Jump to content

Possible Virus

jaysabi

By jaysabi
in Resolved Malware Removal Logs

 Share

Recommended Posts

jaysabi

jaysabi

Posted
Posted

Short version: Computer has become just about worthless. Currently running in safe mode, which is the only thing that keeps the blue screen of death away, which I get within 3 minutes of rebooting without fail now (it had been increasing in frequency, seems to have reached critical mass). I have run an MBAM full scan and a Norton Anti-Virus full scan and neither has found anything. Computer resources are constantly hogged by something, svchost.exe usually, and a lot of data is being sent and received despite not actively using the internet. The two requested logs are below, though these were created while in safe mode, I don't know if that makes a difference:

.

DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1

Run by MJ at 9:27:29 on 2012-09-07

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2013.456 [GMT -5:00]

.

AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\Explorer.EXE

C:\Windows\system32\ctfmon.exe

C:\Windows\helppane.exe

C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE

C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\conhost.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.bing.com/

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: PlusIEEventHelper Class: {551a852f-39a6-44a7-9c13-afbec9185a9d} - c:\program files\nuance\pdf viewer plus\bin\PlusIEContextMenu.dll

BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\19.8.0.14\coIEPlg.dll

BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\19.8.0.14\ips\IPSBHO.DLL

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll

BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\19.8.0.14\coIEPlg.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background

uRun: [Adobe Acrobat Synchronizer] "c:\program files\adobe\acrobat 10.0\acrobat\AdobeCollabSync.exe"

uRun: [iSUSPM] c:\programdata\flexnet\connect\11\ISUSPM.exe -scheduler

uRun: [Google Update] "c:\users\mj\appdata\local\google\update\GoogleUpdate.exe" /c

mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe

mRun: [iAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe

mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"

mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"

mRun: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdcBase.exe

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [<NO NAME>]

mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 10.0\acrobat\Acrobat_sl.exe"

mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 10.0\acrobat\Acrotray.exe"

mRun: [indexSearch] "c:\program files\nuance\paperport\IndexSearch.exe"

mRun: [PaperPort PTD] "c:\program files\nuance\paperport\pptd40nt.exe"

mRun: [PPort12reminder] "c:\program files\nuance\paperport\ereg\ereg.exe" -r "c:\programdata\scansoft\paperport\12\config\ereg\Ereg.ini"

mRun: [PDFHook] c:\program files\nuance\pdf viewer plus\pdfpro5hook.exe

mRun: [PDF5 Registry Controller] c:\program files\nuance\pdf viewer plus\RegistryController.exe

mRun: [ControlCenter4] c:\program files\controlcenter4\BrCcBoot.exe /autorun

mRun: [brStsMon00] c:\program files\browny02\brother\BrStMonW.exe /AUTORUN

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [Carbonite Backup] c:\program files\carbonite\carbonite backup\CarboniteUI.exe

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\canonp~1.lnk - c:\windows\system32\spool\drivers\w32x86\3\CAPM1LAK.EXE

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office11\ONENOTEM.EXE

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\wddmst~1.lnk - c:\program files\western digital\wd smartware\wd drive manager\WDDMStatus.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\wdsmar~1.lnk - c:\program files\western digital\wd smartware\front parlor\WDSmartWare.exe

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office11\EXCEL.EXE/3000

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mif5ba~1\office11\REFIEBAR.DLL

Trusted Zone: advanceddiscovery.com\relativity5

Trusted Zone: kcura.com\relativity

DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab

DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab

DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {A6AD2813-EDAC-4CAA-B7A3-431EC0758C2D} - hxxps://relativity5.advanceddiscovery.com/Relativity/ActiveX/webclientmanager.cab

DPF: {BF985246-09BF-11D2-BE62-006097DF57F6} - hxxp://simcity.ea.com/play/classic/SimCityX.cab

DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://lexisnexiscenters.webex.com/client/T27L10NSP11EP5/event/ieatgpc1.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 68.94.156.1

TCP: Interfaces\{51F4D2AB-899D-4E15-A5ED-5FC988182DD8} : NameServer = 4.2.2.2

TCP: Interfaces\{51F4D2AB-899D-4E15-A5ED-5FC988182DD8} : DhcpNameServer = 68.94.156.1

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll

Notify: igfxcui - igfxdev.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\mj\appdata\roaming\mozilla\firefox\profiles\8k026ig1.default\

FF - component: c:\program files\adobe\acrobat 10.0\acrobat\browser\wcfirefoxextn\components\WCFirefox3Extn.dll

FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_19.5.1.2\ipsffplgn\components\IPSFFPl.dll

FF - plugin: c:\program files\adobe\acrobat 10.0\acrobat\air\nppdf32.dll

FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\npdeployJava1.dll

FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll

FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll

FF - plugin: c:\program files\oracle\javafx 2.1 runtime\bin\plugin2\npjp2.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

FF - plugin: c:\users\mj\appdata\local\google\update\1.3.21.123\npGoogleUpdate3.dll

FF - plugin: c:\windows\system32\npDeployJava1.dll

FF - plugin: c:\windows\system32\npmproxy.dll

.

============= SERVICES / DRIVERS ===============

.

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1308000.00e\symds.sys [2012-8-15 340088]

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1308000.00e\symefa.sys [2012-8-15 924320]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2010-6-23 275048]

S1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_19.5.1.2\definitions\bashdefs\20120905.001\BHDrvx86.sys [2012-8-31 995488]

S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\nis\1308000.00e\ccsetx86.sys [2012-8-15 132768]

S1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_19.5.1.2\definitions\ipsdefs\20120906.002\IDSvix86.sys [2012-9-6 386720]

S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1308000.00e\ironx86.sys [2012-8-15 149624]

S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\nis\1308000.00e\symnets.sys [2012-8-15 318584]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-7-27 63960]

S2 AERTFilters;Andrea RT Filters Service;c:\program files\realtek\audio\hda\AERTSrv.exe [2010-1-19 81920]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-9-22 136176]

S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2010-10-20 374184]

S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2008-8-11 12856]

S2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2010-2-11 47640]

S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-9-6 655944]

S2 NIS;Norton Internet Security;c:\program files\norton internet security\engine\19.8.0.14\ccsvchst.exe [2012-8-15 138272]

S2 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files\nuance\paperport\PDFProFiltSrvPP.exe [2010-3-9 144672]

S2 RapidPortM1;RapidPortM1;c:\windows\system32\drivers\CAPM1LP.SYS [2010-2-5 22912]

S2 WDDMService;WD SmartWare Drive Manager;c:\program files\western digital\wd smartware\wd drive manager\WDDMService.exe [2009-11-13 110592]

S2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\western digital\wd smartware\front parlor\WDSmartWareBackgroundService.exe [2009-6-16 20480]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 BrSerIb;Brother Serial Interface Driver(WDM);c:\windows\system32\drivers\BrSerIb.sys [2011-10-7 71424]

S3 BrUsbSIb;Brother Serial USB Driver(WDM);c:\windows\system32\drivers\BrUsbSib.sys [2011-10-7 11520]

S3 BrYNSvc;BrYNSvc;c:\program files\browny02\BrYNSvc.exe [2011-10-7 245760]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-9-6 106656]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-9-22 136176]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-9-6 22344]

S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-8-10 113120]

S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]

S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-4-6 52224]

S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-5-5 1343400]

S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2009-2-13 11520]

.

=============== Created Last 30 ================

.

2012-09-06 19:08:25 -------- d-sh--w- C:\found.001

2012-09-06 17:50:08 -------- d-----w- c:\users\mj\appdata\roaming\Malwarebytes

2012-09-06 17:49:59 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-09-06 17:49:59 -------- d-----w- c:\programdata\Malwarebytes

2012-09-06 17:49:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-08-24 17:26:22 -------- d-----w- c:\programdata\Carbonite

2012-08-24 17:26:22 -------- d-----w- c:\program files\Carbonite

2012-08-24 15:52:59 -------- d-sh--w- C:\found.000

2012-08-22 20:48:45 -------- d-----w- c:\users\mj\jagexcache1

2012-08-16 21:05:34 -------- d-----w- c:\windows\en

2012-08-16 21:03:26 19720 ----a-w- c:\programdata\microsoft\identitycrl\production\ppcrlconfig600.dll

2012-08-16 20:59:24 89944 ----a-w- c:\program files\common files\windows live\.cache\3f995a91cd7bf206\DSETUP.dll

2012-08-16 20:59:24 537432 ----a-w- c:\program files\common files\windows live\.cache\3f995a91cd7bf206\DXSETUP.exe

2012-08-16 20:59:24 1801048 ----a-w- c:\program files\common files\windows live\.cache\3f995a91cd7bf206\dsetup32.dll

2012-08-16 20:58:28 -------- d-----w- c:\users\mj\appdata\local\{54AF5CBF-5B61-48FD-AD5F-9DBD4A77655E}

2012-08-16 20:58:18 -------- d-----w- c:\users\mj\appdata\local\{27958AFA-33EF-44FC-9214-C12C96379B71}

2012-08-16 20:57:59 -------- d-----w- c:\users\mj\appdata\local\{03B31BD4-EFDD-4046-BFEE-86AFEE3AA771}

2012-08-16 20:57:48 -------- d-----w- c:\users\mj\appdata\local\{2A4F3DD4-7242-4259-8F62-DF5F5FA9B102}

2012-08-16 20:57:13 -------- d-----w- c:\users\mj\appdata\local\{788BDA24-56B7-4446-B0CE-1F0290D2C4D2}

2012-08-16 20:57:02 -------- d-----w- c:\users\mj\appdata\local\{7005D15B-1355-4D42-832C-C2B0C0A420F4}

2012-08-16 20:56:28 -------- d-----w- c:\users\mj\appdata\local\{1491FF06-6627-4E33-A0F0-C9BDB697B48E}

2012-08-16 20:56:08 -------- d-----w- c:\users\mj\appdata\local\{BA9055CD-206C-45D4-AED8-22425D128222}

2012-08-16 19:55:06 -------- d-----w- c:\users\mj\appdata\local\{91447190-21A3-46C2-BCB1-CC82B8A7FB6E}

2012-08-16 19:54:45 -------- d-----w- c:\users\mj\appdata\local\{F0AB2D87-E08E-4FD8-8003-6F2338107790}

2012-08-15 18:29:29 -------- d-----w- c:\program files\Oracle

2012-08-15 18:27:59 772544 ----a-w- c:\windows\system32\npDeployJava1.dll

2012-08-15 14:34:15 318584 ----a-w- c:\windows\system32\drivers\nis\1308000.00e\symnets.sys

2012-08-15 14:34:14 924320 ----a-w- c:\windows\system32\drivers\nis\1308000.00e\symefa.sys

2012-08-15 14:34:14 340088 ----a-r- c:\windows\system32\drivers\nis\1308000.00e\symds.sys

2012-08-15 14:34:13 32928 ----a-w- c:\windows\system32\drivers\nis\1308000.00e\srtspx.sys

2012-08-15 14:34:11 574112 ----a-w- c:\windows\system32\drivers\nis\1308000.00e\srtsp.sys

2012-08-15 14:34:11 149624 ----a-w- c:\windows\system32\drivers\nis\1308000.00e\ironx86.sys

2012-08-15 14:34:10 132768 ----a-w- c:\windows\system32\drivers\nis\1308000.00e\ccsetx86.sys

2012-08-15 14:33:10 8942 ----a-w- c:\windows\system32\drivers\nis\1308000.00e\symvtcer.dat

2012-08-15 14:33:10 -------- d-----w- c:\windows\system32\drivers\nis\1308000.00E

.

==================== Find3M ====================

.

2012-07-31 14:08:51 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-07-31 14:08:51 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-07-11 14:14:14 83392 ----a-w- c:\windows\system32\LMIRfsClientNP.dll

2012-07-11 14:14:13 87456 ----a-w- c:\windows\system32\LMIinit.dll

2012-07-11 14:14:13 52128 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll

2012-07-11 14:14:13 30624 ----a-w- c:\windows\system32\LMIport.dll

2012-07-06 03:06:20 687544 ----a-w- c:\windows\system32\deployJava1.dll

.

============= FINISH: 9:30:48.50 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Professional

Boot Device: \Device\HarddiskVolume2

Install Date: 2/3/2010 12:04:04 PM

System Uptime: 9/7/2012 9:25:10 AM (0 hours ago)

.

Motherboard: Dell Inc. | | 0JJW8N

Processor: Intel® Core2 Duo CPU E7500 @ 2.93GHz | Socket 775 | 2926/266mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 225 GiB total, 88.893 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Description: Security Processor Loader Driver

Device ID: ROOT\LEGACY_SPLDR\0000

Manufacturer:

Name: Security Processor Loader Driver

PNP Device ID: ROOT\LEGACY_SPLDR\0000

Service: spldr

.

==== System Restore Points ===================

.

RP130: 8/27/2012 11:47:06 AM - Installed Microsoft Fix it 50267

RP131: 9/4/2012 12:00:01 AM - Scheduled Checkpoint

.

==== Installed Programs ======================

.

Adobe Acrobat X Standard - English, Français, Deutsch

Adobe AIR

Adobe Flash Player 10 Plugin

Adobe Flash Player 11 ActiveX

Adobe Reader X (10.1.4)

Audacity 2.0

Brother MFL-Pro Suite MFC-7860DW

BYOJeopardy 1.2.12

Canon PC1200/iC D600/iR1200G

Carbonite

Compatibility Pack for the 2007 Office system

D3DX10

Dell Backup and Recovery Manager

Dell Edoc Viewer

Google Chrome

Google Earth

Google Update Helper

Intel® Graphics Media Accelerator Driver

Intel® TV Wizard

Intel® Matrix Storage Manager

Java Auto Updater

Java 6 Update 31

Java 7 Update 5

JavaFX 2.1.1

Junk Mail filter update

LAME v3.98.3 for Audacity

LogMeIn

Malwarebytes Anti-Malware version 1.62.0.1300

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft Application Error Reporting

Microsoft Office File Validation Add-In

Microsoft Office OneNote 2003

Microsoft Office PowerPoint Viewer 2007 (English)

Microsoft Office Professional Edition 2003

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 Redistributable

Mozilla Firefox 14.0.1 (x86 en-US)

Mozilla Maintenance Service

MSVCRT

MSXML 4.0 SP3 Parser

MSXML 4.0 SP3 Parser (KB973685)

Norton Internet Security

Nuance PaperPort 12

Nuance PDF Viewer Plus

OGA Notifier 2.0.0048.0

PaperPort Image Printer

PowerDVD DX

Realtek High Definition Audio Driver

Relativity Web Client 7.1

Relativity Web Client Manager 7.1

Roxio Creator Audio

Roxio Creator Copy

Roxio Creator Data

Roxio Creator DE 10.3

Roxio Creator Tools

Roxio Express Labeler 3

Roxio Update Manager

Scansoft PDF Professional

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

WD SmartWare

WebEx

Windows Live Communications Platform

Windows Live Essentials

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Mail

Windows Live MIME IFilter

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live Sync

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

WinZip 14.5

YouTube Downloader 3.4

.

==== Event Viewer Messages From Past Week ========

.

9/7/2012 9:27:44 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

9/7/2012 9:25:54 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

9/7/2012 9:25:53 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

9/7/2012 9:25:53 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

9/7/2012 9:25:52 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service CarboniteService with arguments "" in order to run the server: {36471C67-6A93-4434-92CC-4C614CD06666}

9/7/2012 9:25:47 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

9/7/2012 9:25:34 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx86 ccSet_NIS discache eeCtrl IDSVix86 spldr SRTSPX SymIRON SymNetS Wanarpv6

9/7/2012 9:25:31 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x83a7ab66, 0xb8c9af6c, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 090712-16239-01.

9/7/2012 9:24:06 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Update service, but this action failed with the following error: An instance of the service is already running.

9/7/2012 9:24:06 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Server service, but this action failed with the following error: An instance of the service is already running.

9/7/2012 9:24:06 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Background Intelligent Transfer Service service, but this action failed with the following error: An instance of the service is already running.

9/7/2012 9:23:06 AM, Error: Service Control Manager [7034] - The Application Information service terminated unexpectedly. It has done this 1 time(s).

9/7/2012 9:23:06 AM, Error: Service Control Manager [7031] - The Windows Update service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

9/7/2012 9:23:06 AM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

9/7/2012 9:23:06 AM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

9/7/2012 9:23:06 AM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

9/7/2012 9:23:06 AM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

9/7/2012 9:23:06 AM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

9/7/2012 9:23:06 AM, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

9/7/2012 9:23:06 AM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

9/7/2012 9:23:06 AM, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

9/7/2012 9:23:06 AM, Error: Service Control Manager [7031] - The IP Helper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

9/7/2012 9:23:06 AM, Error: Service Control Manager [7031] - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

9/7/2012 9:23:06 AM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

9/7/2012 9:23:06 AM, Error: Service Control Manager [7031] - The Computer Browser service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

9/7/2012 9:23:06 AM, Error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

9/7/2012 9:23:06 AM, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

9/7/2012 9:21:12 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x83a6ab66, 0x9c902f6c, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 090712-29936-01.

9/7/2012 9:16:46 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x83a5ab66, 0x8a93af6c, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 090712-32323-01.

9/7/2012 9:14:22 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Program Compatibility Assistant Service service, but this action failed with the following error: An instance of the service is already running.

9/7/2012 9:13:19 AM, Error: Service Control Manager [7034] - The Diagnostic System Host service terminated unexpectedly. It has done this 1 time(s).

9/7/2012 9:13:19 AM, Error: Service Control Manager [7031] - The Windows Driver Foundation - User-mode Driver Framework service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

9/7/2012 9:13:19 AM, Error: Service Control Manager [7031] - The Windows Audio Endpoint Builder service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

9/7/2012 9:13:19 AM, Error: Service Control Manager [7031] - The Superfetch service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

9/7/2012 9:13:19 AM, Error: Service Control Manager [7031] - The Program Compatibility Assistant Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

9/7/2012 9:13:19 AM, Error: Service Control Manager [7031] - The Portable Device Enumerator Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

9/7/2012 9:13:19 AM, Error: Service Control Manager [7031] - The Offline Files service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

9/7/2012 9:13:19 AM, Error: Service Control Manager [7031] - The Network Connections service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.

9/7/2012 9:13:19 AM, Error: Service Control Manager [7031] - The Distributed Link Tracking Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

9/7/2012 9:13:19 AM, Error: Service Control Manager [7031] - The Desktop Window Manager Session Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

9/7/2012 9:09:55 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

9/6/2012 9:28:20 AM, Error: Service Control Manager [7000] - The Application Information service failed to start due to the following error: The pipe has been ended.

9/6/2012 9:18:45 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IKEEXT service.

9/6/2012 9:18:45 AM, Error: Service Control Manager [7000] - The IKE and AuthIP IPsec Keying Modules service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

9/6/2012 6:04:53 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Winmgmt service.

9/6/2012 6:04:53 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service winmgmt with arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}

9/6/2012 4:52:45 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MMCSS service.

9/6/2012 4:52:45 PM, Error: Service Control Manager [7000] - The Multimedia Class Scheduler service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

9/6/2012 4:25:24 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ProfSvc service.

9/6/2012 4:25:24 PM, Error: Service Control Manager [7000] - The User Profile Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

9/6/2012 4:24:54 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SENS service.

9/6/2012 4:24:54 PM, Error: Service Control Manager [7000] - The System Event Notification Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

9/6/2012 4:23:54 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Windows Management Instrumentation service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.

9/6/2012 4:23:24 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the IKE and AuthIP IPsec Keying Modules service, but this action failed with the following error: An instance of the service is already running.

9/6/2012 4:23:24 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Computer Browser service, but this action failed with the following error: An instance of the service is already running.

9/6/2012 4:23:24 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the gpsvc service.

9/6/2012 4:23:24 PM, Error: Service Control Manager [7000] - The Group Policy Client service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

9/6/2012 2:28:52 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.

9/6/2012 2:27:55 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}

9/6/2012 2:27:55 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

9/6/2012 2:27:38 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD BHDrvx86 ccSet_NIS CSC DfsC discache eeCtrl IDSVix86 NetBIOS NetBT nsiproxy Psched rdbss spldr SRTSPX SymIRON SymNetS tdx Wanarpv6 WfpLwf

9/6/2012 2:27:38 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x83a72b66, 0xb89c0f6c, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 090612-18454-01.

9/6/2012 2:27:37 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.

9/6/2012 2:27:37 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

9/6/2012 2:27:37 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

9/6/2012 2:27:37 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

9/6/2012 2:27:37 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

9/6/2012 2:27:36 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

9/6/2012 2:27:36 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

9/6/2012 2:27:36 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.

9/6/2012 2:27:36 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.

9/6/2012 2:27:36 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

9/6/2012 2:24:27 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Server service to connect.

9/6/2012 2:24:27 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.

9/6/2012 2:24:27 PM, Error: Service Control Manager [7000] - The Server service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

9/6/2012 2:04:10 PM, Error: Service Control Manager [7001] - The Application Information service depends on the User Profile Service service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.

9/6/2012 2:02:40 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AeLookupSvc service.

9/6/2012 2:02:40 PM, Error: Service Control Manager [7000] - The Application Experience service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

9/6/2012 12:22:26 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Multimedia Class Scheduler service, but this action failed with the following error: An instance of the service is already running.

9/6/2012 12:15:20 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x00000074, 0x00000002, 0x00000001, 0x830ce92b). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 090612-24024-01.

9/6/2012 12:07:42 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Multimedia Class Scheduler service to connect.

9/6/2012 12:07:42 PM, Error: Service Control Manager [7001] - The Windows Audio service depends on the Multimedia Class Scheduler service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.

9/6/2012 11:11:10 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service wuauserv with arguments "" in order to run the server: {9B1F122C-2982-4E91-AA8B-E071D54F2A4D}

9/6/2012 10:39:01 AM, Error: Service Control Manager [7034] - The Windows Update service terminated unexpectedly. It has done this 2 time(s).

9/6/2012 10:39:01 AM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.

9/6/2012 10:39:01 AM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.

9/6/2012 10:39:01 AM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

9/6/2012 10:39:01 AM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

9/6/2012 10:39:01 AM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.

9/6/2012 10:39:01 AM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

9/6/2012 10:39:01 AM, Error: Service Control Manager [7031] - The IP Helper service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.

9/6/2012 10:39:01 AM, Error: Service Control Manager [7031] - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.

9/6/2012 10:39:01 AM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.

9/6/2012 10:39:01 AM, Error: Service Control Manager [7031] - The Computer Browser service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.

9/6/2012 10:39:01 AM, Error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

9/6/2012 10:39:01 AM, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

9/6/2012 10:01:47 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the LanmanServer service.

9/6/2012 1:59:40 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the iphlpsvc service.

9/6/2012 1:59:40 PM, Error: Service Control Manager [7000] - The IP Helper service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

9/6/2012 1:58:10 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the seclogon service.

9/6/2012 1:58:10 PM, Error: Service Control Manager [7000] - The Secondary Logon service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

9/6/2012 1:57:10 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.

9/6/2012 1:55:40 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the BITS service.

9/6/2012 1:55:40 PM, Error: Service Control Manager [7000] - The Background Intelligent Transfer Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

9/6/2012 1:55:10 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Schedule service.

9/6/2012 1:55:10 PM, Error: Service Control Manager [7000] - The Task Scheduler service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

9/6/2012 1:54:40 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Themes service.

9/6/2012 1:54:40 PM, Error: Service Control Manager [7000] - The Themes service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

9/6/2012 1:53:40 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the wuauserv service.

9/6/2012 1:53:40 PM, Error: Service Control Manager [7000] - The Windows Update service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

9/6/2012 1:52:10 PM, Error: Service Control Manager [7031] - The Secondary Logon service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

9/6/2012 1:44:40 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x83a65b66, 0x97c9ef6c, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 090612-36566-01.

9/6/2012 1:34:03 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x83a4bb66, 0xb5846f6c, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 090612-32853-01.

9/6/2012 1:28:18 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x83a63b66, 0xd0aaef6c, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 090612-40451-01.

9/6/2012 1:25:44 PM, Error: Service Control Manager [7034] - The Problem Reports and Solutions Control Panel Support service terminated unexpectedly. It has done this 1 time(s).

9/6/2012 1:25:07 PM, Error: Service Control Manager [7031] - The Windows Firewall service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

9/6/2012 1:25:07 PM, Error: Service Control Manager [7031] - The Diagnostic Policy Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

9/6/2012 1:25:07 PM, Error: Service Control Manager [7031] - The Base Filtering Engine service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

9/6/2012 1:10:20 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:.

9/5/2012 11:51:58 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the IKE and AuthIP IPsec Keying Modules service to connect.

9/5/2012 10:40:43 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.

9/4/2012 4:07:27 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer WS02 that believes that it is the master browser for the domain on transport NetBT_Tcpip_{51F4D2AB-899D-4E15-A5ED-5FC988182DD8}. The master browser is stopping or an election is being forced.

9/1/2012 4:11:20 AM, Error: Service Control Manager [7034] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 3 time(s).

9/1/2012 4:11:20 AM, Error: Service Control Manager [7034] - The User Profile Service service terminated unexpectedly. It has done this 3 time(s).

9/1/2012 4:11:20 AM, Error: Service Control Manager [7034] - The Themes service terminated unexpectedly. It has done this 3 time(s).

9/1/2012 4:11:20 AM, Error: Service Control Manager [7034] - The Task Scheduler service terminated unexpectedly. It has done this 3 time(s).

9/1/2012 4:11:20 AM, Error: Service Control Manager [7034] - The System Event Notification Service service terminated unexpectedly. It has done this 3 time(s).

9/1/2012 4:11:20 AM, Error: Service Control Manager [7034] - The Server service terminated unexpectedly. It has done this 3 time(s).

9/1/2012 4:11:20 AM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 3 time(s).

9/1/2012 4:11:20 AM, Error: Service Control Manager [7034] - The IP Helper service terminated unexpectedly. It has done this 3 time(s).

9/1/2012 4:11:20 AM, Error: Service Control Manager [7034] - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly. It has done this 3 time(s).

9/1/2012 4:11:20 AM, Error: Service Control Manager [7034] - The Group Policy Client service terminated unexpectedly. It has done this 3 time(s).

9/1/2012 4:11:20 AM, Error: Service Control Manager [7034] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 3 time(s).

8/31/2012 1:38:01 PM, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.

8/31/2012 1:28:35 PM, Error: Service Control Manager [7000] - The Application Experience service failed to start due to the following error: A thread could not be created for the service.

.

==== End Of File ===========================

Link to post
Share on other sites
Maurice Naggar

Maurice Naggar

Posted
Posted

Hello jaysabi.

As much as possible, you need to be in Normal mode of Windows.

You may have a very severe infection or perhaps failing hardware.

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.

For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select English as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:

  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select English as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:


    • Startup Repair
    • System Restore
    • Windows Complete PC Restore
    • Windows Memory Diagnostic Tool
    • Command Prompt i_arrow-l.gif

    [*]Select Command Prompt

    [*]In the command window type in notepad and press Enter.

    [*]The notepad opens. Under File menu select Open.

    [*]Select "Computer" and find your flash drive letter and close the notepad.

    [*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter

    Note: Replace letter e with the drive letter of your flash drive.

    [*]The tool will start to run.

    [*]When the tool opens click Yes to disclaimer.

    [*]Press Scan button.

    [*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

Link to post
Share on other sites
jaysabi

jaysabi

Posted
  • Author
Posted

Here is the requested log:

Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) (x86) Version: 08-09-2012

Ran by SYSTEM at 10-09-2012 09:28:30

Running from F:\

Windows 7 Professional (X86) OS Language: English(US)

The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7514656 2009-05-23] (Realtek Semiconductor)

HKLM\...\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-08-07] (Intel Corporation)

HKLM\...\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [140520 2009-06-24] (CyberLink Corp.)

HKLM\...\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" [63048 2008-08-11] (LogMeIn, Inc.)

HKLM\...\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdcBase.exe [x]

HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-27] (Adobe Systems Incorporated)

HKLM\...\Run: [] [x]

HKLM\...\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [36760 2012-01-03] (Adobe Systems Incorporated)

HKLM\...\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [815512 2012-01-03] (Adobe Systems Inc.)

HKLM\...\Run: [indexSearch] "C:\Program Files\Nuance\PaperPort\IndexSearch.exe" [46368 2010-03-08] (Nuance Communications, Inc.)

HKLM\...\Run: [PaperPort PTD] "C:\Program Files\Nuance\PaperPort\pptd40nt.exe" [29984 2010-03-08] (Nuance Communications, Inc.)

HKLM\...\Run: [PPort12reminder] "C:\Program Files\Nuance\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\12\Config\Ereg\Ereg.ini" [375 2012-09-10] ()

HKLM\...\Run: [PDFHook] C:\Program Files\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc.)

HKLM\...\Run: [PDF5 Registry Controller] C:\Program Files\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.)

HKLM\...\Run: [ControlCenter4] C:\Program Files\ControlCenter4\BrCcBoot.exe /autorun [139264 2010-10-26] (Brother Industries, Ltd.)

HKLM\...\Run: [brStsMon00] C:\Program Files\Browny02\Brother\BrStMonW.exe /AUTORUN [2621440 2010-06-10] (Brother Industries, Ltd.)

HKLM\...\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [252296 2012-01-17] (Sun Microsystems, Inc.)

HKLM\...\Run: [Carbonite Backup] C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe [1061960 2012-07-26] (Carbonite, Inc.)

HKLM\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462920 2012-07-03] (Malwarebytes Corporation)

HKU\LogMeInRemoteUser\...\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background [x]

HKU\LogMeInRemoteUser\...\Run: [Adobe Acrobat Synchronizer] "C:\Program Files\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe" [1243040 2012-01-03] (Adobe Systems Incorporated)

HKU\LogMeInRemoteUser\...\Run: [iSUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler [222496 2009-05-05] (Acresso Corporation)

HKU\MJ\...\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background [x]

HKU\MJ\...\Run: [Adobe Acrobat Synchronizer] "C:\Program Files\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe" [1243040 2012-01-03] (Adobe Systems Incorporated)

HKU\MJ\...\Run: [iSUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler [222496 2009-05-05] (Acresso Corporation)

HKU\MJ\...\Run: [Google Update] "C:\Users\MJ\AppData\Local\Google\Update\GoogleUpdate.exe" /c [116648 2012-08-15] (Google Inc.)

Tcpip\Parameters: [DhcpNameServer] 68.94.156.1

Tcpip\..\Interfaces\{51F4D2AB-899D-4E15-A5ED-5FC988182DD8}: [NameServer]4.2.2.2

Startup: C:\Users\All Users\Start Menu\Programs\Startup\Canon PC1200 iC D600 iR1200G Status Window.LNK

ShortcutTarget: Canon PC1200 iC D600 iR1200G Status Window.LNK -> C:\Windows\System32\spool\drivers\w32x86\3\CAPM1LAK.EXE (CANON INC.)

