventure

Download Updater (AOL LLC)

Dragon NaturallySpeaking 11

Dropbox

EasySolve

essentials

Express Accounts

Express Invoice

Express Rip

Express Scribe

Express Zip File Compression Software

Farm Frenzy

FATE - The Traitor Soul

FLAC 1.2.1b (remove only)

Free YouTube Downloader 3.5.126

FTR TheRecord Player

Google Chrome

Google Earth

Google Update Helper

Grammarly Add-In

GuardedID

Hewlett-Packard ACLM.NET v1.1.2.0

HourGuard Time Sheet

HP Customer Experience Enhancements

HP Games

HP LinkUp

HP MediaSmart/TouchSmart Netflix

HP MovieStore

HP Odometer

HP Product Detection

HP Setup

HP Setup Manager

HP Support Assistant

HP Support Information

HP Update

Hulu Desktop

HydraVision

Iminent

Inbox Toolbar

InqScribe 2.1

JAP

Java Auto Updater

Java 6 Update 3

Java 6 Update 33

Junk Mail filter update

KeyBlaze Typing Tutor

Kobo

KODAK AiO Software

LabelPrint

LightScribe System Software

MagicDisc 2.7.106

magicJack

Mah Jong Medley

Malwarebytes Anti-Malware version 1.62.0.1300

Mavis Beacon Teaches Typing Platinum 20

Mesh Runtime

Microsoft .NET Framework 1.1

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office Groove MUI (English) 2010

Microsoft Office InfoPath MUI (English) 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Professional Plus 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Word MUI (English) 2010

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft WSE 3.0 Runtime

Microsoft_VC80_ATL_x86

Microsoft_VC80_CRT_x86

Microsoft_VC80_MFC_x86

Microsoft_VC80_MFCLOC_x86

Microsoft_VC90_ATL_x86

Microsoft_VC90_CRT_x86

Microsoft_VC90_MFC_x86

MixPad Audio Mixer

Mobipocket Reader 6.2

Morphyre

Mozilla Firefox 14.0.1 (x86 en-US)

Mozilla Maintenance Service

Mozilla Thunderbird 14.0 (x86 en-US)

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Mystery P.I. - Stolen in San Francisco

Namco All-Stars PAC-MAN

Nero 11 Collection 1

Nero 11 Kwik Themes 3

Nero 11 Kwik Themes 4

Nero 11 PiP Effects 1

Nero 11 Video Transitions 1

Nielsen

Norton Online Backup

Norton PC Checkup

Norton Security Suite

Nuance Cloud Connector

Nuance OmniPage 18

ocr

oDesk Team

OpenOffice.org 3.4

PDF Settings CS5

PDF Suite 2012

Penguins!

PhraseExpress v8.0.154

Pidgin

Pixillion Image Converter

Plants vs. Zombies - Game of the Year

PlayReady PC Runtime x86

Poker Superstars III

Polar Bowler

Polar Golfer

Power2Go

PreReq

PressReader

Prism Video File Converter

Pure Networks Platform

QuickTime

RealNetworks - Microsoft Visual C++ 2008 Runtime

RealPlayer

Realtek High Definition Audio Driver

RealUpgrade 1.1

Recovery Manager

Remote Graphics Receiver

Rinse

RoxioNow Player

RunRev LiveCode Player Browser Plugin

Safari

Scansoft PDF Create

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Extended (KB2416472)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition

Security Update for Microsoft InfoPath 2010 (KB2553322) 32-Bit Edition

Security Update for Microsoft InfoPath 2010 (KB2553431) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553091)

Security Update for Microsoft Office 2010 (KB2553096)

Security Update for Microsoft Office 2010 (KB2553260) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2589322) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition

Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition

Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)

Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition

Slingo Supreme

SoftWriting

Sony Player Plug-in for Windows Media Player

SoulSeek 157 NS 13e

Spybot - Search & Destroy

Switch Sound File Converter

The FTW Transcriber version 2.1.0

The Weather Channel App

The Weather Channel Desktop 6

The Weather Channel Toolbar

Transcription Buddy 4.0 (build 38)

TuneUp Companion 2.4.6.4

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2473228)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

Update for Microsoft Office 2010 (KB2494150)

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2553092)

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553272) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition

Update for Microsoft Office 2010 (KB2598289) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition

Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition

Update Installer for WildTangent Games App

Upromise TurboSaver (remove only)

Virtual Villagers 4 - The Tree of Life

VLC media player 2.0.2

Vuze

Vuze Remote Toolbar

WavePad Sound Editor

WebEx Support Manager for Internet Explorer

Wheel of Fortune 2

WildTangent Games App (HP Games)

Windows Live Communications Platform

Windows Live Essentials

Windows Live Installer

Windows Live Mail

Windows Live Mesh

Windows Live Mesh ActiveX Control for Remote Connections

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

Xfinity.com Toolbar 3.5

XP Codec Pack

Yahoo! BrowserPlus 2.9.8

Yahoo! Messenger

Yahoo! Software Update

Yahoo! Toolbar

Zinio Reader 4

Zuma Deluxe

.

==== Event Viewer Messages From Past Week ========

.

8/16/2012 2:50:04 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

8/16/2012 2:49:03 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.

8/16/2012 2:49:03 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

8/16/2012 2:49:02 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

8/16/2012 2:48:52 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

8/16/2012 2:48:44 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

8/16/2012 2:47:56 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx64 ccSet_N360 discache eeCtrl IDSVia64 nnfwdk spldr SRTSP SRTSPX SymIRON SymNetS Wanarpv6

8/16/2012 1:08:56 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Norton Online Backup service to connect.

8/16/2012 1:08:56 PM, Error: Service Control Manager [7000] - The Norton Online Backup service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

8/14/2012 3:02:57 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.

8/14/2012 3:01:19 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

8/14/2012 2:53:19 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Sendoriv1 service.

8/13/2012 3:47:25 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the MBAMService service to connect.

8/13/2012 3:47:25 PM, Error: Service Control Manager [7000] - The MBAMService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

.

==== End Of File ===========================

[zalloy]

Oops, almost forgot the RogueKiller Report. Here it is:

RogueKiller V7.6.6 [08/10/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User: Laurie [Admin rights]

Mode: Scan -- Date: 08/16/2012 12:45:35

¤¤¤ Bad processes: 4 ¤¤¤

[sUSP PATH] visicom_antiphishing.exe -- C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe -> KILLED [TermProc]

[sUSP PATH] visicom_antiphishing-tray.exe -- C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing-tray.exe -> KILLED [TermProc]

[sUSP PATH] magicJack.exe -- C:\Users\Laurie\AppData\Roaming\mjusbsp\magicJack.exe -> KILLED [TermProc]

[sUSP PATH] agent.exe -- C:\ProgramData\FLEXnet\Connect\11\agent.exe -> KILLED [TermProc]

¤¤¤ Registry Entries: 10 ¤¤¤

[sUSP PATH] HKCU\[...]\Run : cdloader ("C:\Users\Laurie\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK) -> FOUND

[sUSP PATH] HKCU\[...]\Run : DW6 ("C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe") -> FOUND

[sUSP PATH] HKUS\S-1-5-21-3877766120-1356258156-1109172098-1001[...]\Run : cdloader ("C:\Users\Laurie\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK) -> FOUND

[sUSP PATH] HKUS\S-1-5-21-3877766120-1356258156-1109172098-1001[...]\Run : DW6 ("C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe") -> FOUND

[sUSP PATH] HKLM\[...]\Wow6432Node\Run : Anti-phishing Domain Advisor ("C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe") -> FOUND

[sUSP PATH] magicJack.lnk @Laurie : C:\Users\Laurie\AppData\Roaming\mjusbsp\magicJackLoader.exe -> FOUND

[DNS] HKLM\[...]\ControlSet001\Parameters\Interfaces\{4AAE8CCC-600E-457C-AA28-C0D50643B0CA} : NameServer (216.146.35.240,216.146.36.240,75.75.75.75,75.75.76.76) -> FOUND

[DNS] HKLM\[...]\ControlSet002\Parameters\Interfaces\{4AAE8CCC-600E-457C-AA28-C0D50643B0CA} : NameServer (216.146.35.240,216.146.36.240,75.75.75.75,75.75.76.76) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : Root.MBR ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Hitachi HDS721010CLA332 SATA Disk Device +++++

--- User ---

[MBR] 0898b5c44c58ee2b233b581feea6ca66

[bSP] 072f3ca5aad42da821a8c268faed96c8 : Windows Vista/7 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 942267 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1929969664 | Size: 11500 Mo

User = LL1 ... OK!

User != LL2 ... KO!

--- LL2 ---

[MBR] 0c959f160c0bfdaccc5ebf7fe9c560d2

[bSP] ede960c251a9b1bd984edccbf8c8278d : Windows 7 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 217933824 | Size: 300 Mo

Finished : << RKreport[1].txt >>

RKreport[1].txt

[MrCharlie]

Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

------------------------

Click the Start Scan button.

-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

-------------------

Here's a summary of what to do if you would like to print it out:

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

MrC

[zalloy]

Something is definitely going on. Here's hoping I don't lose any of my data, as I have some important stuff I can't afford to lose. Here's the TDSSKiller log. My system is not letting me zip the file. I get an error with ExpressZip and with WinRAR saying that it cannot save the file.

10:21:53.0640 7620 TDSS rootkit removing tool 2.8.6.0 Aug 13 2012 17:24:05

10:21:54.0324 7620 ============================================================

10:21:54.0324 7620 Current date / time: 2012/08/17 10:21:54.0324

10:21:54.0324 7620 SystemInfo:

10:21:54.0324 7620

10:21:54.0324 7620 OS Version: 6.1.7601 ServicePack: 1.0

10:21:54.0324 7620 Product type: Workstation

10:21:54.0324 7620 ComputerName: ZINCS-HP

10:21:54.0324 7620 UserName: Laurie

10:21:54.0324 7620 Windows directory: C:\Windows

10:21:54.0324 7620 System windows directory: C:\Windows

10:21:54.0324 7620 Running under WOW64

10:21:54.0324 7620 Processor architecture: Intel x64

10:21:54.0324 7620 Number of processors: 2

10:21:54.0324 7620 Page size: 0x1000

10:21:54.0324 7620 Boot type: Normal boot

10:21:54.0324 7620 ============================================================

10:21:55.0585 7620 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

10:21:55.0621 7620 ============================================================

10:21:55.0621 7620 \Device\Harddisk0\DR0:

10:21:55.0622 7620 MBR partitions:

10:21:55.0622 7620 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000

10:21:55.0622 7620 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x7305D800

10:21:55.0622 7620 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x73090000, BlocksNum 0x1676000

10:21:55.0622 7620 ============================================================

10:21:55.0656 7620 C: <-> \Device\Harddisk0\DR0\Partition2

10:21:55.0706 7620 D: <-> \Device\Harddisk0\DR0\Partition3

10:21:55.0706 7620 ============================================================

10:21:55.0706 7620 Initialize success

10:21:55.0706 7620 ============================================================

10:22:52.0196 9236 ============================================================

10:22:52.0196 9236 Scan started

10:22:52.0196 9236 Mode: Manual; SigCheck; TDLFS;

10:22:52.0196 9236 ============================================================

10:22:52.0869 9236 ================ Scan services =============================

10:22:53.0013 9236 [ a87d604aea360176311474c87a63bb88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys

10:22:53.0315 9236 1394ohci - ok

10:22:53.0391 9236 ACDaemon - ok

10:22:53.0436 9236 [ d81d9e70b8a6dd14d42d7b4efa65d5f2 ] ACPI C:\Windows\system32\drivers\ACPI.sys

10:22:53.0450 9236 ACPI - ok

10:22:53.0467 9236 [ 99f8e788246d495ce3794d7e7821d2ca ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys

10:22:53.0552 9236 AcpiPmi - ok

10:22:53.0633 9236 [ 62b7936f9036dd6ed36e6a7efa805dc0 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

10:22:53.0642 9236 AdobeARMservice - ok

10:22:53.0782 9236 [ a9d3b95e8466bd58eeb8a1154654e162 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

10:22:53.0793 9236 AdobeFlashPlayerUpdateSvc - ok

10:22:53.0836 9236 [ 2f6b34b83843f0c5118b63ac634f5bf4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys

10:22:53.0853 9236 adp94xx - ok

10:22:53.0882 9236 [ 597f78224ee9224ea1a13d6350ced962 ] adpahci C:\Windows\system32\drivers\adpahci.sys

10:22:53.0896 9236 adpahci - ok

10:22:53.0906 9236 [ e109549c90f62fb570b9540c4b148e54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys

10:22:53.0918 9236 adpu320 - ok

10:22:53.0938 9236 [ 4b78b431f225fd8624c5655cb1de7b61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll

10:22:54.0086 9236 AeLookupSvc - ok

10:22:54.0147 9236 [ 1c7857b62de5994a75b054a9fd4c3825 ] AFD C:\Windows\system32\drivers\afd.sys

10:22:54.0217 9236 AFD - ok

10:22:54.0241 9236 [ 608c14dba7299d8cb6ed035a68a15799 ] agp440 C:\Windows\system32\drivers\agp440.sys

10:22:54.0251 9236 agp440 - ok

10:22:54.0275 9236 [ 3290d6946b5e30e70414990574883ddb ] ALG C:\Windows\System32\alg.exe

10:22:54.0338 9236 ALG - ok

10:22:54.0365 9236 [ 5812713a477a3ad7363c7438ca2ee038 ] aliide C:\Windows\system32\drivers\aliide.sys

10:22:54.0394 9236 aliide - ok

10:22:54.0469 9236 [ 2fdcb3e855076ce97ccb58e2cf8f2a09 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe

10:22:54.0515 9236 AMD External Events Utility - ok

10:22:54.0575 9236 AMD FUEL Service - ok

10:22:54.0595 9236 [ 1ff8b4431c353ce385c875f194924c0c ] amdide C:\Windows\system32\drivers\amdide.sys

10:22:54.0606 9236 amdide - ok

10:22:54.0646 9236 [ 6a2eeb0c4133b20773bb3dd0b7b377b4 ] amdiox64 C:\Windows\system32\DRIVERS\amdiox64.sys

10:22:54.0702 9236 amdiox64 - ok

10:22:54.0715 9236 [ 7024f087cff1833a806193ef9d22cda9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys

10:22:54.0779 9236 AmdK8 - ok

10:22:54.0938 9236 [ 9920704bf815a5b42da5264f013aaeb7 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys

10:22:55.0126 9236 amdkmdag - ok

10:22:55.0188 9236 [ 0d1055a47a8f5dc1caa2701831293ebb ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys

10:22:55.0210 9236 amdkmdap - ok

10:22:55.0238 9236 [ 1e56388b3fe0d031c44144eb8c4d6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys

10:22:55.0266 9236 AmdPPM - ok

10:22:55.0317 9236 [ d4121ae6d0c0e7e13aa221aa57ef2d49 ] amdsata C:\Windows\system32\drivers\amdsata.sys

10:22:55.0327 9236 amdsata - ok

10:22:55.0349 9236 [ f67f933e79241ed32ff46a4f29b5120b ] amdsbs C:\Windows\system32\drivers\amdsbs.sys

10:22:55.0361 9236 amdsbs - ok

10:22:55.0377 9236 [ 540daf1cea6094886d72126fd7c33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys

10:22:55.0387 9236 amdxata - ok

10:22:55.0410 9236 [ caee7c1afc9f1c9ee8dd11acd18d22e7 ] amd_sata C:\Windows\system32\drivers\amd_sata.sys

10:22:55.0420 9236 amd_sata - ok

10:22:55.0424 9236 [ 23726116b4fbcc84fc45b95157c08f5f ] amd_xata C:\Windows\system32\drivers\amd_xata.sys

10:22:55.0433 9236 amd_xata - ok

10:22:55.0511 9236 [ f9dac844b1d370da4c984d4c22f5e696 ] AntiSpywareService C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe

10:22:55.0528 9236 AntiSpywareService - ok

10:22:55.0569 9236 [ f312fad7dbd49ed21a194ac71b497832 ] AODDriver4.0 C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys

10:22:55.0578 9236 AODDriver4.0 - ok

10:22:55.0592 9236 [ f312fad7dbd49ed21a194ac71b497832 ] AODDriver4.01 C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys

10:22:55.0600 9236 AODDriver4.01 - ok

10:22:55.0631 9236 [ 89a69c3f2f319b43379399547526d952 ] AppID C:\Windows\system32\drivers\appid.sys

10:22:55.0766 9236 AppID - ok

10:22:55.0788 9236 [ 0bc381a15355a3982216f7172f545de1 ] AppIDSvc C:\Windows\System32\appidsvc.dll

10:22:55.0826 9236 AppIDSvc - ok

10:22:55.0843 9236 [ 3977d4a871ca0d4f2ed1e7db46829731 ] Appinfo C:\Windows\System32\appinfo.dll

10:22:55.0880 9236 Appinfo - ok

10:22:55.0992 9236 [ f401929ee0cc92bfe7f15161ca535383 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

10:22:56.0000 9236 Apple Mobile Device - ok

10:22:56.0023 9236 [ c484f8ceb1717c540242531db7845c4e ] arc C:\Windows\system32\drivers\arc.sys

10:22:56.0034 9236 arc - ok

10:22:56.0054 9236 [ 019af6924aefe7839f61c830227fe79c ] arcsas C:\Windows\system32\drivers\arcsas.sys

10:22:56.0065 9236 arcsas - ok

10:22:56.0165 9236 [ 9217d874131ae6ff8f642f124f00a555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe

10:22:56.0184 9236 aspnet_state - ok

10:22:56.0210 9236 [ 769765ce2cc62867468cea93969b2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys

10:22:56.0252 9236 AsyncMac - ok

10:22:56.0284 9236 [ 02062c0b390b7729edc9e69c680a6f3c ] atapi C:\Windows\system32\drivers\atapi.sys

10:22:56.0294 9236 atapi - ok

10:22:56.0398 9236 [ dbb487d09f56c674430ac454fd8bcab9 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys

10:22:56.0415 9236 AtiHDAudioService - ok

10:22:56.0430 9236 [ e82e61f46d1336447f4deff8c074f13e ] AtiPcie C:\Windows\system32\drivers\AtiPcie64.sys

10:22:56.0439 9236 AtiPcie - ok

10:22:56.0472 9236 [ f23fef6d569fce88671949894a8becf1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll

10:22:56.0518 9236 AudioEndpointBuilder - ok

10:22:56.0528 9236 [ f23fef6d569fce88671949894a8becf1 ] AudioSrv C:\Windows\System32\Audiosrv.dll

10:22:56.0558 9236 AudioSrv - ok

10:22:56.0584 9236 [ a6bf31a71b409dfa8cac83159e1e2aff ] AxInstSV C:\Windows\System32\AxInstSV.dll

10:22:56.0639 9236 AxInstSV - ok

10:22:56.0670 9236 [ 3e5b191307609f7514148c6832bb0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys

10:22:56.0739 9236 b06bdrv - ok

10:22:56.0773 9236 [ b5ace6968304a3900eeb1ebfd9622df2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys

10:22:56.0801 9236 b57nd60a - ok

10:22:56.0970 9236 [ a2494901e7226b356b8c1005c45f1c5f ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe

10:22:56.0981 9236 BBSvc - ok

10:22:57.0009 9236 [ 63b1cbbae4790b5bac98f01bf9449722 ] BBUpdate C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe

10:22:57.0022 9236 BBUpdate - ok

10:22:57.0045 9236 [ fde360167101b4e45a96f939f388aeb0 ] BDESVC C:\Windows\System32\bdesvc.dll

10:22:57.0112 9236 BDESVC - ok

10:22:57.0137 9236 [ 16a47ce2decc9b099349a5f840654746 ] Beep C:\Windows\system32\drivers\Beep.sys

10:22:57.0185 9236 Beep - ok

10:22:57.0222 9236 [ 82974d6a2fd19445cc5171fc378668a4 ] BFE C:\Windows\System32\bfe.dll