Startup: C:\Users\All Users\Start Menu\Programs\Startup\Microsoft Office OneNote 2003 Quick Launch.lnk

ShortcutTarget: Microsoft Office OneNote 2003 Quick Launch.lnk -> C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE (Microsoft Corporation)

Startup: C:\Users\All Users\Start Menu\Programs\Startup\WDDMStatus.lnk

ShortcutTarget: WDDMStatus.lnk -> C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (WDC)

Startup: C:\Users\All Users\Start Menu\Programs\Startup\WDSmartWare.lnk

ShortcutTarget: WDSmartWare.lnk -> C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe (Western Digital)

==================== Services ================================

2 AERTFilters; C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe [81920 2009-03-31] (Andrea Electronics Corporation)

3 BrYNSvc; "C:\Program Files\Browny02\BrYNSvc.exe" [245760 2010-01-25] (Brother Industries, Ltd.)

2 CarboniteService; "C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe" [4637768 2012-07-26] (Carbonite, Inc. (www.carbonite.com))

2 LMIGuardianSvc; "C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe" [374184 2012-07-11] (LogMeIn, Inc.)

2 LMIMaint; "C:\Program Files\LogMeIn\x86\RaMaint.exe" [136616 2012-07-11] (LogMeIn, Inc.)

2 LogMeIn; "C:\Program Files\LogMeIn\x86\LogMeIn.exe" [390528 2010-12-08] (LogMeIn, Inc.)

2 MBAMService; "C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe" [655944 2012-07-03] (Malwarebytes Corporation)

3 MozillaMaintenance; "C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe" [113120 2012-07-13] (Mozilla Foundation)

2 NIS; "C:\Program Files\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exe" /s "NIS" /m "C:\Program Files\Norton Internet Security\Engine\19.8.0.14\diMaster.dll" /prefetch:1 [309688 2012-04-12] (Symantec Corporation)

2 PDFProFiltSrvPP; C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-03-08] (Nuance Communications, Inc.)

2 WDDMService; "C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe" [110592 2009-11-13] (WDC)

2 WDSmartWareBackgroundService; "C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe" [20480 2009-06-16] (Memeo)

==================== Drivers =================================

1 BHDrvx86; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.1.2\Definitions\BASHDefs\20120905.001\BHDrvx86.sys [995488 2012-08-31] (Symantec Corporation)

1 ccSet_NIS; C:\Windows\system32\drivers\NIS\1308000.00E\ccSetx86.sys [132768 2012-06-06] (Symantec Corporation)

1 eeCtrl; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376480 2012-08-08] (Symantec Corporation)

3 EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [106656 2012-08-24] (Symantec Corporation)

1 IDSVix86; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.1.2\Definitions\IPSDefs\20120906.002\IDSvix86.sys [386720 2012-08-31] (Symantec Corporation)

3 JRAID; C:\Windows\system32\DRIVERS\jraid.sys [89048 2009-05-21] (JMicron Technology Corp.)

2 LMIInfo; \??\C:\Program Files\LogMeIn\x86\RaInfo.sys [12856 2008-08-11] (LogMeIn, Inc.)

3 lmimirr; C:\Windows\System32\DRIVERS\lmimirr.sys [10144 2008-08-11] (LogMeIn, Inc.)

2 LMIRfsDriver; \??\C:\Windows\system32\drivers\LMIRfsDriver.sys [47640 2008-08-11] (LogMeIn, Inc.)

3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [22344 2012-07-03] (Malwarebytes Corporation)

3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.1.2\Definitions\VirusDefs\20120906.002\NAVENG.SYS [92704 2012-08-24] (Symantec Corporation)

3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.1.2\Definitions\VirusDefs\20120906.002\NAVEX15.SYS [1601184 2012-08-24] (Symantec Corporation)

0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [45200 2009-07-09] (Sonic Solutions)

2 RapidPortM1; \??\C:\Windows\system32\Drivers\CAPM1LP.SYS [22912 2001-12-06] (CANON INC.)

3 SRTSP; C:\Windows\System32\Drivers\NIS\1308000.00E\SRTSP.SYS [574112 2012-07-05] (Symantec Corporation)

1 SRTSPX; C:\Windows\system32\drivers\NIS\1308000.00E\SRTSPX.SYS [32928 2012-07-05] (Symantec Corporation)

0 SymDS; C:\Windows\System32\drivers\NIS\1308000.00E\SYMDS.SYS [340088 2011-08-15] (Symantec Corporation)

0 SymEFA; C:\Windows\System32\drivers\NIS\1308000.00E\SYMEFA.SYS [924320 2012-05-21] (Symantec Corporation)

3 SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT.SYS [141944 2012-03-23] (Symantec Corporation)

1 SymIRON; C:\Windows\system32\drivers\NIS\1308000.00E\Ironx86.SYS [149624 2012-04-17] (Symantec Corporation)

1 SymNetS; C:\Windows\System32\Drivers\NIS\1308000.00E\SYMNETS.SYS [318584 2012-04-17] (Symantec Corporation)

4 LMIRfsClientNP; [x]

==================== NetSvcs (Whitelisted) =================

============ One Month Created Files and Folders ==============

2012-09-07 06:42 - 2012-09-07 06:42 - 00034847 ____A C:\Users\MJ\Desktop\Attach.txt

2012-09-07 06:42 - 2012-09-07 06:42 - 00017527 ____A C:\Users\MJ\Desktop\DDS.txt

2012-09-07 06:26 - 2012-09-07 06:26 - 00607260 ____R (Swearware) C:\Users\MJ\Desktop\dds.scr

2012-09-07 06:25 - 2012-09-07 06:25 - 00146296 ____A C:\Windows\Minidump\090712-16239-01.dmp

2012-09-07 06:21 - 2012-09-07 06:21 - 00146296 ____A C:\Windows\Minidump\090712-29936-01.dmp

2012-09-07 06:16 - 2012-09-07 06:16 - 00146296 ____A C:\Windows\Minidump\090712-32323-01.dmp

2012-09-06 11:27 - 2012-09-06 11:27 - 00146296 ____A C:\Windows\Minidump\090612-18454-01.dmp

2012-09-06 11:08 - 2012-09-06 11:08 - 00000000 __SHD C:\found.001

2012-09-06 10:49 - 2012-09-06 10:49 - 00000000 ____D C:\Users\ParkPlace\AppData\Roaming\TeamViewer

2012-09-06 10:47 - 2012-09-06 10:47 - 00090616 ____A C:\Users\ParkPlace\AppData\Local\GDIPFONTCACHEV1.DAT

2012-09-06 10:47 - 2012-09-06 10:47 - 00000000 ____D C:\Users\ParkPlace\AppData\Roaming\Western Digital

2012-09-06 10:47 - 2012-09-06 10:47 - 00000000 ____D C:\Users\ParkPlace\AppData\Local\Western_Digital

2012-09-06 10:47 - 2012-09-06 10:47 - 00000000 ____D C:\Users\ParkPlace\AppData\Local\Western Digital

2012-09-06 10:46 - 2012-09-06 10:47 - 00000000 ____D C:\Users\ParkPlace\AppData\Roaming\Adobe

2012-09-06 10:46 - 2012-09-06 10:46 - 00000000 ____D C:\Users\ParkPlace\AppData\Roaming\ControlCenter4

2012-09-06 10:46 - 2012-09-06 10:46 - 00000000 ____D C:\Users\ParkPlace\AppData\Local\LogMeIn

2012-09-06 10:46 - 2012-09-06 10:46 - 00000000 ____D C:\Users\ParkPlace\AppData\Local\Adobe

2012-09-06 10:45 - 2012-09-06 10:46 - 00000000 ____D C:\users\ParkPlace

2012-09-06 10:45 - 2012-09-06 10:45 - 00000020 __ASH C:\Users\ParkPlace\ntuser.ini

2012-09-06 10:45 - 2012-09-06 10:45 - 00000000 ____D C:\Users\ParkPlace\AppData\Local\VirtualStore

2012-09-06 10:45 - 2011-04-06 12:07 - 00000000 ____D C:\Users\ParkPlace\AppData\Roaming\Macromedia

2012-09-06 10:44 - 2012-09-06 10:44 - 00146296 ____A C:\Windows\Minidump\090612-36566-01.dmp

2012-09-06 10:33 - 2012-09-06 10:34 - 00146296 ____A C:\Windows\Minidump\090612-32853-01.dmp

2012-09-06 10:28 - 2012-09-06 10:28 - 00146312 ____A C:\Windows\Minidump\090612-40451-01.dmp

2012-09-06 09:50 - 2012-09-06 09:50 - 00001069 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2012-09-06 09:50 - 2012-09-06 09:50 - 00000000 ____D C:\Users\MJ\AppData\Roaming\Malwarebytes

2012-09-06 09:49 - 2012-09-06 09:50 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware

2012-09-06 09:49 - 2012-09-06 09:49 - 00000000 ____D C:\Users\All Users\Malwarebytes

2012-09-06 09:49 - 2012-07-03 10:46 - 00022344 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys

2012-09-06 09:20 - 2012-09-06 09:20 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\MJ\Desktop\mbam-setup-1.62.0.1300.exe

2012-09-06 09:15 - 2012-09-06 09:15 - 00146296 ____A C:\Windows\Minidump\090612-24024-01.dmp

2012-09-06 08:19 - 2012-09-06 08:19 - 00006576 ____N C:\bootsqm.dat

2012-09-06 07:31 - 2012-09-06 07:31 - 00601088 ____A C:\Users\MJ\Downloads\Ch4.ppt

2012-08-30 02:57 - 2012-08-30 02:57 - 00000844 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-84075024-2080030355-1644607755-1000Core1cd869e3049515f.job

2012-08-29 11:52 - 2012-08-29 11:52 - 00146296 ____A C:\Windows\Minidump\082912-19390-01.dmp

2012-08-27 08:46 - 2012-08-27 08:46 - 00980480 ____A C:\Users\MJ\Downloads\MicrosoftFixit50267.msi

2012-08-24 09:27 - 2012-08-24 09:27 - 00002104 ____A C:\Users\Public\Desktop\Carbonite InfoCenter.lnk

2012-08-24 09:26 - 2012-08-24 09:26 - 00000000 ____D C:\Users\All Users\Carbonite

2012-08-24 09:26 - 2012-08-24 09:26 - 00000000 ____D C:\Program Files\Carbonite

2012-08-24 09:23 - 2012-08-24 09:24 - 09127776 ____A (Carbonite, Inc.) C:\Users\MJ\Downloads\CarboniteSetup-vsb_premium.exe

2012-08-24 08:49 - 2012-08-24 08:50 - 00146296 ____A C:\Windows\Minidump\082412-25053-01.dmp

2012-08-24 07:52 - 2012-08-24 07:52 - 00000000 __SHD C:\found.000

2012-08-22 12:48 - 2012-08-22 12:48 - 00000042 ____A C:\Users\MJ\jagex_cl_runescape_LIVE1.dat

2012-08-22 12:48 - 2012-08-22 12:48 - 00000000 ____D C:\Users\MJ\jagexcache1

2012-08-20 09:43 - 2012-08-20 09:43 - 00146296 ____A C:\Windows\Minidump\082012-35193-01.dmp

2012-08-16 12:58 - 2012-08-16 12:58 - 00000000 ____D C:\Users\MJ\AppData\Local\{54AF5CBF-5B61-48FD-AD5F-9DBD4A77655E}

2012-08-16 12:58 - 2012-08-16 12:58 - 00000000 ____D C:\Users\MJ\AppData\Local\{27958AFA-33EF-44FC-9214-C12C96379B71}

2012-08-16 12:57 - 2012-08-16 12:58 - 00000000 ____D C:\Users\MJ\AppData\Local\{03B31BD4-EFDD-4046-BFEE-86AFEE3AA771}

2012-08-16 12:57 - 2012-08-16 12:57 - 00000000 ____D C:\Users\MJ\AppData\Local\{788BDA24-56B7-4446-B0CE-1F0290D2C4D2}

2012-08-16 12:57 - 2012-08-16 12:57 - 00000000 ____D C:\Users\MJ\AppData\Local\{7005D15B-1355-4D42-832C-C2B0C0A420F4}

2012-08-16 12:57 - 2012-08-16 12:57 - 00000000 ____D C:\Users\MJ\AppData\Local\{2A4F3DD4-7242-4259-8F62-DF5F5FA9B102}

2012-08-16 12:56 - 2012-08-16 12:56 - 00000000 ____D C:\Users\MJ\AppData\Local\{BA9055CD-206C-45D4-AED8-22425D128222}

2012-08-16 12:56 - 2012-08-16 12:56 - 00000000 ____D C:\Users\MJ\AppData\Local\{1491FF06-6627-4E33-A0F0-C9BDB697B48E}

2012-08-16 11:55 - 2012-08-16 11:55 - 00000000 ____D C:\Users\MJ\AppData\Local\{91447190-21A3-46C2-BCB1-CC82B8A7FB6E}

2012-08-16 11:54 - 2012-08-16 11:55 - 00000000 ____D C:\Users\MJ\AppData\Local\{F0AB2D87-E08E-4FD8-8003-6F2338107790}

2012-08-15 10:30 - 2012-08-15 10:30 - 00000000 ____D C:\Program Files\Common Files\Java

2012-08-15 10:29 - 2012-08-15 10:29 - 00000000 ____D C:\Program Files\Oracle

2012-08-15 10:27 - 2012-07-05 19:06 - 00772544 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll

2012-08-15 10:27 - 2012-07-05 19:06 - 00227760 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe

2012-08-15 10:26 - 2012-08-15 10:25 - 00174064 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe

2012-08-15 10:26 - 2012-08-15 10:25 - 00174064 ____A (Oracle Corporation) C:\Windows\System32\java.exe

2012-08-15 10:04 - 2012-08-15 10:04 - 00893936 ____A (Oracle Corporation) C:\Users\MJ\Downloads\chromeinstall-7u5.exe

2012-08-15 07:01 - 2012-09-05 07:28 - 00002398 ____A C:\Users\MJ\Desktop\Google Chrome.lnk

2012-08-15 06:59 - 2012-09-06 13:10 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-84075024-2080030355-1644607755-1000UA.job

2012-08-15 06:39 - 2012-08-15 06:40 - 00739808 ____A (Google Inc.) C:\Users\MJ\Downloads\ChromeSetup.exe

============ 3 Months Modified Files ========================

2012-09-10 06:20 - 2011-09-22 10:12 - 00000874 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2012-09-10 06:20 - 2009-07-13 20:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT

2012-09-10 06:19 - 2010-01-19 10:11 - 00782242 ____A C:\Windows\System32\PerfStringBackup.INI

2012-09-10 06:19 - 2009-07-13 20:53 - 00032682 ____A C:\Windows\Tasks\SCHEDLGU.TXT

2012-09-10 06:18 - 2009-07-13 20:34 - 00014256 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2012-09-10 06:18 - 2009-07-13 20:34 - 00014256 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2012-09-10 06:14 - 2009-07-13 20:55 - 01089714 ____A C:\Windows\WindowsUpdate.log

2012-09-10 06:10 - 2009-07-13 20:39 - 00191054 ____A C:\Windows\setupact.log

2012-09-07 09:26 - 2012-07-05 13:21 - 00000110 ____A C:\Users\MJ\Desktop\New Text Document.txt

2012-09-07 06:42 - 2012-09-07 06:42 - 00034847 ____A C:\Users\MJ\Desktop\Attach.txt

2012-09-07 06:42 - 2012-09-07 06:42 - 00017527 ____A C:\Users\MJ\Desktop\DDS.txt

2012-09-07 06:26 - 2012-09-07 06:26 - 00607260 ____R (Swearware) C:\Users\MJ\Desktop\dds.scr

2012-09-07 06:25 - 2012-09-07 06:25 - 00146296 ____A C:\Windows\Minidump\090712-16239-01.dmp

2012-09-07 06:25 - 2011-12-14 10:09 - 354639678 ____A C:\Windows\MEMORY.DMP

2012-09-07 06:21 - 2012-09-07 06:21 - 00146296 ____A C:\Windows\Minidump\090712-29936-01.dmp

2012-09-07 06:16 - 2012-09-07 06:16 - 00146296 ____A C:\Windows\Minidump\090712-32323-01.dmp

2012-09-06 13:10 - 2012-08-15 06:59 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-84075024-2080030355-1644607755-1000UA.job

2012-09-06 12:44 - 2011-09-22 10:12 - 00000878 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2012-09-06 11:27 - 2012-09-06 11:27 - 00146296 ____A C:\Windows\Minidump\090612-18454-01.dmp

2012-09-06 10:47 - 2012-09-06 10:47 - 00090616 ____A C:\Users\ParkPlace\AppData\Local\GDIPFONTCACHEV1.DAT

2012-09-06 10:45 - 2012-09-06 10:45 - 00000020 __ASH C:\Users\ParkPlace\ntuser.ini

2012-09-06 10:44 - 2012-09-06 10:44 - 00146296 ____A C:\Windows\Minidump\090612-36566-01.dmp

2012-09-06 10:34 - 2012-09-06 10:33 - 00146296 ____A C:\Windows\Minidump\090612-32853-01.dmp

2012-09-06 10:28 - 2012-09-06 10:28 - 00146312 ____A C:\Windows\Minidump\090612-40451-01.dmp

2012-09-06 09:50 - 2012-09-06 09:50 - 00001069 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2012-09-06 09:20 - 2012-09-06 09:20 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\MJ\Desktop\mbam-setup-1.62.0.1300.exe

2012-09-06 09:15 - 2012-09-06 09:15 - 00146296 ____A C:\Windows\Minidump\090612-24024-01.dmp

2012-09-06 08:19 - 2012-09-06 08:19 - 00006576 ____N C:\bootsqm.dat

2012-09-06 07:31 - 2012-09-06 07:31 - 00601088 ____A C:\Users\MJ\Downloads\Ch4.ppt

2012-09-06 06:38 - 2011-11-04 06:19 - 00000032 ____A C:\Users\MJ\jagex_cl_runescape_LIVE.dat

2012-09-05 07:28 - 2012-08-15 07:01 - 00002398 ____A C:\Users\MJ\Desktop\Google Chrome.lnk

2012-09-05 06:14 - 2010-01-19 12:02 - 00051908 ____A C:\Windows\PFRO.log

2012-08-30 02:57 - 2012-08-30 02:57 - 00000844 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-84075024-2080030355-1644607755-1000Core1cd869e3049515f.job

2012-08-29 11:52 - 2012-08-29 11:52 - 00146296 ____A C:\Windows\Minidump\082912-19390-01.dmp

2012-08-27 08:46 - 2012-08-27 08:46 - 00980480 ____A C:\Users\MJ\Downloads\MicrosoftFixit50267.msi

2012-08-24 09:27 - 2012-08-24 09:27 - 00002104 ____A C:\Users\Public\Desktop\Carbonite InfoCenter.lnk

2012-08-24 09:24 - 2012-08-24 09:23 - 09127776 ____A (Carbonite, Inc.) C:\Users\MJ\Downloads\CarboniteSetup-vsb_premium.exe

2012-08-24 08:50 - 2012-08-24 08:49 - 00146296 ____A C:\Windows\Minidump\082412-25053-01.dmp

2012-08-22 12:51 - 2010-12-17 12:16 - 00000129 ____A C:\Users\MJ\jagex_runescape_preferences2.dat

2012-08-22 12:48 - 2012-08-22 12:48 - 00000042 ____A C:\Users\MJ\jagex_cl_runescape_LIVE1.dat

2012-08-22 12:48 - 2010-12-17 12:14 - 00000035 ____A C:\Users\MJ\jagex_runescape_preferences.dat

2012-08-20 09:43 - 2012-08-20 09:43 - 00146296 ____A C:\Windows\Minidump\082012-35193-01.dmp

2012-08-16 06:13 - 2010-02-03 11:31 - 00002425 ____A C:\Users\Public\Desktop\Norton Internet Security.lnk

2012-08-15 10:25 - 2012-08-15 10:26 - 00174064 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe

2012-08-15 10:25 - 2012-08-15 10:26 - 00174064 ____A (Oracle Corporation) C:\Windows\System32\java.exe

2012-08-15 10:04 - 2012-08-15 10:04 - 00893936 ____A (Oracle Corporation) C:\Users\MJ\Downloads\chromeinstall-7u5.exe

2012-08-15 06:40 - 2012-08-15 06:39 - 00739808 ____A (Google Inc.) C:\Users\MJ\Downloads\ChromeSetup.exe

2012-08-10 06:42 - 2010-06-21 11:56 - 00001090 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk

2012-08-10 06:40 - 2012-08-10 06:32 - 16814136 ____A (Mozilla) C:\Users\MJ\Downloads\Firefox Setup 14.0.1.exe

2012-08-06 10:00 - 2012-08-06 10:00 - 00146296 ____A C:\Windows\Minidump\080612-30482-01.dmp

2012-07-31 06:08 - 2012-07-31 06:08 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe

2012-07-31 06:08 - 2011-12-02 10:48 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl

2012-07-11 10:29 - 2012-07-11 10:29 - 00000967 ____A C:\Users\MJ\Desktop\Audacity.lnk

2012-07-11 06:14 - 2010-02-11 07:31 - 00087456 ____A (LogMeIn, Inc.) C:\Windows\System32\LMIinit.dll

2012-07-11 06:14 - 2010-02-11 07:31 - 00083392 ____A (LogMeIn, Inc.) C:\Windows\System32\LMIRfsClientNP.dll

2012-07-11 06:14 - 2010-02-11 07:31 - 00030624 ____A (LogMeIn, Inc.) C:\Windows\System32\LMIport.dll

2012-07-05 19:06 - 2012-08-15 10:27 - 00772544 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll

2012-07-05 19:06 - 2012-08-15 10:27 - 00227760 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe

2012-07-05 19:06 - 2010-11-15 07:30 - 00687544 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll

2012-07-03 10:46 - 2012-09-06 09:49 - 00022344 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys

2012-06-20 12:18 - 2012-06-20 12:18 - 00027997 ____A C:\Users\MJ\Downloads\game.php

2012-06-15 10:24 - 2012-06-15 10:23 - 36586496 ____A C:\Users\MJ\Desktop\Possibly Privileged Pulled.pst

==================== Known DLLs (Whitelisted) =================

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK

HKLM\...\exefile\DefaultIcon: %1 => OK

HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-08-27 08:47:27

Restore point made on: 2012-08-27 13:46:33

Restore point made on: 2012-08-28 08:12:12

Restore point made on: 2012-08-31 06:08:01

Restore point made on: 2012-09-03 12:07:23

Restore point made on: 2012-09-03 21:00:16

Restore point made on: 2012-09-03 22:20:19

Restore point made on: 2012-09-04 22:30:09

Restore point made on: 2012-09-05 06:09:30

==================== Memory info ===========================

Percentage of memory in use: 21%

Total physical RAM: 2012.99 MB

Available physical RAM: 1589.05 MB

Total Pagefile: 2012.99 MB

Available Pagefile: 1592.38 MB

Total Virtual: 2047.88 MB

Available Virtual: 1968.7 MB

==================== Partitions ============================

1 Drive c: (OS) (Fixed) (Total:224.86 GB) (Free:88.8 GB) NTFS

3 Drive f: () (Removable) (Total:14.9 GB) (Free:11.87 GB) FAT32

4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

5 Drive y: (RECOVERY) (Fixed) (Total:7.93 GB) (Free:4.77 GB) NTFS ==>[system with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt

-------- ------------- ------- ------- --- ---

Disk 0 Online 232 GB 0 B

Disk 1 Online 14 GB 0 B

Partitions of Disk 0:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 OEM 39 MB 31 KB

Partition 2 Primary 8118 MB 40 MB

Partition 3 Primary 224 GB 8158 MB

==================================================================================

Disk: 0

Partition 1

Type : DE

Hidden: Yes

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 4 FAT Partition 39 MB Healthy Hidden

==================================================================================

Disk: 0

Partition 2

Type : 07

Hidden: No

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 1 Y RECOVERY NTFS Partition 8118 MB Healthy

==================================================================================

Disk: 0

Partition 3

Type : 07

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 2 C OS NTFS Partition 224 GB Healthy

==================================================================================

Partitions of Disk 1:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 14 GB 16 KB

==================================================================================

Disk: 1

Partition 1

Type : 0C

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 3 F FAT32 Removable 14 GB Healthy

==================================================================================

Last Boot: 2012-08-27 15:10

==================== End Of Log =============================

Link to post
Share on other sites
Maurice Naggar

Maurice Naggar

Posted
Posted

There does not appear to be something of a malware nature shown.

Power off or disconnect the printer & possibly some external peripherals.

Restart Windows fresh in Normal mode.

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

Please download Rkill by Grinler and save it to your desktop.


Link 2
Link 3
Link 4
Double-click on the Rkill desktop icon to run the tool.
If using Vista or Windows 7, right-click on it and Run As Administrator.
A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
If not, delete the file, then download and use the one provided in Link 2.
If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
If the tool does not run from any of the links provided, please let me know.
If your antivirus program gives a prompt message, respond positive to allow RKILL to run.
If a malware-rogue gives a message regarding RKILL, proceed forward to running RKILL

IF you still have a problem running RKILL, you can download iExplore.exe or eXplorer.exe, which are renamed copies of rkill.com, and try them instead.

When all done, rkill.txt log file will be on your desktop. Copy & Paste contents of Rkill.txt into a reply.

More Information about Rkill can be found at this link: http://www.bleepingcomputer.com/forums/topic308364.html

Next, do the following

Step 1

1. Go >> Here << and download ERUNT

(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)

2. Install ERUNT by following the prompts

(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)

3. Start ERUNT

(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)

4. Choose a location for the backup

(the default location is C:\WINDOWS\ERDNT which is acceptable).

5. Make sure that at least the first two check boxes are ticked

6. Press OK

7. Press YES to create the folder.

Step 2

To show all files:

  • Go to your Desktop
  • Double-Click the Computer icon.
  • From the menu options, Select Tools, then Folder Options.
  • Next click the View tab.
  • Locate and uncheck Hide file extensions for known file types.
  • Locate and uncheck Hide protected operating system files (Recommended).
  • Locate and click Show hidden files and folders and drives.
  • Click Apply > OK.

Step 3

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

Download aswMBR.exe ( 511KB ) to your desktop.

On Windows 7 or Vista, RIGHT click on aswMBR.exe and select Run As Administrator to start.

On Windows XP, double click the exe to start.

change the a-v scan to None.

uncheck trace disk IO calls

Click the "Scan" button to start scan

On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply

Do not click any FIX button. We just need an initial report.

Step 4

Please read carefully and follow these steps.

  • Download TDSSKiller and save it to your Desktop.
  • Double-Click on TDSSKiller.exe to run the application, then on Start Scan.
    If running Vista or Windows 7, do a RIGHT-Click and select Run as Administrator to start TDSSKILLER.exe.
  • If an infected file is detected, the default action will be Cure, click on Continue.
    TDSSKillerMal-1.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
    Skip and click on Continue
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    TDSSKillerCompleted.png
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Step 5

  • Download & SAVE to your Desktop >> Tigzy's RogueKillerfrom here << or
    >> from here <<
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.
    For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on Scan button at upper right of screen.
  • Wait until the Status box shows "Scan Finished"
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller

Do NOT click any FIX buttons !

Step 6

RE-Enable your antivirus program. excl.png

Then copy/paste the following into your post (in order):

  • the contents of aswMBR report;
  • the contents of TDSSKILLER log;
  • the contents of RKReport log;

Be sure to do a Preview prior to pressing Submit because all reports may not fit into 1 single reply. You may have to do more than 1 reply.

Do not use the attachment feature to place any of your reports. Always put them in-line inside the body of reply.

Download Security Check by screen317 from here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

OTL

Download OTL by OldTimer & SAVE to your desktop: http://oldtimer.geekstogo.com/OTL.exe

Please close any of your open windows/programs and exit; saving any open work you have.

I'd like to have you do a special run of OTL to generate some searches & a new log-report.

  • Please double-click OTL.exe otlDesktopIcon.png to run it. (Note: If you are running on Vista or Windows 7, right-click on the file and choose Run As Administrator).
  • Copy all the lines in between the **** stars lines **** below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
    *****************************************************************
    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %ALLUSERSPROFILE%\Application Data\*.
    %ALLUSERSPROFILE%\Application Data\*.exe /s
    %ALLUSERSPROFILE%\Application Data\*.dll /s
    %APPDATA%\*.
    %APPDATA%\*.exe /s
    %APPDATA%\*.dll /s
    %SYSTEMDRIVE%\*.exe
    /md5start
    services.exe
    themeui.dll
    beep.sys
    userinit.exe
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    /md5stop
    c:|services;true;true;true; /FP
    %USERPROFILE%\..|smtmp;true;true;true /FP
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    CREATERESTOREPOINT
    *****************************************************************
  • Return to OTL. Right click in the "Custom Scans/Fixes" window (under the aqua-blue bar) and choose Paste.
  • Close any browser(s) windows that may be open.
  • Using your mouse, click on Run Scan.
  • The scan won't take long.
    When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
    These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of just OTL.txt

Link to post
Share on other sites
jaysabi

jaysabi

Posted
  • Author
Posted

All right, I have 7 reports that have been generated from all the various programs. I think you've asked for 5 or 6 of them.

RKILL

Rkill 2.3.11 by Lawrence Abrams (Grinler)

http://www.bleepingcomputer.com/

Copyright 2008-2012 BleepingComputer.com

More Information about Rkill can be found at this link:

http://www.bleepingc...opic308364.html

Program started at: 09/10/2012 11:46:07 AM in x86 mode.

Windows Version: Windows 7 Professional Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* Windows Defender Disabled

[HKLM\SOFTWARE\Microsoft\Windows Defender]

"DisableAntiSpyware" = dword:00000001

Checking Windows Service Integrity:

* Windows Defender (WinDefend) is not Running.

Startup Type set to: Manual

Searching for Missing Digital Signatures:

* No issues found.

Program finished at: 09/10/2012 11:46:22 AM

Execution time: 0 hours(s), 0 minute(s), and 15 seconds(s)

ASWMBR

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software

Run date: 2012-09-10 11:59:28

-----------------------------

11:59:28.110 OS Version: Windows 6.1.7601 Service Pack 1

11:59:28.110 Number of processors: 2 586 0x170A

11:59:28.110 ComputerName: MJ-PC UserName: MJ

11:59:29.030 Initialize success

11:59:46.748 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1

11:59:46.748 Disk 0 Vendor: WDC_WD25 02.0 Size: 238418MB BusType: 3

11:59:46.748 Disk 0 MBR read successfully

11:59:46.748 Disk 0 MBR scan

11:59:46.763 Disk 0 Windows VISTA default MBR code

11:59:46.763 Disk 0 MBR hidden

11:59:46.763 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63

11:59:46.794 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 8118 MB offset 81920

11:59:46.794 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 230259 MB offset 16707584

11:59:46.810 Disk 0 scanning sectors +488278016

11:59:46.904 Disk 0 scanning C:\Windows\system32\drivers

11:59:54.501 Service scanning

12:00:19.461 Modules scanning

12:00:28.181 Scan finished successfully

12:00:45.139 Disk 0 MBR has been saved successfully to "C:\Users\MJ\Desktop\MBR.dat"

12:00:45.139 The log file has been saved successfully to "C:\Users\MJ\Desktop\aswMBR.txt"

TDSSKILLER

12:01:58.0728 2916 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48

12:02:00.0756 2916 ============================================================

12:02:00.0756 2916 Current date / time: 2012/09/10 12:02:00.0756

12:02:00.0756 2916 SystemInfo:

12:02:00.0756 2916

12:02:00.0756 2916 OS Version: 6.1.7601 ServicePack: 1.0

12:02:00.0756 2916 Product type: Workstation

12:02:00.0756 2916 ComputerName: MJ-PC

12:02:00.0756 2916 UserName: MJ

12:02:00.0756 2916 Windows directory: C:\Windows

12:02:00.0756 2916 System windows directory: C:\Windows

12:02:00.0756 2916 Processor architecture: Intel x86

12:02:00.0756 2916 Number of processors: 2

12:02:00.0756 2916 Page size: 0x1000

12:02:00.0756 2916 Boot type: Normal boot

12:02:00.0756 2916 ============================================================

12:02:01.0489 2916 Drive \Device\Harddisk0\DR0 - Size: 0x3A35294400 (232.83 Gb), SectorSize: 0x200, Cylinders: 0x76BA, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

12:02:01.0489 2916 ============================================================

12:02:01.0489 2916 \Device\Harddisk0\DR0:

12:02:01.0489 2916 MBR partitions:

12:02:01.0489 2916 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0xFDB000

12:02:01.0489 2916 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xFEF000, BlocksNum 0x1C1B9800

12:02:01.0489 2916 ============================================================

12:02:01.0536 2916 C: <-> \Device\Harddisk0\DR0\Partition2

12:02:01.0536 2916 ============================================================

12:02:01.0536 2916 Initialize success

12:02:01.0536 2916 ============================================================

12:02:07.0979 1280 ============================================================

12:02:07.0979 1280 Scan started

12:02:07.0979 1280 Mode: Manual;

12:02:07.0979 1280 ============================================================

12:02:09.0164 1280 ================ Scan system memory ========================

12:02:09.0164 1280 System memory - ok

12:02:09.0164 1280 ================ Scan services =============================

12:02:09.0429 1280 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys

12:02:09.0429 1280 1394ohci - ok

12:02:09.0585 1280 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys

12:02:09.0585 1280 ACPI - ok

12:02:09.0632 1280 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys

12:02:09.0632 1280 AcpiPmi - ok

12:02:09.0897 1280 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

12:02:09.0897 1280 AdobeARMservice - ok

12:02:10.0007 1280 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys

12:02:10.0022 1280 adp94xx - ok

12:02:10.0053 1280 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys

12:02:10.0053 1280 adpahci - ok

12:02:10.0069 1280 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys

12:02:10.0069 1280 adpu320 - ok

12:02:10.0116 1280 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll

12:02:10.0116 1280 AeLookupSvc - ok

12:02:10.0147 1280 [ 7A841462AD4749F8A07B27AE8E8947B8 ] AERTFilters C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe

12:02:10.0147 1280 AERTFilters - ok

12:02:10.0194 1280 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys

12:02:10.0209 1280 AFD - ok

12:02:10.0256 1280 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys

12:02:10.0256 1280 agp440 - ok

12:02:10.0287 1280 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys

12:02:10.0287 1280 aic78xx - ok

12:02:10.0350 1280 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe

12:02:10.0350 1280 ALG - ok

12:02:10.0412 1280 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys

12:02:10.0412 1280 aliide - ok

12:02:10.0553 1280 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys

12:02:10.0553 1280 amdagp - ok

12:02:10.0599 1280 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys

12:02:10.0599 1280 amdide - ok

12:02:10.0631 1280 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys

12:02:10.0646 1280 AmdK8 - ok

12:02:10.0662 1280 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys

12:02:10.0677 1280 AmdPPM - ok

12:02:10.0740 1280 [ E7F4D42D8076EC60E21715CD11743A0D ] amdsata C:\Windows\system32\drivers\amdsata.sys

12:02:10.0740 1280 amdsata - ok

12:02:10.0755 1280 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys

12:02:10.0755 1280 amdsbs - ok

12:02:10.0802 1280 [ 146459D2B08BFDCBFA856D9947043C81 ] amdxata C:\Windows\system32\drivers\amdxata.sys

12:02:10.0802 1280 amdxata - ok

12:02:10.0849 1280 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys

12:02:10.0865 1280 AppID - ok

12:02:10.0896 1280 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll

12:02:10.0896 1280 AppIDSvc - ok

12:02:10.0958 1280 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\Windows\System32\appinfo.dll

12:02:10.0958 1280 Appinfo - ok

12:02:11.0036 1280 [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt C:\Windows\System32\appmgmts.dll

12:02:11.0036 1280 AppMgmt - ok

12:02:11.0067 1280 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys

12:02:11.0067 1280 arc - ok

12:02:11.0083 1280 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys

12:02:11.0083 1280 arcsas - ok

12:02:11.0208 1280 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe

12:02:11.0691 1280 aspnet_state - ok

12:02:11.0723 1280 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys

12:02:11.0738 1280 AsyncMac - ok

12:02:11.0801 1280 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys

12:02:11.0801 1280 atapi - ok

12:02:11.0879 1280 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll

12:02:11.0879 1280 AudioEndpointBuilder - ok

12:02:11.0894 1280 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll

12:02:11.0894 1280 Audiosrv - ok

12:02:12.0019 1280 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll

12:02:12.0019 1280 AxInstSV - ok

12:02:12.0081 1280 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys

12:02:12.0081 1280 b06bdrv - ok

12:02:12.0097 1280 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys

12:02:12.0113 1280 b57nd60x - ok

12:02:12.0144 1280 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll

12:02:12.0144 1280 BDESVC - ok

12:02:12.0284 1280 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys

12:02:12.0284 1280 Beep - ok

12:02:12.0393 1280 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll

12:02:12.0409 1280 BFE - ok

12:02:12.0768 1280 [ C364F02969E9A842321DD91BCFF749D4 ] BHDrvx86 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.1.2\Definitions\BASHDefs\20120905.001\BHDrvx86.sys

12:02:12.0799 1280 BHDrvx86 - ok

12:02:12.0861 1280 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\System32\qmgr.dll

12:02:12.0924 1280 BITS - ok

12:02:12.0939 1280 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys

12:02:12.0939 1280 blbdrive - ok

12:02:12.0986 1280 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys

12:02:12.0986 1280 bowser - ok

12:02:13.0002 1280 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys

12:02:13.0002 1280 BrFiltLo - ok

12:02:13.0033 1280 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys

12:02:13.0033 1280 BrFiltUp - ok

12:02:13.0064 1280 [ 6E11F33D14D020F58D5E02E4D67DFA19 ] Browser C:\Windows\System32\browser.dll

12:02:13.0064 1280 Browser - ok

12:02:13.0111 1280 [ 9F80879913DC2712FD0C4D734E3F519B ] BrSerIb C:\Windows\system32\DRIVERS\BrSerIb.sys

12:02:13.0111 1280 BrSerIb - ok

12:02:13.0142 1280 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys

12:02:13.0142 1280 Brserid - ok

12:02:13.0158 1280 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys

12:02:13.0158 1280 BrSerWdm - ok

12:02:13.0158 1280 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys

12:02:13.0158 1280 BrUsbMdm - ok

12:02:13.0173 1280 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys

12:02:13.0173 1280 BrUsbSer - ok

12:02:13.0205 1280 [ B67512DA42C0C90BF236D5485226C1C7 ] BrUsbSIb C:\Windows\system32\DRIVERS\BrUsbSIb.sys

12:02:13.0205 1280 BrUsbSIb - ok

12:02:13.0236 1280 [ EA7E57F87D6FEE5FD6C5F813C04E8CD2 ] BrYNSvc C:\Program Files\Browny02\BrYNSvc.exe

12:02:13.0236 1280 BrYNSvc - ok

12:02:13.0251 1280 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys

12:02:13.0251 1280 BTHMODEM - ok

12:02:13.0283 1280 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll

12:02:13.0283 1280 bthserv - ok

12:02:13.0439 1280 [ 442745BF42053A779AB514C5746DF11B ] CarboniteService C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe

12:02:13.0532 1280 CarboniteService - ok

12:02:13.0641 1280 [ ACE85AF1C31F68BDFEE9333F6592917E ] ccSet_NIS C:\Windows\system32\drivers\NIS\1308000.00E\ccSetx86.sys

12:02:13.0641 1280 ccSet_NIS - ok

12:02:13.0657 1280 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys

12:02:13.0657 1280 cdfs - ok

12:02:13.0704 1280 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\drivers\cdrom.sys

12:02:13.0719 1280 cdrom - ok

12:02:13.0751 1280 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll

12:02:13.0751 1280 CertPropSvc - ok

12:02:13.0782 1280 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys

12:02:13.0782 1280 circlass - ok

12:02:13.0813 1280 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys

12:02:13.0813 1280 CLFS - ok

12:02:13.0860 1280 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

12:02:13.0860 1280 clr_optimization_v2.0.50727_32 - ok

12:02:13.0907 1280 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

12:02:14.0031 1280 clr_optimization_v4.0.30319_32 - ok

12:02:14.0078 1280 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys

12:02:14.0078 1280 CmBatt - ok

12:02:14.0094 1280 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys

12:02:14.0094 1280 cmdide - ok

12:02:14.0125 1280 [ 6427525D76F61D0C519B008D3680E8E7 ] CNG C:\Windows\system32\Drivers\cng.sys

12:02:14.0125 1280 CNG - ok

12:02:14.0141 1280 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys

12:02:14.0141 1280 Compbatt - ok

12:02:14.0187 1280 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys

12:02:14.0187 1280 CompositeBus - ok

12:02:14.0187 1280 COMSysApp - ok

12:02:14.0203 1280 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys

12:02:14.0203 1280 crcdisk - ok

12:02:14.0250 1280 [ A585BEBF7D054BD9618EDA0922D5484A ] CryptSvc C:\Windows\system32\cryptsvc.dll

12:02:14.0250 1280 CryptSvc - ok

12:02:14.0297 1280 [ 3C2177A897B4CA2788C6FB0C3FD81D4B ] CSC C:\Windows\system32\drivers\csc.sys

12:02:14.0297 1280 CSC - ok

12:02:14.0328 1280 [ 15F93B37F6801943360D9EB42485D5D3 ] CscService C:\Windows\System32\cscsvc.dll

12:02:14.0343 1280 CscService - ok

12:02:14.0359 1280 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll

12:02:14.0375 1280 DcomLaunch - ok

12:02:14.0390 1280 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll

12:02:14.0406 1280 defragsvc - ok

12:02:14.0437 1280 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys

12:02:14.0437 1280 DfsC - ok

12:02:14.0484 1280 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll

12:02:14.0484 1280 Dhcp - ok

12:02:14.0499 1280 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys

12:02:14.0499 1280 discache - ok

12:02:14.0515 1280 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys

12:02:14.0531 1280 Disk - ok

12:02:14.0562 1280 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll

12:02:14.0562 1280 Dnscache - ok

12:02:14.0593 1280 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll

12:02:14.0593 1280 dot3svc - ok

12:02:14.0655 1280 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll

12:02:14.0655 1280 DPS - ok

12:02:14.0687 1280 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys

12:02:14.0687 1280 drmkaud - ok

12:02:14.0718 1280 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys

12:02:14.0733 1280 DXGKrnl - ok

12:02:14.0765 1280 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll

12:02:14.0765 1280 EapHost - ok

12:02:14.0843 1280 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys

12:02:14.0905 1280 ebdrv - ok

12:02:14.0967 1280 [ 85B8B4032A895A746D46A288A9B30DED ] eeCtrl C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys

12:02:14.0967 1280 eeCtrl - ok

12:02:14.0999 1280 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe

12:02:14.0999 1280 EFS - ok

12:02:15.0045 1280 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe

12:02:15.0061 1280 ehRecvr - ok

12:02:15.0092 1280 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe

12:02:15.0092 1280 ehSched - ok

12:02:15.0139 1280 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys

12:02:15.0155 1280 elxstor - ok

12:02:15.0186 1280 [ B5A8A04A6E5B4E86B95B1553AA918F5F ] EraserUtilRebootDrv C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

12:02:15.0201 1280 EraserUtilRebootDrv - ok

12:02:15.0233 1280 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys

12:02:15.0233 1280 ErrDev - ok

12:02:15.0264 1280 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll

12:02:15.0264 1280 EventSystem - ok

12:02:15.0279 1280 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys

12:02:15.0279 1280 exfat - ok

12:02:15.0295 1280 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys

12:02:15.0295 1280 fastfat - ok

12:02:15.0342 1280 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe

12:02:15.0357 1280 Fax - ok

12:02:15.0373 1280 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys

12:02:15.0373 1280 fdc - ok

12:02:15.0389 1280 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll

12:02:15.0404 1280 fdPHost - ok

12:02:15.0404 1280 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll

12:02:15.0404 1280 FDResPub - ok

12:02:15.0420 1280 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys

12:02:15.0420 1280 FileInfo - ok

12:02:15.0435 1280 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys

12:02:15.0435 1280 Filetrace - ok

12:02:15.0451 1280 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys

12:02:15.0451 1280 flpydisk - ok

12:02:15.0467 1280 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys

12:02:15.0467 1280 FltMgr - ok

12:02:15.0513 1280 [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache C:\Windows\system32\FntCache.dll

12:02:15.0529 1280 FontCache - ok

12:02:15.0576 1280 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

12:02:15.0576 1280 FontCache3.0.0.0 - ok

12:02:15.0576 1280 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys

12:02:15.0576 1280 FsDepends - ok

12:02:15.0607 1280 [ A574B4360E438977038AAE4BF60D79A2 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys

12:02:15.0607 1280 Fs_Rec - ok

12:02:15.0638 1280 [ 8A73E79089B282100B9393B644CB853B ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys

12:02:15.0638 1280 fvevol - ok

12:02:15.0685 1280 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys

12:02:15.0685 1280 gagp30kx - ok

12:02:15.0747 1280 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll

12:02:15.0763 1280 gpsvc - ok

12:02:15.0903 1280 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe

12:02:15.0903 1280 gupdate - ok

12:02:15.0919 1280 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe

12:02:15.0919 1280 gupdatem - ok

12:02:15.0950 1280 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys

12:02:15.0950 1280 hcw85cir - ok

12:02:15.0997 1280 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys

12:02:16.0013 1280 HDAudBus - ok

12:02:16.0028 1280 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys

12:02:16.0028 1280 HidBatt - ok

12:02:16.0044 1280 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys

12:02:16.0044 1280 HidBth - ok

12:02:16.0059 1280 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys

12:02:16.0059 1280 HidIr - ok

12:02:16.0091 1280 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\system32\hidserv.dll

12:02:16.0091 1280 hidserv - ok

12:02:16.0137 1280 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\drivers\hidusb.sys

12:02:16.0137 1280 HidUsb - ok

12:02:16.0200 1280 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll

12:02:16.0200 1280 hkmsvc - ok

12:02:16.0247 1280 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll

12:02:16.0247 1280 HomeGroupListener - ok

12:02:16.0309 1280 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll

12:02:16.0309 1280 HomeGroupProvider - ok

12:02:16.0340 1280 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys

12:02:16.0340 1280 HpSAMD - ok

12:02:16.0387 1280 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys

12:02:16.0387 1280 HTTP - ok

12:02:16.0418 1280 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys

12:02:16.0418 1280 hwpolicy - ok

12:02:16.0465 1280 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys

12:02:16.0465 1280 i8042prt - ok

12:02:16.0527 1280 [ 0E899D0DB39617AA0B2F992E7E95B5EB ] IAANTMON C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

12:02:16.0543 1280 IAANTMON - ok

12:02:16.0574 1280 [ 01446278D4563B3013C92830AE6CBB26 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys

12:02:16.0574 1280 iaStor - ok

12:02:16.0621 1280 [ A3CAE5D281DB4CFF7CFF8233507EE5AD ] iaStorV C:\Windows\system32\drivers\iaStorV.sys

12:02:16.0621 1280 iaStorV - ok

12:02:16.0668 1280 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

12:02:16.0683 1280 idsvc - ok

12:02:16.0824 1280 [ 404FB2AAF532BC7BBACC8880BE401C74 ] IDSVix86 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.1.2\Definitions\IPSDefs\20120906.002\IDSvix86.sys

12:02:16.0824 1280 IDSVix86 - ok

12:02:17.0058 1280 [ 8266AE06DF974E5BA047B3E9E9E70B3F ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys

12:02:17.0229 1280 igfx - ok

12:02:17.0276 1280 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys

12:02:17.0276 1280 iirsp - ok

12:02:17.0339 1280 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll

12:02:17.0370 1280 IKEEXT - ok

12:02:17.0448 1280 [ 8B27C21412AE4404EB0ACFE1D98579EC ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys

12:02:17.0526 1280 IntcAzAudAddService - ok

12:02:17.0573 1280 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys

12:02:17.0573 1280 intelide - ok

12:02:17.0604 1280 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys

12:02:17.0604 1280 intelppm - ok

12:02:17.0619 1280 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll

12:02:17.0619 1280 IPBusEnum - ok

12:02:17.0666 1280 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys

12:02:17.0682 1280 IpFilterDriver - ok

12:02:17.0713 1280 [ 4D65A07B795D6674312F879D09AA7663 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll

12:02:17.0713 1280 iphlpsvc - ok

12:02:17.0744 1280 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys

12:02:17.0744 1280 IPMIDRV - ok

12:02:17.0760 1280 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys

12:02:17.0760 1280 IPNAT - ok

12:02:17.0791 1280 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys

12:02:17.0791 1280 IRENUM - ok

12:02:17.0807 1280 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys

12:02:17.0807 1280 isapnp - ok

12:02:17.0853 1280 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys

12:02:17.0853 1280 iScsiPrt - ok

12:02:17.0869 1280 [ D7B5B5C5130B775EC7E32EDD780D737F ] JRAID C:\Windows\system32\DRIVERS\jraid.sys

12:02:17.0869 1280 JRAID - ok

12:02:17.0900 1280 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\drivers\kbdclass.sys

12:02:17.0900 1280 kbdclass - ok

12:02:17.0947 1280 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys

12:02:17.0947 1280 kbdhid - ok

12:02:17.0947 1280 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe

12:02:17.0963 1280 KeyIso - ok

12:02:17.0994 1280 [ F4647BB23DB9038A7536CF6B68F4207F ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys

12:02:17.0994 1280 KSecDD - ok

12:02:18.0009 1280 [ E73CAE53BBB72BA26918492C6B4C229D ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys

12:02:18.0009 1280 KSecPkg - ok

12:02:18.0025 1280 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll

12:02:18.0025 1280 KtmRm - ok

12:02:18.0072 1280 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\system32\srvsvc.dll

12:02:18.0072 1280 LanmanServer - ok

12:02:18.0087 1280 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll

12:02:18.0087 1280 LanmanWorkstation - ok

12:02:18.0119 1280 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys

12:02:18.0134 1280 lltdio - ok

12:02:18.0150 1280 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll

12:02:18.0150 1280 lltdsvc - ok

12:02:18.0165 1280 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll

12:02:18.0165 1280 lmhosts - ok

12:02:18.0290 1280 [ 63DAF163D1617DD611BD0AB8E41A43E8 ] LMIGuardianSvc C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe

12:02:18.0290 1280 LMIGuardianSvc - ok

12:02:18.0337 1280 [ 4F69FAAABB7DB0D43E327C0B6AAB40FC ] LMIInfo C:\Program Files\LogMeIn\x86\RaInfo.sys

12:02:18.0337 1280 LMIInfo - ok

12:02:18.0446 1280 [ 175F50F37EEAA1D4D744BCCCBB7CF68C ] LMIMaint C:\Program Files\LogMeIn\x86\RaMaint.exe

12:02:18.0446 1280 LMIMaint - ok

12:02:18.0477 1280 [ 4477689E2D8AE6B78BA34C9AF4CC1ED1 ] lmimirr C:\Windows\system32\DRIVERS\lmimirr.sys

12:02:18.0477 1280 lmimirr - ok

12:02:18.0493 1280 LMIRfsClientNP - ok

12:02:18.0509 1280 [ 3FAA563DDF853320F90259D455A01D79 ] LMIRfsDriver C:\Windows\system32\drivers\LMIRfsDriver.sys

12:02:18.0509 1280 LMIRfsDriver - ok

12:02:18.0540 1280 [ 432618FA75B61059D2C57D6A7E55147A ] LogMeIn C:\Program Files\LogMeIn\x86\LogMeIn.exe

12:02:18.0540 1280 LogMeIn - ok

12:02:18.0571 1280 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys

12:02:18.0571 1280 LSI_FC - ok

12:02:18.0587 1280 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys

12:02:18.0587 1280 LSI_SAS - ok

12:02:18.0602 1280 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys

12:02:18.0602 1280 LSI_SAS2 - ok

12:02:18.0618 1280 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys

12:02:18.0618 1280 LSI_SCSI - ok

12:02:18.0633 1280 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys

12:02:18.0633 1280 luafv - ok

12:02:18.0680 1280 [ 6DFE7F2E8E8A337263AA5C92A215F161 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys

12:02:18.0680 1280 MBAMProtector - ok

12:02:18.0727 1280 [ 43683E970F008C93C9429EF428147A54 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

12:02:18.0743 1280 MBAMService - ok

12:02:18.0774 1280 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll

12:02:18.0774 1280 Mcx2Svc - ok

12:02:18.0789 1280 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys

12:02:18.0805 1280 megasas - ok

12:02:18.0836 1280 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys

12:02:18.0836 1280 MegaSR - ok

12:02:18.0852 1280 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll

12:02:18.0852 1280 MMCSS - ok

12:02:18.0867 1280 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys

12:02:18.0867 1280 Modem - ok

12:02:18.0899 1280 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys

12:02:18.0899 1280 monitor - ok

12:02:18.0945 1280 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\drivers\mouclass.sys

12:02:18.0945 1280 mouclass - ok

12:02:18.0977 1280 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys

12:02:18.0977 1280 mouhid - ok

12:02:19.0008 1280 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys

12:02:19.0008 1280 mountmgr - ok

12:02:19.0070 1280 [ 46297FA8E30A6007F14118FC2B942FBC ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

12:02:19.0070 1280 MozillaMaintenance - ok

12:02:19.0117 1280 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys

12:02:19.0117 1280 mpio - ok

12:02:19.0133 1280 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys

12:02:19.0133 1280 mpsdrv - ok

12:02:19.0164 1280 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll

12:02:19.0179 1280 MpsSvc - ok

12:02:19.0226 1280 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys

12:02:19.0226 1280 MRxDAV - ok

12:02:19.0273 1280 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys

12:02:19.0289 1280 mrxsmb - ok

12:02:19.0320 1280 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys

12:02:19.0320 1280 mrxsmb10 - ok

12:02:19.0335 1280 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys

12:02:19.0335 1280 mrxsmb20 - ok

12:02:19.0351 1280 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys

12:02:19.0351 1280 msahci - ok

12:02:19.0382 1280 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys

12:02:19.0382 1280 msdsm - ok

12:02:19.0398 1280 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe

12:02:19.0398 1280 MSDTC - ok

12:02:19.0429 1280 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys

12:02:19.0429 1280 Msfs - ok

12:02:19.0476 1280 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys

12:02:19.0476 1280 mshidkmdf - ok

12:02:19.0507 1280 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys

12:02:19.0507 1280 msisadrv - ok

12:02:19.0538 1280 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll

12:02:19.0538 1280 MSiSCSI - ok

12:02:19.0538 1280 msiserver - ok

12:02:19.0585 1280 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys

12:02:19.0585 1280 MSKSSRV - ok

12:02:19.0601 1280 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys

12:02:19.0601 1280 MSPCLOCK - ok

12:02:19.0601 1280 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys

12:02:19.0601 1280 MSPQM - ok

12:02:19.0647 1280 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys

12:02:19.0663 1280 MsRPC - ok

12:02:19.0710 1280 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys

12:02:19.0710 1280 mssmbios - ok

12:02:19.0741 1280 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys

12:02:19.0741 1280 MSTEE - ok

12:02:19.0757 1280 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys

12:02:19.0757 1280 MTConfig - ok

12:02:19.0772 1280 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys

12:02:19.0772 1280 Mup - ok

12:02:19.0803 1280 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll

12:02:19.0819 1280 napagent - ok

12:02:19.0850 1280 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys

12:02:19.0850 1280 NativeWifiP - ok

12:02:19.0959 1280 [ FA0B7D801E71CE79B915BAE5A90DE224 ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.1.2\Definitions\VirusDefs\20120906.002\NAVENG.SYS

12:02:19.0959 1280 NAVENG - ok

12:02:20.0022 1280 [ 80BB71A7D14CF14B54514A201BF5B985 ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.1.2\Definitions\VirusDefs\20120906.002\NAVEX15.SYS

12:02:20.0100 1280 NAVEX15 - ok

12:02:20.0147 1280 [ E7C54812A2AAF43316EB6930C1FFA108 ] NDIS C:\Windows\system32\drivers\ndis.sys

12:02:20.0162 1280 NDIS - ok

12:02:20.0193 1280 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys

12:02:20.0193 1280 NdisCap - ok

12:02:20.0225 1280 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys

12:02:20.0225 1280 NdisTapi - ok

12:02:20.0256 1280 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys

12:02:20.0256 1280 Ndisuio - ok

12:02:20.0318 1280 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys

12:02:20.0318 1280 NdisWan - ok

12:02:20.0318 1280 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys

12:02:20.0318 1280 NDProxy - ok

12:02:20.0349 1280 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys

12:02:20.0349 1280 NetBIOS - ok

12:02:20.0381 1280 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys

12:02:20.0381 1280 NetBT - ok

12:02:20.0396 1280 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe

12:02:20.0396 1280 Netlogon - ok

12:02:20.0427 1280 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll

12:02:20.0427 1280 Netman - ok

12:02:20.0490 1280 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe

12:02:20.0537 1280 NetMsmqActivator - ok

12:02:20.0552 1280 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe

12:02:20.0552 1280 NetPipeActivator - ok

12:02:20.0615 1280 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll

12:02:20.0615 1280 netprofm - ok

12:02:20.0646 1280 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe

12:02:20.0646 1280 NetTcpActivator - ok

12:02:20.0646 1280 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe

12:02:20.0646 1280 NetTcpPortSharing - ok

12:02:20.0677 1280 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys

12:02:20.0677 1280 nfrd960 - ok

12:02:20.0755 1280 [ F2840DBFE9322F35557219AE82CC4597 ] NIS C:\Program Files\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exe

12:02:20.0755 1280 NIS - ok

12:02:20.0786 1280 [ 912084381D30D8B89EC4E293053F4710 ] NlaSvc C:\Windows\System32\nlasvc.dll

12:02:20.0802 1280 NlaSvc - ok

12:02:20.0817 1280 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys

12:02:20.0817 1280 Npfs - ok

12:02:20.0833 1280 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll

12:02:20.0833 1280 nsi - ok

12:02:20.0849 1280 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys

12:02:20.0849 1280 nsiproxy - ok

12:02:20.0911 1280 [ 33C3093D09017CFE2E219F2472BFF6EB ] Ntfs C:\Windows\system32\drivers\Ntfs.sys

12:02:20.0942 1280 Ntfs - ok

12:02:20.0958 1280 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys

12:02:20.0958 1280 Null - ok

12:02:20.0989 1280 [ AF2EEC9580C1D32FB7EAF105D9784061 ] nvraid C:\Windows\system32\drivers\nvraid.sys

12:02:20.0989 1280 nvraid - ok

12:02:21.0020 1280 [ 9283C58EBAA2618F93482EB5DABCEC82 ] nvstor C:\Windows\system32\drivers\nvstor.sys

12:02:21.0020 1280 nvstor - ok

12:02:21.0051 1280 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys

12:02:21.0051 1280 nv_agp - ok

12:02:21.0067 1280 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys

12:02:21.0067 1280 ohci1394 - ok

12:02:21.0145 1280 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

12:02:21.0145 1280 ose - ok

12:02:21.0161 1280 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll

12:02:21.0176 1280 p2pimsvc - ok

12:02:21.0192 1280 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll

12:02:21.0192 1280 p2psvc - ok

12:02:21.0207 1280 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys

12:02:21.0223 1280 Parport - ok

12:02:21.0223 1280 [ BF8F6AF06DA75B336F07E23AEF97D93B ] partmgr C:\Windows\system32\drivers\partmgr.sys

12:02:21.0223 1280 partmgr - ok

12:02:21.0239 1280 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys

12:02:21.0239 1280 Parvdm - ok

12:02:21.0270 1280 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll

12:02:21.0270 1280 PcaSvc - ok

12:02:21.0285 1280 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys

12:02:21.0285 1280 pci - ok

12:02:21.0332 1280 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys

12:02:21.0332 1280 pciide - ok

12:02:21.0379 1280 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys

12:02:21.0379 1280 pcmcia - ok

12:02:21.0395 1280 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys

12:02:21.0395 1280 pcw - ok

12:02:21.0551 1280 [ C1C3BAF078BE5A14384A4BA2D730817D ] PDFProFiltSrvPP C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe

12:02:21.0644 1280 PDFProFiltSrvPP - ok

12:02:21.0691 1280 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys

12:02:21.0707 1280 PEAUTH - ok

12:02:21.0769 1280 [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll

12:02:21.0785 1280 PeerDistSvc - ok

12:02:21.0863 1280 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll

12:02:21.0894 1280 pla - ok

12:02:22.0003 1280 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll

12:02:22.0003 1280 PlugPlay - ok

12:02:22.0019 1280 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll

12:02:22.0019 1280 PNRPAutoReg - ok

12:02:22.0034 1280 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll

12:02:22.0050 1280 PNRPsvc - ok

12:02:22.0081 1280 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll

12:02:22.0081 1280 PolicyAgent - ok

12:02:22.0143 1280 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll

12:02:22.0143 1280 Power - ok

12:02:22.0175 1280 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys

12:02:22.0175 1280 PptpMiniport - ok

12:02:22.0221 1280 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys

12:02:22.0221 1280 Processor - ok

12:02:22.0331 1280 [ 43CA4CCC22D52FB58E8988F0198851D0 ] ProfSvc C:\Windows\system32\profsvc.dll