10:22:57.0268 9236 BFE - ok

10:22:57.0508 9236 [ e99f59342171101ee2446d0cd1a60a8d ] BHDrvx64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\BASHDefs\20120811.003\BHDrvx64.sys

10:22:57.0538 9236 BHDrvx64 - ok

10:22:57.0567 9236 [ 1ea7969e3271cbc59e1730697dc74682 ] BITS C:\Windows\System32\qmgr.dll

10:22:57.0622 9236 BITS - ok

10:22:57.0654 9236 [ 61583ee3c3a17003c4acd0475646b4d3 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys

10:22:57.0677 9236 blbdrive - ok

10:22:57.0760 9236 [ ebbcd5dfbb1de70e8f4af8fa59e401fd ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe

10:22:57.0774 9236 Bonjour Service - ok

10:22:57.0829 9236 [ 6c02a83164f5cc0a262f4199f0871cf5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys

10:22:57.0883 9236 bowser - ok

10:22:57.0908 9236 [ f09eee9edc320b5e1501f749fde686c8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys

10:22:57.0927 9236 BrFiltLo - ok

10:22:57.0944 9236 [ b114d3098e9bdb8bea8b053685831be6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys

10:22:57.0956 9236 BrFiltUp - ok

10:22:58.0011 9236 [ 05f5a0d14a2ee1d8255c2aa0e9e8e694 ] Browser C:\Windows\System32\browser.dll

10:22:58.0046 9236 Browser - ok

10:22:58.0080 9236 [ 43bea8d483bf1870f018e2d02e06a5bd ] Brserid C:\Windows\System32\Drivers\Brserid.sys

10:22:58.0119 9236 Brserid - ok

10:22:58.0136 9236 [ a6eca2151b08a09caceca35c07f05b42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys

10:22:58.0161 9236 BrSerWdm - ok

10:22:58.0178 9236 [ b79968002c277e869cf38bd22cd61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys

10:22:58.0200 9236 BrUsbMdm - ok

10:22:58.0225 9236 [ a87528880231c54e75ea7a44943b38bf ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys

10:22:58.0241 9236 BrUsbSer - ok

10:22:58.0259 9236 [ 9da669f11d1f894ab4eb69bf546a42e8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys

10:22:58.0281 9236 BTHMODEM - ok

10:22:58.0305 9236 [ 95f9c2976059462cbbf227f7aab10de9 ] bthserv C:\Windows\system32\bthserv.dll

10:22:58.0339 9236 bthserv - ok

10:22:58.0455 9236 [ 0e1737a63aec0f6de231bb59836c0a11 ] ccSet_N360 C:\Windows\system32\drivers\N360x64\0602010.005\ccSetx64.sys

10:22:58.0469 9236 ccSet_N360 - ok

10:22:58.0491 9236 [ b8bd2bb284668c84865658c77574381a ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys

10:22:58.0518 9236 cdfs - ok

10:22:58.0547 9236 [ f036ce71586e93d94dab220d7bdf4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys

10:22:58.0574 9236 cdrom - ok

10:22:58.0629 9236 [ f17d1d393bbc69c5322fbfafaca28c7f ] CertPropSvc C:\Windows\System32\certprop.dll

10:22:58.0668 9236 CertPropSvc - ok

10:22:58.0681 9236 [ d7cd5c4e1b71fa62050515314cfb52cf ] circlass C:\Windows\system32\drivers\circlass.sys

10:22:58.0706 9236 circlass - ok

10:22:58.0724 9236 [ fe1ec06f2253f691fe36217c592a0206 ] CLFS C:\Windows\system32\CLFS.sys

10:22:58.0740 9236 CLFS - ok

10:22:58.0789 9236 [ d88040f816fda31c3b466f0fa0918f29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

10:22:58.0798 9236 clr_optimization_v2.0.50727_32 - ok

10:22:58.0833 9236 [ d1ceea2b47cb998321c579651ce3e4f8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

10:22:58.0863 9236 clr_optimization_v2.0.50727_64 - ok

10:22:59.0079 9236 [ c5a75eb48e2344abdc162bda79e16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

10:22:59.0089 9236 clr_optimization_v4.0.30319_32 - ok

10:22:59.0116 9236 [ c6f9af94dcd58122a4d7e89db6bed29d ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

10:22:59.0135 9236 clr_optimization_v4.0.30319_64 - ok

10:22:59.0158 9236 [ 0840155d0bddf1190f84a663c284bd33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys

10:22:59.0176 9236 CmBatt - ok

10:22:59.0202 9236 [ e19d3f095812725d88f9001985b94edd ] cmdide C:\Windows\system32\drivers\cmdide.sys

10:22:59.0212 9236 cmdide - ok

10:22:59.0275 9236 [ 9ac4f97c2d3e93367e2148ea940cd2cd ] CNG C:\Windows\system32\Drivers\cng.sys

10:22:59.0323 9236 CNG - ok

10:22:59.0333 9236 [ 102de219c3f61415f964c88e9085ad14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys

10:22:59.0342 9236 Compbatt - ok

10:22:59.0360 9236 [ 03edb043586cceba243d689bdda370a8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys

10:22:59.0379 9236 CompositeBus - ok

10:22:59.0385 9236 COMSysApp - ok

10:22:59.0408 9236 [ 1c827878a998c18847245fe1f34ee597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys

10:22:59.0418 9236 crcdisk - ok

10:22:59.0474 9236 [ 4f5414602e2544a4554d95517948b705 ] CryptSvc C:\Windows\system32\cryptsvc.dll

10:22:59.0494 9236 CryptSvc - ok

10:22:59.0528 9236 [ 5c627d1b1138676c0a7ab2c2c190d123 ] DcomLaunch C:\Windows\system32\rpcss.dll

10:22:59.0573 9236 DcomLaunch - ok

10:22:59.0597 9236 [ 3cec7631a84943677aa8fa8ee5b6b43d ] defragsvc C:\Windows\System32\defragsvc.dll

10:22:59.0635 9236 defragsvc - ok

10:22:59.0656 9236 [ 9bb2ef44eaa163b29c4a4587887a0fe4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys

10:22:59.0689 9236 DfsC - ok

10:22:59.0714 9236 [ 43d808f5d9e1a18e5eeb5ebc83969e4e ] Dhcp C:\Windows\system32\dhcpcore.dll

10:22:59.0767 9236 Dhcp - ok

10:22:59.0780 9236 [ 13096b05847ec78f0977f2c0f79e9ab3 ] discache C:\Windows\system32\drivers\discache.sys

10:22:59.0820 9236 discache - ok

10:22:59.0850 9236 [ 9819eee8b5ea3784ec4af3b137a5244c ] Disk C:\Windows\system32\drivers\disk.sys

10:22:59.0860 9236 Disk - ok

10:22:59.0888 9236 [ 16835866aaa693c7d7fceba8fff706e4 ] Dnscache C:\Windows\System32\dnsrslvr.dll

10:22:59.0957 9236 Dnscache - ok

10:22:59.0979 9236 [ b1fb3ddca0fdf408750d5843591afbc6 ] dot3svc C:\Windows\System32\dot3svc.dll

10:23:00.0046 9236 dot3svc - ok

10:23:00.0065 9236 [ b26f4f737e8f9df4f31af6cf31d05820 ] DPS C:\Windows\system32\dps.dll

10:23:00.0112 9236 DPS - ok

10:23:00.0191 9236 [ f7bda38afbda04f0a89deba767eeda79 ] DragonSvc C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe

10:23:00.0202 9236 DragonSvc - ok

10:23:00.0221 9236 [ 9b19f34400d24df84c858a421c205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys

10:23:00.0242 9236 drmkaud - ok

10:23:00.0267 9236 [ f5bee30450e18e6b83a5012c100616fd ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys

10:23:00.0292 9236 DXGKrnl - ok

10:23:00.0313 9236 [ e2dda8726da9cb5b2c4000c9018a9633 ] EapHost C:\Windows\System32\eapsvc.dll

10:23:00.0350 9236 EapHost - ok

10:23:00.0412 9236 [ dc5d737f51be844d8c82c695eb17372f ] ebdrv C:\Windows\system32\drivers\evbda.sys

10:23:00.0464 9236 ebdrv - ok

10:23:00.0542 9236 [ 4353ff94d47a0a9d52b89eccf0cdb013 ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys

10:23:00.0559 9236 eeCtrl - ok

10:23:00.0617 9236 [ c118a82cd78818c29ab228366ebf81c3 ] EFS C:\Windows\System32\lsass.exe

10:23:00.0681 9236 EFS - ok

10:23:00.0735 9236 [ c4002b6b41975f057d98c439030cea07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe

10:23:00.0810 9236 ehRecvr - ok

10:23:00.0851 9236 [ 4705e8ef9934482c5bb488ce28afc681 ] ehSched C:\Windows\ehome\ehsched.exe

10:23:00.0863 9236 ehSched - ok

10:23:00.0882 9236 [ 0e5da5369a0fcaea12456dd852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys

10:23:00.0900 9236 elxstor - ok

10:23:00.0979 9236 [ c5bccb378d0a896304a3e71be7215983 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

10:23:00.0990 9236 EraserUtilRebootDrv - ok

10:23:01.0005 9236 [ 34a3c54752046e79a126e15c51db409b ] ErrDev C:\Windows\system32\drivers\errdev.sys

10:23:01.0023 9236 ErrDev - ok

10:23:01.0066 9236 [ 4166f82be4d24938977dd1746be9b8a0 ] EventSystem C:\Windows\system32\es.dll

10:23:01.0108 9236 EventSystem - ok

10:23:01.0136 9236 [ a510c654ec00c1e9bdd91eeb3a59823b ] exfat C:\Windows\system32\drivers\exfat.sys

10:23:01.0164 9236 exfat - ok

10:23:01.0306 9236 [ e3011c974d3997618f515b493b31a40f ] ExpressAccountsService C:\Program Files (x86)\NCH Software\ExpressAccounts\expressaccounts.exe

10:23:01.0351 9236 ExpressAccountsService ( UnsignedFile.Multi.Generic ) - warning

10:23:01.0351 9236 ExpressAccountsService - detected UnsignedFile.Multi.Generic (1)

10:23:01.0502 9236 [ 785b9452cf862d81305ad5cfef4bf68e ] ExpressInvoiceService C:\Program Files (x86)\NCH Software\ExpressInvoice\expressinvoice.exe

10:23:01.0548 9236 ExpressInvoiceService ( UnsignedFile.Multi.Generic ) - warning

10:23:01.0548 9236 ExpressInvoiceService - detected UnsignedFile.Multi.Generic (1)

10:23:01.0566 9236 [ 0adc83218b66a6db380c330836f3e36d ] fastfat C:\Windows\system32\drivers\fastfat.sys

10:23:01.0605 9236 fastfat - ok

10:23:01.0648 9236 [ dbefd454f8318a0ef691fdd2eaab44eb ] Fax C:\Windows\system32\fxssvc.exe

10:23:01.0713 9236 Fax - ok

10:23:01.0727 9236 [ d765d19cd8ef61f650c384f62fac00ab ] fdc C:\Windows\system32\drivers\fdc.sys

10:23:01.0744 9236 fdc - ok

10:23:01.0761 9236 [ 0438cab2e03f4fb61455a7956026fe86 ] fdPHost C:\Windows\system32\fdPHost.dll

10:23:01.0795 9236 fdPHost - ok

10:23:01.0809 9236 [ 802496cb59a30349f9a6dd22d6947644 ] FDResPub C:\Windows\system32\fdrespub.dll

10:23:01.0836 9236 FDResPub - ok

10:23:01.0868 9236 [ 655661be46b5f5f3fd454e2c3095b930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys

10:23:01.0878 9236 FileInfo - ok

10:23:01.0890 9236 [ 5f671ab5bc87eea04ec38a6cd5962a47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys

10:23:01.0927 9236 Filetrace - ok

10:23:01.0938 9236 [ c172a0f53008eaeb8ea33fe10e177af5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys

10:23:01.0949 9236 flpydisk - ok

10:23:01.0961 9236 [ da6b67270fd9db3697b20fce94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys

10:23:01.0976 9236 FltMgr - ok

10:23:02.0015 9236 [ 5c4cb4086fb83115b153e47add961a0c ] FontCache C:\Windows\system32\FntCache.dll

10:23:02.0058 9236 FontCache - ok

10:23:02.0099 9236 [ a8b7f3818ab65695e3a0bb3279f6dce6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

10:23:02.0107 9236 FontCache3.0.0.0 - ok

10:23:02.0125 9236 [ d43703496149971890703b4b1b723eac ] FsDepends C:\Windows\system32\drivers\FsDepends.sys

10:23:02.0136 9236 FsDepends - ok

10:23:02.0163 9236 [ 6bd9295cc032dd3077c671fccf579a7b ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys

10:23:02.0173 9236 Fs_Rec - ok

10:23:02.0207 9236 [ 1f7b25b858fa27015169fe95e54108ed ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys

10:23:02.0221 9236 fvevol - ok

10:23:02.0253 9236 [ 8c778d335c9d272cfd3298ab02abe3b6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys

10:23:02.0263 9236 gagp30kx - ok

10:23:02.0291 9236 [ c403c5db49a0f9aaf4f2128edc0106d8 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe

10:23:02.0302 9236 GamesAppService - ok

10:23:02.0320 9236 [ af4dee5531395dee72b35b36c9671fd0 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

10:23:02.0329 9236 GEARAspiWDM - ok

10:23:02.0366 9236 [ 9ba22aee7f531ef9ce085cc2e1112bc4 ] GIDv2 C:\Windows\system32\drivers\GIDv2.sys

10:23:02.0376 9236 GIDv2 - ok

10:23:02.0531 9236 [ a4a2158e8ae73a57f0f1dfd3219a9101 ] GladFileMonSvc C:\Program Files (x86)\Nuance\Nuance Cloud Connector\GladFileMonSvc.exe

10:23:02.0539 9236 GladFileMonSvc - ok

10:23:02.0562 9236 [ 277bbc7e1aa1ee957f573a10eca7ef3a ] gpsvc C:\Windows\System32\gpsvc.dll

10:23:02.0599 9236 gpsvc - ok

10:23:02.0720 9236 [ f02a533f517eb38333cb12a9e8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

10:23:02.0730 9236 gupdate - ok

10:23:02.0741 9236 [ f02a533f517eb38333cb12a9e8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

10:23:02.0750 9236 gupdatem - ok

10:23:02.0767 9236 [ f2523ef6460fc42405b12248338ab2f0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys

10:23:02.0825 9236 hcw85cir - ok

10:23:02.0855 9236 [ 975761c778e33cd22498059b91e7373a ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys

10:23:02.0881 9236 HdAudAddService - ok

10:23:02.0906 9236 [ 97bfed39b6b79eb12cddbfeed51f56bb ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys

10:23:02.0925 9236 HDAudBus - ok

10:23:02.0949 9236 [ 78e86380454a7b10a5eb255dc44a355f ] HidBatt C:\Windows\system32\drivers\HidBatt.sys

10:23:02.0968 9236 HidBatt - ok

10:23:02.0986 9236 [ 7fd2a313f7afe5c4dab14798c48dd104 ] HidBth C:\Windows\system32\drivers\hidbth.sys

10:23:03.0000 9236 HidBth - ok

10:23:03.0015 9236 [ 0a77d29f311b88cfae3b13f9c1a73825 ] HidIr C:\Windows\system32\drivers\hidir.sys

10:23:03.0028 9236 HidIr - ok

10:23:03.0051 9236 [ bd9eb3958f213f96b97b1d897dee006d ] hidserv C:\Windows\system32\hidserv.dll

10:23:03.0078 9236 hidserv - ok

10:23:03.0116 9236 [ 9592090a7e2b61cd582b612b6df70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys

10:23:03.0127 9236 HidUsb - ok

10:23:03.0140 9236 [ 387e72e739e15e3d37907a86d9ff98e2 ] hkmsvc C:\Windows\system32\kmsvc.dll

10:23:03.0177 9236 hkmsvc - ok

10:23:03.0197 9236 [ efdfb3dd38a4376f93e7985173813abd ] HomeGroupListener C:\Windows\system32\ListSvc.dll

10:23:03.0219 9236 HomeGroupListener - ok

10:23:03.0240 9236 [ 908acb1f594274965a53926b10c81e89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll

10:23:03.0266 9236 HomeGroupProvider - ok

10:23:03.0346 9236 [ 13bb1114451c63bfb41ba7daa4d70a29 ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

10:23:03.0354 9236 HP Support Assistant Service - ok

10:23:03.0401 9236 [ 7b8c1b09c11e8db7c4480abd7d17e821 ] HPAuto C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe

10:23:03.0419 9236 HPAuto - ok

10:23:03.0444 9236 [ 6a181452d4e240b8ecc7614b9a19bde9 ] HPClientSvc C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe

10:23:03.0457 9236 HPClientSvc - ok

10:23:03.0539 9236 [ bcc4a8b2e2e902f52e7f2e7d8e125765 ] HPDrvMntSvc.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

10:23:03.0547 9236 HPDrvMntSvc.exe - ok

10:23:03.0603 9236 [ ec9739a46f1f83c6e52a7a4697f44a65 ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe

10:23:03.0623 9236 hpqwmiex - ok

10:23:03.0647 9236 [ 39d2abcd392f3d8a6dce7b60ae7b8efc ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys

10:23:03.0658 9236 HpSAMD - ok

10:23:03.0691 9236 [ 0ea7de1acb728dd5a369fd742d6eee28 ] HTTP C:\Windows\system32\drivers\HTTP.sys

10:23:03.0734 9236 HTTP - ok

10:23:03.0739 9236 [ a5462bd6884960c9dc85ed49d34ff392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys

10:23:03.0748 9236 hwpolicy - ok

10:23:03.0786 9236 [ fa55c73d4affa7ee23ac4be53b4592d3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys

10:23:03.0798 9236 i8042prt - ok

10:23:03.0849 9236 [ aaaf44db3bd0b9d1fb6969b23ecc8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys

10:23:03.0865 9236 iaStorV - ok

10:23:03.0906 9236 [ 5988fc40f8db5b0739cd1e3a5d0d78bd ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

10:23:03.0927 9236 idsvc - ok

10:23:04.0070 9236 [ ce0bf35c79e03bb89da6b14fac838605 ] IDSVia64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\IPSDefs\20120815.002\IDSvia64.sys

10:23:04.0087 9236 IDSVia64 - ok

10:23:04.0203 9236 [ a744324e96d6c12a007a4a11e910afdb ] IDVaultSvc C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe

10:23:04.0241 9236 IDVaultSvc - ok

10:23:04.0510 9236 [ a87261ef1546325b559374f5689cf5bc ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys

10:23:04.0620 9236 igfx - ok

10:23:04.0639 9236 [ 5c18831c61933628f5bb0ea2675b9d21 ] iirsp C:\Windows\system32\drivers\iirsp.sys

10:23:04.0649 9236 iirsp - ok

10:23:04.0675 9236 [ fcd84c381e0140af901e58d48882d26b ] IKEEXT C:\Windows\System32\ikeext.dll

10:23:04.0717 9236 IKEEXT - ok

10:23:04.0773 9236 [ 589b94a9b73a0e819ff873743a480834 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys

10:23:04.0821 9236 IntcAzAudAddService - ok

10:23:04.0832 9236 [ f00f20e70c6ec3aa366910083a0518aa ] intelide C:\Windows\system32\drivers\intelide.sys

10:23:04.0842 9236 intelide - ok

10:23:04.0867 9236 [ ada036632c664caa754079041cf1f8c1 ] intelppm C:\Windows\system32\drivers\intelppm.sys

10:23:04.0889 9236 intelppm - ok

10:23:04.0909 9236 [ 098a91c54546a3b878dad6a7e90a455b ] IPBusEnum C:\Windows\system32\ipbusenum.dll

10:23:04.0946 9236 IPBusEnum - ok

10:23:04.0964 9236 [ c9f0e1bd74365a8771590e9008d22ab6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys

10:23:04.0989 9236 IpFilterDriver - ok

10:23:05.0005 9236 [ a34a587fffd45fa649fba6d03784d257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll

10:23:05.0050 9236 iphlpsvc - ok

10:23:05.0077 9236 [ 0fc1aea580957aa8817b8f305d18ca3a ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys

10:23:05.0096 9236 IPMIDRV - ok

10:23:05.0102 9236 [ af9b39a7e7b6caa203b3862582e9f2d0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys

10:23:05.0129 9236 IPNAT - ok

10:23:05.0211 9236 [ a9ab99ee7d39725eafec82732d2b3271 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe

10:23:05.0234 9236 iPod Service - ok

10:23:05.0260 9236 [ 3abf5e7213eb28966d55d58b515d5ce9 ] IRENUM C:\Windows\system32\drivers\irenum.sys

10:23:05.0275 9236 IRENUM - ok

10:23:05.0286 9236 [ 2f7b28dc3e1183e5eb418df55c204f38 ] isapnp C:\Windows\system32\drivers\isapnp.sys

10:23:05.0296 9236 isapnp - ok

10:23:05.0312 9236 [ d931d7309deb2317035b07c9f9e6b0bd ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys

10:23:05.0326 9236 iScsiPrt - ok

10:23:05.0397 9236 [ 54f694c6cd3a1149ba3a8bdacc83badc ] ITMRTSVC C:\Program Files (x86)\CA\PPRT\bin\ITMRTSVC.exe

10:23:05.0416 9236 ITMRTSVC - ok

10:23:05.0435 9236 [ bc02336f1cba7dcc7d1213bb588a68a5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys

10:23:05.0445 9236 kbdclass - ok

10:23:05.0467 9236 [ 0705eff5b42a9db58548eec3b26bb484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys

10:23:05.0491 9236 kbdhid - ok

10:23:05.0501 9236 [ c118a82cd78818c29ab228366ebf81c3 ] KeyIso C:\Windows\system32\lsass.exe

10:23:05.0512 9236 KeyIso - ok

10:23:05.0573 9236 [ 162a5e3a691b903111526147c8d29e6d ] Kodak AiO Network Discovery Service C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe

10:23:05.0590 9236 Kodak AiO Network Discovery Service - ok

10:23:05.0608 9236 [ b5e53fca219a6491e9a1ba146a5d2452 ] Kodak AiO Status Monitor Service C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe

10:23:05.0631 9236 Kodak AiO Status Monitor Service ( UnsignedFile.Multi.Generic ) - warning

10:23:05.0632 9236 Kodak AiO Status Monitor Service - detected UnsignedFile.Multi.Generic (1)

10:23:05.0680 9236 [ 97a7070aea4c058b6418519e869a63b4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys

10:23:05.0690 9236 KSecDD - ok

10:23:05.0706 9236 [ 26c43a7c2862447ec59deda188d1da07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys

10:23:05.0718 9236 KSecPkg - ok

10:23:05.0744 9236 [ 6869281e78cb31a43e969f06b57347c4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys

10:23:05.0778 9236 ksthunk - ok

10:23:05.0807 9236 [ 6ab66e16aa859232f64deb66887a8c9c ] KtmRm C:\Windows\system32\msdtckrm.dll

10:23:05.0843 9236 KtmRm - ok

10:23:05.0868 9236 [ d9f42719019740baa6d1c6d536cbdaa6 ] LanmanServer C:\Windows\system32\srvsvc.dll

10:23:05.0902 9236 LanmanServer - ok

10:23:05.0921 9236 [ 851a1382eed3e3a7476db004f4ee3e1a ] LanmanWorkstation C:\Windows\System32\wkssvc.dll

10:23:05.0957 9236 LanmanWorkstation - ok

10:23:05.0997 9236 [ 71c6a95a5f0ccc87298c4dd0f2c3635a ] LightScribeService C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

10:23:06.0002 9236 LightScribeService ( UnsignedFile.Multi.Generic ) - warning

10:23:06.0002 9236 LightScribeService - detected UnsignedFile.Multi.Generic (1)

10:23:06.0023 9236 [ 1538831cf8ad2979a04c423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys

10:23:06.0063 9236 lltdio - ok

10:23:06.0093 9236 [ c1185803384ab3feed115f79f109427f ] lltdsvc C:\Windows\System32\lltdsvc.dll

10:23:06.0165 9236 lltdsvc - ok

10:23:06.0183 9236 [ f993a32249b66c9d622ea5592a8b76b8 ] lmhosts C:\Windows\System32\lmhsvc.dll

10:23:06.0209 9236 lmhosts - ok

10:23:06.0248 9236 [ 1a93e54eb0ece102495a51266dcdb6a6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys

10:23:06.0259 9236 LSI_FC - ok

10:23:06.0272 9236 [ 1047184a9fdc8bdbff857175875ee810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys

10:23:06.0283 9236 LSI_SAS - ok

10:23:06.0297 9236 [ 30f5c0de1ee8b5bc9306c1f0e4a75f93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys

10:23:06.0307 9236 LSI_SAS2 - ok

10:23:06.0325 9236 [ 0504eacaff0d3c8aed161c4b0d369d4a ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys

10:23:06.0336 9236 LSI_SCSI - ok

10:23:06.0358 9236 [ 43d0f98e1d56ccddb0d5254cff7b356e ] luafv C:\Windows\system32\drivers\luafv.sys

10:23:06.0397 9236 luafv - ok

10:23:06.0487 9236 [ dc8490812a3b72811ae534f423b4c206 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys

10:23:06.0496 9236 MBAMProtector - ok

10:23:06.0575 9236 [ 43683e970f008c93c9429ef428147a54 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

10:23:06.0596 9236 MBAMService - ok

10:23:06.0669 9236 [ 79d51e7f5926e8ce1b3ebecebae28cff ] mcdbus C:\Windows\system32\DRIVERS\mcdbus.sys

10:23:06.0683 9236 mcdbus - ok

10:23:06.0714 9236 [ 0be09cd858abf9df6ed259d57a1a1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll

10:23:06.0776 9236 Mcx2Svc - ok

10:23:06.0801 9236 [ a55805f747c6edb6a9080d7c633bd0f4 ] megasas C:\Windows\system32\drivers\megasas.sys

10:23:06.0810 9236 megasas - ok

10:23:06.0838 9236 [ baf74ce0072480c3b6b7c13b2a94d6b3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys

10:23:06.0851 9236 MegaSR - ok

10:23:06.0909 9236 Microsoft SharePoint Workspace Audit Service - ok

10:23:06.0939 9236 [ e40e80d0304a73e8d269f7141d77250b ] MMCSS C:\Windows\system32\mmcss.dll

10:23:06.0965 9236 MMCSS - ok

10:23:06.0984 9236 [ 800ba92f7010378b09f9ed9270f07137 ] Modem C:\Windows\system32\drivers\modem.sys

10:23:07.0017 9236 Modem - ok

10:23:07.0042 9236 [ b03d591dc7da45ece20b3b467e6aadaa ] monitor C:\Windows\system32\DRIVERS\monitor.sys

10:23:07.0062 9236 monitor - ok

10:23:07.0074 9236 [ 7d27ea49f3c1f687d357e77a470aea99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys

10:23:07.0084 9236 mouclass - ok

10:23:07.0111 9236 [ d3bf052c40b0c4166d9fd86a4288c1e6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys

10:23:07.0129 9236 mouhid - ok

10:23:07.0145 9236 [ 32e7a3d591d671a6df2db515a5cbe0fa ] mountmgr C:\Windows\system32\drivers\mountmgr.sys

10:23:07.0157 9236 mountmgr - ok

10:23:07.0262 9236 [ 46297fa8e30a6007f14118fc2b942fbc ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

10:23:07.0273 9236 MozillaMaintenance - ok

10:23:07.0284 9236 [ a44b420d30bd56e145d6a2bc8768ec58 ] mpio C:\Windows\system32\drivers\mpio.sys

10:23:07.0296 9236 mpio - ok

10:23:07.0317 9236 [ 6c38c9e45ae0ea2fa5e551f2ed5e978f ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys

10:23:07.0344 9236 mpsdrv - ok

10:23:07.0370 9236 [ 54ffc9c8898113ace189d4aa7199d2c1 ] MpsSvc C:\Windows\system32\mpssvc.dll

10:23:07.0414 9236 MpsSvc - ok

10:23:07.0501 9236 [ 9bd4dcb5412921864a7aacdedfbd1923 ] MREMP50 C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS

10:23:07.0513 9236 MREMP50 ( UnsignedFile.Multi.Generic ) - warning

10:23:07.0513 9236 MREMP50 - detected UnsignedFile.Multi.Generic (1)

10:23:07.0629 9236 [ c2758df79c83a0d12a5599a040ca1818 ] MREMP50a64 C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS

10:23:07.0638 9236 MREMP50a64 - ok

10:23:07.0641 9236 MREMPR5 - ok

10:23:07.0656 9236 MRENDIS5 - ok

10:23:07.0676 9236 [ 07c02c892e8e1a72d6bf35004f0e9c5e ] MRESP50 C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS

10:23:07.0689 9236 MRESP50 ( UnsignedFile.Multi.Generic ) - warning

10:23:07.0689 9236 MRESP50 - detected UnsignedFile.Multi.Generic (1)

10:23:07.0701 9236 [ 38bd5b32e0722752be8465d2a6da43d9 ] MRESP50a64 C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS

10:23:07.0710 9236 MRESP50a64 - ok

10:23:07.0724 9236 [ dc722758b8261e1abafd31a3c0a66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys

10:23:07.0751 9236 MRxDAV - ok

10:23:07.0768 9236 [ a5d9106a73dc88564c825d317cac68ac ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys

10:23:07.0798 9236 mrxsmb - ok

10:23:07.0849 9236 [ d711b3c1d5f42c0c2415687be09fc163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys

10:23:07.0863 9236 mrxsmb10 - ok

10:23:07.0876 9236 [ 9423e9d355c8d303e76b8cfbd8a5c30c ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys

10:23:07.0889 9236 mrxsmb20 - ok

10:23:07.0899 9236 [ c25f0bafa182cbca2dd3c851c2e75796 ] msahci C:\Windows\system32\drivers\msahci.sys

10:23:07.0909 9236 msahci - ok

10:23:07.0921 9236 [ db801a638d011b9633829eb6f663c900 ] msdsm C:\Windows\system32\drivers\msdsm.sys

10:23:07.0933 9236 msdsm - ok

10:23:07.0949 9236 [ de0ece52236cfa3ed2dbfc03f28253a8 ] MSDTC C:\Windows\System32\msdtc.exe

10:23:07.0975 9236 MSDTC - ok

10:23:08.0004 9236 [ aa3fb40e17ce1388fa1bedab50ea8f96 ] Msfs C:\Windows\system32\drivers\Msfs.sys

10:23:08.0030 9236 Msfs - ok

10:23:08.0060 9236 [ f9d215a46a8b9753f61767fa72a20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys

10:23:08.0086 9236 mshidkmdf - ok

10:23:08.0100 9236 [ d916874bbd4f8b07bfb7fa9b3ccae29d ] msisadrv C:\Windows\system32\drivers\msisadrv.sys

10:23:08.0109 9236 msisadrv - ok

10:23:08.0125 9236 [ 808e98ff49b155c522e6400953177b08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll

10:23:08.0213 9236 MSiSCSI - ok

10:23:08.0218 9236 msiserver - ok

10:23:08.0239 9236 [ 49ccf2c4fea34ffad8b1b59d49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys

10:23:08.0274 9236 MSKSSRV - ok

10:23:08.0289 9236 [ bdd71ace35a232104ddd349ee70e1ab3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys

10:23:08.0327 9236 MSPCLOCK - ok

10:23:08.0338 9236 [ 4ed981241db27c3383d72092b618a1d0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys

10:23:08.0370 9236 MSPQM - ok

10:23:08.0394 9236 [ 759a9eeb0fa9ed79da1fb7d4ef78866d ] MsRPC C:\Windows\system32\drivers\MsRPC.sys

10:23:08.0409 9236 MsRPC - ok

10:23:08.0426 9236 [ 0eed230e37515a0eaee3c2e1bc97b288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys

10:23:08.0437 9236 mssmbios - ok

10:23:08.0453 9236 [ 2e66f9ecb30b4221a318c92ac2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys

10:23:08.0485 9236 MSTEE - ok

10:23:08.0509 9236 [ 7ea404308934e675bffde8edf0757bcd ] MTConfig C:\Windows\system32\drivers\MTConfig.sys

10:23:08.0521 9236 MTConfig - ok

10:23:08.0534 9236 [ f9a18612fd3526fe473c1bda678d61c8 ] Mup C:\Windows\system32\Drivers\mup.sys

10:23:08.0544 9236 Mup - ok

10:23:08.0591 9236 [ c6948f034d7edabcfa2234d399fc78bc ] N360 C:\Program Files (x86)\Norton Security Suite\Engine\6.2.1.5\ccSvcHst.exe

10:23:08.0604 9236 N360 - ok

10:23:08.0626 9236 [ 582ac6d9873e31dfa28a4547270862dd ] napagent C:\Windows\system32\qagentRT.dll

10:23:08.0669 9236 napagent - ok

10:23:08.0697 9236 [ 1ea3749c4114db3e3161156ffffa6b33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys

10:23:08.0724 9236 NativeWifiP - ok

10:23:08.0799 9236 [ 8043d41f881d6ace40b854ad6e32217f ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20120816.048\ENG64.SYS

10:23:08.0809 9236 NAVENG - ok

10:23:08.0872 9236 [ 9a9ab2fc45d701daed465d14980f1305 ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20120816.048\EX64.SYS

10:23:08.0914 9236 NAVEX15 - ok

10:23:08.0974 9236 [ 7b2d90bbbbed11c8dfba441d34ae901e ] NBVol C:\Windows\system32\DRIVERS\NBVol.sys

10:23:08.0984 9236 NBVol - ok

10:23:09.0008 9236 [ 4fe7b5757279d82c4d171e9f7fd52a75 ] NBVolUp C:\Windows\system32\DRIVERS\NBVolUp.sys

10:23:09.0017 9236 NBVolUp - ok

10:23:09.0038 9236 [ 79b47fd40d9a817e932f9d26fac0a81c ] NDIS C:\Windows\system32\drivers\ndis.sys

10:23:09.0062 9236 NDIS - ok

10:23:09.0088 9236 [ 9f9a1f53aad7da4d6fef5bb73ab811ac ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys

10:23:09.0121 9236 NdisCap - ok

10:23:09.0138 9236 [ 30639c932d9fef22b31268fe25a1b6e5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys

10:23:09.0164 9236 NdisTapi - ok

10:23:09.0174 9236 [ 136185f9fb2cc61e573e676aa5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys

10:23:09.0200 9236 Ndisuio - ok

10:23:09.0215 9236 [ 53f7305169863f0a2bddc49e116c2e11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys

10:23:09.0253 9236 NdisWan - ok

10:23:09.0270 9236 [ 015c0d8e0e0421b4cfd48cffe2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys

10:23:09.0296 9236 NDProxy - ok

10:23:09.0306 9236 [ 86743d9f5d2b1048062b14b1d84501c4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys

10:23:09.0341 9236 NetBIOS - ok

10:23:09.0355 9236 [ 09594d1089c523423b32a4229263f068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys

10:23:09.0383 9236 NetBT - ok

10:23:09.0392 9236 [ c118a82cd78818c29ab228366ebf81c3 ] Netlogon C:\Windows\system32\lsass.exe

10:23:09.0403 9236 Netlogon - ok

10:23:09.0431 9236 [ 847d3ae376c0817161a14a82c8922a9e ] Netman C:\Windows\System32\netman.dll

10:23:09.0469 9236 Netman - ok

10:23:09.0558 9236 [ d22cd77d4f0d63d1169bb35911bff12d ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

10:23:09.0569 9236 NetMsmqActivator - ok

10:23:09.0577 9236 [ d22cd77d4f0d63d1169bb35911bff12d ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

10:23:09.0589 9236 NetPipeActivator - ok

10:23:09.0609 9236 [ 5f28111c648f1e24f7dbc87cdeb091b8 ] netprofm C:\Windows\System32\netprofm.dll

10:23:09.0653 9236 netprofm - ok

10:23:09.0658 9236 [ d22cd77d4f0d63d1169bb35911bff12d ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

10:23:09.0667 9236 NetTcpActivator - ok

10:23:09.0671 9236 [ d22cd77d4f0d63d1169bb35911bff12d ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

10:23:09.0680 9236 NetTcpPortSharing - ok

10:23:09.0704 9236 [ 77889813be4d166cdab78ddba990da92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys

10:23:09.0714 9236 nfrd960 - ok

10:23:09.0836 9236 [ 56e7999ee68837453b177298542f5a75 ] NielsenUpdate C:\Program Files (x86)\NetRatingsNetSight\NetSight\NielsenUpdate.exe

10:23:09.0855 9236 NielsenUpdate - ok

10:23:09.0888 9236 [ 1ee99a89cc788ada662441d1e9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll

10:23:09.0928 9236 NlaSvc - ok

10:23:09.0969 9236 [ cd2fe9c33cfd0fe0af124e05907e5c3d ] nmservice C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe

10:23:09.0987 9236 nmservice - ok

10:23:10.0112 9236 [ 9e0eb61f9f56549e020c7af4defccead ] nnfwdk C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter9\nnfwdk64.sys

10:23:10.0121 9236 nnfwdk - ok

10:23:10.0172 9236 [ 5839a8027d6d324a7cd494051a96628c ] NOBU C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe

10:23:10.0223 9236 NOBU - ok

10:23:10.0287 9236 Norton PC Checkup Application Launcher - ok

10:23:10.0310 9236 [ 1e4c4ab5c9b8dd13179bbdc75a2a01f7 ] Npfs C:\Windows\system32\drivers\Npfs.sys

10:23:10.0336 9236 Npfs - ok

10:23:10.0357 9236 [ d54bfdf3e0c953f823b3d0bfe4732528 ] nsi C:\Windows\system32\nsisvc.dll

10:23:10.0396 9236 nsi - ok

10:23:10.0406 9236 [ e7f5ae18af4168178a642a9247c63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys

10:23:10.0433 9236 nsiproxy - ok

10:23:10.0503 9236 [ a2f74975097f52a00745f9637451fdd8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys

10:23:10.0543 9236 Ntfs - ok

10:23:10.0552 9236 [ 9899284589f75fa8724ff3d16aed75c1 ] Null C:\Windows\system32\drivers\Null.sys

10:23:10.0578 9236 Null - ok

10:23:10.0599 9236 [ 0a92cb65770442ed0dc44834632f66ad ] nvraid C:\Windows\system32\drivers\nvraid.sys

10:23:10.0633 9236 nvraid - ok

10:23:10.0667 9236 [ dab0e87525c10052bf65f06152f37e4a ] nvstor C:\Windows\system32\drivers\nvstor.sys

10:23:10.0679 9236 nvstor - ok

10:23:10.0691 9236 [ 270d7cd42d6e3979f6dd0146650f0e05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys

10:23:10.0703 9236 nv_agp - ok

10:23:10.0721 9236 [ 3589478e4b22ce21b41fa1bfc0b8b8a0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys

10:23:10.0733 9236 ohci1394 - ok

10:23:10.0801 9236 [ 9d10f99a6712e28f8acd5641e3a7ea6b ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

10:23:10.0811 9236 ose - ok

10:23:10.0940 9236 [ 61bffb5f57ad12f83ab64b7181829b34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

10:23:11.0042 9236 osppsvc - ok

10:23:11.0078 9236 [ 3eac4455472cc2c97107b5291e0dcafe ] p2pimsvc C:\Windows\system32\pnrpsvc.dll

10:23:11.0153 9236 p2pimsvc - ok

10:23:11.0172 9236 [ 927463ecb02179f88e4b9a17568c63c3 ] p2psvc C:\Windows\system32\p2psvc.dll

10:23:11.0188 9236 p2psvc - ok

10:23:11.0209 9236 [ 0086431c29c35be1dbc43f52cc273887 ] Parport C:\Windows\system32\drivers\parport.sys

10:23:11.0221 9236 Parport - ok

10:23:11.0273 9236 [ e9766131eeade40a27dc27d2d68fba9c ] partmgr C:\Windows\system32\drivers\partmgr.sys

10:23:11.0284 9236 partmgr - ok

10:23:11.0299 9236 [ 3aeaa8b561e63452c655dc0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll

10:23:11.0324 9236 PcaSvc - ok

10:23:11.0384 9236 [ 3e73b088f57666a8f0f15496f0a602ee ] pcCMService C:\Program Files (x86)\Common Files\Motive\pcCMService.exe

10:23:11.0403 9236 pcCMService ( UnsignedFile.Multi.Generic ) - warning

10:23:11.0403 9236 pcCMService - detected UnsignedFile.Multi.Generic (1)

10:23:11.0469 9236 [ 7551e3d275082c73b63ae484f72caef5 ] pcCMService64 C:\Program Files\Common Files\Motive\pcCMService.exe

10:23:11.0480 9236 pcCMService64 ( UnsignedFile.Multi.Generic ) - warning

10:23:11.0480 9236 pcCMService64 - detected UnsignedFile.Multi.Generic (1)

10:23:11.0537 9236 [ 2f86be1818c2d7ac90478e3323ee7fcb ] PCCUJobMgr C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.12.27\ccSvcHst.exe

10:23:11.0546 9236 PCCUJobMgr - ok

10:23:11.0568 9236 [ 94575c0571d1462a0f70bde6bd6ee6b3 ] pci C:\Windows\system32\drivers\pci.sys

10:23:11.0580 9236 pci - ok

10:23:11.0594 9236 [ b5b8b5ef2e5cb34df8dcf8831e3534fa ] pciide C:\Windows\system32\drivers\pciide.sys

10:23:11.0603 9236 pciide - ok

10:23:11.0615 9236 [ b2e81d4e87ce48589f98cb8c05b01f2f ] pcmcia C:\Windows\system32\drivers\pcmcia.sys

10:23:11.0627 9236 pcmcia - ok

10:23:11.0645 9236 [ a4d6449cebb5931685ae310dc2d7966d ] pcServiceHost C:\Program Files (x86)\Common Files\Motive\pcServiceHost.exe

10:23:11.0665 9236 pcServiceHost ( UnsignedFile.Multi.Generic ) - warning

10:23:11.0665 9236 pcServiceHost - detected UnsignedFile.Multi.Generic (1)

10:23:11.0688 9236 [ d6b9c2e1a11a3a4b26a182ffef18f603 ] pcw C:\Windows\system32\drivers\pcw.sys

10:23:11.0700 9236 pcw - ok

10:23:11.0808 9236 [ f82b76ca75c6b9e64663203589e627db ] PDF Suite 2012 Helper Service C:\Program Files (x86)\PDF Suite 2012\HelperService.exe

10:23:11.0827 9236 PDF Suite 2012 Helper Service - ok

10:23:11.0844 9236 [ 4a9a17fd833ef41cfb8100db554d49b0 ] PDF Suite 2012 Service C:\Program Files (x86)\PDF Suite 2012\ConversionService.exe

10:23:11.0862 9236 PDF Suite 2012 Service - ok

10:23:11.0881 9236 [ 68769c3356b3be5d1c732c97b9a80d6e ] PEAUTH C:\Windows\system32\drivers\peauth.sys

10:23:11.0927 9236 PEAUTH - ok

10:23:12.0004 9236 [ e495e408c93141e8fc72dc0c6046ddfa ] PerfHost C:\Windows\SysWow64\perfhost.exe

10:23:12.0023 9236 PerfHost - ok

10:23:12.0071 9236 [ c7cf6a6e137463219e1259e3f0f0dd6c ] pla C:\Windows\system32\pla.dll

10:23:12.0114 9236 pla - ok

10:23:12.0175 9236 [ 25fbdef06c4d92815b353f6e792c8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll

10:23:12.0212 9236 PlugPlay - ok

10:23:12.0236 9236 [ 4ff73a83a25d0eead4f5e6c841bb6704 ] pnarp C:\Windows\system32\DRIVERS\pnarp.sys

10:23:12.0243 9236 pnarp - ok

10:23:12.0252 9236 [ 7195581cec9bb7d12abe54036acc2e38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll

10:23:12.0274 9236 PNRPAutoReg - ok

10:23:12.0294 9236 [ 3eac4455472cc2c97107b5291e0dcafe ] PNRPsvc C:\Windows\system32\pnrpsvc.dll

10:23:12.0307 9236 PNRPsvc - ok

10:23:12.0339 9236 [ 4f15d75adf6156bf56eced6d4a55c389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll

10:23:12.0381 9236 PolicyAgent - ok

10:23:12.0403 9236 [ 6ba9d927dded70bd1a9caded45f8b184 ] Power C:\Windows\system32\umpo.dll

10:23:12.0441 9236 Power - ok

10:23:12.0457 9236 [ f92a2c41117a11a00be01ca01a7fcde9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys

10:23:12.0497 9236 PptpMiniport - ok

10:23:12.0521 9236 [ 0d922e23c041efb1c3fac2a6f943c9bf ] Processor C:\Windows\system32\drivers\processr.sys

10:23:12.0537 9236 Processor - ok

10:23:12.0598 9236 [ 53e83f1f6cf9d62f32801cf66d8352a8 ] ProfSvc C:\Windows\system32\profsvc.dll

10:23:12.0622 9236 ProfSvc - ok

10:23:12.0634 9236 [ c118a82cd78818c29ab228366ebf81c3 ] ProtectedStorage C:\Windows\system32\lsass.exe

10:23:12.0643 9236 ProtectedStorage - ok

10:23:12.0663 9236 [ 0557cf5a2556bd58e26384169d72438d ] Psched C:\Windows\system32\DRIVERS\pacer.sys

10:23:12.0703 9236 Psched - ok

10:23:12.0729 9236 [ 9a68a89f10f283a23afee2a1bfe4bffb ] purendis C:\Windows\system32\DRIVERS\purendis.sys

10:23:12.0737 9236 purendis - ok

10:23:12.0787 9236 [ a53a15a11ebfd21077463ee2c7afeef0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys

10:23:12.0820 9236 ql2300 - ok

10:23:12.0836 9236 [ 4f6d12b51de1aaeff7dc58c4d75423c8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys

10:23:12.0847 9236 ql40xx - ok

10:23:12.0870 9236 [ 906191634e99aea92c4816150bda3732 ] QWAVE C:\Windows\system32\qwave.dll

10:23:12.0888 9236 QWAVE - ok

10:23:12.0911 9236 [ 76707bb36430888d9ce9d705398adb6c ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys

10:23:12.0938 9236 QWAVEdrv - ok

10:23:12.0950 9236 [ 5a0da8ad5762fa2d91678a8a01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys

10:23:12.0981 9236 RasAcd - ok

10:23:13.0008 9236 [ 7ecff9b22276b73f43a99a15a6094e90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys

10:23:13.0056 9236 RasAgileVpn - ok

10:23:13.0061 9236 [ 8f26510c5383b8dbe976de1cd00fc8c7 ] RasAuto C:\Windows\System32\rasauto.dll

10:23:13.0109 9236 RasAuto - ok

10:23:13.0123 9236 [ 471815800ae33e6f1c32fb1b97c490ca ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys

10:23:13.0150 9236 Rasl2tp - ok

10:23:13.0179 9236 [ ee867a0870fc9e4972ba9eaad35651e2 ] RasMan C:\Windows\System32\rasmans.dll

10:23:13.0209 9236 RasMan - ok

10:23:13.0223 9236 [ 855c9b1cd4756c5e9a2aa58a15f58c25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys

10:23:13.0260 9236 RasPppoe - ok

10:23:13.0274 9236 [ e8b1e447b008d07ff47d016c2b0eeecb ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys

10:23:13.0314 9236 RasSstp - ok

10:23:13.0343 9236 [ 77f665941019a1594d887a74f301fa2f ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys

10:23:13.0385 9236 rdbss - ok

10:23:13.0400 9236 [ 302da2a0539f2cf54d7c6cc30c1f2d8d ] rdpbus C:\Windows\system32\drivers\rdpbus.sys

10:23:13.0412 9236 rdpbus - ok

10:23:13.0432 9236 [ cea6cc257fc9b7715f1c2b4849286d24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys

10:23:13.0458 9236 RDPCDD - ok

10:23:13.0470 9236 [ bb5971a4f00659529a5c44831af22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys

10:23:13.0503 9236 RDPENCDD - ok

10:23:13.0522 9236 [ 216f3fa57533d98e1f74ded70113177a ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys

10:23:13.0547 9236 RDPREFMP - ok

10:23:13.0601 9236 [ e61608aa35e98999af9aaeeea6114b0a ] RDPWD C:\Windows\system32\drivers\RDPWD.sys

10:23:13.0659 9236 RDPWD - ok

10:23:13.0683 9236 [ 34ed295fa0121c241bfef24764fc4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys

10:23:13.0695 9236 rdyboost - ok

10:23:13.0717 9236 [ 254fb7a22d74e5511c73a3f6d802f192 ] RemoteAccess C:\Windows\System32\mprdim.dll

10:23:13.0771 9236 RemoteAccess - ok

10:23:13.0806 9236 [ e4d94f24081440b5fc5aa556c7c62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll

10:23:13.0834 9236 RemoteRegistry - ok

10:23:13.0869 9236 [ 085d18c71ab2611a3d61528132b6501e ] RoxioNow Service C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe

10:23:13.0883 9236 RoxioNow Service - ok

10:23:13.0898 9236 [ e4dc58cf7b3ea515ae917ff0d402a7bb ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll

10:23:13.0932 9236 RpcEptMapper - ok

10:23:13.0948 9236 [ d5ba242d4cf8e384db90e6a8ed850b8c ] RpcLocator C:\Windows\system32\locator.exe

10:23:13.0959 9236 RpcLocator - ok

10:23:13.0977 9236 [ 5c627d1b1138676c0a7ab2c2c190d123 ] RpcSs C:\Windows\system32\rpcss.dll

10:23:14.0008 9236 RpcSs - ok

10:23:14.0026 9236 [ ddc86e4f8e7456261e637e3552e804ff ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys

10:23:14.0054 9236 rspndr - ok

10:23:14.0080 9236 [ afc12dfa4c7b089673ad67402ca19edb ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys

10:23:14.0096 9236 RTL8167 - ok

10:23:14.0108 9236 [ c118a82cd78818c29ab228366ebf81c3 ] SamSs C:\Windows\system32\lsass.exe

10:23:14.0119 9236 SamSs - ok

10:23:14.0147 9236 [ ac03af3329579fffb455aa2daabbe22b ] sbp2port C:\Windows\system32\drivers\sbp2port.sys

10:23:14.0158 9236 sbp2port - ok

10:23:14.0239 9236 [ 794d4b48dfb6e999537c7c3947863463 ] SBSDWSCService C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

10:23:14.0268 9236 SBSDWSCService - ok

10:23:14.0296 9236 [ 9b7395789e3791a3b6d000fe6f8b131e ] SCardSvr C:\Windows\System32\SCardSvr.dll

10:23:14.0325 9236 SCardSvr - ok

10:23:14.0341 9236 [ 253f38d0d7074c02ff8deb9836c97d2b ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys

10:23:14.0374 9236 scfilter - ok

10:23:14.0399 9236 [ 262f6592c3299c005fd6bec90fc4463a ] Schedule C:\Windows\system32\schedsvc.dll

10:23:14.0446 9236 Schedule - ok

10:23:14.0470 9236 [ f17d1d393bbc69c5322fbfafaca28c7f ] SCPolicySvc C:\Windows\System32\certprop.dll

10:23:14.0494 9236 SCPolicySvc - ok

10:23:14.0520 9236 [ 6ea4234dc55346e0709560fe7c2c1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll

10:23:14.0576 9236 SDRSVC - ok

10:23:14.0603 9236 [ 3ea8a16169c26afbeb544e0e48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys

10:23:14.0630 9236 secdrv - ok

10:23:14.0634 9236 [ bc617a4e1b4fa8df523a061739a0bd87 ] seclogon C:\Windows\system32\seclogon.dll

10:23:14.0660 9236 seclogon - ok

10:23:14.0669 9236 [ c32ab8fa018ef34c0f113bd501436d21 ] SENS C:\Windows\System32\sens.dll

10:23:14.0703 9236 SENS - ok

10:23:14.0724 9236 [ 0336cffafaab87a11541f1cf1594b2b2 ] SensrSvc C:\Windows\system32\sensrsvc.dll

10:23:14.0740 9236 SensrSvc - ok

10:23:14.0761 9236 [ cb624c0035412af0debec78c41f5ca1b ] Serenum C:\Windows\system32\drivers\serenum.sys

10:23:14.0787 9236 Serenum - ok

10:23:14.0802 9236 [ c1d8e28b2c2adfaec4ba89e9fda69bd6 ] Serial C:\Windows\system32\drivers\serial.sys

10:23:14.0814 9236 Serial - ok

10:23:14.0835 9236 [ 1c545a7d0691cc4a027396535691c3e3 ] sermouse C:\Windows\system32\drivers\sermouse.sys

10:23:14.0855 9236 sermouse - ok

10:23:14.0883 9236 [ 0b6231bf38174a1628c4ac812cc75804 ] SessionEnv C:\Windows\system32\sessenv.dll

10:23:14.0924 9236 SessionEnv - ok

10:23:14.0941 9236 [ a554811bcd09279536440c964ae35bbf ] sffdisk C:\Windows\system32\drivers\sffdisk.sys

10:23:14.0967 9236 sffdisk - ok

10:23:14.0981 9236 [ ff414f0baefeba59bc6c04b3db0b87bf ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys

10:23:14.0994 9236 sffp_mmc - ok

10:23:15.0010 9236 [ dd85b78243a19b59f0637dcf284da63c ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys

10:23:15.0022 9236 sffp_sd - ok

10:23:15.0044 9236 [ a9d601643a1647211a1ee2ec4e433ff4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys

10:23:15.0067 9236 sfloppy - ok

10:23:15.0094 9236 [ b95f6501a2f8b2e78c697fec401970ce ] SharedAccess C:\Windows\System32\ipnathlp.dll

10:23:15.0147 9236 SharedAccess - ok

10:23:15.0187 9236 [ aaf932b4011d14052955d4b212a4da8d ] ShellHWDetection C:\Windows\System32\shsvcs.dll

10:23:15.0225 9236 ShellHWDetection - ok

10:23:15.0243 9236 [ 843caf1e5fde1ffd5ff768f23a51e2e1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys

10:23:15.0253 9236 SiSRaid2 - ok

10:23:15.0263 9236 [ 6a6c106d42e9ffff8b9fcb4f754f6da4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys

10:23:15.0274 9236 SiSRaid4 - ok

10:23:15.0294 9236 [ 548260a7b8654e024dc30bf8a7c5baa4 ] Smb C:\Windows\system32\DRIVERS\smb.sys

10:23:15.0330 9236 Smb - ok

10:23:15.0354 9236 [ 6313f223e817cc09aa41811daa7f541d ] SNMPTRAP C:\Windows\System32\snmptrap.exe

10:23:15.0379 9236 SNMPTRAP - ok

10:23:15.0396 9236 [ b9e31e5cacdfe584f34f730a677803f9 ] spldr C:\Windows\system32\drivers\spldr.sys

10:23:15.0406 9236 spldr - ok

10:23:15.0465 9236 [ 85daa09a98c9286d4ea2ba8d0e644377 ] Spooler C:\Windows\System32\spoolsv.exe

10:23:15.0506 9236 Spooler - ok

10:23:15.0581 9236 [ e17e0188bb90fae42d83e98707efa59c ] sppsvc C:\Windows\system32\sppsvc.exe

10:23:15.0666 9236 sppsvc - ok

10:23:15.0682 9236 [ 93d7d61317f3d4bc4f4e9f8a96a7de45 ] sppuinotify C:\Windows\system32\sppuinotify.dll

10:23:15.0709 9236 sppuinotify - ok

10:23:15.0819 9236 [ c3716ec0d36ad924b6888d794563e647 ] sprtsvc_ddoctorv2 C:\Program Files (x86)\Comcast\Desktop Doctor\bin\sprtsvc.exe

10:23:15.0829 9236 sprtsvc_ddoctorv2 - ok

10:23:15.0931 9236 [ 06b9a7ba94356ec5207c5ddb59540378 ] SRTSP C:\Windows\System32\Drivers\N360x64\0602010.005\SRTSP64.SYS

10:23:15.0951 9236 SRTSP - ok

10:23:15.0958 9236 [ fbb8945a61e55a2345d12487c74a9d76 ] SRTSPX C:\Windows\system32\drivers\N360x64\0602010.005\SRTSPX64.SYS

10:23:15.0967 9236 SRTSPX - ok

10:23:16.0022 9236 [ 441fba48bff01fdb9d5969ebc1838f0b ] srv C:\Windows\system32\DRIVERS\srv.sys

10:23:16.0088 9236 srv - ok

10:23:16.0101 9236 [ b4adebbf5e3677cce9651e0f01f7cc28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys

10:23:16.0123 9236 srv2 - ok

10:23:16.0137 9236 [ 27e461f0be5bff5fc737328f749538c3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys

10:23:16.0149 9236 srvnet - ok

10:23:16.0180 9236 [ 51b52fbd583cde8aa9ba62b8b4298f33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll

10:23:16.0221 9236 SSDPSRV - ok

10:23:16.0245 9236 [ ab7aebf58dad8daab7a6c45e6a8885cb ] SstpSvc C:\Windows\system32\sstpsvc.dll

10:23:16.0272 9236 SstpSvc - ok

10:23:16.0286 9236 [ f3817967ed533d08327dc73bc4d5542a ] stexstor C:\Windows\system32\drivers\stexstor.sys

10:23:16.0296 9236 stexstor - ok

10:23:16.0313 9236 [ decacb6921ded1a38642642685d77dac ] StillCam C:\Windows\system32\DRIVERS\serscan.sys

10:23:16.0332 9236 StillCam - ok

10:23:16.0370 9236 [ 8dd52e8e6128f4b2da92ce27402871c1 ] stisvc C:\Windows\System32\wiaservc.dll

10:23:16.0392 9236 stisvc - ok

10:23:16.0408 9236 [ d01ec09b6711a5f8e7e6564a4d0fbc90 ] swenum C:\Windows\system32\drivers\swenum.sys

10:23:16.0418 9236 swenum - ok

10:23:16.0509 9236 [ f577910a133a592234ebaad3f3afa258 ] SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

10:23:16.0549 9236 SwitchBoard ( UnsignedFile.Multi.Generic ) - warning

10:23:16.0549 9236 SwitchBoard - detected UnsignedFile.Multi.Generic (1)

10:23:16.0569 9236 [ e08e46fdd841b7184194011ca1955a0b ] swprv C:\Windows\System32\swprv.dll

10:23:16.0618 9236 swprv - ok

10:23:16.0688 9236 [ 8b2430762099598da40686f754632efd ] SymDS C:\Windows\system32\drivers\N360x64\0602010.005\SYMDS64.SYS

10:23:16.0703 9236 SymDS - ok

10:23:16.0735 9236 [ f90c7a190399165d3ab2245048d34786 ] SymEFA C:\Windows\system32\drivers\N360x64\0602010.005\SYMEFA64.SYS

10:23:16.0762 9236 SymEFA - ok

10:23:16.0783 9236 [ 898bb48c797483420df523b2bbc1ecdb ] SymEvent C:\Windows\system32\Drivers\SYMEVENT64x86.SYS

10:23:16.0793 9236 SymEvent - ok

10:23:16.0807 9236 [ 5013a76caaa1d7cf1c55214b490b4e35 ] SymIRON C:\Windows\system32\drivers\N360x64\0602010.005\Ironx64.SYS