12:02:22.0331 1280 ProfSvc - ok

12:02:22.0362 1280 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe

12:02:22.0362 1280 ProtectedStorage - ok

12:02:22.0393 1280 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys

12:02:22.0393 1280 Psched - ok

12:02:22.0424 1280 [ 40FEDD328F98245AD201CF5F9F311724 ] PxHelp20 C:\Windows\system32\Drivers\PxHelp20.sys

12:02:22.0424 1280 PxHelp20 - ok

12:02:22.0502 1280 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys

12:02:22.0658 1280 ql2300 - ok

12:02:22.0845 1280 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys

12:02:22.0845 1280 ql40xx - ok

12:02:22.0908 1280 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll

12:02:22.0908 1280 QWAVE - ok

12:02:22.0939 1280 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys

12:02:22.0939 1280 QWAVEdrv - ok

12:02:22.0970 1280 [ 7F599E8BCC5EBC78FA711E9E55EEA40C ] RapidPortM1 C:\Windows\system32\Drivers\CAPM1LP.SYS

12:02:22.0970 1280 RapidPortM1 - ok

12:02:23.0079 1280 [ 8F97D374AD1857E1EED85A79F29A1D3D ] RapiMgr C:\Windows\WindowsMobile\rapimgr.dll

12:02:23.0079 1280 RapiMgr - ok

12:02:23.0079 1280 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys

12:02:23.0095 1280 RasAcd - ok

12:02:23.0111 1280 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys

12:02:23.0111 1280 RasAgileVpn - ok

12:02:23.0157 1280 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll

12:02:23.0173 1280 RasAuto - ok

12:02:23.0189 1280 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys

12:02:23.0204 1280 Rasl2tp - ok

12:02:23.0235 1280 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll

12:02:23.0235 1280 RasMan - ok

12:02:23.0251 1280 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys

12:02:23.0251 1280 RasPppoe - ok

12:02:23.0298 1280 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys

12:02:23.0298 1280 RasSstp - ok

12:02:23.0345 1280 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys

12:02:23.0345 1280 rdbss - ok

12:02:23.0360 1280 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys

12:02:23.0376 1280 rdpbus - ok

12:02:23.0407 1280 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys

12:02:23.0407 1280 RDPCDD - ok

12:02:23.0501 1280 [ B973FCFC50DC1434E1970A146F7E3885 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys

12:02:23.0501 1280 RDPDR - ok

12:02:23.0563 1280 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys

12:02:23.0563 1280 RDPENCDD - ok

12:02:23.0594 1280 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys

12:02:23.0594 1280 RDPREFMP - ok

12:02:23.0672 1280 [ 288B06960D78428FF89E811632684E20 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys

12:02:23.0672 1280 RDPWD - ok

12:02:23.0844 1280 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys

12:02:23.0844 1280 rdyboost - ok

12:02:23.0875 1280 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll

12:02:23.0875 1280 RemoteAccess - ok

12:02:24.0093 1280 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll

12:02:24.0093 1280 RemoteRegistry - ok

12:02:24.0171 1280 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll

12:02:24.0171 1280 RpcEptMapper - ok

12:02:24.0249 1280 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe

12:02:24.0249 1280 RpcLocator - ok

12:02:24.0327 1280 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll

12:02:24.0327 1280 RpcSs - ok

12:02:24.0421 1280 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys

12:02:24.0421 1280 rspndr - ok

12:02:24.0546 1280 [ D5EDE44CA85899E0478208C8413C1C31 ] RTL8167 C:\Windows\system32\DRIVERS\Rt86win7.sys

12:02:24.0561 1280 RTL8167 - ok

12:02:24.0608 1280 [ 7FA7F2E249A5DCBB7970630E15E1F482 ] s3cap C:\Windows\system32\drivers\vms3cap.sys

12:02:24.0608 1280 s3cap - ok

12:02:24.0671 1280 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe

12:02:24.0671 1280 SamSs - ok

12:02:24.0780 1280 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys

12:02:24.0780 1280 sbp2port - ok

12:02:24.0827 1280 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll

12:02:24.0827 1280 SCardSvr - ok

12:02:24.0842 1280 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys

12:02:24.0842 1280 scfilter - ok

12:02:24.0889 1280 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll

12:02:24.0905 1280 Schedule - ok

12:02:24.0936 1280 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll

12:02:24.0936 1280 SCPolicySvc - ok

12:02:24.0998 1280 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll

12:02:24.0998 1280 SDRSVC - ok

12:02:25.0076 1280 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys

12:02:25.0076 1280 secdrv - ok

12:02:25.0092 1280 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll

12:02:25.0107 1280 seclogon - ok

12:02:25.0139 1280 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\System32\sens.dll

12:02:25.0139 1280 SENS - ok

12:02:25.0154 1280 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll

12:02:25.0154 1280 SensrSvc - ok

12:02:25.0170 1280 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys

12:02:25.0170 1280 Serenum - ok

12:02:25.0185 1280 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys

12:02:25.0185 1280 Serial - ok

12:02:25.0263 1280 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys

12:02:25.0263 1280 sermouse - ok

12:02:25.0310 1280 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll

12:02:25.0310 1280 SessionEnv - ok

12:02:25.0341 1280 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys

12:02:25.0341 1280 sffdisk - ok

12:02:25.0357 1280 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys

12:02:25.0357 1280 sffp_mmc - ok

12:02:25.0373 1280 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys

12:02:25.0373 1280 sffp_sd - ok

12:02:25.0388 1280 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys

12:02:25.0388 1280 sfloppy - ok

12:02:25.0419 1280 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll

12:02:25.0419 1280 SharedAccess - ok

12:02:25.0451 1280 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll

12:02:25.0451 1280 ShellHWDetection - ok

12:02:25.0482 1280 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys

12:02:25.0482 1280 sisagp - ok

12:02:25.0513 1280 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys

12:02:25.0513 1280 SiSRaid2 - ok

12:02:25.0529 1280 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys

12:02:25.0529 1280 SiSRaid4 - ok

12:02:25.0544 1280 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys

12:02:25.0560 1280 Smb - ok

12:02:25.0607 1280 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe

12:02:25.0622 1280 SNMPTRAP - ok

12:02:25.0622 1280 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys

12:02:25.0638 1280 spldr - ok

12:02:25.0685 1280 [ 866A43013535DC8587C258E43579C764 ] Spooler C:\Windows\System32\spoolsv.exe

12:02:25.0685 1280 Spooler - ok

12:02:25.0778 1280 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe

12:02:25.0841 1280 sppsvc - ok

12:02:25.0887 1280 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll

12:02:25.0887 1280 sppuinotify - ok

12:02:25.0965 1280 [ 7BB297CADA42903328E92425D9761DA6 ] SRTSP C:\Windows\System32\Drivers\NIS\1308000.00E\SRTSP.SYS

12:02:25.0965 1280 SRTSP - ok

12:02:26.0043 1280 [ 475FCF0F28D845BF1C8ABAC27F19003E ] SRTSPX C:\Windows\system32\drivers\NIS\1308000.00E\SRTSPX.SYS

12:02:26.0043 1280 SRTSPX - ok

12:02:26.0090 1280 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys

12:02:26.0090 1280 srv - ok

12:02:26.0106 1280 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys

12:02:26.0106 1280 srv2 - ok

12:02:26.0137 1280 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys

12:02:26.0137 1280 srvnet - ok

12:02:26.0168 1280 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll

12:02:26.0168 1280 SSDPSRV - ok

12:02:26.0184 1280 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll

12:02:26.0184 1280 SstpSvc - ok

12:02:26.0215 1280 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys

12:02:26.0215 1280 stexstor - ok

12:02:26.0246 1280 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll

12:02:26.0262 1280 StiSvc - ok

12:02:26.0309 1280 [ E476C66713C842F58E61A95826ED1D57 ] stllssvr C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

12:02:26.0309 1280 stllssvr - ok

12:02:26.0324 1280 [ 472AF0311073DCECEAA8FA18BA2BDF89 ] storflt C:\Windows\system32\drivers\vmstorfl.sys

12:02:26.0324 1280 storflt - ok

12:02:26.0355 1280 [ 0BF669F0A910BEDA4A32258D363AF2A5 ] StorSvc C:\Windows\system32\storsvc.dll

12:02:26.0371 1280 StorSvc - ok

12:02:26.0387 1280 [ DCAFFD62259E0BDB433DD67B5BB37619 ] storvsc C:\Windows\system32\drivers\storvsc.sys

12:02:26.0387 1280 storvsc - ok

12:02:26.0402 1280 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys

12:02:26.0402 1280 swenum - ok

12:02:26.0433 1280 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll

12:02:26.0433 1280 swprv - ok

12:02:26.0496 1280 [ 690FA0E61B90084C4D9A721BD4F3D779 ] SymDS C:\Windows\system32\drivers\NIS\1308000.00E\SYMDS.SYS

12:02:26.0496 1280 SymDS - ok

12:02:26.0543 1280 [ 8F88EDB211B12537D2DC2A6D73D6067C ] SymEFA C:\Windows\system32\drivers\NIS\1308000.00E\SYMEFA.SYS

12:02:26.0558 1280 SymEFA - ok

12:02:26.0621 1280 [ 555FB450FE6908600310E990738B41D6 ] SymEvent C:\Windows\system32\Drivers\SYMEVENT.SYS

12:02:26.0621 1280 SymEvent - ok

12:02:26.0699 1280 [ 2C356CCA706505CF63CBE39D532B9236 ] SymIRON C:\Windows\system32\drivers\NIS\1308000.00E\Ironx86.SYS

12:02:26.0699 1280 SymIRON - ok

12:02:26.0745 1280 [ 3EE215D6FE821E3EDF0F7134D9AE905A ] SymNetS C:\Windows\System32\Drivers\NIS\1308000.00E\SYMNETS.SYS

12:02:26.0745 1280 SymNetS - ok

12:02:26.0808 1280 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll

12:02:26.0839 1280 SysMain - ok

12:02:26.0870 1280 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll

12:02:26.0870 1280 TabletInputService - ok

12:02:26.0901 1280 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll

12:02:26.0917 1280 TapiSrv - ok

12:02:26.0933 1280 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll

12:02:26.0948 1280 TBS - ok

12:02:26.0995 1280 [ 65D10B191C59C5501A1263FC33F6894B ] Tcpip C:\Windows\system32\drivers\tcpip.sys

12:02:27.0026 1280 Tcpip - ok

12:02:27.0104 1280 [ 65D10B191C59C5501A1263FC33F6894B ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys

12:02:27.0104 1280 TCPIP6 - ok

12:02:27.0151 1280 [ CCA24162E055C3714CE5A88B100C64ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys

12:02:27.0151 1280 tcpipreg - ok

12:02:27.0182 1280 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys

12:02:27.0182 1280 TDPIPE - ok

12:02:27.0198 1280 [ 2C10395BAA4847F83042813C515CC289 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys

12:02:27.0198 1280 TDTCP - ok

12:02:27.0245 1280 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys

12:02:27.0245 1280 tdx - ok

12:02:27.0260 1280 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\drivers\termdd.sys

12:02:27.0276 1280 TermDD - ok

12:02:27.0307 1280 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll

12:02:27.0323 1280 TermService - ok

12:02:27.0338 1280 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll

12:02:27.0338 1280 Themes - ok

12:02:27.0354 1280 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll

12:02:27.0354 1280 THREADORDER - ok

12:02:27.0385 1280 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll

12:02:27.0385 1280 TrkWks - ok

12:02:27.0432 1280 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe

12:02:27.0432 1280 TrustedInstaller - ok

12:02:27.0447 1280 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys

12:02:27.0463 1280 tssecsrv - ok

12:02:27.0525 1280 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys

12:02:27.0525 1280 TsUsbFlt - ok

12:02:27.0572 1280 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys

12:02:27.0572 1280 tunnel - ok

12:02:27.0588 1280 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys

12:02:27.0603 1280 uagp35 - ok

12:02:27.0619 1280 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys

12:02:27.0619 1280 udfs - ok

12:02:27.0635 1280 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe

12:02:27.0635 1280 UI0Detect - ok

12:02:27.0650 1280 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys

12:02:27.0650 1280 uliagpkx - ok

12:02:27.0744 1280 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\drivers\umbus.sys

12:02:27.0744 1280 umbus - ok

12:02:27.0775 1280 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys

12:02:27.0775 1280 UmPass - ok

12:02:27.0853 1280 [ 409994A8EACEEE4E328749C0353527A0 ] UmRdpService C:\Windows\System32\umrdp.dll

12:02:27.0853 1280 UmRdpService - ok

12:02:27.0884 1280 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll

12:02:27.0884 1280 upnphost - ok

12:02:27.0915 1280 [ 7E72E7D7E0757D59481D530FD2B0BFAE ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys

12:02:27.0915 1280 usbccgp - ok

12:02:27.0978 1280 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys

12:02:27.0978 1280 usbcir - ok

12:02:27.0993 1280 [ 1C333BFD60F2FED2C7AD5DAF533CB742 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys

12:02:27.0993 1280 usbehci - ok

12:02:28.0009 1280 [ 9D22AAD9AC6A07C691A1113E5F860868 ] usbhub C:\Windows\system32\drivers\usbhub.sys

12:02:28.0025 1280 usbhub - ok

12:02:28.0025 1280 [ A6FB7957EA7AFB1165991E54CE934B74 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys

12:02:28.0025 1280 usbohci - ok

12:02:28.0040 1280 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys

12:02:28.0040 1280 usbprint - ok

12:02:28.0118 1280 [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys

12:02:28.0118 1280 usbscan - ok

12:02:28.0149 1280 [ BF63EBFC6979FEFB2BC03DF7989A0C1A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS

12:02:28.0149 1280 USBSTOR - ok

12:02:28.0165 1280 [ 78780C3EBCE17405B1CCD07A3A8A7D72 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys

12:02:28.0165 1280 usbuhci - ok

12:02:28.0196 1280 [ D82F43D15FDAA666856C0190CB73E7C9 ] usb_rndisx C:\Windows\system32\DRIVERS\usb8023x.sys

12:02:28.0196 1280 usb_rndisx - ok

12:02:28.0227 1280 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll

12:02:28.0227 1280 UxSms - ok

12:02:28.0243 1280 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe

12:02:28.0243 1280 VaultSvc - ok

12:02:28.0259 1280 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys

12:02:28.0259 1280 vdrvroot - ok

12:02:28.0290 1280 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe

12:02:28.0305 1280 vds - ok

12:02:28.0321 1280 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys

12:02:28.0337 1280 vga - ok

12:02:28.0337 1280 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys

12:02:28.0337 1280 VgaSave - ok

12:02:28.0352 1280 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys

12:02:28.0368 1280 vhdmp - ok

12:02:28.0383 1280 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys

12:02:28.0383 1280 viaagp - ok

12:02:28.0399 1280 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys

12:02:28.0415 1280 ViaC7 - ok

12:02:28.0446 1280 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys

12:02:28.0446 1280 viaide - ok

12:02:28.0477 1280 [ C2F2911156FDC7817C52829C86DA494E ] vmbus C:\Windows\system32\drivers\vmbus.sys

12:02:28.0477 1280 vmbus - ok

12:02:28.0493 1280 [ D4D77455211E204F370D08F4963063CE ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys

12:02:28.0493 1280 VMBusHID - ok

12:02:28.0508 1280 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys

12:02:28.0508 1280 volmgr - ok

12:02:28.0555 1280 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys

12:02:28.0555 1280 volmgrx - ok

12:02:28.0571 1280 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys

12:02:28.0571 1280 volsnap - ok

12:02:28.0602 1280 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys

12:02:28.0617 1280 vsmraid - ok

12:02:28.0664 1280 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe

12:02:28.0695 1280 VSS - ok

12:02:28.0711 1280 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys

12:02:28.0711 1280 vwifibus - ok

12:02:28.0727 1280 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll

12:02:28.0742 1280 W32Time - ok

12:02:28.0758 1280 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys

12:02:28.0758 1280 WacomPen - ok

12:02:28.0805 1280 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys

12:02:28.0805 1280 WANARP - ok

12:02:28.0805 1280 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys

12:02:28.0820 1280 Wanarpv6 - ok

12:02:28.0898 1280 [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe

12:02:28.0914 1280 WatAdminSvc - ok

12:02:28.0961 1280 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe

12:02:28.0992 1280 wbengine - ok

12:02:29.0023 1280 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll

12:02:29.0023 1280 WbioSrvc - ok

12:02:29.0070 1280 [ 59E19BD13C3BDB857646B9E436BA27F7 ] WcesComm C:\Windows\WindowsMobile\wcescomm.dll

12:02:29.0070 1280 WcesComm - ok

12:02:29.0101 1280 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll

12:02:29.0117 1280 wcncsvc - ok

12:02:29.0132 1280 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll

12:02:29.0132 1280 WcsPlugInService - ok

12:02:29.0148 1280 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys

12:02:29.0148 1280 Wd - ok

12:02:29.0195 1280 [ D6EFAF429FD30C5DF613D220E344CCE7 ] WDC_SAM C:\Windows\system32\DRIVERS\wdcsam.sys

12:02:29.0195 1280 WDC_SAM - ok

12:02:29.0257 1280 [ 7D1E301E2EEAF6D3730887DE933413E6 ] WDDMService C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe

12:02:29.0257 1280 WDDMService - ok

12:02:29.0273 1280 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys

12:02:29.0288 1280 Wdf01000 - ok

12:02:29.0288 1280 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll

12:02:29.0304 1280 WdiServiceHost - ok

12:02:29.0304 1280 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll

12:02:29.0304 1280 WdiSystemHost - ok

12:02:29.0366 1280 [ 138AB06ADBBF300AA804D7974A5AEC82 ] WDSmartWareBackgroundService C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe

12:02:29.0366 1280 WDSmartWareBackgroundService - ok

12:02:29.0413 1280 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll

12:02:29.0413 1280 WebClient - ok

12:02:29.0429 1280 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll

12:02:29.0429 1280 Wecsvc - ok

12:02:29.0444 1280 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll

12:02:29.0444 1280 wercplsupport - ok

12:02:29.0475 1280 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll

12:02:29.0475 1280 WerSvc - ok

12:02:29.0491 1280 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys

12:02:29.0491 1280 WfpLwf - ok

12:02:29.0507 1280 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys

12:02:29.0507 1280 WIMMount - ok

12:02:29.0553 1280 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll

12:02:29.0553 1280 WinDefend - ok

12:02:29.0585 1280 WinHttpAutoProxySvc - ok

12:02:29.0631 1280 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll

12:02:29.0631 1280 Winmgmt - ok

12:02:29.0678 1280 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll

12:02:29.0741 1280 WinRM - ok

12:02:29.0772 1280 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys

12:02:29.0772 1280 WinUsb - ok

12:02:29.0819 1280 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll

12:02:29.0834 1280 Wlansvc - ok

12:02:29.0943 1280 [ FB01D4AE207B9EFDBABFC55DC95C7E31 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

12:02:29.0975 1280 wlidsvc - ok

12:02:30.0021 1280 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys

12:02:30.0021 1280 WmiAcpi - ok

12:02:30.0053 1280 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe

12:02:30.0053 1280 wmiApSrv - ok

12:02:30.0131 1280 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe

12:02:30.0302 1280 WMPNetworkSvc - ok

12:02:30.0349 1280 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll

12:02:30.0349 1280 WPCSvc - ok

12:02:30.0380 1280 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll

12:02:30.0380 1280 WPDBusEnum - ok

12:02:30.0411 1280 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys

12:02:30.0411 1280 ws2ifsl - ok

12:02:30.0427 1280 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\System32\wscsvc.dll

12:02:30.0427 1280 wscsvc - ok

12:02:30.0427 1280 WSearch - ok

12:02:30.0505 1280 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll

12:02:30.0536 1280 wuauserv - ok

12:02:30.0583 1280 [ E714A1C0354636837E20CCBF00888EE7 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys

12:02:30.0583 1280 WudfPf - ok

12:02:30.0645 1280 [ 1023EE888C9B47178C5293ED5336AB69 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys

12:02:30.0645 1280 WUDFRd - ok

12:02:30.0692 1280 [ 8D1E1E529A2C9E9B6A85B55A345F7629 ] wudfsvc C:\Windows\System32\WUDFSvc.dll

12:02:30.0692 1280 wudfsvc - ok

12:02:30.0708 1280 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll

12:02:30.0708 1280 WwanSvc - ok

12:02:30.0739 1280 ================ Scan global ===============================

12:02:30.0770 1280 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll

12:02:30.0801 1280 [ 183B4188D5D91B271613EC3EFD1B3CEF ] C:\Windows\system32\winsrv.dll

12:02:30.0817 1280 [ 183B4188D5D91B271613EC3EFD1B3CEF ] C:\Windows\system32\winsrv.dll

12:02:30.0879 1280 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll

12:02:30.0911 1280 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe

12:02:30.0911 1280 [Global] - ok

12:02:30.0911 1280 ================ Scan MBR ==================================

12:02:30.0926 1280 [ CDB4DE4BBD714F152979DA2DCBEF57EB ] \Device\Harddisk0\DR0

12:02:30.0926 1280 Suspicious mbr (Forged): \Device\Harddisk0\DR0

12:02:30.0989 1280 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected

12:02:30.0989 1280 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)

12:02:30.0989 1280 ================ Scan VBR ==================================

12:02:30.0989 1280 [ D61E1D2C7246357FB83A88BFADCE46A6 ] \Device\Harddisk0\DR0\Partition1

12:02:30.0989 1280 \Device\Harddisk0\DR0\Partition1 - ok

12:02:30.0989 1280 [ 1F74E35FB1842673672806AB71645793 ] \Device\Harddisk0\DR0\Partition2

12:02:30.0989 1280 \Device\Harddisk0\DR0\Partition2 - ok

12:02:31.0004 1280 ============================================================

12:02:31.0004 1280 Scan finished

12:02:31.0004 1280 ============================================================

12:02:31.0004 1268 Detected object count: 1

12:02:31.0004 1268 Actual detected object count: 1

12:03:39.0941 1268 \Device\Harddisk0\DR0\# - copied to quarantine

12:03:39.0972 1268 \Device\Harddisk0\DR0 - copied to quarantine

12:03:39.0987 1268 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine

12:03:40.0050 1268 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine

12:03:40.0050 1268 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine

12:03:40.0112 1268 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine

12:03:40.0143 1268 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine

12:03:40.0237 1268 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine

12:03:40.0268 1268 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine

12:03:40.0284 1268 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine

12:03:40.0284 1268 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine

12:03:40.0299 1268 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine

12:03:40.0424 1268 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine

12:03:40.0424 1268 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine

12:03:40.0455 1268 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine

12:03:40.0471 1268 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine

12:03:40.0549 1268 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine

12:03:40.0689 1268 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot

12:03:40.0689 1268 \Device\Harddisk0\DR0 - ok

12:03:40.0752 1268 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure

12:04:02.0904 5704 Deinitialize success

Link to post
Share on other sites
jaysabi

jaysabi

Posted
  • Author
Posted

Roguekiller

RogueKiller V8.0.2 [08/31/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 32 bits version

Started in : Normal mode

User : MJ [Admin rights]

Mode : Scan -- Date : 09/10/2012 12:12:36

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤

[TASK][sUSP PATH] {5F6010C8-60E5-41f3-BF5B-C3AF5DBE12D4} : "C:\ProgramData\Carbonite\Carbonite Backup\CarboniteUpgrade.exe" -> FOUND

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

SSDT[13] : NtAlertResumeThread @ 0x8332DA55 -> HOOKED (Unknown @ 0x874CEC30)

SSDT[14] : NtAlertThread @ 0x83280B00 -> HOOKED (Unknown @ 0x874CED10)

SSDT[19] : NtAllocateVirtualMemory @ 0x83279B0C -> HOOKED (Unknown @ 0x874CF678)

SSDT[22] : NtAlpcConnectPort @ 0x832C52BE -> HOOKED (Unknown @ 0x86D6F4E8)

SSDT[43] : NtAssignProcessToJobObject @ 0x8324EF4E -> HOOKED (Unknown @ 0x874CE3D8)

SSDT[74] : NtCreateMutant @ 0x83260212 -> HOOKED (Unknown @ 0x874CE980)

SSDT[86] : NtCreateSymbolicLinkObject @ 0x83251871 -> HOOKED (Unknown @ 0x874CE0F8)

SSDT[87] : NtCreateThread @ 0x8332BCEE -> HOOKED (Unknown @ 0x874CFB80)

SSDT[88] : NtCreateThreadEx @ 0x832C01E4 -> HOOKED (Unknown @ 0x874CE1E8)

SSDT[96] : NtDebugActiveProcess @ 0x832FDC00 -> HOOKED (Unknown @ 0x874CE4B8)

SSDT[111] : NtDuplicateObject @ 0x8328159A -> HOOKED (Unknown @ 0x874CF848)

SSDT[131] : NtFreeVirtualMemory @ 0x831094BB -> HOOKED (Unknown @ 0x874CF430)

SSDT[145] : NtImpersonateAnonymousToken @ 0x83245840 -> HOOKED (Unknown @ 0x874CEA70)

SSDT[147] : NtImpersonateThread @ 0x832C96BC -> HOOKED (Unknown @ 0x874CEB50)

SSDT[155] : NtLoadDriver @ 0x83215B80 -> HOOKED (Unknown @ 0x86D6F470)

SSDT[168] : NtMapViewOfSection @ 0x83296452 -> HOOKED (Unknown @ 0x874CF330)

SSDT[177] : NtOpenEvent @ 0x8325FC0E -> HOOKED (Unknown @ 0x874CE8A0)

SSDT[190] : NtOpenProcess @ 0x83261A58 -> HOOKED (Unknown @ 0x874CFA28)

SSDT[191] : NtOpenProcessToken @ 0x832B40BF -> HOOKED (Unknown @ 0x874CF768)

SSDT[194] : NtOpenSection @ 0x832B9734 -> HOOKED (Unknown @ 0x874CE6E0)

SSDT[198] : NtOpenThread @ 0x832ADE45 -> HOOKED (Unknown @ 0x874CF938)

SSDT[215] : NtProtectVirtualMemory @ 0x832924C1 -> HOOKED (Unknown @ 0x874CE2E8)

SSDT[304] : NtResumeThread @ 0x832C040B -> HOOKED (Unknown @ 0x874CEDF0)

SSDT[316] : NtSetContextThread @ 0x8332CDEF -> HOOKED (Unknown @ 0x874CF080)

SSDT[333] : NtSetInformationProcess @ 0x832886AD -> HOOKED (Unknown @ 0x874CF160)

SSDT[350] : NtSetSystemInformation @ 0x8329E1AC -> HOOKED (Unknown @ 0x874CE598)

SSDT[366] : NtSuspendProcess @ 0x8332D98F -> HOOKED (Unknown @ 0x874CE7C0)

SSDT[367] : NtSuspendThread @ 0x832E4EF5 -> HOOKED (Unknown @ 0x874CEED0)

SSDT[370] : NtTerminateProcess @ 0x832AAA7D -> HOOKED (Unknown @ 0x874CFC80)

SSDT[371] : NtTerminateThread @ 0x832C83F4 -> HOOKED (Unknown @ 0x874CEF90)

SSDT[385] : NtUnmapViewOfSection @ 0x832B46FA -> HOOKED (Unknown @ 0x874CF250)

SSDT[399] : NtWriteVirtualMemory @ 0x832AF7DA -> HOOKED (Unknown @ 0x874CF520)

S_SSDT[318] : Unknown -> HOOKED (Unknown @ 0x887B4D88)

S_SSDT[402] : Unknown -> HOOKED (Unknown @ 0x8864A8C0)

S_SSDT[434] : Unknown -> HOOKED (Unknown @ 0x875559E8)

S_SSDT[436] : Unknown -> HOOKED (Unknown @ 0x869442B0)

S_SSDT[448] : Unknown -> HOOKED (Unknown @ 0x8838FE68)

S_SSDT[490] : Unknown -> HOOKED (Unknown @ 0x8838FA60)

S_SSDT[508] : Unknown -> HOOKED (Unknown @ 0x8838FC00)

S_SSDT[509] : Unknown -> HOOKED (Unknown @ 0x8838FB30)

S_SSDT[585] : Unknown -> HOOKED (Unknown @ 0x8838FFC0)

S_SSDT[588] : Unknown -> HOOKED (Unknown @ 0x88390008)

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD2500AAJS-75M0A0 +++++

--- User ---

[MBR] 3a1ed7ebb3d0a9214baeb524b3ac1850

[bSP] 7599e6e61e4129e184d4051f55323357 : Windows Vista MBR Code

Partition table:

0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 8118 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 16707584 | Size: 230259 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1].txt >>

RKreport[1].txt

Checkup

Results of screen317's Security Check version 0.99.50

Windows 7 Service Pack 1 x86 (UAC is enabled)

Internet Explorer 9

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

Norton Internet Security

WMI entry may not exist for antivirus; attempting automatic update.

`````````Anti-malware/Other Utilities Check:`````````

Malwarebytes Anti-Malware version 1.62.0.1300

JavaFX 2.1.1

Java 6 Update 31

Java 7 Update 5

Java version out of Date!

Adobe Flash Player 10 Flash Player out of Date!

Adobe Flash Player 10.3.183.20 Flash Player out of Date!

Adobe Reader X (10.1.4)

Mozilla Firefox (14.0.1)

Google Chrome 21.0.1180.83

Google Chrome 21.0.1180.89