10:23:16.0818 9236 SymIRON - ok

10:23:16.0883 9236 [ 3911bd0e68c010e5438a87706abbe9ab ] SymNetS C:\Windows\System32\Drivers\N360x64\0602010.005\SYMNETS.SYS

10:23:16.0898 9236 SymNetS - ok

10:23:16.0947 9236 [ bf9ccc0bf39b418c8d0ae8b05cf95b7d ] SysMain C:\Windows\system32\sysmain.dll

10:23:16.0993 9236 SysMain - ok

10:23:17.0013 9236 [ e3c61fd7b7c2557e1f1b0b4cec713585 ] TabletInputService C:\Windows\System32\TabSvc.dll

10:23:17.0029 9236 TabletInputService - ok

10:23:17.0047 9236 [ 40f0849f65d13ee87b9a9ae3c1dd6823 ] TapiSrv C:\Windows\System32\tapisrv.dll

10:23:17.0084 9236 TapiSrv - ok

10:23:17.0101 9236 [ 1be03ac720f4d302ea01d40f588162f6 ] TBS C:\Windows\System32\tbssvc.dll

10:23:17.0128 9236 TBS - ok

10:23:17.0206 9236 [ acb82bda8f46c84f465c1afa517dc4b9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys

10:23:17.0246 9236 Tcpip - ok

10:23:17.0280 9236 [ acb82bda8f46c84f465c1afa517dc4b9 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys

10:23:17.0309 9236 TCPIP6 - ok

10:23:17.0327 9236 [ df687e3d8836bfb04fcc0615bf15a519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys

10:23:17.0364 9236 tcpipreg - ok

10:23:17.0376 9236 [ 3371d21011695b16333a3934340c4e7c ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys

10:23:17.0400 9236 TDPIPE - ok

10:23:17.0449 9236 [ 51c5eceb1cdee2468a1748be550cfbc8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys

10:23:17.0473 9236 TDTCP - ok

10:23:17.0499 9236 [ ddad5a7ab24d8b65f8d724f5c20fd806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys

10:23:17.0525 9236 tdx - ok

10:23:17.0550 9236 [ 561e7e1f06895d78de991e01dd0fb6e5 ] TermDD C:\Windows\system32\drivers\termdd.sys

10:23:17.0560 9236 TermDD - ok

10:23:17.0584 9236 [ 2e648163254233755035b46dd7b89123 ] TermService C:\Windows\System32\termsrv.dll

10:23:17.0631 9236 TermService - ok

10:23:17.0648 9236 [ f0344071948d1a1fa732231785a0664c ] Themes C:\Windows\system32\themeservice.dll

10:23:17.0662 9236 Themes - ok

10:23:17.0688 9236 [ e40e80d0304a73e8d269f7141d77250b ] THREADORDER C:\Windows\system32\mmcss.dll

10:23:17.0713 9236 THREADORDER - ok

10:23:17.0741 9236 [ 7e7afd841694f6ac397e99d75cead49d ] TrkWks C:\Windows\System32\trkwks.dll

10:23:17.0776 9236 TrkWks - ok

10:23:17.0817 9236 [ 773212b2aaa24c1e31f10246b15b276c ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe

10:23:17.0857 9236 TrustedInstaller - ok

10:23:17.0887 9236 [ ce18b2cdfc837c99e5fae9ca6cba5d30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys

10:23:17.0918 9236 tssecsrv - ok

10:23:17.0945 9236 [ d11c783e3ef9a3c52c0ebe83cc5000e9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys

10:23:18.0000 9236 TsUsbFlt - ok

10:23:18.0014 9236 [ 9cc2ccae8a84820eaecb886d477cbcb8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys

10:23:18.0025 9236 TsUsbGD - ok

10:23:18.0044 9236 [ 3566a8daafa27af944f5d705eaa64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys

10:23:18.0077 9236 tunnel - ok

10:23:18.0097 9236 [ b4dd609bd7e282bfc683cec7eaaaad67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys

10:23:18.0107 9236 uagp35 - ok

10:23:18.0127 9236 [ ff4232a1a64012baa1fd97c7b67df593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys

10:23:18.0163 9236 udfs - ok

10:23:18.0188 9236 [ 3cbdec8d06b9968aba702eba076364a1 ] UI0Detect C:\Windows\system32\UI0Detect.exe

10:23:18.0200 9236 UI0Detect - ok

10:23:18.0213 9236 [ 4bfe1bc28391222894cbf1e7d0e42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys

10:23:18.0224 9236 uliagpkx - ok

10:23:18.0232 9236 [ dc54a574663a895c8763af0fa1ff7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys

10:23:18.0252 9236 umbus - ok

10:23:18.0269 9236 [ b2e8e8cb557b156da5493bbddcc1474d ] UmPass C:\Windows\system32\drivers\umpass.sys

10:23:18.0286 9236 UmPass - ok

10:23:18.0307 9236 [ d47ec6a8e81633dd18d2436b19baf6de ] upnphost C:\Windows\System32\upnphost.dll

10:23:18.0349 9236 upnphost - ok

10:23:18.0406 9236 [ fb251567f41bc61988b26731dec19e4b ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys

10:23:18.0471 9236 USBAAPL64 - ok

10:23:18.0508 9236 [ 82e8f44688e6fac57b5b7c6fc7adbc2a ] usbaudio C:\Windows\system32\drivers\usbaudio.sys

10:23:18.0536 9236 usbaudio - ok

10:23:18.0584 9236 [ 6f1a3157a1c89435352ceb543cdb359c ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys

10:23:18.0666 9236 usbccgp - ok

10:23:18.0712 9236 [ af0892a803fdda7492f595368e3b68e7 ] usbcir C:\Windows\system32\drivers\usbcir.sys

10:23:18.0725 9236 usbcir - ok

10:23:18.0742 9236 [ c025055fe7b87701eb042095df1a2d7b ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys

10:23:18.0781 9236 usbehci - ok

10:23:18.0811 9236 [ 2c780746dc44a28fe67004dc58173f05 ] usbfilter C:\Windows\system32\drivers\usbfilter.sys

10:23:18.0820 9236 usbfilter - ok

10:23:18.0844 9236 [ 287c6c9410b111b68b52ca298f7b8c24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys

10:23:18.0870 9236 usbhub - ok

10:23:18.0889 9236 [ 9840fc418b4cbd632d3d0a667a725c31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys

10:23:18.0912 9236 usbohci - ok

10:23:18.0929 9236 [ 73188f58fb384e75c4063d29413cee3d ] usbprint C:\Windows\system32\drivers\usbprint.sys

10:23:18.0949 9236 usbprint - ok

10:23:18.0962 9236 [ fed648b01349a3c8395a5169db5fb7d6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS

10:23:19.0022 9236 USBSTOR - ok

10:23:19.0080 9236 [ 62069a34518bcf9c1fd9e74b3f6db7cd ] usbuhci C:\Windows\system32\drivers\usbuhci.sys

10:23:19.0099 9236 usbuhci - ok

10:23:19.0117 9236 [ edbb23cbcf2cdf727d64ff9b51a6070e ] UxSms C:\Windows\System32\uxsms.dll

10:23:19.0155 9236 UxSms - ok

10:23:19.0175 9236 [ c118a82cd78818c29ab228366ebf81c3 ] VaultSvc C:\Windows\system32\lsass.exe

10:23:19.0185 9236 VaultSvc - ok

10:23:19.0206 9236 [ c5c876ccfc083ff3b128f933823e87bd ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys

10:23:19.0217 9236 vdrvroot - ok

10:23:19.0231 9236 [ 8d6b481601d01a456e75c3210f1830be ] vds C:\Windows\System32\vds.exe

10:23:19.0272 9236 vds - ok

10:23:19.0297 9236 [ da4da3f5e02943c2dc8c6ed875de68dd ] vga C:\Windows\system32\DRIVERS\vgapnp.sys

10:23:19.0310 9236 vga - ok

10:23:19.0320 9236 [ 53e92a310193cb3c03bea963de7d9cfc ] VgaSave C:\Windows\System32\drivers\vga.sys

10:23:19.0354 9236 VgaSave - ok

10:23:19.0375 9236 [ 2ce2df28c83aeaf30084e1b1eb253cbb ] vhdmp C:\Windows\system32\drivers\vhdmp.sys

10:23:19.0388 9236 vhdmp - ok

10:23:19.0405 9236 [ e5689d93ffe4e5d66c0178761240dd54 ] viaide C:\Windows\system32\drivers\viaide.sys

10:23:19.0415 9236 viaide - ok

10:23:19.0436 9236 [ d2aafd421940f640b407aefaaebd91b0 ] volmgr C:\Windows\system32\drivers\volmgr.sys

10:23:19.0446 9236 volmgr - ok

10:23:19.0462 9236 [ a255814907c89be58b79ef2f189b843b ] volmgrx C:\Windows\system32\drivers\volmgrx.sys

10:23:19.0477 9236 volmgrx - ok

10:23:19.0492 9236 [ 0d08d2f3b3ff84e433346669b5e0f639 ] volsnap C:\Windows\system32\drivers\volsnap.sys

10:23:19.0506 9236 volsnap - ok

10:23:19.0530 9236 [ 5e2016ea6ebaca03c04feac5f330d997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys

10:23:19.0542 9236 vsmraid - ok

10:23:19.0575 9236 [ b60ba0bc31b0cb414593e169f6f21cc2 ] VSS C:\Windows\system32\vssvc.exe

10:23:19.0631 9236 VSS - ok

10:23:19.0654 9236 [ 36d4720b72b5c5d9cb2b9c29e9df67a1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys

10:23:19.0711 9236 vwifibus - ok

10:23:19.0729 9236 [ 1c9d80cc3849b3788048078c26486e1a ] W32Time C:\Windows\system32\w32time.dll

10:23:19.0760 9236 W32Time - ok

10:23:19.0778 9236 [ 4e9440f4f152a7b944cb1663d3935a3e ] WacomPen C:\Windows\system32\drivers\wacompen.sys

10:23:19.0790 9236 WacomPen - ok

10:23:19.0808 9236 [ 356afd78a6ed4457169241ac3965230c ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys

10:23:19.0842 9236 WANARP - ok

10:23:19.0846 9236 [ 356afd78a6ed4457169241ac3965230c ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys

10:23:19.0872 9236 Wanarpv6 - ok

10:23:19.0937 9236 [ 3cec96de223e49eaae3651fcf8faea6c ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe

10:23:19.0989 9236 WatAdminSvc - ok

10:23:20.0042 9236 [ 78f4e7f5c56cb9716238eb57da4b6a75 ] wbengine C:\Windows\system32\wbengine.exe

10:23:20.0093 9236 wbengine - ok

10:23:20.0104 9236 [ 3aa101e8edab2db4131333f4325c76a3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll

10:23:20.0121 9236 WbioSrvc - ok

10:23:20.0137 9236 [ 7368a2afd46e5a4481d1de9d14848edd ] wcncsvc C:\Windows\System32\wcncsvc.dll

10:23:20.0167 9236 wcncsvc - ok

10:23:20.0179 9236 [ 20f7441334b18cee52027661df4a6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll

10:23:20.0242 9236 WcsPlugInService - ok

10:23:20.0255 9236 [ 72889e16ff12ba0f235467d6091b17dc ] Wd C:\Windows\system32\drivers\wd.sys

10:23:20.0264 9236 Wd - ok

10:23:20.0296 9236 [ 441bd2d7b4f98134c3a4f9fa570fd250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys

10:23:20.0316 9236 Wdf01000 - ok

10:23:20.0331 9236 [ bf1fc3f79b863c914687a737c2f3d681 ] WdiServiceHost C:\Windows\system32\wdi.dll

10:23:20.0386 9236 WdiServiceHost - ok

10:23:20.0390 9236 [ bf1fc3f79b863c914687a737c2f3d681 ] WdiSystemHost C:\Windows\system32\wdi.dll

10:23:20.0404 9236 WdiSystemHost - ok

10:23:20.0420 9236 [ 3db6d04e1c64272f8b14eb8bc4616280 ] WebClient C:\Windows\System32\webclnt.dll

10:23:20.0446 9236 WebClient - ok

10:23:20.0460 9236 [ c749025a679c5103e575e3b48e092c43 ] Wecsvc C:\Windows\system32\wecsvc.dll

10:23:20.0489 9236 Wecsvc - ok

10:23:20.0504 9236 [ 7e591867422dc788b9e5bd337a669a08 ] wercplsupport C:\Windows\System32\wercplsupport.dll

10:23:20.0532 9236 wercplsupport - ok

10:23:20.0549 9236 [ 6d137963730144698cbd10f202e9f251 ] WerSvc C:\Windows\System32\WerSvc.dll

10:23:20.0587 9236 WerSvc - ok

10:23:20.0612 9236 [ 611b23304bf067451a9fdee01fbdd725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys

10:23:20.0638 9236 WfpLwf - ok

10:23:20.0651 9236 [ 05ecaec3e4529a7153b3136ceb49f0ec ] WIMMount C:\Windows\system32\drivers\wimmount.sys

10:23:20.0660 9236 WIMMount - ok

10:23:20.0670 9236 WinDefend - ok

10:23:20.0677 9236 WinHttpAutoProxySvc - ok

10:23:20.0720 9236 [ 19b07e7e8915d701225da41cb3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll

10:23:20.0760 9236 Winmgmt - ok

10:23:20.0802 9236 [ bcb1310604aa415c4508708975b3931e ] WinRM C:\Windows\system32\WsmSvc.dll

10:23:20.0855 9236 WinRM - ok

10:23:20.0939 9236 [ fe88b288356e7b47b74b13372add906d ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys

10:23:20.0972 9236 WinUsb - ok

10:23:21.0007 9236 [ 4fada86e62f18a1b2f42ba18ae24e6aa ] Wlansvc C:\Windows\System32\wlansvc.dll

10:23:21.0043 9236 Wlansvc - ok

10:23:21.0090 9236 [ 06c8fa1cf39de6a735b54d906ba791c6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe

10:23:21.0120 9236 wlcrasvc - ok

10:23:21.0194 9236 [ 7e47c328fc4768cb8beafbcfafa70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

10:23:21.0238 9236 wlidsvc - ok

10:23:21.0257 9236 [ f6ff8944478594d0e414d3f048f0d778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys

10:23:21.0275 9236 WmiAcpi - ok

10:23:21.0301 9236 [ 38b84c94c5a8af291adfea478ae54f93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe

10:23:21.0326 9236 wmiApSrv - ok

10:23:21.0350 9236 WMPNetworkSvc - ok

10:23:21.0369 9236 [ 96c6e7100d724c69fcf9e7bf590d1dca ] WPCSvc C:\Windows\System32\wpcsvc.dll

10:23:21.0429 9236 WPCSvc - ok

10:23:21.0436 9236 [ 93221146d4ebbf314c29b23cd6cc391d ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll

10:23:21.0468 9236 WPDBusEnum - ok

10:23:21.0479 9236 [ 6bcc1d7d2fd2453957c5479a32364e52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys

10:23:21.0505 9236 ws2ifsl - ok

10:23:21.0516 9236 [ e8b1fe6669397d1772d8196df0e57a9e ] wscsvc C:\Windows\System32\wscsvc.dll

10:23:21.0544 9236 wscsvc - ok

10:23:21.0548 9236 WSearch - ok

10:23:21.0625 9236 [ d9ef901dca379cfe914e9fa13b73b4c4 ] wuauserv C:\Windows\system32\wuaueng.dll

10:23:21.0672 9236 wuauserv - ok

10:23:21.0686 9236 [ d3381dc54c34d79b22cee0d65ba91b7c ] WudfPf C:\Windows\system32\drivers\WudfPf.sys

10:23:21.0721 9236 WudfPf - ok

10:23:21.0748 9236 [ cf8d590be3373029d57af80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys

10:23:21.0784 9236 WUDFRd - ok

10:23:21.0802 9236 [ 7a95c95b6c4cf292d689106bcae49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll

10:23:21.0827 9236 wudfsvc - ok

10:23:21.0831 9236 WUSB54GSCv2.NTamd64 - ok

10:23:21.0848 9236 [ 9a3452b3c2a46c073166c5cf49fad1ae ] WwanSvc C:\Windows\System32\wwansvc.dll

10:23:21.0878 9236 WwanSvc - ok

10:23:22.0030 9236 [ dd0042f0c3b606a6a8b92d49afb18ad6 ] YahooAUService C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

10:23:22.0050 9236 YahooAUService - ok

10:23:22.0089 9236 ================ Scan global ===============================

10:23:22.0140 9236 (ba0cd8c393e8c9f83354106093832c7b) C:\Windows\system32\basesrv.dll

10:23:22.0201 9236 (eb6a48cc998e1090e44e8e7f1009a640) C:\Windows\system32\winsrv.dll

10:23:22.0212 9236 (eb6a48cc998e1090e44e8e7f1009a640) C:\Windows\system32\winsrv.dll

10:23:22.0285 9236 (d6160f9d869ba3af0b787f971db56368) C:\Windows\system32\sxssrv.dll

10:23:22.0360 9236 (24acb7e5be595468e3b9aa488b9b4fcb) C:\Windows\system32\services.exe

10:23:22.0365 9236 [Global] - ok

10:23:22.0367 9236 ================ Scan MBR ==================================

10:23:22.0391 9236 MBR (0x1B8) (98fcd121d17e9b4e92f21f168830bb27) \Device\Harddisk0\DR0

10:23:22.0856 9236 \Device\Harddisk0\DR0 - ok

10:23:22.0858 9236 ================ Scan VBR ==================================

10:23:22.0862 9236 Boot (0x1200) (00bc2736862d26bf1a75634ab49c03fd) \Device\Harddisk0\DR0\Partition1

10:23:22.0863 9236 \Device\Harddisk0\DR0\Partition1 - ok

10:23:22.0897 9236 Boot (0x1200) (8a952ae19ff4bb22ca80893d213e8eaf) \Device\Harddisk0\DR0\Partition2

10:23:22.0898 9236 \Device\Harddisk0\DR0\Partition2 - ok

10:23:22.0935 9236 Boot (0x1200) (7edfe259fa587b8ea6f2647550a6037d) \Device\Harddisk0\DR0\Partition3

10:23:22.0936 9236 \Device\Harddisk0\DR0\Partition3 - ok

10:23:22.0937 9236 ============================================================

10:23:22.0937 9236 Scan finished

10:23:22.0937 9236 ============================================================

10:23:22.0949 9908 Detected object count: 10

10:23:22.0949 9908 Actual detected object count: 10

10:24:07.0153 9908 ExpressAccountsService ( UnsignedFile.Multi.Generic ) - skipped by user

10:24:07.0154 9908 ExpressAccountsService ( UnsignedFile.Multi.Generic ) - User select action: Skip

10:24:07.0157 9908 ExpressInvoiceService ( UnsignedFile.Multi.Generic ) - skipped by user

10:24:07.0157 9908 ExpressInvoiceService ( UnsignedFile.Multi.Generic ) - User select action: Skip

10:24:07.0157 9908 Kodak AiO Status Monitor Service ( UnsignedFile.Multi.Generic ) - skipped by user

10:24:07.0157 9908 Kodak AiO Status Monitor Service ( UnsignedFile.Multi.Generic ) - User select action: Skip

10:24:07.0158 9908 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user

10:24:07.0158 9908 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip

10:24:07.0160 9908 MREMP50 ( UnsignedFile.Multi.Generic ) - skipped by user

10:24:07.0160 9908 MREMP50 ( UnsignedFile.Multi.Generic ) - User select action: Skip

10:24:07.0162 9908 MRESP50 ( UnsignedFile.Multi.Generic ) - skipped by user

10:24:07.0162 9908 MRESP50 ( UnsignedFile.Multi.Generic ) - User select action: Skip

10:24:07.0164 9908 pcCMService ( UnsignedFile.Multi.Generic ) - skipped by user

10:24:07.0164 9908 pcCMService ( UnsignedFile.Multi.Generic ) - User select action: Skip

10:24:07.0169 9908 pcCMService64 ( UnsignedFile.Multi.Generic ) - skipped by user

10:24:07.0169 9908 pcCMService64 ( UnsignedFile.Multi.Generic ) - User select action: Skip

10:24:07.0170 9908 pcServiceHost ( UnsignedFile.Multi.Generic ) - skipped by user

10:24:07.0170 9908 pcServiceHost ( UnsignedFile.Multi.Generic ) - User select action: Skip

10:24:07.0173 9908 SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user

10:24:07.0173 9908 SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip

[MrCharlie]

That scan was clean......

Here's what I suggest you do:

Disable these plug-ins:

npCouponPrinter<--plugin

WeCareReminder <---plugin

Uninstall all of these:

Anti-phishing Domain Advisor

Yahoo! Toolbar

Upromise TurboSaver (remove only)

Coupon Printer for Windows

Coupons.com Toolbar

Vuze

Vuze Remote Toolbar

Xfinity.com Toolbar 3.5

Inbox Toolbar

------------------------------------------------

Then...............

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

[zalloy]

Here's the ComboFix log. I've also noticed that every time I reboot, I get asked if I want to run uTorrent. I don't use uTorrent, and want it to stop trying to run. I always have to click Cancel before it will let anything else load. Also, for a while, I was getting a malicious IP blocked by MWAB 204.51.78.133. Additionally, I've been getting weird compatibility messages in MS Office. I ran the Combofix after disabling Norton, MWAB and Spybot Search & Destroy. Couldn't get the TeaTimer to disable.

ComboFix 12-08-17.03 - Laurie 08/18/2012 8:05.1.2 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3839.1890 [GMT -4:00]

Running from: c:\users\Laurie\Desktop\ComboFix.exe

AV: Norton Security Suite *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

FW: Norton Security Suite *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

SP: Norton Security Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\Install.exe

c:\program files (x86)\version.txt

c:\programdata\Amazon.ico

c:\users\Default\AppData\Roaming\DPInst.exe

c:\users\Default\AppData\Roaming\gacutil.exe

c:\users\Default\AppData\Roaming\PnPutil.exe

c:\users\Laurie\AppData\Local\ie_runner_app.exe

c:\windows\SysWow64\URTTemp

c:\windows\SysWow64\URTTemp\regtlib.exe

.

.

((((((((((((((((((((((((( Files Created from 2012-07-18 to 2012-08-18 )))))))))))))))))))))))))))))))

.

.

2012-08-18 12:25 . 2012-08-18 12:25 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-08-16 17:39 . 2012-08-16 18:26 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy

2012-08-16 17:39 . 2012-08-16 18:05 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2012-08-15 08:58 . 2012-08-15 08:58 9826504 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe

2012-08-15 03:24 . 2012-06-29 04:09 10925568 ----a-w- c:\windows\system32\ieframe.dll

2012-08-12 16:21 . 2012-08-12 16:25 -------- d-----w- c:\users\Laurie\AppData\Roaming\PDF Software

2012-08-12 15:52 . 2012-08-12 15:53 -------- d-----w- c:\program files (x86)\PDF Suite 2012

2012-08-10 22:01 . 2012-08-10 22:01 -------- d-----w- c:\program files (x86)\Free YouTube Downloader

2012-07-28 22:31 . 2012-07-28 22:31 -------- d-----w- c:\users\Laurie\AppData\Local\CRE

2012-07-27 20:51 . 2012-07-27 20:51 184248 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll

2012-07-27 20:51 . 2012-07-27 20:51 184248 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll

2012-07-27 00:37 . 2012-07-27 00:36 476976 ----a-w- c:\windows\SysWow64\npdeployJava1.dll

2012-07-27 00:33 . 2012-07-27 00:33 -------- d-----w- c:\programdata\McAfee

2012-07-21 16:01 . 2012-07-21 16:01 -------- d-----w- c:\windows\SysWow64\kodak

2012-07-21 15:49 . 2012-07-21 15:49 -------- d-----w- c:\users\Default\AppData\Roaming\KODAK AiO Home Center1012742297

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-08-15 08:58 . 2012-05-08 15:39 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-08-15 08:58 . 2011-07-23 21:26 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-08-15 03:19 . 2011-07-23 18:31 62134624 ----a-w- c:\windows\system32\MRT.exe

2012-07-27 00:36 . 2011-07-23 20:17 472880 ----a-w- c:\windows\SysWow64\deployJava1.dll

2012-07-16 21:14 . 2012-03-10 14:56 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll

2012-07-16 21:14 . 2003-02-21 11:42 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll

2012-07-03 17:46 . 2012-06-30 14:41 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-06-30 21:47 . 2012-02-12 15:00 175736 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS

2012-06-18 13:48 . 2012-06-18 13:48 122368 ----a-w- c:\windows\system32\EKaio2WiaCoInst.dll

2012-06-18 13:48 . 2012-06-18 13:48 10240 ----a-w- c:\windows\system32\EKaio2WiaCoInstRes.dll

2012-06-12 13:42 . 2012-06-12 13:42 1644544 ----a-w- c:\windows\system32\EKAiO2MON.dll

2012-06-12 13:41 . 2012-06-12 13:41 177664 ----a-w- c:\windows\system32\EKAiO2COI09.dll

2012-06-09 05:43 . 2012-07-11 10:28 14172672 ----a-w- c:\windows\system32\shell32.dll

2012-06-06 12:49 . 2012-06-06 12:49 1070152 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX

2012-06-06 06:06 . 2012-07-11 10:28 2004480 ----a-w- c:\windows\system32\msxml6.dll

2012-06-06 06:06 . 2012-07-11 10:28 1881600 ----a-w- c:\windows\system32\msxml3.dll

2012-06-06 06:02 . 2012-07-11 10:28 1133568 ----a-w- c:\windows\system32\cdosys.dll

2012-06-06 05:05 . 2012-07-11 10:28 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll

2012-06-06 05:05 . 2012-07-11 10:28 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll

2012-06-06 05:03 . 2012-07-11 10:28 805376 ----a-w- c:\windows\SysWow64\cdosys.dll

2012-06-02 22:19 . 2012-06-21 04:32 38424 ----a-w- c:\windows\system32\wups.dll

2012-06-02 22:19 . 2012-06-21 04:32 2428952 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-02 22:19 . 2012-06-21 04:32 57880 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-02 22:19 . 2012-06-21 04:32 44056 ----a-w- c:\windows\system32\wups2.dll

2012-06-02 22:19 . 2012-06-21 04:32 701976 ----a-w- c:\windows\system32\wuapi.dll

2012-06-02 22:15 . 2012-06-21 04:32 2622464 ----a-w- c:\windows\system32\wucltux.dll

2012-06-02 22:15 . 2012-06-21 04:32 99840 ----a-w- c:\windows\system32\wudriver.dll

2012-06-02 19:19 . 2012-06-21 04:31 186752 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-02 19:15 . 2012-06-21 04:31 36864 ----a-w- c:\windows\system32\wuapp.exe

2012-06-02 05:50 . 2012-07-11 10:28 458704 ----a-w- c:\windows\system32\drivers\cng.sys

2012-06-02 05:48 . 2012-07-11 10:28 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2012-06-02 05:48 . 2012-07-11 10:28 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys

2012-06-02 05:45 . 2012-07-11 10:28 340992 ----a-w- c:\windows\system32\schannel.dll

2012-06-02 05:44 . 2012-07-11 10:28 307200 ----a-w- c:\windows\system32\ncrypt.dll

2012-06-02 04:40 . 2012-07-11 10:28 22016 ----a-w- c:\windows\SysWow64\secur32.dll

2012-06-02 04:40 . 2012-07-11 10:28 225280 ----a-w- c:\windows\SysWow64\schannel.dll

2012-06-02 04:39 . 2012-07-11 10:28 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll

2012-06-02 04:34 . 2012-07-11 10:28 96768 ----a-w- c:\windows\SysWow64\sspicli.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{a938761b-202b-4828-87e4-f21fec37d02d}]

2012-07-31 16:32 92040 ----a-w- c:\program files (x86)\PDF Suite 2012\PDFIEHelper.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]

"{11aa5c56-b4e2-4b8f-803a-d340415532f3}"= "c:\program files (x86)\PDF Suite 2012\PDFIEPlugin.dll" [2012-07-31 609160]

.

[HKEY_CLASSES_ROOT\clsid\{11aa5c56-b4e2-4b8f-803a-d340415532f3}]

[HKEY_CLASSES_ROOT\PDFIEPlugin.PDFIEConverter.1]

[HKEY_CLASSES_ROOT\TypeLib\{99e9d44c-f699-4ab3-8f4b-46dd12e9a9f6}]

[HKEY_CLASSES_ROOT\PDFIEPlugin.PDFIEConverter]

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\Laurie\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\Laurie\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\Laurie\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GladinetIconOverlay]

@="{3C3DC57A-7535-48AF-BB9E-C3576A4F34D0}"

[HKEY_CLASSES_ROOT\CLSID\{3C3DC57A-7535-48AF-BB9E-C3576A4F34D0}]

2011-05-09 09:10 194416 ----a-w- c:\program files (x86)\Nuance\Nuance Cloud Connector\GlOverlayIcon32.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GladinetUploading]

@="{959A18D3-9CC9-41e8-B76F-34ED9A89D4EA}"

[HKEY_CLASSES_ROOT\CLSID\{959A18D3-9CC9-41e8-B76F-34ED9A89D4EA}]

2011-05-09 09:13 194416 ----a-w- c:\program files (x86)\Nuance\Nuance Cloud Connector\GlOverlayIconU32.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"cdloader"="c:\users\Laurie\AppData\Roaming\mjusbsp\cdloader2.exe" [2012-02-01 50592]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]

"uTorrent"="c:\users\Laurie\Downloads\utorrent.exe" [2011-08-05 639864]

"ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2010-05-21 324976]

"DW7"="c:\program files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe" [2012-07-29 13003448]

"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]

"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"nmctxth"="c:\program files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-12-12 642856]

"ddoctorv2"="c:\program files (x86)\Comcast\Desktop Doctor\bin\sprtcmd.exe" [2008-04-24 202560]

"NielsenOnline"="c:\program files (x86)\NetRatingsNetSight\NetSight\NielsenOnline.exe" [2010-11-17 47424]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]

"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

"NBAgent"="c:\program files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe" [2011-09-20 1493288]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-07-13 336384]

"GIDDesktop"="c:\program files (x86)\SFT\GuardedID\gidd.exe" [2011-07-05 395528]

"PDF7 Registry Controller"="c:\program files (x86)\Nuance\PDF Create 7\RegistryController.exe" [2011-04-29 138528]

"DNS7reminder"="c:\program files (x86)\Nuance\NaturallySpeaking11\Ereg\Ereg.exe" [2007-04-16 259624]

"ISUSPM"="c:\programdata\FLEXnet\Connect\11\isuspm.exe" [2010-05-21 324976]

"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]

"OmniPage Preload"="c:\program files (x86)\Nuance\OmniPage18\OmniPage18.exe" [2011-05-10 2983200]

"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]

"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]

"PDFHook"="c:\program files (x86)\Nuance\PDF Create 7\pdfcreate7hook.exe" [2011-04-29 606496]

"Nuance OmniPage 18-reminder"="c:\program files (x86)\Nuance\OmniPage18\Ereg\Ereg.exe" [2010-10-27 333088]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]

"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2012-07-16 296096]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"DeleteEngineAfterUpdate"="reg DELETE HKCU\Software\AppDataLow\Software\ConduitEngine" [X]

"KodakHomeCenter"="c:\program files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe" [2012-06-19 2234840]

.

c:\users\Laurie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\Laurie\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]

magicJack.lnk - c:\users\Laurie\AppData\Roaming\mjusbsp\magicJackLoader.exe [2012-2-1 804672]

OpenOffice.org 3.4.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2012-4-19 1199104]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Constant Guard.lnk - c:\program files (x86)\Constant Guard Protection Suite\IDVault.exe [2012-7-18 6536304]

Nuance Cloud Connector.lnk - c:\program files (x86)\Nuance\Nuance Cloud Connector\GladLauncher.exe [2011-5-9 87920]

PhraseExpress.lnk - c:\program files (x86)\PhraseExpress\phraseexpress.exe [2012-2-22 7344336]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"EnableLinkedConnections"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux1"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]

"HP Software Update"=c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"

.

R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe [2012-02-10 193816]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-17 136176]

R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-15 250056]

R3 AODDriver4.0;AODDriver4.0;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2011-06-24 55424]

R3 ExpressAccountsService;Express Accounts;c:\program files (x86)\NCH Software\ExpressAccounts\expressaccounts.exe [2011-09-25 2654724]

R3 ExpressInvoiceService;Express Invoice;c:\program files (x86)\NCH Software\ExpressInvoice\expressinvoice.exe [2011-09-25 1781252]

R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-17 136176]

R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-17 113120]

R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-07-24 1255736]

R3 WUSB54GSCv2.NTamd64;Compact Wireless-G USB Network Adapter with SpeedBooster Service;c:\windows\system32\DRIVERS\WUSB54GSCV2_AMD64.sys [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]

S0 amd_sata;amd_sata;c:\windows\system32\drivers\amd_sata.sys [2010-11-04 75904]

S0 amd_xata;amd_xata;c:\windows\system32\drivers\amd_xata.sys [2010-11-04 38016]

S0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\DRIVERS\NBVol.sys [2011-07-13 72240]

S0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\DRIVERS\NBVolUp.sys [2011-07-13 15920]

S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0602010.005\SYMDS64.SYS [2011-08-16 451192]

S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0602010.005\SYMEFA64.SYS [2011-11-24 1092728]

S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\BASHDefs\20120811.003\BHDrvx64.sys [2012-08-11 1385120]

S1 ccSet_N360;Norton Security Suite Settings Manager;c:\windows\system32\drivers\N360x64\0602010.005\ccSetx64.sys [2011-11-04 167048]

S1 GIDv2;GIDv2; [x]

S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\IPSDefs\20120817.001\IDSvia64.sys [2012-06-29 509088]

S1 nnfwdk;Nielsen WFP Driver;c:\program files (x86)\NetRatingsNetSight\NetSight\meter9\nnfwdk64.sys [2012-03-20 25648]

S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0602010.005\Ironx64.SYS [2011-11-17 190072]

S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\0602010.005\SYMNETS.SYS [2011-11-17 405624]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-06-30 204288]

S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-07-13 361984]

S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2011-06-24 55424]

S2 DragonSvc;Dragon Service;c:\program files (x86)\Common Files\Nuance\dgnsvc.exe [2010-07-23 296808]

S2 GladFileMonSvc;GladFileMonSvc;c:\program files (x86)\Nuance\Nuance Cloud Connector\GladFileMonSvc.exe [2011-05-09 29552]

S2 HPAuto;HP Auto;c:\program files\Hewlett-Packard\HP Auto\HPAuto.exe [2011-02-17 682040]

S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]

S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]

S2 IDVaultSvc;CGPS Service;c:\program files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe [2012-07-18 66160]

S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [2012-06-19 394712]

S2 Kodak AiO Status Monitor Service;Kodak AiO Status Monitor Service;c:\program files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe [2012-06-19 777728]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]

S2 N360;Norton Security Suite;c:\program files (x86)\Norton Security Suite\Engine\6.2.1.5\ccSvcHst.exe [2012-03-27 138232]

S2 NielsenUpdate;Nielsen Update;c:\program files (x86)\NetRatingsNetSight\NetSight\NielsenUpdate.exe [2012-02-24 825664]

S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]

S2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files (x86)\Norton PC Checkup\Engine\2.0.12.27\SymcPCCULaunchSvc.exe [2011-12-01 135608]

S2 pcCMService;pcCMService;c:\program files (x86)\Common Files\Motive\pcCMService.exe [2012-06-12 368640]

S2 pcCMService64;pcCMService64;c:\program files\Common Files\Motive\pcCMService.exe [2012-06-12 460288]

S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.12.27\ccSvcHst.exe [2011-05-03 126392]

S2 pcServiceHost;pcServiceHost;c:\program files (x86)\Common Files\Motive\pcServiceHost.exe [2012-06-11 342016]

S2 PDF Suite 2012 Helper Service;PDF Suite 2012 Helper Service;c:\program files (x86)\PDF Suite 2012\HelperService.exe [2012-07-31 815496]

S2 PDF Suite 2012 Service;PDF Suite 2012 Service;c:\program files (x86)\PDF Suite 2012\ConversionService.exe [2012-07-31 724360]

S2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344]

S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]

S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-06-30 9371136]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-06-30 309760]

S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-02-05 231440]

S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe [2012-02-10 240408]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-08-13 138912]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]

S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-12-28 412776]

S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [2009-12-22 38456]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2011-06-20 19:05 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{9191979D-821C-4EA8-B021-2DA1D859A7C5}-3Reg]

2011-07-05 15:26 435976 ----a-w- c:\program files (x86)\SFT\GuardedID\GIDI.exe

.

Contents of the 'Scheduled Tasks' folder

.

2012-08-18 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-08 08:58]

.

2012-08-18 c:\windows\Tasks\AutoKMS.job

- c:\windows\AutoKMS\AutoKMS.exe [2011-09-19 23:09]

.

2012-08-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-17 15:54]

.

2012-08-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-17 15:54]

.

2012-08-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3877766120-1356258156-1109172098-1001Core.job

- c:\users\Laurie\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-23 18:30]

.

2012-08-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3877766120-1356258156-1109172098-1001UA.job

- c:\users\Laurie\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-23 18:30]

.

2012-08-18 c:\windows\Tasks\HPCeeScheduleForLaurie.job

- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]

.

2012-08-13 c:\windows\Tasks\HPCeeScheduleForZINCS-HP$.job

- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 97792 ----a-w- c:\users\Laurie\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 97792 ----a-w- c:\users\Laurie\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 97792 ----a-w- c:\users\Laurie\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 97792 ----a-w- c:\users\Laurie\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GladinetIconOverlay]

@="{3C3DC57A-7535-48AF-BB9E-C3576A4F34D0}"

[HKEY_CLASSES_ROOT\CLSID\{3C3DC57A-7535-48AF-BB9E-C3576A4F34D0}]

2011-05-09 09:11 192368 ----a-w- c:\program files (x86)\Nuance\Nuance Cloud Connector\GlOverlayIcon.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GladinetUploading]

@="{959A18D3-9CC9-41e8-B76F-34ED9A89D4EA}"

[HKEY_CLASSES_ROOT\CLSID\{959A18D3-9CC9-41e8-B76F-34ED9A89D4EA}]

2011-05-09 09:13 195440 ----a-w- c:\program files (x86)\Nuance\Nuance Cloud Connector\GlOverlayIconU.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]

"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-09-16 497648]

"Comcast_McciTrayApp"="c:\program files\Comcast\pcTrayApp.exe" [2012-06-12 2767360]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uStart Page = hxxp://xfinity.comcast.net/?cid=cgps02122012

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = 127.0.0.1;*.local

IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html

IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105

TCP: DhcpNameServer = 75.75.75.75 75.75.76.76

FF - ProfilePath - c:\users\Laurie\AppData\Roaming\Mozilla\Firefox\Profiles\6hkwwsku.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2801948&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine -

FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2801948&SearchSource=13

FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(yahoo.ytff.general.dontshowhpoffer, true

FF - user.js: network.http.max-persistent-connections-per-server - 4

FF - user.js: nglayout.initialpaint.delay - 600

FF - user.js: content.notify.interval - 600000

FF - user.js: content.max.tokenizing.time - 1800000

FF - user.js: content.switch.threshold - 600000

.

- - - - ORPHANS REMOVED - - - -

.