````````Process Check: objlist.exe by Laurent````````

Norton ccSvcHst.exe

Malwarebytes Anti-Malware mbamservice.exe

Malwarebytes Anti-Malware mbamgui.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 1%

````````````````````End of Log``````````````````````

OTL

OTL logfile created on: 9/10/2012 12:25:20 PM - Run 1

OTL by OldTimer - Version 3.2.61.3 Folder = C:\Users\MJ\Desktop

Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.97 Gb Total Physical Memory | 0.97 Gb Available Physical Memory | 49.46% Memory free

3.93 Gb Paging File | 2.75 Gb Available in Paging File | 69.84% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 224.86 Gb Total Space | 89.08 Gb Free Space | 39.62% Space Free | Partition Type: NTFS

Computer Name: MJ-PC | User Name: MJ | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/09/10 12:23:32 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\MJ\Desktop\OTL.exe

PRC - [2012/07/27 15:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2012/07/26 10:03:58 | 004,637,768 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe

PRC - [2012/07/26 10:03:58 | 001,061,960 | R--- | M] (Carbonite, Inc.) -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe

PRC - [2012/07/11 09:14:53 | 000,136,616 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe

PRC - [2012/07/11 09:14:13 | 000,374,184 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe

PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2012/07/03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2012/06/15 21:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\19.8.0.14\ccsvchst.exe

PRC - [2012/01/03 08:10:50 | 000,815,512 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe

PRC - [2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2010/12/08 09:43:18 | 000,390,528 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe

PRC - [2010/11/20 07:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe

PRC - [2010/10/26 17:20:52 | 001,196,032 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\ControlCenter4\BrCcUxSys.exe

PRC - [2010/10/26 17:16:06 | 000,331,776 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\ControlCenter4\BrCtrlCntr.exe

PRC - [2010/06/10 13:42:44 | 002,621,440 | R--- | M] (Brother Industries, Ltd.) -- C:\Program Files\Browny02\Brother\BrStMonW.exe

PRC - [2010/03/09 00:42:02 | 000,029,984 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\Nuance\PaperPort\pptd40nt.exe

PRC - [2010/03/09 00:40:36 | 000,144,672 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe

PRC - [2010/03/05 20:11:30 | 000,636,192 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\Nuance\PDF Viewer Plus\pdfPro5Hook.exe

PRC - [2010/01/25 08:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Browny02\BrYNSvc.exe

PRC - [2009/11/13 11:29:42 | 009,117,504 | ---- | M] (Western Digital) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe

PRC - [2009/11/13 11:29:40 | 002,057,536 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe

PRC - [2009/11/13 11:28:04 | 000,110,592 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe

PRC - [2009/08/07 06:29:54 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

PRC - [2009/08/07 06:29:36 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe

PRC - [2009/06/24 21:19:50 | 000,140,520 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

PRC - [2009/06/16 08:58:08 | 000,020,480 | ---- | M] (Memeo) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe

PRC - [2009/05/05 16:06:06 | 000,222,496 | ---- | M] (Acresso Corporation) -- C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe

PRC - [2009/03/31 17:01:42 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe

PRC - [2008/08/11 13:41:00 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe

PRC - [2007/05/31 16:21:28 | 000,648,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\wmdcBase.exe

PRC - [2007/03/12 17:55:56 | 000,038,464 | ---- | M] (CANON INC.) -- C:\Windows\System32\spool\drivers\w32x86\3\CAPM1LAK.EXE

PRC - [2007/03/12 17:02:16 | 000,038,024 | ---- | M] (CANON INC.) -- C:\Windows\System32\CAPM1RSK.EXE

PRC - [2007/03/12 16:29:16 | 000,106,128 | ---- | M] (CANON INC.) -- C:\Windows\System32\spool\drivers\w32x86\3\CAPM1SWK.EXE

========== Modules (No Company Name) ==========

MOD - [2012/02/22 11:14:48 | 001,670,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\659bc287f3b51e5e604208ce93d983ec\Microsoft.VisualBasic.ni.dll

MOD - [2012/02/22 11:14:20 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\cb5bd98ffa4c82327b0e4db02bb58d2d\System.Management.ni.dll

MOD - [2012/02/16 11:43:48 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\075d9c27aa02085fef8983b5f5f85834\System.ServiceProcess.ni.dll

MOD - [2012/02/16 11:43:41 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6c51e152e7404188914c9fa4d8503ff9\System.Windows.Forms.ni.dll

MOD - [2012/02/16 11:43:20 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a1c4a635721f85bef0ea4194b888b871\System.Runtime.Remoting.ni.dll

MOD - [2012/02/16 11:43:17 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\eedf95f16a7e81ca43dd8accf11498a3\System.Data.ni.dll

MOD - [2012/02/16 11:43:11 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\42ae8760f0a74ab774e82a64368aa1f6\System.Web.ni.dll

MOD - [2012/02/16 11:42:53 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ab87129c2b603f218e4aa5300c9b1bdd\System.Drawing.ni.dll

MOD - [2012/02/16 11:42:48 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll

MOD - [2012/02/16 11:42:44 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll

MOD - [2012/02/16 11:42:33 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll

MOD - [2012/02/16 11:42:21 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll

MOD - [2010/11/04 20:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll

MOD - [2009/08/19 15:49:08 | 000,049,152 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\Memeo.API.dll

MOD - [2009/07/29 15:24:14 | 000,504,293 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\sqlite3.dll

MOD - [2009/02/27 16:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files\Brother\BrUtilities\BrLogAPI.dll

========== Services (SafeList) ==========

SRV - [2012/07/27 15:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2012/07/26 10:03:58 | 004,637,768 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) [Auto | Running] -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe -- (CarboniteService)

SRV - [2012/07/13 19:17:12 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2012/07/11 09:14:53 | 000,136,616 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\ramaint.exe -- (LMIMaint)

SRV - [2012/07/11 09:14:13 | 000,374,184 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)

SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2012/06/15 21:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exe -- (NIS)

SRV - [2010/12/08 09:43:18 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)

SRV - [2010/05/05 03:00:30 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)

SRV - [2010/03/09 00:40:36 | 000,144,672 | ---- | M] (Nuance Communications, Inc.) [Auto | Running] -- C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe -- (PDFProFiltSrvPP)

SRV - [2010/01/25 08:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Running] -- C:\Program Files\Browny02\BrYNSvc.exe -- (BrYNSvc)

SRV - [2009/11/13 11:28:04 | 000,110,592 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)

SRV - [2009/08/07 06:29:36 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)

SRV - [2009/07/13 20:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)

SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)

SRV - [2009/07/13 20:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)

SRV - [2009/07/13 20:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2009/06/16 08:58:08 | 000,020,480 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe -- (WDSmartWareBackgroundService)

SRV - [2009/03/31 17:01:42 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe -- (AERTFilters)

SRV - [2007/05/31 16:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)

SRV - [2007/05/31 16:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)

========== Driver Services (SafeList) ==========

DRV - [2012/08/31 19:27:25 | 000,386,720 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.1.2\Definitions\IPSDefs\20120907.001\IDSvix86.sys -- (IDSVix86)

DRV - [2012/08/31 17:09:14 | 000,995,488 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.1.2\Definitions\BASHDefs\20120905.001\BHDrvx86.sys -- (BHDrvx86)

DRV - [2012/08/24 17:09:18 | 001,601,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.1.2\Definitions\VirusDefs\20120910.002\NAVEX15.SYS -- (NAVEX15)

DRV - [2012/08/24 17:09:18 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)

DRV - [2012/08/24 17:09:18 | 000,092,704 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.1.2\Definitions\VirusDefs\20120910.002\NAVENG.SYS -- (NAVENG)

DRV - [2012/08/08 22:08:31 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)

DRV - [2012/07/11 09:14:14 | 000,083,392 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)

DRV - [2012/07/05 21:17:57 | 000,574,112 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\NIS\1308000.00E\srtsp.sys -- (SRTSP)

DRV - [2012/07/05 21:17:57 | 000,032,928 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1308000.00E\srtspx.sys -- (SRTSPX)

DRV - [2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)

DRV - [2012/06/06 23:43:43 | 000,132,768 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1308000.00E\ccsetx86.sys -- (ccSet_NIS)

DRV - [2012/05/21 20:37:12 | 000,924,320 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\NIS\1308000.00E\symefa.sys -- (SymEFA)

DRV - [2012/04/17 21:13:32 | 000,318,584 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1308000.00E\symnets.sys -- (SymNetS)

DRV - [2012/04/17 20:42:14 | 000,149,624 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1308000.00E\ironx86.sys -- (SymIRON)

DRV - [2012/03/23 09:30:00 | 000,141,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)

DRV - [2011/08/16 01:51:40 | 000,340,088 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\NIS\1308000.00E\symds.sys -- (SymDS)

DRV - [2010/11/20 07:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)

DRV - [2010/11/20 07:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)

DRV - [2010/11/20 07:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)

DRV - [2010/11/20 05:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV - [2010/11/20 04:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)

DRV - [2010/11/20 04:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)

DRV - [2010/11/20 04:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)

DRV - [2009/11/02 22:06:12 | 000,011,520 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BrUsbSib.sys -- (BrUsbSIb)

DRV - [2009/11/02 22:06:11 | 000,071,424 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BrSerIb.sys -- (BrSerIb)

DRV - [2009/05/21 14:18:54 | 000,089,048 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\jraid.sys -- (JRAID)

DRV - [2009/02/13 11:02:52 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM)

DRV - [2008/08/11 13:41:00 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)

DRV - [2008/08/11 13:41:00 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)

DRV - [2001/12/07 01:00:00 | 000,022,912 | ---- | M] (CANON INC.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\CAPM1LP.SYS -- (RapidPortM1)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {ED7B8E17-0B0C-4674-B720-4837F6B5BE99}

IE - HKLM\..\SearchScopes\{ED7B8E17-0B0C-4674-B720-4837F6B5BE99}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLSDF8&pc=MDDS&src=IE-SearchBox'>http://www.bing.com/search?q={searchTerms}&form=DLSDF8&pc=MDDS&src=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USSMB/1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/

IE - HKCU\..\SearchScopes,DefaultScope = {703B686C-157E-4261-A00B-3142D0D4EE4B}

IE - HKCU\..\SearchScopes\{703B686C-157E-4261-A00B-3142D0D4EE4B}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}

IE - HKCU\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/web?q={SEARCHTERMS}&o=15527&l=dis

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - prefs.js..extensions.enabledItems: web2pdfextension@web2pdf.adobedotcom:1.2

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26

FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:10.1.0.68 - 2

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}:6.0.31

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\MJ\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\MJ\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.1.2\IPSFFPlgn\ [2012/03/19 09:12:44 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.1.2\coFFPlgn\ [2012/09/10 12:10:00 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012/03/02 10:12:45 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/08/10 09:42:38 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/08/20 08:17:56 | 000,000,000 | ---D | M]

[2010/06/21 14:56:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MJ\AppData\Roaming\Mozilla\Extensions

[2012/09/07 15:48:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MJ\AppData\Roaming\Mozilla\Firefox\Profiles\8k026ig1.default\extensions

[2011/01/10 12:52:12 | 000,002,470 | ---- | M] () -- C:\Users\MJ\AppData\Roaming\Mozilla\Firefox\Profiles\8k026ig1.default\searchplugins\safesearch.xml

[2012/08/10 09:54:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2012/07/13 19:17:47 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2012/07/13 19:16:36 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2012/07/13 19:16:36 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage:

CHR - default_search_provider: Bing (Enabled)

CHR - default_search_provider: search_url = http://www.bing.com/search?setmkt=en-US&q={searchTerms}

CHR - default_search_provider: suggest_url = http://api.bing.com/osjson.aspx?query={searchTerms}&language={language},

CHR - homepage:

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\MJ\AppData\Local\Google\Chrome\Application\21.0.1180.79\PepperFlash\pepflashplayer.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\MJ\AppData\Local\Google\Chrome\Application\21.0.1180.89\gcswf32.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Users\MJ\AppData\Local\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\MJ\AppData\Local\Google\Chrome\Application\21.0.1180.89\pdf.dll

CHR - plugin: Norton Confidential (Enabled) = C:\Users\MJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.4.6_0\npcoplgn.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll

CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

CHR - plugin: Java Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll

CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL

CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll

CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll

CHR - Extension: YouTube = C:\Users\MJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\

CHR - Extension: Google Search = C:\Users\MJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\

CHR - Extension: Norton Identity Protection = C:\Users\MJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.5.11_0\

CHR - Extension: Gmail = C:\Users\MJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2011/12/22 16:11:00 | 000,000,833 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O2 - BHO: (PlusIEEventHelper Class) - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files\Nuance\PDF Viewer Plus\bin\PlusIEContextMenu.dll (Zeon Corporation)

O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\19.8.0.14\coieplg.dll (Symantec Corporation)

O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\19.8.0.14\ips\ipsbho.dll (Symantec Corporation)

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)

O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\19.8.0.14\coieplg.dll (Symantec Corporation)

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\19.8.0.14\coieplg.dll (Symantec Corporation)

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)

O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [brStsMon00] C:\Program Files\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)

O4 - HKLM..\Run: [Carbonite Backup] C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe (Carbonite, Inc.)

O4 - HKLM..\Run: [ControlCenter4] C:\Program Files\ControlCenter4\BrCcBoot.exe (Brother Industries, Ltd.)

O4 - HKLM..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)

O4 - HKLM..\Run: [indexSearch] C:\Program Files\Nuance\PaperPort\IndexSearch.exe (Nuance Communications, Inc.)

O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files\Nuance\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)

O4 - HKLM..\Run: [PDF5 Registry Controller] C:\Program Files\Nuance\PDF Viewer Plus\RegistryController.exe (Nuance Communications, Inc.)

O4 - HKLM..\Run: [PDFHook] C:\Program Files\Nuance\PDF Viewer Plus\pdfPro5Hook.exe (Nuance Communications, Inc.)

O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)

O4 - HKLM..\Run: [PPort12reminder] C:\Program Files\Nuance\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.)

O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdcBase.exe (Microsoft Corporation)

O4 - HKCU..\Run: [Adobe Acrobat Synchronizer] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe (Adobe Systems Incorporated)

O4 - HKCU..\Run: [iSUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)

O4 - HKCU..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O13 - gopher Prefix: missing

O15 - HKCU\..Trusted Domains: advanceddiscovery.com ([relativity5] https in Trusted sites)

O15 - HKCU\..Trusted Domains: kcura.com ([relativity] https in Trusted sites)

O15 - HKCU\..Trusted Domains: localhost ([]* in Local intranet)

O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control)

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Plugin Control)

O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab (DLM Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.5.1)

O16 - DPF: {A6AD2813-EDAC-4CAA-B7A3-431EC0758C2D} https://relativity5.advanceddiscovery.com/Relativity/ActiveX/webclientmanager.cab (kCura.EDDS.WebClientManager.WebClientManager)

O16 - DPF: {BF985246-09BF-11D2-BE62-006097DF57F6} http://simcity.ea.com/play/classic/SimCityX.cab (SimCityX Control)

O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.5.1)

O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://lexisnexiscenters.webex.com/client/T27L10NSP11EP5/event/ieatgpc1.cab (GpcContainer Class)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.94.156.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{51F4D2AB-899D-4E15-A5ED-5FC988182DD8}: DhcpNameServer = 68.94.156.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{51F4D2AB-899D-4E15-A5ED-5FC988182DD8}: NameServer = 4.2.2.2

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\{0dc087c2-7d6e-11df-8d6b-002564ec136d}\Shell - "" = AutoRun

O33 - MountPoints2\{0dc087c2-7d6e-11df-8d6b-002564ec136d}\Shell\AutoRun\command - "" = "E:\WD SmartWare.exe" autoplay=true

O33 - MountPoints2\{3ac18984-1585-11df-8517-002564ec136d}\Shell - "" = AutoRun

O33 - MountPoints2\{3ac18984-1585-11df-8517-002564ec136d}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a

O33 - MountPoints2\{4a32a1cf-673a-11df-847f-002564ec136d}\Shell - "" = AutoRun

O33 - MountPoints2\{4a32a1cf-673a-11df-847f-002564ec136d}\Shell\AutoRun\command - "" = "E:\WD SmartWare.exe" autoplay=true

O33 - MountPoints2\{774e842f-bc3f-11df-9e54-002564ec136d}\Shell - "" = AutoRun

O33 - MountPoints2\{774e842f-bc3f-11df-9e54-002564ec136d}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a

O33 - MountPoints2\{aa3db801-9691-11df-a812-002564ec136d}\Shell - "" = AutoRun

O33 - MountPoints2\{aa3db801-9691-11df-a812-002564ec136d}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a

O33 - MountPoints2\{eb2c3ca2-5137-11df-a710-002564ec136d}\Shell - "" = AutoRun

O33 - MountPoints2\{eb2c3ca2-5137-11df-a710-002564ec136d}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs: FastUserSwitchingCompatibility - File not found

NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)

NetSvcs: Nla - File not found

NetSvcs: Ntmssvc - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: SRService - File not found

NetSvcs: WmdmPmSp - File not found

NetSvcs: LogonHours - File not found

NetSvcs: PCAudit - File not found

NetSvcs: helpsvc - File not found

NetSvcs: uploadmgr - File not found

SafeBootMin: 34049968.sys - Driver

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: HelpSvc - Service

SafeBootMin: NTDS - File not found

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: sacsvr - Service

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: vmms - Service

SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: 34049968.sys - Driver

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: HelpSvc - Service

SafeBootNet: Messenger - Service

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: NTDS - File not found

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: rdsessmgr - Service

SafeBootNet: sacsvr - Service

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: vmms - Service

SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SafeBootNet: WudfUsbccidDriver - Driver

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/09/10 12:28:25 | 000,000,000 | ---D | C] -- C:\FRST

[2012/09/10 12:23:36 | 000,600,064 | ---- | C] (OldTimer Tools) -- C:\Users\MJ\Desktop\OTL.exe

[2012/09/10 12:11:24 | 000,000,000 | ---D | C] -- C:\Users\MJ\Desktop\RK_Quarantine

[2012/09/10 12:03:39 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine

[2012/09/10 12:01:05 | 002,211,928 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\MJ\Desktop\tdsskiller.exe

[2012/09/10 11:56:14 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\MJ\Desktop\aswMBR.exe

[2012/09/10 11:49:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT

[2012/09/10 11:49:20 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT

[2012/09/10 11:47:20 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\MJ\Desktop\erunt-setup.exe

[2012/09/10 11:40:16 | 001,629,088 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\MJ\Desktop\rkill.com

[2012/09/07 09:26:40 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\MJ\Desktop\dds.scr

[2012/09/06 14:08:25 | 000,000,000 | -HSD | C] -- C:\found.001

[2012/09/06 12:50:08 | 000,000,000 | ---D | C] -- C:\Users\MJ\AppData\Roaming\Malwarebytes

[2012/09/06 12:50:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012/09/06 12:49:59 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2012/09/06 12:49:59 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2012/09/06 12:49:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012/09/06 12:20:04 | 010,652,120 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\MJ\Desktop\mbam-setup-1.62.0.1300.exe

[2012/08/24 12:27:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Carbonite

[2012/08/24 12:26:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Carbonite

[2012/08/24 12:26:22 | 000,000,000 | ---D | C] -- C:\Program Files\Carbonite

[2012/08/24 10:52:59 | 000,000,000 | -HSD | C] -- C:\found.000

[2012/08/22 15:48:45 | 000,000,000 | ---D | C] -- C:\Users\MJ\jagexcache1

[2012/08/16 16:05:34 | 000,000,000 | ---D | C] -- C:\Windows\en

[2012/08/16 15:58:28 | 000,000,000 | ---D | C] -- C:\Users\MJ\AppData\Local\{54AF5CBF-5B61-48FD-AD5F-9DBD4A77655E}

[2012/08/16 15:58:18 | 000,000,000 | ---D | C] -- C:\Users\MJ\AppData\Local\{27958AFA-33EF-44FC-9214-C12C96379B71}

[2012/08/16 15:57:59 | 000,000,000 | ---D | C] -- C:\Users\MJ\AppData\Local\{03B31BD4-EFDD-4046-BFEE-86AFEE3AA771}

[2012/08/16 15:57:48 | 000,000,000 | ---D | C] -- C:\Users\MJ\AppData\Local\{2A4F3DD4-7242-4259-8F62-DF5F5FA9B102}

[2012/08/16 15:57:13 | 000,000,000 | ---D | C] -- C:\Users\MJ\AppData\Local\{788BDA24-56B7-4446-B0CE-1F0290D2C4D2}

[2012/08/16 15:57:02 | 000,000,000 | ---D | C] -- C:\Users\MJ\AppData\Local\{7005D15B-1355-4D42-832C-C2B0C0A420F4}

[2012/08/16 15:56:28 | 000,000,000 | ---D | C] -- C:\Users\MJ\AppData\Local\{1491FF06-6627-4E33-A0F0-C9BDB697B48E}

[2012/08/16 15:56:08 | 000,000,000 | ---D | C] -- C:\Users\MJ\AppData\Local\{BA9055CD-206C-45D4-AED8-22425D128222}

[2012/08/16 14:55:06 | 000,000,000 | ---D | C] -- C:\Users\MJ\AppData\Local\{91447190-21A3-46C2-BCB1-CC82B8A7FB6E}

[2012/08/16 14:54:45 | 000,000,000 | ---D | C] -- C:\Users\MJ\AppData\Local\{F0AB2D87-E08E-4FD8-8003-6F2338107790}

[2012/08/15 13:30:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java

[2012/08/15 13:29:29 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle

[2012/08/15 13:27:59 | 000,772,544 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll

[2012/08/15 13:27:59 | 000,227,760 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe

[2012/08/15 13:26:23 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe

[2012/08/15 13:26:23 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe

[2012/08/15 10:01:12 | 000,000,000 | ---D | C] -- C:\Users\MJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome

[1 C:\Users\MJ\*.tmp files -> C:\Users\MJ\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/09/10 12:23:32 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\MJ\Desktop\OTL.exe

[2012/09/10 12:15:13 | 000,854,156 | ---- | M] () -- C:\Users\MJ\Desktop\SecurityCheck.exe

[2012/09/10 12:14:18 | 000,014,256 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/09/10 12:14:18 | 000,014,256 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/09/10 12:12:10 | 000,662,690 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2012/09/10 12:12:10 | 000,121,558 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2012/09/10 12:10:24 | 001,378,816 | ---- | M] () -- C:\Users\MJ\Desktop\RogueKiller.exe

[2012/09/10 12:10:05 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-84075024-2080030355-1644607755-1000UA.job

[2012/09/10 12:07:00 | 000,000,874 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012/09/10 12:06:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/09/10 12:06:36 | 1583,075,328 | -HS- | M] () -- C:\hiberfil.sys

[2012/09/10 12:01:35 | 002,211,928 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\MJ\Desktop\tdsskiller.exe

[2012/09/10 12:00:45 | 000,000,512 | ---- | M] () -- C:\Users\MJ\Desktop\MBR.dat

[2012/09/10 11:58:00 | 000,164,971 | ---- | M] () -- C:\Users\MJ\Desktop\Screen Shot.png

[2012/09/10 11:57:55 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\MJ\Desktop\aswMBR.exe

[2012/09/10 11:49:20 | 000,000,896 | ---- | M] () -- C:\Users\MJ\Desktop\NTREGOPT.lnk

[2012/09/10 11:49:20 | 000,000,877 | ---- | M] () -- C:\Users\MJ\Desktop\ERUNT.lnk

[2012/09/10 11:47:23 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\MJ\Desktop\erunt-setup.exe

[2012/09/10 11:44:04 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012/09/10 11:40:16 | 001,629,088 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\MJ\Desktop\rkill.com

[2012/09/10 11:38:46 | 377,687,870 | ---- | M] () -- C:\Windows\MEMORY.DMP

[2012/09/10 11:19:04 | 000,136,282 | ---- | M] () -- C:\Users\MJ\Desktop\Daubenspeck FINRA Form MC-400.pdf

[2012/09/10 11:18:17 | 000,126,953 | ---- | M] () -- C:\Users\MJ\Desktop\AEI FINRA Form MC-400A.pdf

[2012/09/07 09:26:48 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\MJ\Desktop\dds.scr

[2012/09/06 12:50:00 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/09/06 12:48:44 | 001,353,103 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1308000.00E\Cat.DB

[2012/09/06 12:20:31 | 010,652,120 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\MJ\Desktop\mbam-setup-1.62.0.1300.exe

[2012/09/06 11:19:31 | 000,006,576 | ---- | M] () -- C:\bootsqm.dat

[2012/09/06 09:38:35 | 000,000,032 | ---- | M] () -- C:\Users\MJ\jagex_cl_runescape_LIVE.dat

[2012/09/05 10:28:36 | 000,002,398 | ---- | M] () -- C:\Users\MJ\Desktop\Google Chrome.lnk

[2012/08/30 05:57:03 | 000,000,844 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-84075024-2080030355-1644607755-1000Core1cd869e3049515f.job

[2012/08/24 12:27:11 | 000,002,104 | ---- | M] () -- C:\Users\Public\Desktop\Carbonite InfoCenter.lnk

[2012/08/22 15:51:18 | 000,000,129 | ---- | M] () -- C:\Users\MJ\jagex_runescape_preferences2.dat

[2012/08/22 15:48:47 | 000,000,035 | ---- | M] () -- C:\Users\MJ\jagex_runescape_preferences.dat

[2012/08/22 15:48:45 | 000,000,042 | ---- | M] () -- C:\Users\MJ\jagex_cl_runescape_LIVE1.dat

[2012/08/17 14:53:37 | 000,102,843 | ---- | M] () -- C:\Users\MJ\Desktop\Cutler 2012 Part 2B Revised 8-17-2012.pdf

[2012/08/16 09:35:46 | 000,008,942 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1308000.00E\VT20120731.038

[2012/08/16 09:13:37 | 000,002,425 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk

[2012/08/15 13:25:28 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe

[2012/08/15 13:25:28 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe

[1 C:\Users\MJ\*.tmp files -> C:\Users\MJ\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/09/10 12:15:10 | 000,854,156 | ---- | C] () -- C:\Users\MJ\Desktop\SecurityCheck.exe

[2012/09/10 12:10:20 | 001,378,816 | ---- | C] () -- C:\Users\MJ\Desktop\RogueKiller.exe

[2012/09/10 12:00:45 | 000,000,512 | ---- | C] () -- C:\Users\MJ\Desktop\MBR.dat

[2012/09/10 11:57:59 | 000,164,971 | ---- | C] () -- C:\Users\MJ\Desktop\Screen Shot.png

[2012/09/10 11:49:20 | 000,000,896 | ---- | C] () -- C:\Users\MJ\Desktop\NTREGOPT.lnk

[2012/09/10 11:49:20 | 000,000,877 | ---- | C] () -- C:\Users\MJ\Desktop\ERUNT.lnk

[2012/09/06 12:50:00 | 000,001,069 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/09/06 11:19:31 | 000,006,576 | ---- | C] () -- C:\bootsqm.dat

[2012/08/30 05:57:03 | 000,000,844 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-84075024-2080030355-1644607755-1000Core1cd869e3049515f.job

[2012/08/24 12:27:11 | 000,002,104 | ---- | C] () -- C:\Users\Public\Desktop\Carbonite InfoCenter.lnk

[2012/08/22 15:48:45 | 000,000,042 | ---- | C] () -- C:\Users\MJ\jagex_cl_runescape_LIVE1.dat

[2012/08/17 14:53:37 | 000,102,843 | ---- | C] () -- C:\Users\MJ\Desktop\Cutler 2012 Part 2B Revised 8-17-2012.pdf

[2012/08/15 10:01:24 | 000,002,398 | ---- | C] () -- C:\Users\MJ\Desktop\Google Chrome.lnk

[2012/08/15 09:59:16 | 000,000,896 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-84075024-2080030355-1644607755-1000UA.job

[2011/11/23 12:54:41 | 000,000,000 | ---- | C] () -- C:\Users\MJ\.gtk-bookmarks

[2011/11/04 09:19:46 | 000,000,032 | ---- | C] () -- C:\Users\MJ\jagex_cl_runescape_LIVE.dat

[2011/10/07 15:48:11 | 000,000,246 | ---- | C] () -- C:\Windows\Brpfx04a.ini

[2011/10/07 15:48:11 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini

[2011/10/07 15:41:23 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini

[2011/10/07 15:41:23 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat

[2011/10/07 15:41:07 | 000,045,056 | ---- | C] () -- C:\Windows\System32\BRTCPCON.DLL

[2011/10/07 15:40:58 | 000,000,114 | ---- | C] () -- C:\Windows\System32\BRLMW03A.INI

[2011/10/07 15:40:56 | 000,000,050 | ---- | C] () -- C:\Windows\System32\BRADM10A.DAT

[2011/04/06 08:55:26 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe

[2010/12/17 15:16:11 | 000,000,129 | ---- | C] () -- C:\Users\MJ\jagex_runescape_preferences2.dat

[2010/12/17 15:14:46 | 000,000,035 | ---- | C] () -- C:\Users\MJ\jagex_runescape_preferences.dat

[2010/05/17 10:16:23 | 000,004,096 | -H-- | C] () -- C:\Users\MJ\AppData\Local\keyfile3.drm

[2010/04/06 10:50:47 | 000,003,584 | ---- | C] () -- C:\Users\MJ\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== Custom Scans ==========

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %ALLUSERSPROFILE%\Application Data\*.dll /s >

< %APPDATA%\*. >

[2012/06/07 16:27:36 | 000,000,000 | ---D | M] -- C:\Users\MJ\AppData\Roaming\.oit

[2011/04/06 15:16:13 | 000,000,000 | ---D | M] -- C:\Users\MJ\AppData\Roaming\Adobe

[2012/07/11 16:32:12 | 000,000,000 | ---D | M] -- C:\Users\MJ\AppData\Roaming\Audacity

[2011/12/02 15:43:18 | 000,000,000 | R--D | M] -- C:\Users\MJ\AppData\Roaming\Brother

[2011/10/07 16:29:26 | 000,000,000 | ---D | M] -- C:\Users\MJ\AppData\Roaming\ControlCenter4

[2010/02/03 15:00:13 | 000,000,000 | ---D | M] -- C:\Users\MJ\AppData\Roaming\CyberLink

[2011/02/23 17:42:12 | 000,000,000 | ---D | M] -- C:\Users\MJ\AppData\Roaming\Download Manager

[2011/10/07 16:29:20 | 000,000,000 | ---D | M] -- C:\Users\MJ\AppData\Roaming\FLEXnet

[2010/02/03 13:04:24 | 000,000,000 | ---D | M] -- C:\Users\MJ\AppData\Roaming\Identities

[2011/10/07 15:33:17 | 000,000,000 | ---D | M] -- C:\Users\MJ\AppData\Roaming\InstallShield

[2010/02/03 13:08:24 | 000,000,000 | ---D | M] -- C:\Users\MJ\AppData\Roaming\Macromedia

[2012/09/06 12:50:08 | 000,000,000 | ---D | M] -- C:\Users\MJ\AppData\Roaming\Malwarebytes

[2009/07/14 02:49:10 | 000,000,000 | ---D | M] -- C:\Users\MJ\AppData\Roaming\Media Center Programs

[2012/09/06 13:37:38 | 000,000,000 | --SD | M] -- C:\Users\MJ\AppData\Roaming\Microsoft

[2010/06/21 14:56:47 | 000,000,000 | ---D | M] -- C:\Users\MJ\AppData\Roaming\Mozilla

[2011/10/12 09:41:57 | 000,000,000 | ---D | M] -- C:\Users\MJ\AppData\Roaming\Nuance

[2012/09/06 13:29:55 | 000,000,000 | ---D | M] -- C:\Users\MJ\AppData\Roaming\TeamViewer

[2010/04/30 15:35:04 | 000,000,000 | ---D | M] -- C:\Users\MJ\AppData\Roaming\U3

[2011/06/15 11:45:52 | 000,000,000 | ---D | M] -- C:\Users\MJ\AppData\Roaming\webex

[2010/06/23 14:05:22 | 000,000,000 | ---D | M] -- C:\Users\MJ\AppData\Roaming\Western Digital

[2010/11/15 15:39:50 | 000,000,000 | ---D | M] -- C:\Users\MJ\AppData\Roaming\Windows Live Writer

[2011/10/12 09:42:06 | 000,000,000 | ---D | M] -- C:\Users\MJ\AppData\Roaming\Zeon

< %APPDATA%\*.exe /s >

[2007/10/23 09:27:20 | 000,110,592 | ---- | M] () -- C:\Users\MJ\AppData\Roaming\U3\temp\cleanup.exe

[2007/10/23 09:22:56 | 003,350,528 | -H-- | M] (SanDisk Corporation) -- C:\Users\MJ\AppData\Roaming\U3\temp\Launchpad Removal.exe

< %APPDATA%\*.dll /s >

< %SYSTEMDRIVE%\*.exe >

< MD5 for: AGP440.SYS >

[2009/07/13 20:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys

[2009/07/13 20:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys

[2009/07/13 20:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys

[2009/07/13 20:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys

< MD5 for: ATAPI.SYS >

[2009/07/13 20:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys

[2009/07/13 20:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys

[2009/07/13 20:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys

[2009/07/13 20:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys

< MD5 for: BEEP.SYS >

[2009/07/13 18:45:01 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=505506526A9D467307B3C393DEDAF858 -- C:\Windows\System32\drivers\beep.sys

[2009/07/13 18:45:01 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=505506526A9D467307B3C393DEDAF858 -- C:\Windows\winsxs\x86_microsoft-windows-beepsys_31bf3856ad364e35_6.1.7600.16385_none_c3f6f77668f0ddcc\beep.sys

< MD5 for: CNGAUDIT.DLL >

[2009/07/13 20:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll

[2009/07/13 20:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

< MD5 for: IASTOR.SYS >

[2009/08/07 08:17:26 | 000,330,264 | ---- | M] (Intel Corporation) MD5=01446278D4563B3013C92830AE6CBB26 -- C:\Drivers\storage\R236453\IaStor.sys

[2009/08/07 06:17:26 | 000,330,264 | ---- | M] (Intel Corporation) MD5=01446278D4563B3013C92830AE6CBB26 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\IaStor.sys

[2009/08/07 08:17:26 | 000,330,264 | ---- | M] (Intel Corporation) MD5=01446278D4563B3013C92830AE6CBB26 -- C:\Windows\System32\drivers\iaStor.sys

[2009/08/07 06:17:26 | 000,330,264 | ---- | M] (Intel Corporation) MD5=01446278D4563B3013C92830AE6CBB26 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_1f2a8fa4448bd5bf\iaStor.sys

[2009/08/07 08:17:26 | 000,330,264 | ---- | M] (Intel Corporation) MD5=01446278D4563B3013C92830AE6CBB26 -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_x86_neutral_e0df85a86191e9fe\iaStor.sys

[2009/08/07 06:24:14 | 000,408,600 | ---- | M] (Intel Corporation) MD5=BBB3B6DF1ABB0FE35802EDE85CC1C011 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys

< MD5 for: IASTORV.SYS >

[2009/07/13 20:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys

[2010/11/20 07:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\drivers\iaStorV.sys

[2010/11/20 07:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys

[2010/11/20 07:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys

< MD5 for: NETLOGON.DLL >

[2010/11/20 07:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll

[2010/11/20 07:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll

[2009/07/13 20:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll

< MD5 for: NVSTOR.SYS >

[2010/11/20 07:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\drivers\nvstor.sys

[2010/11/20 07:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys

[2010/11/20 07:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys

[2009/07/13 20:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys

< MD5 for: SCECLI.DLL >

[2009/07/13 20:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll

[2010/11/20 07:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll

[2010/11/20 07:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll

< MD5 for: SERVICES.EXE >

[2009/07/13 20:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\System32\services.exe

[2009/07/13 20:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe

< MD5 for: THEMEUI.DLL >

[2010/11/20 07:21:30 | 002,755,072 | ---- | M] (Microsoft Corporation) MD5=5992A9DF57FD5E6960FDCC2DB69867F7 -- C:\Windows\System32\themeui.dll

[2010/11/20 07:21:30 | 002,755,072 | ---- | M] (Microsoft Corporation) MD5=5992A9DF57FD5E6960FDCC2DB69867F7 -- C:\Windows\winsxs\x86_microsoft-windows-themeui_31bf3856ad364e35_6.1.7601.17514_none_8706005e79c34246\themeui.dll

[2009/07/13 20:16:16 | 002,755,072 | ---- | M] (Microsoft Corporation) MD5=BA25800813148F910A600B6DE1F78B2B -- C:\Windows\winsxs\x86_microsoft-windows-themeui_31bf3856ad364e35_6.1.7600.16385_none_84d4ec967cd4beac\themeui.dll

< MD5 for: USERINIT.EXE >

[2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe

[2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe

[2009/07/13 20:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

< c:|services;true;true;true; /FP >

[2009/07/27 10:16:05 | 000,000,000 | ---D | M] -- c:\dell\DBRM\osmedia\sources\dlmanifests\microsoft-activedirectory-webservices-dl

[2009/07/27 10:16:07 | 000,000,000 | ---D | M] -- c:\dell\DBRM\osmedia\sources\dlmanifests\microsoft-windows-directoryservices-adam-dl

[2009/07/27 10:16:21 | 000,000,000 | ---D | M] -- c:\dell\DBRM\osmedia\sources\dlmanifests\microsoft-windows-terminalservices-licenseserver

[2009/07/27 10:16:22 | 000,000,000 | ---D | M] -- c:\dell\DBRM\osmedia\sources\dlmanifests\microsoft-windows-textservicesframework-migration-dl

[2009/07/27 10:37:02 | 000,000,000 | ---D | M] -- c:\dell\DBRM\osmedia\sources\replacementmanifests\microsoft-activedirectory-webservices

[2009/07/27 10:37:03 | 000,000,000 | ---D | M] -- c:\dell\DBRM\osmedia\sources\replacementmanifests\microsoft-windows-terminalservices-appserver-licensing

[2009/07/27 10:37:03 | 000,000,000 | ---D | M] -- c:\dell\DBRM\osmedia\sources\replacementmanifests\microsoft-windows-terminalservices-licenseserver

[2011/02/24 10:50:34 | 000,000,000 | ---D | M] -- c:\Program Files\Adobe\Acrobat 10.0\Acrobat\HostedServicesTemplates

[2011/02/24 10:50:34 | 000,000,000 | ---D | M] -- c:\Program Files\Adobe\Acrobat 10.0\Acrobat\HostedServicesTemplates\DEU

[2011/02/24 10:50:34 | 000,000,000 | ---D | M] -- c:\Program Files\Adobe\Acrobat 10.0\Acrobat\HostedServicesTemplates\ENU

[2011/02/24 10:50:34 | 000,000,000 | ---D | M] -- c:\Program Files\Adobe\Acrobat 10.0\Acrobat\HostedServicesTemplates\FRA

[2012/03/02 10:12:45 | 000,000,000 | ---D | M] -- c:\Program Files\Adobe\Acrobat 10.0\Acrobat\Services

[2012/03/02 10:12:49 | 000,000,000 | ---D | M] -- c:\Program Files\Adobe\Acrobat 10.0\Acrobat\Locale\de_DE\Services

[2012/03/02 10:12:49 | 000,000,000 | ---D | M] -- c:\Program Files\Adobe\Acrobat 10.0\Acrobat\Locale\fr_FR\Services

[2012/08/20 08:17:54 | 000,000,000 | ---D | M] -- c:\Program Files\Adobe\Reader 10.0\Reader\Services

[2009/07/13 21:37:05 | 000,000,000 | ---D | M] -- c:\Program Files\Common Files\Services

[2010/02/03 15:27:39 | 000,000,000 | ---D | M] -- c:\Program Files\Microsoft Office\OFFICE11\1033\DataServices

[2010/05/04 14:12:26 | 000,000,000 | ---D | M] -- c:\Users\MJ\AppData\LocalLow\Microsoft\Internet Explorer\Services

[2009/07/13 21:37:06 | 000,000,000 | ---D | M] -- c:\Windows\assembly\GAC_32\System.EnterpriseServices

[2011/04/06 09:11:18 | 000,000,000 | ---D | M] -- c:\Windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a

[2009/07/13 23:52:33 | 000,000,000 | ---D | M] -- c:\Windows\assembly\GAC_MSIL\System.Data.Services

[2011/04/06 09:11:17 | 000,000,000 | ---D | M] -- c:\Windows\assembly\GAC_MSIL\System.Data.Services\3.5.0.0__b77a5c561934e089

[2009/07/13 23:52:33 | 000,000,000 | ---D | M] -- c:\Windows\assembly\GAC_MSIL\System.Data.Services.Client

[2011/04/06 09:11:17 | 000,000,000 | ---D | M] -- c:\Windows\assembly\GAC_MSIL\System.Data.Services.Client\3.5.0.0__b77a5c561934e089

[2009/07/13 23:52:33 | 000,000,000 | ---D | M] -- c:\Windows\assembly\GAC_MSIL\System.Data.Services.Design

[2011/04/06 09:11:17 | 000,000,000 | ---D | M] -- c:\Windows\assembly\GAC_MSIL\System.Data.Services.Design\3.5.0.0__b77a5c561934e089

[2009/07/13 21:37:06 | 000,000,000 | ---D | M] -- c:\Windows\assembly\GAC_MSIL\System.DirectoryServices

[2011/04/06 09:11:17 | 000,000,000 | ---D | M] -- c:\Windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a

[2009/07/13 23:52:33 | 000,000,000 | ---D | M] -- c:\Windows\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement

[2011/04/06 09:11:17 | 000,000,000 | ---D | M] -- c:\Windows\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\3.5.0.0__b77a5c561934e089

[2009/07/13 21:37:06 | 000,000,000 | ---D | M] -- c:\Windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols

[2009/07/13 21:37:06 | 000,000,000 | ---D | M] -- c:\Windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a

[2009/07/13 21:37:06 | 000,000,000 | ---D | M] -- c:\Windows\assembly\GAC_MSIL\System.Web.Services

[2011/04/06 09:11:18 | 000,000,000 | ---D | M] -- c:\Windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a

[2009/07/13 23:52:33 | 000,000,000 | ---D | M] -- c:\Windows\assembly\GAC_MSIL\System.WorkflowServices

[2011/04/06 09:11:18 | 000,000,000 | ---D | M] -- c:\Windows\assembly\GAC_MSIL\System.WorkflowServices\3.5.0.0__31bf3856ad364e35

[2012/02/22 11:15:31 | 000,000,000 | ---D | M] -- c:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services

[2012/02/22 11:15:31 | 000,000,000 | ---D | M] -- c:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\47c2a93f42a371ac1b3756d098ac18a5

[2012/02/16 11:43:22 | 000,000,000 | ---D | M] -- c:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services

[2012/02/16 11:43:22 | 000,000,000 | ---D | M] -- c:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\a595aa31f93ed043fd02ec9d8ff40b32

[2012/02/22 17:12:12 | 000,000,000 | ---D | M] -- c:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data.Services

[2012/02/22 17:12:12 | 000,000,000 | ---D | M] -- c:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data.Services\546dc84f7a98dd07602ebe6dca6fda7f

[2012/02/22 11:16:49 | 000,000,000 | ---D | M] -- c:\Windows\assembly\NativeImages_v4.0.30319_32\System.Web.Services

[2012/02/22 11:16:49 | 000,000,000 | ---D | M] -- c:\Windows\assembly\NativeImages_v4.0.30319_32\System.Web.Services\b6139cfbdbdc57c3ff421204292f4041

[2012/02/16 10:48:28 | 000,000,000 | ---D | M] -- c:\Windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices

[2012/02/16 10:48:28 | 000,000,000 | ---D | M] -- c:\Windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a

[2012/02/16 10:50:04 | 000,000,000 | ---D | M] -- c:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services

[2012/02/16 10:50:04 | 000,000,000 | ---D | M] -- c:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services\v4.0_4.0.0.0__b77a5c561934e089

[2012/02/16 10:48:36 | 000,000,000 | ---D | M] -- c:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client

[2012/02/16 10:48:36 | 000,000,000 | ---D | M] -- c:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e089

[2012/02/16 10:50:04 | 000,000,000 | ---D | M] -- c:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Design

[2012/02/16 10:50:04 | 000,000,000 | ---D | M] -- c:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Design\v4.0_4.0.0.0__b77a5c561934e089

[2012/02/16 10:48:32 | 000,000,000 | ---D | M] -- c:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices

[2012/02/16 10:48:32 | 000,000,000 | ---D | M] -- c:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a

[2012/02/16 10:48:32 | 000,000,000 | ---D | M] -- c:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement

[2012/02/16 10:48:32 | 000,000,000 | ---D | M] -- c:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__b77a5c561934e089

[2012/02/16 10:48:33 | 000,000,000 | ---D | M] -- c:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols

[2012/02/16 10:48:33 | 000,000,000 | ---D | M] -- c:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a

[2012/02/16 10:48:36 | 000,000,000 | ---D | M] -- c:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices

[2012/02/16 10:48:36 | 000,000,000 | ---D | M] -- c:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35

[2012/02/16 10:48:41 | 000,000,000 | ---D | M] -- c:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services

[2012/02/16 10:48:40 | 000,000,000 | ---D | M] -- c:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a

[2012/02/16 10:50:11 | 000,000,000 | ---D | M] -- c:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.WorkflowServices

[2012/02/16 10:50:11 | 000,000,000 | ---D | M] -- c:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.WorkflowServices\v4.0_4.0.0.0__31bf3856ad364e35

[2012/09/07 10:27:55 | 000,000,000 | ---D | M] -- C:\Windows\System32\config\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RLG2APYJ\media.mtvnservices.com

[2012/08/08 09:13:05 | 000,000,000 | ---D | M] -- C:\Windows\System32\config\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RLG2APYJ\media.mtvnservices.com\player

[2012/08/08 09:13:05 | 000,000,000 | ---D | M] -- C:\Windows\System32\config\systemprofile\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#media.mtvnservices.com

[2009/07/13 23:52:31 | 000,000,000 | ---D | M] -- C:\Windows\System32\migwiz\dlmanifests\Microsoft-ActiveDirectory-WebServices-DL

[2009/07/13 23:52:31 | 000,000,000 | ---D | M] -- C:\Windows\System32\migwiz\dlmanifests\Microsoft-Windows-DirectoryServices-ADAM-DL

[2009/07/13 23:52:31 | 000,000,000 | ---D | M] -- C:\Windows\System32\migwiz\dlmanifests\Microsoft-Windows-TextServicesFramework-Migration-DL

[2009/07/13 23:52:31 | 000,000,000 | ---D | M] -- C:\Windows\System32\migwiz\replacementmanifests\microsoft-activedirectory-webservices

[2009/07/13 23:52:31 | 000,000,000 | ---D | M] -- C:\Windows\System32\migwiz\replacementmanifests\Microsoft-Windows-TerminalServices-AppServer-Licensing

[2009/07/13 23:52:31 | 000,000,000 | ---D | M] -- C:\Windows\System32\migwiz\replacementmanifests\Microsoft-Windows-TerminalServices-LicenseServer

[2009/07/13 23:41:15 | 000,000,000 | ---D | M] -- C:\Windows\System32\Tasks\Microsoft\Windows\Active Directory Rights Management Services Client

[2009/07/13 23:41:10 | 000,000,000 | ---D | M] -- C:\Windows\System32\Tasks\Microsoft\Windows\CertificateServicesClient

[2009/07/13 23:41:29 | 000,000,000 | ---D | M] -- C:\Windows\System32\Tasks\Microsoft\Windows\TextServicesFramework

[2009/07/13 23:49:56 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\msil_system.data.services.client_b77a5c561934e089_6.1.7600.16385_none_ef59273eec19d069

[2011/04/06 09:02:42 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\msil_system.data.services.client_b77a5c561934e089_6.1.7601.17514_none_f18a3b06e9085403

[2009/07/13 23:49:56 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\msil_system.data.services.design_b77a5c561934e089_6.1.7600.16385_none_1b0f635f58dfc09e

[2011/04/06 09:02:42 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\msil_system.data.services.design_b77a5c561934e089_6.1.7601.17514_none_1d40772755ce4438

[2009/07/13 23:49:56 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\msil_system.data.services_b77a5c561934e089_6.1.7600.16385_none_fdadd025d6080082

[2011/04/06 09:02:42 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\msil_system.data.services_b77a5c561934e089_6.1.7601.17514_none_ffdee3edd2f6841c

[2009/07/13 21:37:25 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\msil_system.directoryservices.protocols_b03f5f7f11d50a3a_6.1.7600.16385_none_83a19ecc10aa89e7

[2009/07/13 21:37:25 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\msil_system.directoryservices_b03f5f7f11d50a3a_6.1.7600.16385_none_2b25936fedbeb29c

[2011/04/06 09:02:02 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\msil_system.directoryservices_b03f5f7f11d50a3a_6.1.7601.17514_none_2afaa0f3ee15f952

[2009/07/13 21:37:25 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\msil_system.web.services_b03f5f7f11d50a3a_6.1.7600.16385_none_c74cebec6e652ac7

[2011/04/06 09:01:49 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\msil_system.web.services_b03f5f7f11d50a3a_6.1.7601.17514_none_c721f9706ebc717d

[2009/07/13 23:49:56 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\msil_system.workflowservices_31bf3856ad364e35_6.1.7600.16385_none_e3c597b829f3bac9

[2011/04/06 09:02:42 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\msil_system.workflowservices_31bf3856ad364e35_6.1.7601.17514_none_e5f6ab8026e23e63

[2009/07/13 21:37:25 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\x86_microsoft-windows-commonlogservicesapi_31bf3856ad364e35_6.1.7600.16385_none_6e8b7c84e12ac48e

[2009/07/13 21:37:25 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\x86_microsoft-windows-d..oryservices-ntdsapi_31bf3856ad364e35_6.1.7600.16385_none_ceb39c895289e648

[2009/07/13 21:37:25 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\x86_microsoft-windows-d..services-sam-netapi_31bf3856ad364e35_6.1.7600.16385_none_869896ad277eaa53

[2011/04/06 09:01:35 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\x86_microsoft-windows-d..services-sam-netapi_31bf3856ad364e35_6.1.7601.17514_none_88c9aa75246d2ded

[2009/07/13 21:37:25 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\x86_microsoft-windows-d..t-services-unattend_31bf3856ad364e35_6.1.7600.16385_none_c8f1afea060b932f

[2009/07/13 21:37:25 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\x86_microsoft-windows-directory-services-sam_31bf3856ad364e35_6.1.7600.16385_none_b1c4af81024823d5

[2011/04/06 09:02:13 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\x86_microsoft-windows-directory-services-sam_31bf3856ad364e35_6.1.7601.17514_none_b3f5c348ff36a76f

[2009/07/13 23:49:41 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\x86_microsoft-windows-ehome-services-ehrecvr_31bf3856ad364e35_6.1.7600.16385_none_bd3fd42782f1ef9a

[2010/06/24 03:00:46 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\x86_microsoft-windows-ehome-services-ehrecvr_31bf3856ad364e35_6.1.7600.16590_none_bd30069582fe8726

[2010/11/15 10:37:39 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\x86_microsoft-windows-ehome-services-ehrecvr_31bf3856ad364e35_6.1.7600.16648_none_bd6e1a6782cec350

[2010/06/24 03:00:46 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\x86_microsoft-windows-ehome-services-ehrecvr_31bf3856ad364e35_6.1.7600.20710_none_be1024a69bdb448f

[2010/11/15 10:37:39 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\x86_microsoft-windows-ehome-services-ehrecvr_31bf3856ad364e35_6.1.7600.20771_none_bdd045689c0b058c

[2011/04/06 09:02:25 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\x86_microsoft-windows-ehome-services-ehrecvr_31bf3856ad364e35_6.1.7601.17514_none_bf70e7ef7fe07334

[2009/07/13 23:49:41 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\x86_microsoft-windows-ehome-services-ehsched_31bf3856ad364e35_6.1.7600.16385_none_a54954fd9d61ab4b

[2009/07/13 23:49:53 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\x86_microsoft-windows-live-services_31bf3856ad364e35_6.1.7600.16385_none_d581da42ed22b22e

[2009/07/13 21:37:29 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54

[2009/07/13 21:37:29 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356

[2009/07/13 21:37:30 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\x86_microsoft-windows-t..alservices-lsmproxy_31bf3856ad364e35_6.1.7600.16385_none_0b628b5e2cb0f0d2

[2011/04/06 09:01:35 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\x86_microsoft-windows-t..alservices-lsmproxy_31bf3856ad364e35_6.1.7601.17514_none_0d939f26299f746c

[2009/07/13 21:37:30 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\x86_microsoft-windows-t..alservices-webproxy_31bf3856ad364e35_6.1.7600.16385_none_314e00fcb9a31524

[2009/07/13 23:49:41 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\x86_microsoft-windows-t..andinkinputservices_31bf3856ad364e35_6.1.7600.16385_none_1c8380f77a665893

[2009/07/13 21:37:30 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\x86_microsoft-windows-t..inalservices-drprov_31bf3856ad364e35_6.1.7600.16385_none_cdaf1d9e7a96897f

[2009/07/13 21:37:30 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\x86_microsoft-windows-t..lservices-workspace_31bf3856ad364e35_6.1.7600.16385_none_d0c5568dbb725fc3

[2011/04/06 09:02:01 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\x86_microsoft-windows-t..lservices-workspace_31bf3856ad364e35_6.1.7601.17514_none_d2f66a55b860e35d

[2009/07/13 21:37:30 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\x86_microsoft-windows-t..minalservicesclient_31bf3856ad364e35_6.1.7600.16385_none_4db2a3b8826b256f

[2011/03/25 08:37:55 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\x86_microsoft-windows-t..minalservicesclient_31bf3856ad364e35_6.1.7600.16722_none_4df089fa823d2660

[2011/03/25 08:37:55 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\x86_microsoft-windows-t..minalservicesclient_31bf3856ad364e35_6.1.7600.20861_none_4e4de6cb9b7c1c97

[2011/04/06 09:01:49 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\x86_microsoft-windows-t..minalservicesclient_31bf3856ad364e35_6.1.7601.17514_none_4fe3b7807f59a909

[2009/07/13 21:37:30 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\x86_microsoft-windows-t..nalservices-drivers_31bf3856ad364e35_6.1.7600.16385_none_51266e6957cddf7f

[2011/04/06 09:01:36 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\x86_microsoft-windows-t..nalservices-drivers_31bf3856ad364e35_6.1.7601.17514_none_5357823154bc6319

[2009/07/13 21:37:30 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\x86_microsoft-windows-t..nalservices-runtime_31bf3856ad364e35_6.1.7600.16385_none_dcb645882d547b6c

[2011/04/06 09:01:35 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\x86_microsoft-windows-t..nalservices-runtime_31bf3856ad364e35_6.1.7601.17514_none_dee759502a42ff06

[2009/07/13 21:37:30 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\x86_microsoft-windows-t..nalservices-sysprep_31bf3856ad364e35_6.1.7600.16385_none_316fec74a99530ea

[2009/07/13 21:37:30 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\x86_microsoft-windows-t..nalservices-utildll_31bf3856ad364e35_6.1.7600.16385_none_11544008f2925cb8

[2011/04/06 09:02:02 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\x86_microsoft-windows-t..nalservices-utildll_31bf3856ad364e35_6.1.7601.17514_none_138553d0ef80e052

[2009/07/13 21:37:30 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\x86_microsoft-windows-t..services-publicapis_31bf3856ad364e35_6.1.7600.16385_none_c707418127a8d18c

[2011/04/06 09:01:35 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\x86_microsoft-windows-t..services-publicapis_31bf3856ad364e35_6.1.7601.17514_none_c938554924975526

[2009/07/13 21:37:30 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\x86_microsoft-windows-t..services-remotepage_31bf3856ad364e35_6.1.7600.16385_none_04cce7d70ecd1ba7

[2011/04/06 09:01:22 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\x86_microsoft-windows-t..services-remotepage_31bf3856ad364e35_6.1.7601.17514_none_06fdfb9f0bbb9f41

[2009/07/13 23:56:31 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\x86_microsoft-windows-t..tservices.resources_31bf3856ad364e35_6.1.7600.16385_en-us_113848e0a990a9e4

[2009/07/13 23:50:00 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\x86_microsoft-windows-terminalservices-rdpdr_31bf3856ad364e35_6.1.7600.16385_none_011065d1aa5ad954

[2011/04/06 09:02:46 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\x86_microsoft-windows-terminalservices-rdpdr_31bf3856ad364e35_6.1.7601.17514_none_03417999a7495cee

[2009/07/13 21:37:30 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\x86_microsoft-windows-terminalservices-theme_31bf3856ad364e35_6.1.7600.16385_none_d5bc65ffdc22ec35

[2009/07/13 23:56:26 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\x86_microsoft-windows-w..eservices.resources_31bf3856ad364e35_6.1.7600.16385_en-us_d92dea821b79a3bd

[2009/07/13 23:49:49 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\x86_microsoft-windows-w..sition-coreservices_31bf3856ad364e35_6.1.7600.16385_none_326a913514a6f178

[2011/04/06 09:02:41 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\x86_microsoft-windows-w..sition-coreservices_31bf3856ad364e35_6.1.7601.17514_none_349ba4fd11957512

[2009/07/13 23:56:14 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\x86_microsoft-windows-webservices.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0e8d75c5d7938376

[2009/07/13 21:37:30 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\x86_microsoft-windows-webservices_31bf3856ad364e35_6.1.7600.16385_none_0e52ae5c9005d543

[2011/04/06 09:01:49 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\x86_microsoft-windows-webservices_31bf3856ad364e35_6.1.7601.17514_none_1083c2248cf458dd

[2009/07/13 23:49:56 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\x86_netfx35cdf-system.workflowservices_31bf3856ad364e35_6.1.7600.16385_none_67bcc28149ee1baf

[2011/04/06 09:02:42 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\x86_netfx35cdf-system.workflowservices_31bf3856ad364e35_6.1.7601.17514_none_69edd64946dc9f49

[2009/07/13 23:49:56 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\x86_netfx35linq-system.data.services.client_31bf3856ad364e35_6.1.7600.16385_none_cdf05c9ca29b39cc

[2011/04/06 09:02:42 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\x86_netfx35linq-system.data.services.client_31bf3856ad364e35_6.1.7601.17514_none_d02170649f89bd66

[2009/07/13 23:49:56 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\x86_netfx35linq-system.data.services.design_31bf3856ad364e35_6.1.7600.16385_none_f9a698bd0f612a01

[2011/04/06 09:02:41 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\x86_netfx35linq-system.data.services.design_31bf3856ad364e35_6.1.7601.17514_none_fbd7ac850c4fad9b

[2009/07/13 23:49:56 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\x86_netfx35linq-system.data.services_31bf3856ad364e35_6.1.7600.16385_none_ef308440251eb997

[2011/04/06 09:02:41 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\x86_netfx35linq-system.data.services_31bf3856ad364e35_6.1.7601.17514_none_f1619808220d3d31

[2009/07/13 21:37:31 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\x86_netfx-sys_enterpriseservices_tlb_b03f5f7f11d50a3a_6.1.7600.16385_none_f0513a301e5d7705

[2009/07/13 21:37:32 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\x86_system.enterpriseservices_b03f5f7f11d50a3a_6.1.7600.16385_none_aa2ded886a639c17

[2011/04/06 09:01:49 | 000,000,000 | ---D | M] -- c:\Windows\winsxs\x86_system.enterpriseservices_b03f5f7f11d50a3a_6.1.7601.17514_none_aa02fb0c6abae2cd

< %USERPROFILE%\..|smtmp;true;true;true /FP >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< End of report >

Link to post
Share on other sites
Maurice Naggar

Maurice Naggar

Posted
Posted
Backdoor rootkit warning Rootkit.Boot.Pihar.c

One or more of the identified infections is a backdoor trojan/rootkit.