URLSearchHooks-{37153479-1976-43c3-a1ee-557513977b64} - (no file)

URLSearchHooks-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)

URLSearchHooks-{26525ca7-f3ff-47c2-b829-09083718bee1} - (no file)

URLSearchHooks-{ba14329e-9550-4989-b3f2-9732e92d17cc} - (no file)

URLSearchHooks-{37483b40-c254-4a72-bda4-22ee90182c1e} - (no file)

URLSearchHooks-{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file)

Wow6432Node-HKCU-Run-Typing Assistant (English) - c:\program files (x86)\Typing Assistant (English) 5.4\Typing Assistant (English).exe

Wow6432Node-HKCU-Run-SpeechInk Transcription Alerter - c:\program files (x86)\SpeechInk Alerter\rss.exe

Wow6432Node-HKCU-Run-DW6 - c:\program files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe

Wow6432Node-HKLM-Run-Conime - c:\windows\system32\conime.exe

WebBrowser-{37153479-1976-43C3-A1EE-557513977B64} - (no file)

WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)

WebBrowser-{26525CA7-F3FF-47C2-B829-09083718BEE1} - (no file)

WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)

WebBrowser-{37483B40-C254-4A72-BDA4-22EE90182C1E} - (no file)

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

AddRemove-The Weather Channel Desktop 6 - c:\program files (x86)\The Weather Channel FW\Desktop\TheWeatherChannelCustomUninstall.exe

AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]

"ImagePath"="\"c:\program files (x86)\Norton Security Suite\Engine\6.2.1.5\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton Security Suite\Engine\6.2.1.5\diMaster.dll\" /prefetch:1"

--

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCCUJobMgr]

"ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.12.27\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.12.27\diMaster.dll\" /prefetch:1"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]

@Denied: (2) (LocalSystem)

"{8DCB7100-DF86-4384-8842-8FA844297B3F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,72,d8,

89,b4,91,ea,06,f7,54,cc,e8,41,77,3f,2b

"{5911488E-9D1E-40EC-8CBB-06B231CC153F}"=hex:51,66,7a,6c,4c,1d,38,12,e0,4b,02,

5d,2c,d3,82,05,f3,ad,45,f2,34,92,51,2b

"{2E5E800E-6AC0-411E-940A-369530A35E43}"=hex:51,66,7a,6c,4c,1d,38,12,60,83,4d,

2a,f2,24,70,04,eb,1c,75,d5,35,fd,1a,57

"{DCC70A83-E184-40A3-906B-779AF5E941C4}"=hex:51,66,7a,6c,4c,1d,38,12,ed,09,d4,

d8,b6,af,cd,05,ef,7d,34,da,f0,b7,05,d0

"{311B58DC-A4DC-4B04-B1B5-60299AD3D803}"=hex:51,66,7a,6c,4c,1d,38,12,b2,5b,08,

35,ee,ea,6a,0e,ce,a3,23,69,9f,8d,9c,17

"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"=hex:51,66,7a,6c,4c,1d,38,12,8d,ec,f8,

7b,2b,25,27,06,e7,c4,bc,f0,98,15,0d,de

"{37153479-1976-43C3-A1EE-557513977B64}"=hex:51,66,7a,6c,4c,1d,38,12,17,37,06,

33,44,57,ad,06,de,f8,16,35,16,c9,3f,70

"{47833539-D0C5-4125-9FA8-0819E2EAAC93}"=hex:51,66,7a,6c,4c,1d,38,12,57,36,90,

43,f7,9e,4b,04,e0,be,4b,59,e7,b4,e8,87

"{06E58E5E-F8CB-4049-991E-A41C03BD419E}"=hex:51,66,7a,6c,4c,1d,38,12,30,8d,f6,

02,f9,b6,27,05,e6,08,e7,5c,06,e3,05,8a

"{C3947F4E-8894-4C04-98E0-DF182C706DDF}"=hex:51,66,7a,6c,4c,1d,38,12,20,7c,87,

c7,a6,c6,6a,09,e7,f6,9c,58,29,2e,29,cb

"{26525CA7-F3FF-47C2-B829-09083718BEE1}"=hex:51,66,7a,6c,4c,1d,38,12,c9,5f,41,

22,cd,bd,ac,02,c7,3f,4a,48,32,46,fa,f5

"{30F9B915-B755-4826-820B-08FBA6BD249D}"=hex:51,66,7a,6c,4c,1d,38,12,7b,ba,ea,

34,67,f9,48,0d,fd,1d,4b,bb,a3,e3,60,89

"{47980628-3844-42AA-A0DD-E2D86BBA9600}"=hex:51,66,7a,6c,4c,1d,38,12,46,05,8b,

43,76,76,c4,07,df,cb,a1,98,6e,e4,d2,14

"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,

1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7

"{2AAE80CE-5D5E-4AD2-B722-E9E0A506CE52}"=hex:51,66,7a,6c,4c,1d,38,12,a0,83,bd,

2e,6c,13,bc,0f,c8,34,aa,a0,a0,58,8a,46

"{3049C3E9-B461-4BC5-8870-4C09146192CA}"=hex:51,66,7a,6c,4c,1d,38,12,87,c0,5a,

34,53,fa,ab,0e,f7,66,0f,49,11,3f,d6,de

"{3FDBA1BA-AE28-4045-9048-4ED2F3865629}"=hex:51,66,7a,6c,4c,1d,38,12,d4,a2,c8,

3b,1a,e0,2b,05,ef,5e,0d,92,f6,d8,12,3d

"{4BE60886-F6AA-4714-8109-EA6D8247DD57}"=hex:51,66,7a,6c,4c,1d,38,12,e8,0b,f5,

4f,98,b8,7a,02,fe,1f,a9,2d,87,19,99,43

"{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}"=hex:51,66,7a,6c,4c,1d,38,12,60,d8,39,

64,cd,04,79,07,f5,b7,d6,9a,c1,81,e0,1c

"{66516A07-F617-488A-90CF-4E690CFB3C5F}"=hex:51,66,7a,6c,4c,1d,38,12,69,69,42,

62,25,b8,e4,0d,ef,d9,0d,29,09,a5,78,4b

"{6D53EC84-6AAE-4787-AEEE-F4628F01010C}"=hex:51,66,7a,6c,4c,1d,38,12,ea,ef,40,

69,9c,24,e9,02,d1,f8,b7,22,8a,5f,45,18

"{6E13D095-45C3-4271-9475-F3B48227DD9F}"=hex:51,66,7a,6c,4c,1d,38,12,fb,d3,00,

6a,f1,0b,1f,07,eb,63,b0,f4,87,79,99,8b

"{6EBF7485-159F-4BFF-A14F-B9E3AAC4465B}"=hex:51,66,7a,6c,4c,1d,38,12,eb,77,ac,

6a,ad,5b,91,0e,de,59,fa,a3,af,9a,02,4f

"{6FFB615D-E8CE-4ADD-8D9F-31C4BE9C26E4}"=hex:51,66,7a,6c,4c,1d,38,12,33,62,e8,

6b,fc,a6,b3,0f,f2,89,72,84,bb,c2,62,f0

"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,

94,30,02,d1,0f,f1,da,12,24,73,56,27,d2

"{AE7CD045-E861-484F-8273-0445EE161910}"=hex:51,66,7a,6c,4c,1d,38,12,2b,d3,6f,

aa,53,a6,21,0d,fd,65,47,05,eb,48,5d,04

"{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}"=hex:51,66,7a,6c,4c,1d,38,12,92,9a,85,

b0,57,58,7a,01,de,dd,87,e2,a1,ff,7a,f8

"{B84CDBE7-1B46-494B-A188-01D4C52DEB61}"=hex:51,66,7a,6c,4c,1d,38,12,89,d8,5f,

bc,74,55,25,0c,de,9e,42,94,c0,73,af,75

"{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,3d,dd,

d6,78,b7,2e,02,e7,98,40,9c,2a,66,87,5b

"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,

df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd

"{E6D0B79E-ECAC-411B-8BF6-7A574981AF30}"=hex:51,66,7a,6c,4c,1d,38,12,f0,b4,c3,

e2,9e,a2,75,04,f4,e0,39,17,4c,df,eb,24

"{EDC0F17F-F4B7-47E4-B73E-887FAEB376FA}"=hex:51,66,7a,6c,4c,1d,38,12,11,f2,d3,

e9,85,ba,8a,02,c8,28,cb,3f,ab,ed,32,ee

"{F4971EE7-DAA0-4053-9964-665D8EE6A077}"=hex:51,66,7a,6c,4c,1d,38,12,89,1d,84,

f0,92,94,3d,05,e6,72,25,1d,8b,b8,e4,63

"{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}"=hex:51,66,7a,6c,4c,1d,38,12,70,05,61,

f9,ec,d1,23,0d,da,9c,48,eb,44,0f,8e,cc

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]

@Denied: (2) (LocalSystem)

"Timestamp"=hex:6a,d9,b4,e3,e8,59,cc,01

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (LocalSystem)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f2,08,ef,22,41,ed,e0,48,b0,e9,d4,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f2,08,ef,22,41,ed,e0,48,b0,e9,d4,\

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\NetRatingsNetSight]

"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DbgagD\1*]

"value"="?\08\02\09\01\15;S"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe

c:\program files (x86)\Comcast\Desktop Doctor\bin\sprtsvc.exe

c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

c:\program files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe

c:\program files (x86)\SFT\GuardedID\gidd.exe

.

**************************************************************************

.

Completion time: 2012-08-18 08:57:54 - machine was rebooted

ComboFix-quarantined-files.txt 2012-08-18 12:57

.

Pre-Run: 322,107,662,336 bytes free

Post-Run: 322,068,819,968 bytes free

.

- - End Of File - - E6CE2B524AB69E806CD407F6C459C18C

[zalloy]

Also, every time I try to adjust firewall settings for selected programs, Symantec Service Framework stops working. Have to reboot when this happens, as Norton Security shuts down.

[MrCharlie]

Using ComboFix......

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

4. If ComboFix wants to update.....please allow it to.

Registry::

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"uTorrent"=-

ClearJavaCache::

Save this as CFScript.txt, in the same location as ComboFix.exe

Refering to the picture above, drag CFScript into ComboFix.exe

CAUTION: Do not mouse-click ComboFix while it is running. It may cause it to stall.

After reboot, (in case it asks to reboot)......

Please provide the contents of the ComboFix log (C:\ComboFix.txt) in your next reply.

MrC

[zalloy]

I uninstalled the software you had indicated previously, (Vuze, visicom, toolbars, etc) and added the CFScript.txt to ComboFix. It said there was a new version, and asked if I wanted to download it, so I did. Ran with all AV disabled. Also, Norton still goes belly up when I try to adjust the firewall settings. I'm not seeing any more IP blocks for 204.51.78.133. Looks like uTorrent is gone though. Here's the log:

ComboFix 12-08-18.03 - Laurie 08/18/2012 16:08:15.2.2 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3839.1604 [GMT -4:00]

Running from: c:\users\Laurie\Desktop\ComboFix.exe

Command switches used :: c:\users\Laurie\Desktop\CFScript.txt

AV: Norton Security Suite *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

FW: Norton Security Suite *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

SP: Norton Security Suite *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((( Files Created from 2012-07-18 to 2012-08-18 )))))))))))))))))))))))))))))))

.

.

2012-08-18 20:27 . 2012-08-18 20:27 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-08-16 17:39 . 2012-08-16 18:26 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy

2012-08-16 17:39 . 2012-08-16 18:05 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2012-08-15 08:58 . 2012-08-15 08:58 9826504 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe

2012-08-15 03:24 . 2012-06-29 04:09 10925568 ----a-w- c:\windows\system32\ieframe.dll

2012-08-12 16:21 . 2012-08-12 16:25 -------- d-----w- c:\users\Laurie\AppData\Roaming\PDF Software

2012-08-12 15:52 . 2012-08-12 15:53 -------- d-----w- c:\program files (x86)\PDF Suite 2012

2012-08-10 22:01 . 2012-08-10 22:01 -------- d-----w- c:\program files (x86)\Free YouTube Downloader

2012-07-28 22:31 . 2012-07-28 22:31 -------- d-----w- c:\users\Laurie\AppData\Local\CRE

2012-07-27 20:51 . 2012-07-27 20:51 184248 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll

2012-07-27 20:51 . 2012-07-27 20:51 184248 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll

2012-07-27 00:37 . 2012-07-27 00:36 476976 ----a-w- c:\windows\SysWow64\npdeployJava1.dll

2012-07-27 00:33 . 2012-07-27 00:33 -------- d-----w- c:\programdata\McAfee

2012-07-21 16:01 . 2012-07-21 16:01 -------- d-----w- c:\windows\SysWow64\kodak

2012-07-21 15:49 . 2012-07-21 15:49 -------- d-----w- c:\users\Default\AppData\Roaming\KODAK AiO Home Center1012742297

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-08-15 08:58 . 2012-05-08 15:39 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-08-15 08:58 . 2011-07-23 21:26 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-08-15 03:19 . 2011-07-23 18:31 62134624 ----a-w- c:\windows\system32\MRT.exe

2012-07-27 00:36 . 2011-07-23 20:17 472880 ----a-w- c:\windows\SysWow64\deployJava1.dll

2012-07-16 21:14 . 2012-03-10 14:56 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll

2012-07-16 21:14 . 2003-02-21 11:42 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll

2012-07-03 17:46 . 2012-06-30 14:41 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-06-30 21:47 . 2012-02-12 15:00 175736 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS

2012-06-18 13:48 . 2012-06-18 13:48 122368 ----a-w- c:\windows\system32\EKaio2WiaCoInst.dll

2012-06-18 13:48 . 2012-06-18 13:48 10240 ----a-w- c:\windows\system32\EKaio2WiaCoInstRes.dll

2012-06-12 13:42 . 2012-06-12 13:42 1644544 ----a-w- c:\windows\system32\EKAiO2MON.dll

2012-06-12 13:41 . 2012-06-12 13:41 177664 ----a-w- c:\windows\system32\EKAiO2COI09.dll

2012-06-09 05:43 . 2012-07-11 10:28 14172672 ----a-w- c:\windows\system32\shell32.dll

2012-06-06 12:49 . 2012-06-06 12:49 1070152 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX

2012-06-06 06:06 . 2012-07-11 10:28 2004480 ----a-w- c:\windows\system32\msxml6.dll

2012-06-06 06:06 . 2012-07-11 10:28 1881600 ----a-w- c:\windows\system32\msxml3.dll

2012-06-06 06:02 . 2012-07-11 10:28 1133568 ----a-w- c:\windows\system32\cdosys.dll

2012-06-06 05:05 . 2012-07-11 10:28 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll

2012-06-06 05:05 . 2012-07-11 10:28 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll

2012-06-06 05:03 . 2012-07-11 10:28 805376 ----a-w- c:\windows\SysWow64\cdosys.dll

2012-06-02 22:19 . 2012-06-21 04:32 38424 ----a-w- c:\windows\system32\wups.dll

2012-06-02 22:19 . 2012-06-21 04:32 2428952 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-02 22:19 . 2012-06-21 04:32 57880 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-02 22:19 . 2012-06-21 04:32 44056 ----a-w- c:\windows\system32\wups2.dll

2012-06-02 22:19 . 2012-06-21 04:32 701976 ----a-w- c:\windows\system32\wuapi.dll

2012-06-02 22:15 . 2012-06-21 04:32 2622464 ----a-w- c:\windows\system32\wucltux.dll

2012-06-02 22:15 . 2012-06-21 04:32 99840 ----a-w- c:\windows\system32\wudriver.dll

2012-06-02 19:19 . 2012-06-21 04:31 186752 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-02 19:15 . 2012-06-21 04:31 36864 ----a-w- c:\windows\system32\wuapp.exe

2012-06-02 05:50 . 2012-07-11 10:28 458704 ----a-w- c:\windows\system32\drivers\cng.sys

2012-06-02 05:48 . 2012-07-11 10:28 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2012-06-02 05:48 . 2012-07-11 10:28 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys

2012-06-02 05:45 . 2012-07-11 10:28 340992 ----a-w- c:\windows\system32\schannel.dll

2012-06-02 05:44 . 2012-07-11 10:28 307200 ----a-w- c:\windows\system32\ncrypt.dll

2012-06-02 04:40 . 2012-07-11 10:28 22016 ----a-w- c:\windows\SysWow64\secur32.dll

2012-06-02 04:40 . 2012-07-11 10:28 225280 ----a-w- c:\windows\SysWow64\schannel.dll

2012-06-02 04:39 . 2012-07-11 10:28 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll

2012-06-02 04:34 . 2012-07-11 10:28 96768 ----a-w- c:\windows\SysWow64\sspicli.dll

.

.

((((((((((((((((((((((((((((( SnapShot@2012-08-18_12.30.58 )))))))))))))))))))))))))))))))))))))))))

.

- 2009-07-14 04:54 . 2012-08-18 12:28 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-07-14 04:54 . 2012-08-18 20:30 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2009-07-14 04:54 . 2012-08-18 12:28 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-07-14 04:54 . 2012-08-18 20:30 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-07-14 04:54 . 2012-08-18 12:28 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 04:54 . 2012-08-18 20:30 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2010-11-21 03:09 . 2012-08-18 20:33 90066 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 05:10 . 2012-08-18 20:33 44634 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2011-07-21 22:13 . 2012-08-18 20:33 20536 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3877766120-1356258156-1109172098-1001_UserData.bin

+ 2011-02-11 19:25 . 2012-08-18 18:50 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2011-02-11 19:25 . 2012-08-18 12:06 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2011-02-11 19:25 . 2012-08-18 12:06 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2011-02-11 19:25 . 2012-08-18 18:50 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-07-14 04:54 . 2012-08-18 18:50 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2009-07-14 04:54 . 2012-08-18 12:06 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2011-07-21 21:14 . 2012-08-18 18:46 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2011-07-21 21:14 . 2012-08-18 11:40 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2012-08-18 12:27 . 2012-08-18 12:27 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2012-08-18 20:30 . 2012-08-18 20:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2012-08-18 12:27 . 2012-08-18 12:27 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2012-08-18 20:30 . 2012-08-18 20:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2009-07-14 05:01 . 2012-08-18 20:28 520220 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

- 2009-07-14 05:01 . 2012-08-18 12:26 520220 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2012-08-18 16:40 . 2012-08-18 20:28 3262048 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat

- 2012-08-13 19:39 . 2012-08-18 12:26 3262048 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat

+ 2011-07-25 07:16 . 2012-08-18 20:28 5229996 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3877766120-1356258156-1109172098-1001-8192.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{a938761b-202b-4828-87e4-f21fec37d02d}]

2012-07-31 16:32 92040 ----a-w- c:\program files (x86)\PDF Suite 2012\PDFIEHelper.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]

"{11aa5c56-b4e2-4b8f-803a-d340415532f3}"= "c:\program files (x86)\PDF Suite 2012\PDFIEPlugin.dll" [2012-07-31 609160]

.