This type of infection allows hackers to remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.

If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Please refer to Microsoft's Online Safety article for tips on creating a strong password.

Do not change passwords or do any transactions from the infected computer until it has been cleaned.

For the duration of this case, until I give the all clear, do NOT do any websurfing, banking, online shopping, games.

Only go to this forum and the websites I guide you to.

You will want to print out or copy these instructions to Notepad for offline reference!

These steps are for member Jaysabi only. If you are a casual viewer, do NOT try this on your system!

If you are not Jaysabi and have a similar problem, do NOT post here; start your own topic

Do not run or start any other programs while these utilities and tools are in use!

Do NOT run any other tools on your own or do any fixes other than what is listed here.

If you have questions, please ask before you do something on your own.

But it is important that you get going on these following steps.

=

Close any of your open programs while you run these tools.

On most all of the following programs and tools, you will need to do a right-click on the program link or shortcut or desktop icon (as appropriate) and then select "Run as Administrator". Please remember that as you go along and use these tools, each in turn.

Step 2

  • Disable your anti-virus program, How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • Right-Click RogueKiller and select Run as Administrator.
  • Wait until Prescan finishes.
  • Select only [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0)
  • On the RogueKiller console, click the Registry tab.
  • Then press the Delete button.
  • When done, logoff & Restart the system.
  • The log will be found as RKreport
    Copy & Paste the contents into a new reply.

Step 3

  • Please double-click OTL.exe otlDesktopIcon.png to run it. (Note: If you are running on Windows 7 or Vista, right-click on the file and choose Run As Administrator).
  • Copy all the lines in between the **** stars lines **** below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
    *****************************************************************
    :processes
    killallprocesses
    :files
    recycler /alldrives
    :reg
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0dc087c2-7d6e-11df-8d6b-002564ec136d}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3ac18984-1585-11df-8517-002564ec136d}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4a32a1cf-673a-11df-847f-002564ec136d}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{774e842f-bc3f-11df-9e54-002564ec136d}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{aa3db801-9691-11df-a812-002564ec136d}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{eb2c3ca2-5137-11df-a710-002564ec136d}]
    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [CLEARALLRESTOREPOINTS]
    [EMPTYFLASH]
    [emptyjava]
    [Reboot]
    *****************************************************************
  • Return to OTL. Right click in the customFix.png window (under the aqua-blue bar) and choose Paste.
  • Close any browser(s) windows that may be open.
  • Using your mouse, click on the red-lettered button runFixbutton.png.
  • Once you see a message box "Fix complete! Click OK to open the fix log."
    Click the OK button
  • The log will open in Notepad (your default text editor).
  • Save the log. Post a copy of that log into a new reply.

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.

If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Step 4

The system has outdated utilities which pose security risks. Un-install the following using Control Panel >>Programs and Features

Adobe Flash Player 10

Adobe Flash Player 10.3.183.20

Java 6 Update 31

Java 7 Update 5

We will get the latest versions later on.

Step 5

If you have a prior copy of Combofix, delete it now

Download Combofix from any of the links below, and SAVE it to your Desktop.

Link 1

Link 2

**Note: It is important that it is saved directly to your Desktop and not run straight away from download **

Turn OFF your antivirus, otherwise it will interfere. How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Have infinite patience during the run & scan by Combofix. It has many phases: some 50+ stages

It will display it's "stage" within the Command prompt window. Do NOT panic if it seems slow to change ! It has lots of work.

You may notice the desktop icons disappear. Do NOT panic, as that is expected behavior.

Combofix my take as little as 10 minutes and perhaps as much as 30-40 minutes. Time taken will depend on speed of your system and how much there is to scan & how much it needs to clean.

If this is on a notebook system, make sure first the notebook is connected to wall-power (AC power)or a UPS system

Important: Have no other programs running. Your Task Bar should be clear of any minimized program entries including your Browser.

Right- click on Combo-Fix.exe on your Desktop cf-icon.jpg and select "Run as Administrator".

  • A window may open with a warning or prompts. Accept the EULA and follow the prompts during the start phase of Combofix.
    When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.

A caution - Do not run Combofix more than once.

Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock.

The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled.

If this occurs, please reboot to restore the desktop.

A file will be created at => C:\Combofix.txt.

Notes:

[1] IF after Combofix reboot you get the message

Illegal operation attempted on registry key that has been marked for deletion

....please reboot the computer, this should resolve the problem. You may have reboot the pc a second time if needed.

[2] Do not mouseclick combofix's window nor run any program while Combofix is running.

That may cause it to stall.

[3]When all done, IF Combofix did not do a Restart...then ... I need for you to Restart the system fresh :excl:

Reply & Copy & Paste contents of the C:\Combofix.txt log and tell me, How is the system now ?

Re-enable your antivirus program.

Link to post
Share on other sites
jaysabi

jaysabi

Posted
  • Author
Posted

The computer has been running better since Kapersky removed a file on Monday. I haven't noticed any added improvement since today's changes. I was able to uninstall 3 out of the 4 outdated programs you highlighted, however Adobe Flash Player 10.3.183.20 was not listed in my program files. I uninstalled Adobe Flash Player 11 ActiveX instead. I don't know if this was an updated version of the one you listed.

Here are the requested logs:

RogueKiller V8.0.2 [08/31/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 32 bits version

Started in : Normal mode

User : MJ [Admin rights]

Mode : Scan -- Date : 09/12/2012 08:50:58

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤

[TASK][sUSP PATH] {5F6010C8-60E5-41f3-BF5B-C3AF5DBE12D4} : "C:\ProgramData\Carbonite\Carbonite Backup\CarboniteUpgrade.exe" -> FOUND

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

SSDT[13] : NtAlertResumeThread @ 0x83332A55 -> HOOKED (Unknown @ 0x875C5940)

SSDT[14] : NtAlertThread @ 0x83285B00 -> HOOKED (Unknown @ 0x875C5A20)

SSDT[19] : NtAllocateVirtualMemory @ 0x8327EB0C -> HOOKED (Unknown @ 0x875E0B60)

SSDT[22] : NtAlpcConnectPort @ 0x832CA2BE -> HOOKED (Unknown @ 0x86D62C18)

SSDT[43] : NtAssignProcessToJobObject @ 0x83253F4E -> HOOKED (Unknown @ 0x875C50E8)

SSDT[74] : NtCreateMutant @ 0x83265212 -> HOOKED (Unknown @ 0x875C5690)

SSDT[86] : NtCreateSymbolicLinkObject @ 0x83256871 -> HOOKED (Unknown @ 0x875D6E18)

SSDT[87] : NtCreateThread @ 0x83330CEE -> HOOKED (Unknown @ 0x875E0070)

SSDT[88] : NtCreateThreadEx @ 0x832C51E4 -> HOOKED (Unknown @ 0x875D6F08)

SSDT[96] : NtDebugActiveProcess @ 0x83302C00 -> HOOKED (Unknown @ 0x875C51C8)

SSDT[111] : NtDuplicateObject @ 0x8328659A -> HOOKED (Unknown @ 0x875E0D30)

SSDT[131] : NtFreeVirtualMemory @ 0x8310E4BB -> HOOKED (Unknown @ 0x875E0918)

SSDT[145] : NtImpersonateAnonymousToken @ 0x8324A840 -> HOOKED (Unknown @ 0x875C5780)

SSDT[147] : NtImpersonateThread @ 0x832CE6BC -> HOOKED (Unknown @ 0x875C5860)

SSDT[155] : NtLoadDriver @ 0x8321AB80 -> HOOKED (Unknown @ 0x86D546B8)

SSDT[168] : NtMapViewOfSection @ 0x8329B452 -> HOOKED (Unknown @ 0x875E0818)

SSDT[177] : NtOpenEvent @ 0x83264C0E -> HOOKED (Unknown @ 0x875C55B0)

SSDT[190] : NtOpenProcess @ 0x83266A58 -> HOOKED (Unknown @ 0x875E0EF0)

SSDT[191] : NtOpenProcessToken @ 0x832B90BF -> HOOKED (Unknown @ 0x875E0C50)

SSDT[194] : NtOpenSection @ 0x832BE734 -> HOOKED (Unknown @ 0x875C53F0)

SSDT[198] : NtOpenThread @ 0x832B2E45 -> HOOKED (Unknown @ 0x875E0E20)

SSDT[215] : NtProtectVirtualMemory @ 0x832974C1 -> HOOKED (Unknown @ 0x875D6008)

SSDT[304] : NtResumeThread @ 0x832C540B -> HOOKED (Unknown @ 0x875C5B00)

SSDT[316] : NtSetContextThread @ 0x83331DEF -> HOOKED (Unknown @ 0x875C5DA0)

SSDT[333] : NtSetInformationProcess @ 0x8328D6AD -> HOOKED (Unknown @ 0x875C5E80)

SSDT[350] : NtSetSystemInformation @ 0x832A31AC -> HOOKED (Unknown @ 0x875C52A8)

SSDT[366] : NtSuspendProcess @ 0x8333298F -> HOOKED (Unknown @ 0x875C54D0)

SSDT[367] : NtSuspendThread @ 0x832E9EF5 -> HOOKED (Unknown @ 0x875C5BE0)

SSDT[370] : NtTerminateProcess @ 0x832AFA7D -> HOOKED (Unknown @ 0x875E0150)

SSDT[371] : NtTerminateThread @ 0x832CD3F4 -> HOOKED (Unknown @ 0x875C5CC0)

SSDT[385] : NtUnmapViewOfSection @ 0x832B96FA -> HOOKED (Unknown @ 0x875C5F70)

SSDT[399] : NtWriteVirtualMemory @ 0x832B47DA -> HOOKED (Unknown @ 0x875E0A08)

S_SSDT[318] : Unknown -> HOOKED (Unknown @ 0x87805458)

S_SSDT[402] : Unknown -> HOOKED (Unknown @ 0x883FF850)

S_SSDT[434] : Unknown -> HOOKED (Unknown @ 0x87B68850)

S_SSDT[436] : Unknown -> HOOKED (Unknown @ 0x8837D1D0)

S_SSDT[448] : Unknown -> HOOKED (Unknown @ 0x86C84100)

S_SSDT[490] : Unknown -> HOOKED (Unknown @ 0x8759D8D8)

S_SSDT[508] : Unknown -> HOOKED (Unknown @ 0x8759D9F8)

S_SSDT[509] : Unknown -> HOOKED (Unknown @ 0x8759D968)

S_SSDT[585] : Unknown -> HOOKED (Unknown @ 0x87678120)

S_SSDT[588] : Unknown -> HOOKED (Unknown @ 0x876784A8)

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD2500AAJS-75M0A0 +++++

--- User ---

[MBR] 3a1ed7ebb3d0a9214baeb524b3ac1850

[bSP] 7599e6e61e4129e184d4051f55323357 : Windows Vista MBR Code

Partition table:

0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 8118 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 16707584 | Size: 230259 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1].txt >>

RKreport[1].txt

All processes killed

========== PROCESSES ==========

========== FILES ==========

recycler not found in C:\

========== REGISTRY ==========

Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0dc087c2-7d6e-11df-8d6b-002564ec136d}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0dc087c2-7d6e-11df-8d6b-002564ec136d}\ not found.

Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3ac18984-1585-11df-8517-002564ec136d}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3ac18984-1585-11df-8517-002564ec136d}\ not found.

Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4a32a1cf-673a-11df-847f-002564ec136d}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4a32a1cf-673a-11df-847f-002564ec136d}\ not found.

Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{774e842f-bc3f-11df-9e54-002564ec136d}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{774e842f-bc3f-11df-9e54-002564ec136d}\ not found.

Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{aa3db801-9691-11df-a812-002564ec136d}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{aa3db801-9691-11df-a812-002564ec136d}\ not found.

Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{eb2c3ca2-5137-11df-a710-002564ec136d}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{eb2c3ca2-5137-11df-a710-002564ec136d}\ not found.

========== COMMANDS ==========

C:\Windows\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 56466 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: LogMeInRemoteUser

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: MJ

->Temp folder emptied: 22207567192 bytes

->Temporary Internet Files folder emptied: 10988631065 bytes

->Java cache emptied: 351075439 bytes

->FireFox cache emptied: 59242777 bytes

->Google Chrome cache emptied: 179976679 bytes

->Flash cache emptied: 2235 bytes

User: ParkPlace

->Temp folder emptied: 20230466 bytes

->Temporary Internet Files folder emptied: 619262 bytes

->Java cache emptied: 0 bytes

->Flash cache emptied: 56972 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 3739479037 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes

RecycleBin emptied: 1892690569 bytes

Total Files Cleaned = 37,613.00 mb

Restore point Set: OTL Restore Point

[EMPTYFLASH]

User: All Users

User: Default

->Flash cache emptied: 0 bytes

User: Default User

->Flash cache emptied: 0 bytes

User: LogMeInRemoteUser

User: MJ

->Flash cache emptied: 0 bytes

User: ParkPlace

->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: LogMeInRemoteUser

User: MJ

->Java cache emptied: 0 bytes

User: ParkPlace

->Java cache emptied: 0 bytes

User: Public

Total Java Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.61.3 log created on 09122012_085815

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

ComboFix 12-09-12.02 - MJ 09/12/2012 9:28.1.2 - x86

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2013.842 [GMT -5:00]

Running from: c:\users\MJ\Desktop\ComboFix.exe

AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\data

.

.

((((((((((((((((((((((((( Files Created from 2012-08-12 to 2012-09-12 )))))))))))))))))))))))))))))))

.

.

2012-09-12 14:34 . 2012-09-12 14:34 -------- d-----w- c:\users\LogMeInRemoteUser\AppData\Local\temp

2012-09-12 14:34 . 2012-09-12 14:34 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-09-12 13:58 . 2012-09-12 13:58 -------- d-----w- C:\_OTL

2012-09-10 17:28 . 2012-09-10 17:28 -------- d-----w- C:\FRST

2012-09-10 17:03 . 2012-09-10 17:03 -------- d-----w- C:\TDSSKiller_Quarantine

2012-09-10 16:49 . 2012-09-10 16:49 -------- d-----w- c:\program files\ERUNT

2012-09-06 19:08 . 2012-09-06 19:08 -------- d-----w- C:\found.001

2012-09-06 18:45 . 2012-09-06 18:46 -------- d-----w- c:\users\ParkPlace

2012-09-06 17:50 . 2012-09-06 17:50 -------- d-----w- c:\users\MJ\AppData\Roaming\Malwarebytes

2012-09-06 17:49 . 2012-09-06 17:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-09-06 17:49 . 2012-09-06 17:49 -------- d-----w- c:\programdata\Malwarebytes

2012-09-06 17:49 . 2012-07-03 18:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-08-24 17:26 . 2012-08-24 17:26 -------- d-----w- c:\programdata\Carbonite

2012-08-24 17:26 . 2012-08-24 17:26 -------- d-----w- c:\program files\Carbonite

2012-08-24 15:52 . 2012-08-24 15:52 -------- d-----w- C:\found.000

2012-08-22 20:48 . 2012-08-22 20:48 -------- d-----w- c:\users\MJ\jagexcache1

2012-08-16 21:05 . 2012-08-16 21:05 -------- d-----w- c:\windows\en

2012-08-16 21:03 . 2012-08-16 21:03 19720 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2012-08-16 20:59 . 2012-08-16 20:59 89944 ----a-w- c:\program files\Common Files\Windows Live\.cache\3f995a91cd7bf206\DSETUP.dll

2012-08-16 20:59 . 2012-08-16 20:59 537432 ----a-w- c:\program files\Common Files\Windows Live\.cache\3f995a91cd7bf206\DXSETUP.exe

2012-08-16 20:59 . 2012-08-16 20:59 1801048 ----a-w- c:\program files\Common Files\Windows Live\.cache\3f995a91cd7bf206\dsetup32.dll

2012-08-15 18:29 . 2012-08-15 18:29 -------- d-----w- c:\program files\Oracle

2012-08-15 18:27 . 2012-07-06 03:06 772544 ----a-w- c:\windows\system32\npDeployJava1.dll

2012-08-15 14:33 . 2012-08-16 14:36 -------- d-----w- c:\windows\system32\drivers\NIS\1308000.00E

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-07-11 14:14 . 2010-02-11 15:31 83392 ----a-w- c:\windows\system32\LMIRfsClientNP.dll

2012-07-11 14:14 . 2010-02-11 15:31 52128 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll

2012-07-11 14:14 . 2010-02-11 15:31 30624 ----a-w- c:\windows\system32\LMIport.dll

2012-07-11 14:14 . 2010-02-11 15:31 87456 ----a-w- c:\windows\system32\LMIinit.dll

2012-07-06 03:06 . 2010-11-15 15:30 687544 ----a-w- c:\windows\system32\deployJava1.dll

2012-06-25 21:04 . 2012-06-25 21:04 1394248 ----a-w- c:\windows\system32\msxml4.dll

2012-07-14 00:17 . 2012-08-10 14:42 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]

@="{95A27763-F62A-4114-9072-E81D87DE3B68}"

[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]

2012-07-26 15:03 1014344 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]

@="{E300CD91-100F-4E67-9AF3-1384A6124015}"

[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]

2012-07-26 15:03 1014344 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]

@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"

[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]

2012-07-26 15:03 1014344 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Adobe Acrobat Synchronizer"="c:\program files\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe" [2012-01-03 1243040]

"ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2009-05-05 222496]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-05-23 7514656]

"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-08-07 186904]

"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-25 140520]

"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-08-11 63048]

"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdcBase.exe" [2007-05-31 648072]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 136216]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 171032]

"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 170520]

"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2012-01-03 36760]

"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2012-01-03 815512]

"IndexSearch"="c:\program files\Nuance\PaperPort\IndexSearch.exe" [2010-03-09 46368]

"PaperPort PTD"="c:\program files\Nuance\PaperPort\pptd40nt.exe" [2010-03-09 29984]

"PPort12reminder"="c:\program files\Nuance\PaperPort\Ereg\Ereg.exe" [2010-02-09 328992]

"PDFHook"="c:\program files\Nuance\PDF Viewer Plus\pdfpro5hook.exe" [2010-03-06 636192]

"PDF5 Registry Controller"="c:\program files\Nuance\PDF Viewer Plus\RegistryController.exe" [2010-03-06 62752]

"ControlCenter4"="c:\program files\ControlCenter4\BrCcBoot.exe" [2010-10-26 139264]

"BrStsMon00"="c:\program files\Browny02\Brother\BrStMonW.exe" [2010-06-10 2621440]

"Carbonite Backup"="c:\program files\Carbonite\Carbonite Backup\CarboniteUI.exe" [2012-07-26 1061960]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Canon PC1200 iC D600 iR1200G Status Window.LNK - c:\windows\System32\spool\drivers\w32x86\3\CAPM1LAK.EXE [2007-3-12 38464]

Microsoft Office OneNote 2003 Quick Launch.lnk - c:\program files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2007-4-19 64864]

WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2009-11-13 2057536]

WDSmartWare.lnk - c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe [2009-11-13 9117504]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]

R2 RapidPortM1;RapidPortM1;c:\windows\system32\Drivers\CAPM1LP.SYS [x]

R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [x]

S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1308000.00E\SYMDS.SYS [x]

S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1308000.00E\SYMEFA.SYS [x]

S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.1.2\Definitions\BASHDefs\20120905.001\BHDrvx86.sys [x]

S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NIS\1308000.00E\ccSetx86.sys [x]

S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.1.2\Definitions\IPSDefs\20120907.001\IDSvix86.sys [x]

S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1308000.00E\Ironx86.SYS [x]

S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NIS\1308000.00E\SYMNETS.SYS [x]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]

S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSrv.exe [x]

S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [x]

S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [x]

S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]

S2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exe [x]

S2 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files\Nuance\PaperPort\PDFProFiltSrvPP.exe [x]

S2 WDDMService;WD SmartWare Drive Manager;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [x]

S2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [x]

S3 BrSerIb;Brother Serial Interface Driver(WDM);c:\windows\system32\DRIVERS\BrSerIb.sys [x]

S3 BrUsbSIb;Brother Serial USB Driver(WDM);c:\windows\system32\DRIVERS\BrUsbSIb.sys [x]

S3 BrYNSvc;BrYNSvc;c:\program files\Browny02\BrYNSvc.exe [x]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

WindowsMobile REG_MULTI_SZ wcescomm rapimgr

LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

.

Contents of the 'Scheduled Tasks' folder

.

2012-09-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-09-22 18:12]

.

2012-09-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-09-22 18:12]

.

2012-08-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-84075024-2080030355-1644607755-1000Core1cd869e3049515f.job

- c:\users\MJ\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-15 14:59]

.

2012-09-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-84075024-2080030355-1644607755-1000UA.job

- c:\users\MJ\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-15 14:59]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.bing.com/

IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\OFFICE11\EXCEL.EXE/3000

Trusted Zone: advanceddiscovery.com\relativity5

Trusted Zone: kcura.com\relativity

TCP: DhcpNameServer = 68.94.156.1

TCP: Interfaces\{51F4D2AB-899D-4E15-A5ED-5FC988182DD8}: NameServer = 4.2.2.2

DPF: {A6AD2813-EDAC-4CAA-B7A3-431EC0758C2D} - hxxps://relativity5.advanceddiscovery.com/Relativity/ActiveX/webclientmanager.cab

FF - ProfilePath - c:\users\MJ\AppData\Roaming\Mozilla\Firefox\Profiles\8k026ig1.default\

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

SafeBoot-34049968.sys

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]

"ImagePath"="\"c:\program files\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\19.8.0.14\diMaster.dll\" /prefetch:1"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'Explorer.exe'(3148)

c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

.

Completion time: 2012-09-12 09:36:16

ComboFix-quarantined-files.txt 2012-09-12 14:36

.

Pre-Run: 142,051,225,600 bytes free

Post-Run: 141,404,086,272 bytes free

.

- - End Of File - - 519482EB28B1CFC84F39354BE0CEFB26

Link to post
Share on other sites
Maurice Naggar

Maurice Naggar

Posted
Posted

You have done generally well so far. I'd like to have you follow-up with some additional scans.

Download and Save McAfee Stinger to your Desktop

http://www.mcafee.co...ls/stinger.aspx

Close all browsers before starting.

Disable your antivirus program and anti-malware,if any.

How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

On Windows 7 & Vista systems, Right Click stinger-icon.gif and select Run as Administrator.

On XP, double-click to start it.

The GUI interface will look like this

stinger2.png

The C drive is the default for scanning.

Press the Preferences button. In the top right-block "On virus detection", click Rename

In the bottom block "Heuristic network check for suspicious files" select High

Click the Scan Now button.

When done, use the File menu and select Save report to file

Stinger.txt is the log report and will be saved to your Desktop. I will need a copy of that log.

Stinger is a standalone utility used to detect and remove specific malware. It is not a full scan for all types of malware or viruses.

It is not intended as virus protection.

Step 2

Save and close any work documents, close any apps that you started.

Start your MBAM MalwareBytes' Anti-Malware.

Click the Settings Tab and then the General Settings sub-tab. Make sure all option lines have a checkmark.

Then click the Scanner settings sub-tab in second row of tabs. Make sure all option lines have a checkmark.

Next, Click the Update tab. Press the "Check for Updates" button.

If prompted for a Restart, do that.

When done, click the Scanner tab.

Do a FULL Scan.

When the scan is complete, click OK, then Show Results to view the results.

Make sure that everything is checked, and click Remove Selected.

When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.

The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

When done, Copy and Paste the scan log into a new reply.

Step 3

Close all open browsers at this point.

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

Start Internet Explorer

Using Internet Explorer browser only, go to BitDefender Quickscan website:

http://quickscan.bitdefender.com

and click "Start Scan".

Observe your browser in case it shows a notice/message bar to allow download and installation of a tool.

Allow the download and install of qsax.cab from BitDefender. Right-click the IE info bar and select Install to install the BitDefender quick scan module.

If prompted, reply yes to allow it to run.

Press the Allow button and follow prompts.

Press the "Start Scan" once more.

You'll see the EULA in a pop-up window. Click the I accept & then the OK button

Note: The FAQ is here --> http://quickscan.bitdefender.com/faq/

and that QuickScan has no removal capability.

The site boasts a 60-second scan. Do have patience as it likely will take longer.

It may seem to stall at moments, but have patience; it will move on.

You'll see a progress bar at top right of window.

Hopefully you will see a No infections found in the bar-winddow. Press the View Log button.

The log report will show in your text editor. Save the log.

Do a Select ALL, Copy. Then paste contents into your next reply.

Step 4

RE-Enable your anti-virus program.

Do a new run of SecurityCheck and copy & Paste the new Checkup.txt log for review

Tell me, How is the system now ?

Link to post
Share on other sites
jaysabi

jaysabi

Posted
  • Author
Posted

The system seems to be running fine at the moment. Everything appears to have stabilized since the Kapersky removal.

Here are the requested logs:

McAfee® Labs Stinger Version 10.2.0.783 built on Sep 12 2012

Copyright © 2012 McAfee, Inc. All Rights Reserved.

Virus data file v1000.0000 created on Sep 12 2012.

Ready to scan for 4959 viruses, trojans and variants.

Scan initiated on Wed Sep 12 14:05:43 2012

Rootkit scan result : Clean

Master Boot Record(s):....1

Possibly Infected:.............0

Boot Sector(s):.................1

Possibly Infected: ............0

Number of clean files: 19515

Malwarebytes Anti-Malware (Trial) 1.65.0.1400

www.malwarebytes.org

Database version: v2012.09.12.06

Windows 7 Service Pack 1 x86 NTFS

Internet Explorer 9.0.8112.16421

MJ :: MJ-PC [administrator]

Protection: Enabled

9/12/2012 2:18:49 PM

mbam-log-2012-09-12 (14-18-49).txt

Scan type: Full scan (C:\|)

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 379839

Time elapsed: 48 minute(s), 42 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

QuickScan 32-bit v0.9.9.118

---------------------------

Scan date: Wed Sep 12 15:25:19 2012

Machine ID: B2B014EC

No infection found.

-------------------

Processes

---------

AcroTray - Adobe Acrobat Distiller help 3404 C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe

Adobe Acrobat Update Service 1576 C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

Adobe Reader and Acrobat Manager 3336 C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

APO Access Service (32-bit) 1608 C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe

Brother ControlCenter 3448 C:\Program Files\ControlCenter4\BrCcUxSys.exe

Brother ControlCenter 3300 C:\Program Files\ControlCenter4\BrCtrlCntr.exe

Brother Status Monitor Application 3836 C:\Program Files\Browny02\Brother\BrStMonW.exe

BrYNCSvc 3868 C:\Program Files\Browny02\BrYNSvc.exe

Canon Advanced Printing Technology 2076 C:\Windows\System32\CAPM1RSK.EXE

Canon Advanced Printing Technology 2260 C:\Windows\System32\spool\drivers\w32x86\3\CAPM1LAK.EXE

Canon Advanced Printing Technology 2248 C:\Windows\System32\spool\drivers\w32x86\3\CAPM1SWK.EXE

Canon Advanced Printing Technology 2516 C:\Windows\System32\spool\drivers\w32x86\3\CAPM1SWK.EXE

Carbonite InfoCenter 3964 C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe

Carbonite Secure Backup Engine 1632 C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe

Cyberlink PowerDVD 3276 C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

HD Audio Control Panel 3256 C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

Intel® Common User Interface 3368 C:\Windows\System32\hkcmd.exe

Intel® Common User Interface 3376 C:\Windows\System32\igfxpers.exe

Intel® Common User Interface 3360 C:\Windows\System32\igfxtray.exe

LMIGuardianSvc 1696 C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe

LogMeIn 1784 C:\Program Files\LogMeIn\x86\LogMeIn.exe

LogMeIn 1732 C:\Program Files\LogMeIn\x86\ramaint.exe

Malwarebytes Anti-Malware 3060 C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

Malwarebytes Anti-Malware 3012 C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

Microsoft® CoReXT 2312 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE

Microsoft® CoReXT 2440 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE

Microsoft® Windows Mobile® Device Cente 3324 C:\Windows\WindowsMobile\wmdcBase.exe

Microsoft® Windows® Operating System 4160 C:\Program Files\Windows Media Player\wmpnetwk.exe

Microsoft® Windows® Operating System 2108 C:\Windows\explorer.exe

Microsoft® Windows® Operating System 496 C:\Windows\System32\csrss.exe

Microsoft® Windows® Operating System 444 C:\Windows\System32\csrss.exe

Microsoft® Windows® Operating System 592 C:\Windows\System32\lsass.exe

Microsoft® Windows® Operating System 604 C:\Windows\System32\lsm.exe

Microsoft® Windows® Operating System 584 C:\Windows\System32\services.exe

Microsoft® Windows® Operating System 320 C:\Windows\System32\smss.exe