[HKEY_CLASSES_ROOT\clsid\{11aa5c56-b4e2-4b8f-803a-d340415532f3}]

[HKEY_CLASSES_ROOT\PDFIEPlugin.PDFIEConverter.1]

[HKEY_CLASSES_ROOT\TypeLib\{99e9d44c-f699-4ab3-8f4b-46dd12e9a9f6}]

[HKEY_CLASSES_ROOT\PDFIEPlugin.PDFIEConverter]

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\Laurie\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\Laurie\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\Laurie\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GladinetIconOverlay]

@="{3C3DC57A-7535-48AF-BB9E-C3576A4F34D0}"

[HKEY_CLASSES_ROOT\CLSID\{3C3DC57A-7535-48AF-BB9E-C3576A4F34D0}]

2011-05-09 09:10 194416 ----a-w- c:\program files (x86)\Nuance\Nuance Cloud Connector\GlOverlayIcon32.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GladinetUploading]

@="{959A18D3-9CC9-41e8-B76F-34ED9A89D4EA}"

[HKEY_CLASSES_ROOT\CLSID\{959A18D3-9CC9-41e8-B76F-34ED9A89D4EA}]

2011-05-09 09:13 194416 ----a-w- c:\program files (x86)\Nuance\Nuance Cloud Connector\GlOverlayIconU32.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"cdloader"="c:\users\Laurie\AppData\Roaming\mjusbsp\cdloader2.exe" [2012-02-01 50592]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]

"ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2010-05-21 324976]

"DW7"="c:\program files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe" [2012-07-29 13003448]

"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"nmctxth"="c:\program files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-12-12 642856]

"ddoctorv2"="c:\program files (x86)\Comcast\Desktop Doctor\bin\sprtcmd.exe" [2008-04-24 202560]

"NielsenOnline"="c:\program files (x86)\NetRatingsNetSight\NetSight\NielsenOnline.exe" [2010-11-17 47424]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]

"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

"NBAgent"="c:\program files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe" [2011-09-20 1493288]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-07-13 336384]

"GIDDesktop"="c:\program files (x86)\SFT\GuardedID\gidd.exe" [2011-07-05 395528]

"PDF7 Registry Controller"="c:\program files (x86)\Nuance\PDF Create 7\RegistryController.exe" [2011-04-29 138528]

"DNS7reminder"="c:\program files (x86)\Nuance\NaturallySpeaking11\Ereg\Ereg.exe" [2007-04-16 259624]

"ISUSPM"="c:\programdata\FLEXnet\Connect\11\isuspm.exe" [2010-05-21 324976]

"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]

"OmniPage Preload"="c:\program files (x86)\Nuance\OmniPage18\OmniPage18.exe" [2011-05-10 2983200]

"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]

"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]

"PDFHook"="c:\program files (x86)\Nuance\PDF Create 7\pdfcreate7hook.exe" [2011-04-29 606496]

"Nuance OmniPage 18-reminder"="c:\program files (x86)\Nuance\OmniPage18\Ereg\Ereg.exe" [2010-10-27 333088]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]

"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2012-07-16 296096]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

"Conime"="c:\windows\system32\conime.exe" [bU]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"DeleteEngineAfterUpdate"="reg DELETE HKCU\Software\AppDataLow\Software\ConduitEngine" [X]

"KodakHomeCenter"="c:\program files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe" [2012-06-19 2234840]

.

c:\users\Laurie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\Laurie\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]

magicJack.lnk - c:\users\Laurie\AppData\Roaming\mjusbsp\magicJackLoader.exe [2012-2-1 804672]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Constant Guard.lnk - c:\program files (x86)\Constant Guard Protection Suite\IDVault.exe [2012-7-18 6536304]

Nuance Cloud Connector.lnk - c:\program files (x86)\Nuance\Nuance Cloud Connector\GladLauncher.exe [2011-5-9 87920]

PhraseExpress.lnk - c:\program files (x86)\PhraseExpress\phraseexpress.exe [2012-2-22 7344336]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"EnableLinkedConnections"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux1"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]

"HP Software Update"=c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"

.

R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe [2012-02-10 193816]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-17 136176]

R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-15 250056]

R3 AODDriver4.0;AODDriver4.0;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2011-06-24 55424]

R3 ExpressAccountsService;Express Accounts;c:\program files (x86)\NCH Software\ExpressAccounts\expressaccounts.exe [2011-09-25 2654724]

R3 ExpressInvoiceService;Express Invoice;c:\program files (x86)\NCH Software\ExpressInvoice\expressinvoice.exe [2011-09-25 1781252]

R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-17 136176]

R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-17 113120]

R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-07-24 1255736]

R3 WUSB54GSCv2.NTamd64;Compact Wireless-G USB Network Adapter with SpeedBooster Service;c:\windows\system32\DRIVERS\WUSB54GSCV2_AMD64.sys [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]

S0 amd_sata;amd_sata;c:\windows\system32\drivers\amd_sata.sys [2010-11-04 75904]

S0 amd_xata;amd_xata;c:\windows\system32\drivers\amd_xata.sys [2010-11-04 38016]

S0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\DRIVERS\NBVol.sys [2011-07-13 72240]

S0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\DRIVERS\NBVolUp.sys [2011-07-13 15920]

S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0602010.005\SYMDS64.SYS [2011-08-16 451192]

S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0602010.005\SYMEFA64.SYS [2011-11-24 1092728]

S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\BASHDefs\20120811.003\BHDrvx64.sys [2012-08-11 1385120]

S1 ccSet_N360;Norton Security Suite Settings Manager;c:\windows\system32\drivers\N360x64\0602010.005\ccSetx64.sys [2011-11-04 167048]

S1 GIDv2;GIDv2; [x]

S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\IPSDefs\20120817.001\IDSvia64.sys [2012-06-29 509088]

S1 nnfwdk;Nielsen WFP Driver;c:\program files (x86)\NetRatingsNetSight\NetSight\meter9\nnfwdk64.sys [2012-03-20 25648]

S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0602010.005\Ironx64.SYS [2011-11-17 190072]

S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\0602010.005\SYMNETS.SYS [2011-11-17 405624]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-06-30 204288]

S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-07-13 361984]

S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2011-06-24 55424]

S2 DragonSvc;Dragon Service;c:\program files (x86)\Common Files\Nuance\dgnsvc.exe [2010-07-23 296808]

S2 GladFileMonSvc;GladFileMonSvc;c:\program files (x86)\Nuance\Nuance Cloud Connector\GladFileMonSvc.exe [2011-05-09 29552]

S2 HPAuto;HP Auto;c:\program files\Hewlett-Packard\HP Auto\HPAuto.exe [2011-02-17 682040]

S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]

S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]

S2 IDVaultSvc;CGPS Service;c:\program files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe [2012-07-18 66160]

S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [2012-06-19 394712]

S2 Kodak AiO Status Monitor Service;Kodak AiO Status Monitor Service;c:\program files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe [2012-06-19 777728]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]

S2 N360;Norton Security Suite;c:\program files (x86)\Norton Security Suite\Engine\6.2.1.5\ccSvcHst.exe [2012-03-27 138232]

S2 NielsenUpdate;Nielsen Update;c:\program files (x86)\NetRatingsNetSight\NetSight\NielsenUpdate.exe [2012-02-24 825664]

S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]

S2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files (x86)\Norton PC Checkup\Engine\2.0.12.27\SymcPCCULaunchSvc.exe [2011-12-01 135608]

S2 pcCMService;pcCMService;c:\program files (x86)\Common Files\Motive\pcCMService.exe [2012-06-12 368640]

S2 pcCMService64;pcCMService64;c:\program files\Common Files\Motive\pcCMService.exe [2012-06-12 460288]

S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.12.27\ccSvcHst.exe [2011-05-03 126392]

S2 pcServiceHost;pcServiceHost;c:\program files (x86)\Common Files\Motive\pcServiceHost.exe [2012-06-11 342016]

S2 PDF Suite 2012 Helper Service;PDF Suite 2012 Helper Service;c:\program files (x86)\PDF Suite 2012\HelperService.exe [2012-07-31 815496]

S2 PDF Suite 2012 Service;PDF Suite 2012 Service;c:\program files (x86)\PDF Suite 2012\ConversionService.exe [2012-07-31 724360]

S2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344]

S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]

S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-06-30 9371136]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-06-30 309760]

S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-02-05 231440]

S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe [2012-02-10 240408]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-08-13 138912]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]

S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-12-28 412776]

S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [2009-12-22 38456]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2011-06-20 19:05 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{9191979D-821C-4EA8-B021-2DA1D859A7C5}-3Reg]

2011-07-05 15:26 435976 ----a-w- c:\program files (x86)\SFT\GuardedID\GIDI.exe

.

Contents of the 'Scheduled Tasks' folder

.

2012-08-18 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-08 08:58]

.

2012-08-18 c:\windows\Tasks\AutoKMS.job

- c:\windows\AutoKMS\AutoKMS.exe [2011-09-19 23:09]

.

2012-08-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-17 15:54]

.

2012-08-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-17 15:54]

.

2012-08-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3877766120-1356258156-1109172098-1001Core.job

- c:\users\Laurie\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-23 18:30]

.

2012-08-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3877766120-1356258156-1109172098-1001UA.job

- c:\users\Laurie\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-23 18:30]

.

2012-08-18 c:\windows\Tasks\HPCeeScheduleForLaurie.job

- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]

.

2012-08-13 c:\windows\Tasks\HPCeeScheduleForZINCS-HP$.job

- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 97792 ----a-w- c:\users\Laurie\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 97792 ----a-w- c:\users\Laurie\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 97792 ----a-w- c:\users\Laurie\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 97792 ----a-w- c:\users\Laurie\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GladinetIconOverlay]

@="{3C3DC57A-7535-48AF-BB9E-C3576A4F34D0}"

[HKEY_CLASSES_ROOT\CLSID\{3C3DC57A-7535-48AF-BB9E-C3576A4F34D0}]

2011-05-09 09:11 192368 ----a-w- c:\program files (x86)\Nuance\Nuance Cloud Connector\GlOverlayIcon.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GladinetUploading]

@="{959A18D3-9CC9-41e8-B76F-34ED9A89D4EA}"

[HKEY_CLASSES_ROOT\CLSID\{959A18D3-9CC9-41e8-B76F-34ED9A89D4EA}]

2011-05-09 09:13 195440 ----a-w- c:\program files (x86)\Nuance\Nuance Cloud Connector\GlOverlayIconU.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]

"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-09-16 497648]

"Comcast_McciTrayApp"="c:\program files\Comcast\pcTrayApp.exe" [2012-06-12 2767360]

.

------- Supplementary Scan -------

.

uStart Page = hxxp://xfinity.comcast.net/?cid=cgps02122012

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = 127.0.0.1;*.local

IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html

IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105

TCP: DhcpNameServer = 75.75.75.75 75.75.76.76

FF - ProfilePath - c:\users\Laurie\AppData\Roaming\Mozilla\Firefox\Profiles\6hkwwsku.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2801948&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine -

FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2801948&SearchSource=13

FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(yahoo.ytff.general.dontshowhpoffer, true

FF - user.js: network.http.max-persistent-connections-per-server - 4

FF - user.js: nglayout.initialpaint.delay - 600

FF - user.js: content.notify.interval - 600000

FF - user.js: content.max.tokenizing.time - 1800000

FF - user.js: content.switch.threshold - 600000

.

- - - - ORPHANS REMOVED - - - -

.

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]

"ImagePath"="\"c:\program files (x86)\Norton Security Suite\Engine\6.2.1.5\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton Security Suite\Engine\6.2.1.5\diMaster.dll\" /prefetch:1"

--

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCCUJobMgr]

"ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.12.27\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.12.27\diMaster.dll\" /prefetch:1"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]

@Denied: (2) (LocalSystem)

"{8DCB7100-DF86-4384-8842-8FA844297B3F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,72,d8,

89,b4,91,ea,06,f7,54,cc,e8,41,77,3f,2b

"{5911488E-9D1E-40EC-8CBB-06B231CC153F}"=hex:51,66,7a,6c,4c,1d,38,12,e0,4b,02,

5d,2c,d3,82,05,f3,ad,45,f2,34,92,51,2b

"{2E5E800E-6AC0-411E-940A-369530A35E43}"=hex:51,66,7a,6c,4c,1d,38,12,60,83,4d,

2a,f2,24,70,04,eb,1c,75,d5,35,fd,1a,57

"{DCC70A83-E184-40A3-906B-779AF5E941C4}"=hex:51,66,7a,6c,4c,1d,38,12,ed,09,d4,

d8,b6,af,cd,05,ef,7d,34,da,f0,b7,05,d0

"{311B58DC-A4DC-4B04-B1B5-60299AD3D803}"=hex:51,66,7a,6c,4c,1d,38,12,b2,5b,08,

35,ee,ea,6a,0e,ce,a3,23,69,9f,8d,9c,17

"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"=hex:51,66,7a,6c,4c,1d,38,12,8d,ec,f8,

7b,2b,25,27,06,e7,c4,bc,f0,98,15,0d,de

"{37153479-1976-43C3-A1EE-557513977B64}"=hex:51,66,7a,6c,4c,1d,38,12,17,37,06,

33,44,57,ad,06,de,f8,16,35,16,c9,3f,70

"{47833539-D0C5-4125-9FA8-0819E2EAAC93}"=hex:51,66,7a,6c,4c,1d,38,12,57,36,90,

43,f7,9e,4b,04,e0,be,4b,59,e7,b4,e8,87

"{06E58E5E-F8CB-4049-991E-A41C03BD419E}"=hex:51,66,7a,6c,4c,1d,38,12,30,8d,f6,

02,f9,b6,27,05,e6,08,e7,5c,06,e3,05,8a

"{C3947F4E-8894-4C04-98E0-DF182C706DDF}"=hex:51,66,7a,6c,4c,1d,38,12,20,7c,87,

c7,a6,c6,6a,09,e7,f6,9c,58,29,2e,29,cb

"{26525CA7-F3FF-47C2-B829-09083718BEE1}"=hex:51,66,7a,6c,4c,1d,38,12,c9,5f,41,

22,cd,bd,ac,02,c7,3f,4a,48,32,46,fa,f5

"{30F9B915-B755-4826-820B-08FBA6BD249D}"=hex:51,66,7a,6c,4c,1d,38,12,7b,ba,ea,

34,67,f9,48,0d,fd,1d,4b,bb,a3,e3,60,89

"{47980628-3844-42AA-A0DD-E2D86BBA9600}"=hex:51,66,7a,6c,4c,1d,38,12,46,05,8b,

43,76,76,c4,07,df,cb,a1,98,6e,e4,d2,14

"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,

1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7

"{2AAE80CE-5D5E-4AD2-B722-E9E0A506CE52}"=hex:51,66,7a,6c,4c,1d,38,12,a0,83,bd,

2e,6c,13,bc,0f,c8,34,aa,a0,a0,58,8a,46

"{3049C3E9-B461-4BC5-8870-4C09146192CA}"=hex:51,66,7a,6c,4c,1d,38,12,87,c0,5a,

34,53,fa,ab,0e,f7,66,0f,49,11,3f,d6,de

"{3FDBA1BA-AE28-4045-9048-4ED2F3865629}"=hex:51,66,7a,6c,4c,1d,38,12,d4,a2,c8,

3b,1a,e0,2b,05,ef,5e,0d,92,f6,d8,12,3d

"{4BE60886-F6AA-4714-8109-EA6D8247DD57}"=hex:51,66,7a,6c,4c,1d,38,12,e8,0b,f5,

4f,98,b8,7a,02,fe,1f,a9,2d,87,19,99,43

"{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}"=hex:51,66,7a,6c,4c,1d,38,12,60,d8,39,

64,cd,04,79,07,f5,b7,d6,9a,c1,81,e0,1c

"{66516A07-F617-488A-90CF-4E690CFB3C5F}"=hex:51,66,7a,6c,4c,1d,38,12,69,69,42,

62,25,b8,e4,0d,ef,d9,0d,29,09,a5,78,4b

"{6D53EC84-6AAE-4787-AEEE-F4628F01010C}"=hex:51,66,7a,6c,4c,1d,38,12,ea,ef,40,

69,9c,24,e9,02,d1,f8,b7,22,8a,5f,45,18

"{6E13D095-45C3-4271-9475-F3B48227DD9F}"=hex:51,66,7a,6c,4c,1d,38,12,fb,d3,00,

6a,f1,0b,1f,07,eb,63,b0,f4,87,79,99,8b

"{6EBF7485-159F-4BFF-A14F-B9E3AAC4465B}"=hex:51,66,7a,6c,4c,1d,38,12,eb,77,ac,

6a,ad,5b,91,0e,de,59,fa,a3,af,9a,02,4f

"{6FFB615D-E8CE-4ADD-8D9F-31C4BE9C26E4}"=hex:51,66,7a,6c,4c,1d,38,12,33,62,e8,

6b,fc,a6,b3,0f,f2,89,72,84,bb,c2,62,f0

"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,

94,30,02,d1,0f,f1,da,12,24,73,56,27,d2

"{AE7CD045-E861-484F-8273-0445EE161910}"=hex:51,66,7a,6c,4c,1d,38,12,2b,d3,6f,

aa,53,a6,21,0d,fd,65,47,05,eb,48,5d,04

"{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}"=hex:51,66,7a,6c,4c,1d,38,12,92,9a,85,

b0,57,58,7a,01,de,dd,87,e2,a1,ff,7a,f8

"{B84CDBE7-1B46-494B-A188-01D4C52DEB61}"=hex:51,66,7a,6c,4c,1d,38,12,89,d8,5f,

bc,74,55,25,0c,de,9e,42,94,c0,73,af,75

"{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,3d,dd,

d6,78,b7,2e,02,e7,98,40,9c,2a,66,87,5b

"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,

df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd

"{E6D0B79E-ECAC-411B-8BF6-7A574981AF30}"=hex:51,66,7a,6c,4c,1d,38,12,f0,b4,c3,

e2,9e,a2,75,04,f4,e0,39,17,4c,df,eb,24

"{EDC0F17F-F4B7-47E4-B73E-887FAEB376FA}"=hex:51,66,7a,6c,4c,1d,38,12,11,f2,d3,

e9,85,ba,8a,02,c8,28,cb,3f,ab,ed,32,ee

"{F4971EE7-DAA0-4053-9964-665D8EE6A077}"=hex:51,66,7a,6c,4c,1d,38,12,89,1d,84,

f0,92,94,3d,05,e6,72,25,1d,8b,b8,e4,63

"{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}"=hex:51,66,7a,6c,4c,1d,38,12,70,05,61,

f9,ec,d1,23,0d,da,9c,48,eb,44,0f,8e,cc

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]

@Denied: (2) (LocalSystem)

"Timestamp"=hex:6a,d9,b4,e3,e8,59,cc,01

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (LocalSystem)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f2,08,ef,22,41,ed,e0,48,b0,e9,d4,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f2,08,ef,22,41,ed,e0,48,b0,e9,d4,\

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\NetRatingsNetSight]

"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DbgagD\1*]

"value"="?\08\02\09\01\15;S"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe

c:\program files (x86)\Comcast\Desktop Doctor\bin\sprtsvc.exe

c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

c:\program files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe

c:\program files (x86)\SFT\GuardedID\gidd.exe

.

**************************************************************************

.

Completion time: 2012-08-18 16:59:49 - machine was rebooted

ComboFix-quarantined-files.txt 2012-08-18 20:59

ComboFix2.txt 2012-08-18 12:58

.

Pre-Run: 322,160,668,672 bytes free

Post-Run: 321,859,592,192 bytes free

.

- - End Of File - - 00059E90F46EEF531449DEFD748246A0

[MrCharlie]

http://community.norton.com/t5/Norton-Internet-Security-Norton/NIS2012-crashing-with-changes-in-firewall/td-p/589474

Seems to be a know problem, MrC

[zalloy]

Well jeez, that figures. I guess I'll have to either work that one out with the Symantec people or switch to a different program. I only use Norton because it comes free with Xfinity. You know what they say sometimes about free stuff. Anyhoo, what could you tell from the log? So far, things seem like they're running much more smoothly, outside of the Norton bug. Do you think we fixed it?

[MrCharlie]

Just run this one last scan........

Please Update and run a Quick Scan with MBAM, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how computer is running now, MrC

[zalloy]

So far, so good. I think we kicked it. Thank you so much for all your help. Here's the log:

Malwarebytes Anti-Malware (PRO) 1.62.0.1300

www.malwarebytes.org

Database version: v2012.08.18.06

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Laurie :: ZINCS-HP [administrator]

Protection: Enabled

8/18/2012 6:00:48 PM

mbam-log-2012-08-18 (18-00-48).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 207074

Time elapsed: 5 minute(s), 30 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

[MrCharlie]

Great

A little clean up to do....

Please Uninstall ComboFix: (if you used it)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

Then hit enter.

This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall)

---------------------------------

Please download OTL from one of the links below: (you may already have OTL on the system)

http://oldtimer.geekstogo.com/OTL.exe

http://oldtimer.geekstogo.com/OTL.com

http://www.itxassociates.com/OT-Tools/OTL.exe

Save it to your desktop.

Run OTL and hit the CleanUp button. (This will cleanup the tools and logs used including itself)

Any other programs or logs you can manually delete.

IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST, etc....

-------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

[zalloy]

Thank you so much!

[Maurice Naggar]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!