Microsoft® Windows® Operating System 1448 C:\Windows\System32\spoolsv.exe

Microsoft® Windows® Operating System 1832 C:\Windows\System32\taskhost.exe

Microsoft® Windows® Operating System 504 C:\Windows\System32\wininit.exe

Microsoft® Windows® Operating System 552 C:\Windows\System32\winlogon.exe

Microsoft® Windows® Operating System 3628 C:\Windows\System32\wuauclt.exe

Nuance PDF Products 3468 C:\Program Files\Nuance\PDF Viewer Plus\pdfPro5Hook.exe

PaperPort 1900 C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe

PaperPort 3424 C:\Program Files\Nuance\PaperPort\pptd40nt.exe

RAID Event Monitor 3268 C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

RAID Monitor 2356 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe

Software Manager 2588 C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe

Symantec Security Technologies 1256 C:\Program Files\Norton Internet Security\Engine\19.8.0.14\ccsvchst.exe

Symantec Security Technologies 1872 C:\Program Files\Norton Internet Security\Engine\19.8.0.14\ccsvchst.exe

WD Drive Manager 2008 C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe

WD Drive Manager 3708 C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe

WD SmartWare 3932 C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe

WDSmartWareBackgroundService 384 C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe

Windows® Internet Explorer 2752 C:\Program Files\Internet Explorer\iexplore.exe

Windows® Internet Explorer 3556 C:\Program Files\Internet Explorer\iexplore.exe

Windows® Internet Explorer 1812 C:\Program Files\Internet Explorer\iexplore.exe

Windows® Internet Explorer 4168 C:\Program Files\Internet Explorer\iexplore.exe

Windows® Search 740 C:\Windows\System32\SearchFilterHost.exe

Windows® Search 3000 C:\Windows\System32\SearchIndexer.exe

Windows® Search 4936 C:\Windows\System32\SearchProtocolHost.exe

(verified) LogMeIn 3308 C:\Program Files\LogMeIn\x86\LogMeInSystray.exe

(verified) Microsoft® Windows® Operating System 1836 C:\Windows\System32\dwm.exe

(verified) Microsoft® Windows® Operating System 1940 C:\Windows\System32\svchost.exe

(verified) Microsoft® Windows® Operating System 2812 C:\Windows\System32\svchost.exe

(verified) Microsoft® Windows® Operating System 1148 C:\Windows\System32\svchost.exe

(verified) Microsoft® Windows® Operating System 972 C:\Windows\System32\svchost.exe

(verified) Microsoft® Windows® Operating System 1264 C:\Windows\System32\svchost.exe

(verified) Microsoft® Windows® Operating System 936 C:\Windows\System32\svchost.exe

(verified) Microsoft® Windows® Operating System 716 C:\Windows\System32\svchost.exe

(verified) Microsoft® Windows® Operating System 3552 C:\Windows\System32\svchost.exe

(verified) Microsoft® Windows® Operating System 1476 C:\Windows\System32\svchost.exe

(verified) Microsoft® Windows® Operating System 888 C:\Windows\System32\svchost.exe

(verified) Microsoft® Windows® Operating System 3848 C:\Windows\System32\svchost.exe

(verified) Microsoft® Windows® Operating System 792 C:\Windows\System32\svchost.exe

(verified) Microsoft® Windows® Operating System 3900 C:\Windows\System32\svchost.exe

Network activity

----------------

Process svchost.exe (1264) connected on port 80 (HTTP) --> 77.67.86.152

Process LogMeIn.exe (1784) connected on port 443 (HTTP over SSL) --> 64.74.103.130

Process iexplore.exe (1812) connected on port 80 (HTTP) --> 184.51.156.155

Process iexplore.exe (1812) connected on port 80 (HTTP) --> 184.51.156.155

Process iexplore.exe (1812) connected on port 80 (HTTP) --> 184.51.156.155

Process iexplore.exe (1812) connected on port 80 (HTTP) --> 184.51.156.155

Process iexplore.exe (1812) connected on port 80 (HTTP) --> 184.51.156.155

Process iexplore.exe (1812) connected on port 80 (HTTP) --> 184.51.156.155

Process iexplore.exe (1812) connected on port 80 (HTTP) --> 184.51.156.155

Process iexplore.exe (1812) connected on port 80 (HTTP) --> 69.171.237.32

Process iexplore.exe (1812) connected on port 80 (HTTP) --> 69.171.237.32

Process iexplore.exe (1812) connected on port 80 (HTTP) --> 69.171.237.32

Process iexplore.exe (1812) connected on port 80 (HTTP) --> 184.51.156.162

Process iexplore.exe (1812) connected on port 80 (HTTP) --> 184.51.156.162

Process iexplore.exe (1812) connected on port 80 (HTTP) --> 184.51.156.162

Process iexplore.exe (1812) connected on port 80 (HTTP) --> 184.51.156.162

Process iexplore.exe (1812) connected on port 80 (HTTP) --> 77.67.86.107

Process iexplore.exe (1812) connected on port 80 (HTTP) --> 77.67.86.107

Process iexplore.exe (1812) connected on port 80 (HTTP) --> 23.60.95.139

Process iexplore.exe (1812) connected on port 80 (HTTP) --> 23.60.95.139

Process iexplore.exe (1812) connected on port 80 (HTTP) --> 72.21.81.253

Process iexplore.exe (1812) connected on port 80 (HTTP) --> 74.125.225.109

Process iexplore.exe (1812) connected on port 80 (HTTP) --> 74.125.225.109

Process iexplore.exe (1812) connected on port 80 (HTTP) --> 74.125.225.102

Process iexplore.exe (1812) connected on port 80 (HTTP) --> 74.125.225.102

Process iexplore.exe (1812) connected on port 80 (HTTP) --> 74.125.225.57

Process iexplore.exe (1812) connected on port 80 (HTTP) --> 74.125.225.57

Process iexplore.exe (1812) connected on port 80 (HTTP) --> 74.125.142.99

Process iexplore.exe (1812) connected on port 80 (HTTP) --> 74.125.142.99

Process iexplore.exe (4168) connected on port 80 (HTTP) --> 74.125.225.102

Process wininit.exe (504) listens on ports: 49152 (RPC)

Process services.exe (584) listens on ports: 49162 (RPC)

Process lsass.exe (592) listens on ports: 49158 (RPC)

Process svchost.exe (792) listens on ports: 135 (RPC)

Process svchost.exe (888) listens on ports: 49153 (RPC)

Process svchost.exe (972) listens on ports: 49154 (RPC)

Process spoolsv.exe (1448) listens on ports: 49161 (RPC)

Process LogMeIn.exe (1784) listens on ports: 2002 (Cisco ACS)

Process CAPM1RSK.EXE (2076) listens on ports: 1101

Process svchost.exe (3848) listens on ports: 990 (FTP over SSL)

Autoruns and critical files

---------------------------

AcroTray - Adobe Acrobat Distiller help C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe

Adobe Acrobat C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe

Adobe Reader and Acrobat Manager C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

AdobeCollabSync.exe C:\Program Files\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe

Brother ControlCenter C:\Program Files\ControlCenter4\BrCcBoot.exe

Brother Status Monitor Application C:\Program Files\Browny02\Brother\BrStMonW.exe

Canon Advanced Printing Technology C:\Windows\System32\spool\drivers\w32x86\3\CAPM1LAK.EXE

Carbonite InfoCenter C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe

Cyberlink PowerDVD C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

Google Update C:\Users\MJ\AppData\Local\Google\Update\GoogleUpdate.exe

HD Audio Control Panel C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

Intel® Common User Interface C:\Windows\System32\hkcmd.exe

Intel® Common User Interface C:\Windows\system32\igfxdev.dll

Intel® Common User Interface C:\Windows\System32\igfxpers.exe

Intel® Common User Interface C:\Windows\System32\igfxtray.exe

Microsoft Office OneNote C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE

Microsoft® Windows Mobile® Device Cente C:\Windows\WindowsMobile\wmdcBase.exe

Microsoft® Windows® Operating System c:\windows\system32\userinit.exe

Nuance PDF Products C:\Program Files\Nuance\PDF Viewer Plus\pdfPro5Hook.exe

Nuance PDF Products C:\Program Files\Nuance\PDF Viewer Plus\RegistryController.exe

PaperPort C:\Program Files\Nuance\PaperPort\IndexSearch.exe

PaperPort C:\Program Files\Nuance\PaperPort\pptd40nt.exe

RAID Event Monitor C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

Software Manager C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe

SSEreg C:\Program Files\Nuance\PaperPort\Ereg\Ereg.exe

WD Drive Manager C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe

WD SmartWare C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe

Windows® Internet Explorer c:\windows\system32\webcheck.dll

(verified) Google Update C:\Program Files\Google\Update\GoogleUpdate.exe

(verified) LogMeIn C:\Program Files\LogMeIn\x86\LogMeInSystray.exe

Browser plugins

---------------

AcroIEHelperShim Library c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll

Adobe Acrobat C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll

Adobe Acrobat C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

Adobe Acrobat C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll

Adobe PDF Toolbar for IE c:\program files\common files\adobe\acrobat\activex\acroiefavclient.dll

Akamai Download Manager ActiveX Control C:\Windows\Downloaded Program Files\DownloadManagerV2.ocx

Akamai Download Manager ActiveX Control C:\Windows\Downloaded Program Files\Manager.exe

Bitdefender QuickScan C:\Windows\Downloaded Program Files\qsax.dll

Google Earth Plugin C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

Google Update C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll

Google Update C:\Users\MJ\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll

InstallShield Update Service C:\Windows\Downloaded Program Files\dwusplay.exe

Java Deployment Toolkit 7.0.50.255 C:\Windows\system32\npDeployJava1.dll

Java Platform SE 7 U5 C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll

Microsoft® CoReXT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

Microsoft® CoReXT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL

Microsoft® Windows® Operating System C:\Windows\system32\mswsock.dll

Microsoft® Windows® Operating System C:\Windows\System32\nlaapi.dll

Norton Confidential c:\program files\norton internet security\engine\19.8.0.14\coieplg.dll

Norton Confidential C:\Users\MJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.5.11_0\npcoplgn.dll

nppdf32.DEU C:\Program Files\Mozilla Firefox\plugins\nppdf32.DEU

nppdf32.FRA C:\Program Files\Mozilla Firefox\plugins\nppdf32.FRA

PlusIEContextMenu c:\program files\nuance\pdf viewer plus\bin\plusiecontextmenu.dll

Silverlight Plug-In c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll

SimCityX ActiveX Control Module C:\Windows\Downloaded Program Files\SimCityX.ocx

Software Manager C:\Windows\Downloaded Program Files\isusweb.dll

Symantec Intrusion Detection c:\program files\norton internet security\engine\19.8.0.14\ips\ipsbho.dll

WebEx Download Module C:\Windows\Downloaded Program Files\ieatgpc.dll

Windows Live Photo Gallery C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

Windows® Internet Explorer C:\Windows\system32\ieframe.dll

(verified) InstallShield Update Service C:\Windows\Downloaded Program Files\dwusplay.dll

(verified) Microsoft Office 2003 C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL

(verified) Microsoft® Windows® Operating System C:\Windows\system32\napinsp.dll

(verified) Microsoft® Windows® Operating System C:\Windows\system32\pnrpnsp.dll

(verified) Microsoft® Windows® Operating System C:\Windows\System32\winrnr.dll

Scan

----

MD5: 675768f27997468394aef7a785acd28c C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe

MD5: 16aedbebd92d1ecba79bceb09ed90f32 C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe

MD5: 424270b45d9545c8f67bee0ebd3120e5 C:\Program Files\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe

MD5: 8082f66dc9c8167ff1aa548736f58457 C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll

MD5: 84cbd6f6aa7ee399fbdc265b8ea64474 C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

MD5: b11f7db91e12bbca71be88bfb2120faf C:\Program Files\Brother\BrUtilities\BrLogAPI.dll

MD5: b431f2725136a9a2b64acd9cd6624d52 C:\Program Files\Browny02\brlm03a.dll

MD5: f71ec3fec2ebeb67d067e9da1469a9e0 C:\Program Files\Browny02\brlmw03a.dll

MD5: f410ac07933bddd13278299df222e03d C:\Program Files\Browny02\BrMonitor.dll

MD5: b907641b954b7c8c7f81ea8679314bfd C:\Program Files\Browny02\Brother\BrFirmUpdateCheck.dll

MD5: 7f42ffcd6ff7ca558c2d95dadcd5efa9 C:\Program Files\Browny02\Brother\BrStMonW.exe

MD5: caa5e8de421c5875731cd3ba5233f162 C:\Program Files\Browny02\Brother\BrStMonWRes.dll

MD5: ea7e57f87d6fee5fd6c5f813c04e8cd2 C:\Program Files\Browny02\BrYNSvc.exe

MD5: 28406a359487238e704e458c7029172d C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll

MD5: 442745bf42053a779ab514c5746df11b C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe

MD5: fe23d126327d5a46060466bea762a387 C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe

MD5: edc07b6df34c39ec40df1904c7459b4f c:\program files\common files\adobe\acrobat\activex\acroiefavclient.dll

MD5: ba0ed7aa3c36a8da27ded1d6b3508158 c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll

MD5: b63e5c7807334a3a8f731062f15462cc C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

MD5: d19c4ee2ac7c47b8f5f84fff1a789d8a C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

MD5: cf39a105cd553eed31e2255aff4c6742 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

MD5: 45406ffd87f6ba4345b018e303a64ff1 C:\Program Files\Common Files\Microsoft Shared\Windows Live\wlidcli.DLL

MD5: 12b79422a23814429cda9e734c58f78f C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL

MD5: fb01d4ae207b9efdbabfc55dc95c7e31 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE

MD5: c649f293b8b047a2694f3c615d09bf17 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE

MD5: e476c66713c842f58e61a95826ed1d57 C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

MD5: 85b8b4032a895a746d46a288a9b30ded C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys

MD5: b5a8a04a6e5b4e86b95b1553aa918f5f C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

MD5: dee58aeef984a13d6923326444caed6d C:\Program Files\ControlCenter4\BrCcAssoc.dll

MD5: 27bf45e6900ae1056daf0b5647e2e266 C:\Program Files\ControlCenter4\BrCcBoot.exe

MD5: 6aa7883986d3b351cb068919daf2f309 C:\Program Files\ControlCenter4\BrCcDlgRc.dll

MD5: 649b5aa7a518cf14b128d73059c3a55a C:\Program Files\ControlCenter4\BrCcGrImg.dll

MD5: 00afc59555c605a006c6a11ed42a65d1 C:\Program Files\ControlCenter4\BrCcLUsa.dll

MD5: ddf441f9c40507d582a7d09ab46c6f98 C:\Program Files\ControlCenter4\BrCcUxSys.exe

MD5: 50fb420dedf67926910e3b869bb243a1 C:\Program Files\ControlCenter4\BrCtrlCntr.exe

MD5: f35a584e947a5b401feb0fe01db4a0d7 C:\Program Files\CyberLink\PowerDVD DX\MFC71.DLL

MD5: 2437be68d5a37a75fad51c5f0e9a03ed C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

MD5: 8f628060daecf76c537bd89a53228d3b C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll

MD5: c0ce1fd30ce222852a061207a579a6fc C:\Program Files\Intel\Intel Matrix Storage Manager\ENU\IAAMon_ENU.dll

MD5: f8ba8a317b5675629854fc9700f8af6d C:\Program Files\Intel\Intel Matrix Storage Manager\ENU\PlugInRAID_ENU.dll

MD5: 0b1b7568ced61abf5fd717f28175c96a C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

MD5: 0e899d0db39617aa0b2f992e7e95b5eb C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe

MD5: 5621d03adc16eade46d2242c39e1a99c C:\Program Files\Intel\Intel Matrix Storage Manager\ISDI.dll

MD5: a1659e4d08fe8d0f0bc61960d8c0369e C:\Program Files\Internet Explorer\ieproxy.dll

MD5: cf5d4889c15cc8a40be54f55f27093b1 C:\Program Files\Internet Explorer\IEShims.dll

MD5: 904e13ba41af2e353a32cf351ca53639 C:\Program Files\Internet Explorer\iexplore.exe

MD5: 94a0ed766a374a960982bedab874c7ae C:\Program Files\LogMeIn\x86\LMIGuardianDll.dll

MD5: 63daf163d1617dd611bd0ab8e41a43e8 C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe

MD5: 36d58db4ad9c00247ad07c6cfd1b8692 C:\Program Files\LogMeIn\x86\LogMeIn.dll

MD5: 432618fa75b61059d2c57d6a7e55147a C:\Program Files\LogMeIn\x86\LogMeIn.exe

MD5: 697281830297b87b6544ef9f4f67ad71 C:\Program Files\LogMeIn\x86\LogMeInSystray.dll

MD5: 175f50f37eeaa1d4d744bcccbb7cf68c C:\Program Files\LogMeIn\x86\ramaint.exe

MD5: 60bc67fac9dff89b17f5792844de1b7d C:\Program Files\LogMeIn\x86\rntfywnd.dll

MD5: 923bb61d913c37eab1570f236ccdce41 C:\Program Files\Malwarebytes' Anti-Malware\mbam.dll

MD5: 420e9bf21339f51b31df4194d5a0e12e C:\Program Files\Malwarebytes' Anti-Malware\mbamcore.dll

MD5: aebdb652d9273ad61e10c5d8f51c86fb C:\Program Files\Malwarebytes' Anti-Malware\mbamnet.dll

MD5: 0dcf16b1449811efa47ab52cac84093c C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

MD5: 9eaaba4d601004bea4daa6e146e19a96 C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

MD5: 63336300c6cc335203fe003e6ff7a1de C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE

MD5: ed327201724ea05d509b7939abe49e98 c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll

MD5: 7b18b2325b41196905fe71219aa2d154 C:\Program Files\Mozilla Firefox\plugins\nppdf32.DEU

MD5: 0a7b01235b1cbfa387b04a91e2f2b7d0 C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll

MD5: cc62f141b4b8bd5bafdb10079891556a C:\Program Files\Mozilla Firefox\plugins\nppdf32.FRA

MD5: 46297fa8e30a6007f14118fc2b942fbc C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

MD5: 6df0e2c64cd2c719a5530b302c792186 C:\PROGRAM FILES\NORTON INTERNET SECURITY\ENGINE\19.8.0.14\APPMGR32.DLL

MD5: 86a424e3845c8bd3414b15c3119fa609 C:\Program Files\Norton Internet Security\Engine\19.8.0.14\asEngine.dll

MD5: f481d6099da5b4b40eeaaf08c4547f7d C:\PROGRAM FILES\NORTON INTERNET SECURITY\ENGINE\19.8.0.14\ASHELPER.DLL

MD5: 0f2ff924384cefafed27e95bab63731f C:\PROGRAM FILES\NORTON INTERNET SECURITY\ENGINE\19.8.0.14\ASOEHOOK.DLL

MD5: b10b38b22709a66325775f3b77c0558c C:\Program Files\Norton Internet Security\Engine\19.8.0.14\AVIfc.dll

MD5: b67a8e2103197f8fd2fed28ca6fd4245 C:\Program Files\Norton Internet Security\Engine\19.8.0.14\AVMail.dll

MD5: 002e7895f88b96cff2a03313b88a7e64 C:\Program Files\Norton Internet Security\Engine\19.8.0.14\avModule.dll

MD5: 7a3d87207f25c41dae8230fbb99ae562 C:\PROGRAM FILES\NORTON INTERNET SECURITY\ENGINE\19.8.0.14\AVPAPP32.DLL

MD5: 3d58c37846ebc8068246f8398192a3d0 C:\PROGRAM FILES\NORTON INTERNET SECURITY\ENGINE\19.8.0.14\AVPSVC32.DLL

MD5: d0c0c17e2a31c33fa495d3ab8a0d5bb2 C:\Program Files\Norton Internet Security\Engine\19.8.0.14\BHClient.dll

MD5: 1f761da08b1855ddbdd97204d69b48dd C:\PROGRAM FILES\NORTON INTERNET SECURITY\ENGINE\19.8.0.14\BHSVCPLG.DLL

MD5: 3662262608adc5dea6fd9f5ac465528d C:\PROGRAM FILES\NORTON INTERNET SECURITY\ENGINE\19.8.0.14\CCEMLPXY.DLL

MD5: 3a9738a0c71a9a5098356bd3aa46d0bd C:\Program Files\Norton Internet Security\Engine\19.8.0.14\ccGEvt.dll

MD5: e036aa5e1f4a94c2d7058192da0514ba C:\Program Files\Norton Internet Security\Engine\19.8.0.14\ccGLog.dll

MD5: 79ed7408d94471522d5c34ba10bcc7b9 C:\Program Files\Norton Internet Security\Engine\19.8.0.14\ccIPC.dll

MD5: 93ed9ff632cee1d181cd89bb67256c92 C:\PROGRAM FILES\NORTON INTERNET SECURITY\ENGINE\19.8.0.14\CCJOBMGR.DLL

MD5: 4853faa23868e66fd66dc81b8dd42333 C:\Program Files\Norton Internet Security\Engine\19.8.0.14\ccL110U.dll

MD5: 5684762cf40116976a0007eecd5a587d C:\Program Files\Norton Internet Security\Engine\19.8.0.14\ccSet.dll

MD5: a9e790f2c9b5f22ec9e9be7855b9bffc C:\PROGRAM FILES\NORTON INTERNET SECURITY\ENGINE\19.8.0.14\CCSUBENG.DLL

MD5: 8b8eeda3d4b9c32170918b4eb8ef023b C:\Program Files\Norton Internet Security\Engine\19.8.0.14\ccSvc.dll

MD5: f2840dbfe9322f35557219ae82cc4597 C:\Program Files\Norton Internet Security\Engine\19.8.0.14\ccsvchst.exe

MD5: 2257c98561ebac594a8bb797970d6d54 C:\Program Files\Norton Internet Security\Engine\19.8.0.14\ccVrTrst.dll

MD5: 84dd22e6a6399aef7ffa86035122f13d C:\PROGRAM FILES\NORTON INTERNET SECURITY\ENGINE\19.8.0.14\CLTALDIS.DLL

MD5: 36e8c701b168e58c6ab0946f5abad9eb C:\Program Files\Norton Internet Security\Engine\19.8.0.14\cltLMS.dll

MD5: 34256e81f0efb05d244376f4c387317b C:\Program Files\Norton Internet Security\Engine\19.8.0.14\cltPE.dll

MD5: b88dc38209cc72b56d79edbc3182b29a C:\PROGRAM FILES\NORTON INTERNET SECURITY\ENGINE\19.8.0.14\COACTMGR.DLL

MD5: 971a138e6a474e87b576a0e333584433 C:\Program Files\Norton Internet Security\Engine\19.8.0.14\coDataPr.dll

MD5: 39347c63f68e3ec0959ccdb0501c4958 c:\program files\norton internet security\engine\19.8.0.14\coieplg.dll

MD5: 4c230e31630087b78d061d29a43e6d11 C:\Program Files\Norton Internet Security\Engine\19.8.0.14\Comm.dll

MD5: 2975906c981b3fe1156594a6fc30b708 C:\Program Files\Norton Internet Security\Engine\19.8.0.14\coShdObj.dll

MD5: d810b8996608832b6ad64f3afca7c280 C:\PROGRAM FILES\NORTON INTERNET SECURITY\ENGINE\19.8.0.14\COSVCPLG.DLL

MD5: 53726eba2b0d9dd215cce7b8923d73bf C:\Program Files\Norton Internet Security\Engine\19.8.0.14\DataStor.dll

MD5: 284dae55ded345f240df806d45711e0b C:\Program Files\Norton Internet Security\Engine\19.8.0.14\diMaster.dll

MD5: 198d51ab311ef8ed8882985048a93406 C:\Program Files\Norton Internet Security\Engine\19.8.0.14\diStRptr.dll

MD5: 5e0c5b5be5304e133968d6d6f8840b28 C:\Program Files\Norton Internet Security\Engine\19.8.0.14\DSCli.dll

MD5: 52364b2bba5d1cb4e6a55076eb184d90 C:\Program Files\Norton Internet Security\Engine\19.8.0.14\EFACli.dll

MD5: b7a8f271355559721ccc8b2b93a5aab4 C:\PROGRAM FILES\NORTON INTERNET SECURITY\ENGINE\19.8.0.14\FWCORE.DLL

MD5: fd36c7cf327e32fd75bdbcd5f732c7f2 C:\Program Files\Norton Internet Security\Engine\19.8.0.14\FWGenPlg.dll

MD5: 468cd8dd7825578c3e2a105d062659f6 C:\Program Files\Norton Internet Security\Engine\19.8.0.14\FWHelper.dll

MD5: 26a037c4ad6d6892ad7516be512b875a C:\PROGRAM FILES\NORTON INTERNET SECURITY\ENGINE\19.8.0.14\FWSESAL.DLL

MD5: c4ffe41d9ef211791cb404e7158593a1 C:\Program Files\Norton Internet Security\Engine\19.8.0.14\FWSetup.dll

MD5: a9318d1d48956caea4d7d88925bae218 C:\PROGRAM FILES\NORTON INTERNET SECURITY\ENGINE\19.8.0.14\HNCORE.DLL

MD5: 8e460b4333b3b4df34350f4f7c0058ec C:\Program Files\Norton Internet Security\Engine\19.8.0.14\IMCfg.dll

MD5: ff3e0c3dcce988eb391823f62f9397d0 c:\program files\norton internet security\engine\19.8.0.14\ips\ipsbho.dll

MD5: d750ea29eb42573062c3f115c4884942 C:\PROGRAM FILES\NORTON INTERNET SECURITY\ENGINE\19.8.0.14\IPSPLUG.DLL

MD5: 99056a9ff85141b3337c5d392dd9eba7 C:\PROGRAM FILES\NORTON INTERNET SECURITY\ENGINE\19.8.0.14\IRON.DLL

MD5: 9133538a1d892c07c2c724cc87775907 C:\Program Files\Norton Internet Security\Engine\19.8.0.14\isDataPr.dll

MD5: 3e09b60e3dcf3ef673db25d5799efdfd C:\PROGRAM FILES\NORTON INTERNET SECURITY\ENGINE\19.8.0.14\ISDATASV.DLL

MD5: bdb746e17148a1b509c06d2518b7e12a C:\Program Files\Norton Internet Security\Engine\19.8.0.14\isPwd.dll

MD5: 9053fb3e5a6dda6ed0c77c8e103fb239 C:\PROGRAM FILES\NORTON INTERNET SECURITY\ENGINE\19.8.0.14\LUE.DLL

MD5: a864ffb85eae5ebbc7e4861e91c67fb6 C:\Program Files\Norton Internet Security\Engine\19.8.0.14\naHelper.dll

MD5: 7debba26b7175384180bd7958d7a184c C:\Program Files\Norton Internet Security\Engine\19.8.0.14\NAVLOGV.dll

MD5: 3a00d9ed1bca5de87f84ce9328fecf73 C:\PROGRAM FILES\NORTON INTERNET SECURITY\ENGINE\19.8.0.14\NCW.DLL

MD5: d870d9fbd5e019174afe43907529af63 C:\Program Files\Norton Internet Security\Engine\19.8.0.14\NPCStats.dll

MD5: 545638475b03b252ed540369ccb278a0 C:\PROGRAM FILES\NORTON INTERNET SECURITY\ENGINE\19.8.0.14\NPCTRAY.DLL

MD5: 77532995cd077e27e6ab868b3382681f C:\Program Files\Norton Internet Security\Engine\19.8.0.14\NUMEng.dll

MD5: 8718831f001a4c4f8add98833c2b1211 C:\Program Files\Norton Internet Security\Engine\19.8.0.14\ProxyClt.dll

MD5: 39f63a3b7d445571116b590d7cc12652 C:\Program Files\Norton Internet Security\Engine\19.8.0.14\QBackup.dll

MD5: cc58af5ce271db23db19034077a7f08d C:\PROGRAM FILES\NORTON INTERNET SECURITY\ENGINE\19.8.0.14\QSPLUGIN.DLL

MD5: c0479dfdb520b7117eda736ade855698 C:\PROGRAM FILES\NORTON INTERNET SECURITY\ENGINE\19.8.0.14\SDKCMN.DLL

MD5: 7eabaa542a7da553552128f595dda08e C:\PROGRAM FILES\NORTON INTERNET SECURITY\ENGINE\19.8.0.14\SNDSVC.DLL

MD5: ca591bb0b28c777065d8a16b7057fcf8 C:\PROGRAM FILES\NORTON INTERNET SECURITY\ENGINE\19.8.0.14\SPOCCLNT.DLL

MD5: f7dc4705a1b1d14ff9582d373af080ba C:\Program Files\Norton Internet Security\Engine\19.8.0.14\SQLite.dll

MD5: 468d9c5404d6202dc7a5d96b8480929b C:\PROGRAM FILES\NORTON INTERNET SECURITY\ENGINE\19.8.0.14\SQSVC.DLL

MD5: 65d64bb840abf8aa317e1a56595c5e28 C:\Program Files\Norton Internet Security\Engine\19.8.0.14\srtsp32.dll

MD5: 6487a19e0ea3228515394a4b1a780b17 C:\Program Files\Norton Internet Security\Engine\19.8.0.14\SYMHTML.DLL

MD5: ff6b44e0bd9c3941a9d7764839100ac6 C:\Program Files\Norton Internet Security\Engine\19.8.0.14\SymNeti.dll

MD5: 7601a29152ed8edf2478debf5cdd89b6 C:\PROGRAM FILES\NORTON INTERNET SECURITY\ENGINE\19.8.0.14\SYMRDRSV.DLL

MD5: 2cfe545abafce9ab0c375dc05ce831c7 C:\Program Files\Norton Internet Security\Engine\19.8.0.14\SymRedir.dll

MD5: 583d3a8c4ca75ef706e2c6b8e739d62e C:\PROGRAM FILES\NORTON INTERNET SECURITY\ENGINE\19.8.0.14\UIALERT.DLL

MD5: 60402f4bc7e1dde03ceca8b50e7a942e C:\PROGRAM FILES\NORTON INTERNET SECURITY\ENGINE\19.8.0.14\USERCTXT.DLL

MD5: 10729d2d308c5aa804ece537b49c16ad C:\PROGRAM FILES\NORTON INTERNET SECURITY\ENGINE\19.8.0.14\USERLOG.DLL

MD5: ba8a9ec5f381c1a2b81f632f88d1ec2d C:\Program Files\Norton Internet Security\MUI\19.8.0.14\09\01\cltRes.loc

MD5: 992776dd978494547dd1ce211d978868 C:\Program Files\Nuance\PaperPort\BindRes.dll

MD5: e2bf206e5164569500742637b5459402 C:\Program Files\Nuance\PaperPort\blicectr.dll

MD5: 0d1d2fbae112bddb9f77b7bc7a956d3a C:\Program Files\Nuance\PaperPort\Ereg\Ereg.exe

MD5: 07c4ebd3107799774fa3103956cd1c40 C:\Program Files\Nuance\PaperPort\IndexSearch.exe

MD5: 519835d8c5215b09dc6d60f356625a66 C:\Program Files\Nuance\PaperPort\MaxRes.dll

MD5: c1c3baf078be5a14384a4ba2d730817d C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe

MD5: e5f1d2c7d51c816437bbe2306828bc4b C:\Program Files\Nuance\PaperPort\pptd40nt.exe

MD5: 874650bf7c7063fb2455e0498456d29c C:\Program Files\Nuance\PaperPort\XMAXUTIL.dll

MD5: 198e148b007b7a14a4d2e5efffc6f2cc c:\program files\nuance\pdf viewer plus\bin\plusiecontextmenu.dll

MD5: 9f0acaa725cf5a391af7e2067ae45746 C:\Program Files\Nuance\PDF Viewer Plus\pdfPro5Hook.exe

MD5: 154420a93e4f676aa33a055a116255d9 C:\Program Files\Nuance\PDF Viewer Plus\RegistryController.exe

MD5: 18c6a57b569f088c2bd7b828a211ac06 C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll

MD5: 7a841462ad4749f8a07b27ae8e8947b8 C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe

MD5: d8039d9d877710cce2c1125fe23010d2 C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

MD5: cb7ce390b5d12715be724114aef75edd C:\Program Files\Western Digital\WD SmartWare\Front Parlor\Memeo.API.dll

MD5: e74aedf39f5c7fa9f6c1fdccbd7c648d C:\Program Files\Western Digital\WD SmartWare\Front Parlor\MemeoRemoteCore.dll

MD5: 96fb79af7bbf061decbff753bb19f2af C:\Program Files\Western Digital\WD SmartWare\Front Parlor\SQLite.NET.dll

MD5: f3455e60b905d95d22f7ab8a6b49acce C:\Program Files\Western Digital\WD SmartWare\Front Parlor\sqlite3.DLL

MD5: f5425b6163e26baa30af4f272baf4d8a C:\Program Files\Western Digital\WD SmartWare\Front Parlor\Tanagra.BMU.dll

MD5: 8238d3ab25de278a7c77f7e52917dfc9 C:\Program Files\Western Digital\WD SmartWare\Front Parlor\Tanagra.DataClad.DataAccess.dll

MD5: 2df845510efa14f41e24d71c65ba289f C:\Program Files\Western Digital\WD SmartWare\Front Parlor\Tanagra.DataClad.dll

MD5: 8723be5c6080534a3e20d3804f1cb0a9 C:\Program Files\Western Digital\WD SmartWare\Front Parlor\Tanagra.Interop.dll

MD5: c672c17b84492b0ab22a0b73d2bf66ad C:\Program Files\Western Digital\WD SmartWare\Front Parlor\Tanagra.Utility.dll

MD5: aad176e52745443aa7be60279333aa97 C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe

MD5: 138ab06adbbf300aa804d7974a5aec82 C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe

MD5: 1069a0918a0ca1e00b1afd30b75043d7 C:\Program Files\Western Digital\WD SmartWare\Front Parlor\XMLSettings.dll

MD5: 7d1e301e2eeaf6d3730887de933413e6 C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe

MD5: f74eb03b9ec03c9e71064713f9001b42 C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe

MD5: c517e5ea7cee783f3681f62d2a362e5b C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

MD5: 3b40d3a61aa8c21b88ae57c58ab3122e C:\Program Files\Windows Media Player\wmpnetwk.exe

MD5: 6bf7676296d5359afc135a5397000053 C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe

MD5: c364f02969e9a842321dd91bcff749d4 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.1.2\Definitions\BASHDefs\20120905.001\BHDrvx86.sys

MD5: 02896052e43e1452893806f6d2da8786 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.1.2\Definitions\BASHDefs\20120905.001\BHEngine.dll

MD5: 404fb2aaf532bc7bbacc8880be401c74 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.1.2\Definitions\IPSDefs\20120911.001\IDSvix86.sys

MD5: 14d289f63d9538306cb560c4cd12172f C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.1.2\Definitions\IPSDefs\20120911.001\IDSxpx86.dll

MD5: fa0b7d801e71ce79b915bae5a90de224 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.1.2\Definitions\VirusDefs\20120912.004\NAVENG.SYS

MD5: 80bb71a7d14cf14b54514a201bf5b985 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.1.2\Definitions\VirusDefs\20120912.004\NAVEX15.SYS

MD5: 19a5a783ba98a27a2ffbc16a1e46dd63 C:\Users\MJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.5.11_0\npcoplgn.dll

MD5: 586fdc4e02623ee228ec35b9604ae5f2 C:\Users\MJ\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll

MD5: 506708142bc63daba64f2d3ad1dcd5bf C:\Users\MJ\AppData\Local\Google\Update\GoogleUpdate.exe

MD5: 35cab7cf3754c41aeb69dce1d5aca5a4 C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll

MD5: 4c790c3c2edf1aebf95b6baa248cf230 C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\659bc287f3b51e5e604208ce93d983ec\Microsoft.VisualBasic.ni.dll

MD5: 638f45c6397c911828d2a478729b23aa C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll

MD5: 95e8d9c0e865ead5a440c91d933b7d60 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll

MD5: 33eb87995918fea7ba6d0d6ba1f308ce C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\eedf95f16a7e81ca43dd8accf11498a3\System.Data.ni.dll

MD5: 56cebc1d7b1d98959b87149ea3d22071 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ab87129c2b603f218e4aa5300c9b1bdd\System.Drawing.ni.dll

MD5: 98783e8c36399c5c2fad62a8f4539547 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\cb5bd98ffa4c82327b0e4db02bb58d2d\System.Management.ni.dll

MD5: a2c3f8e5ac37dbee96c563606f710fe3 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a1c4a635721f85bef0ea4194b888b871\System.Runtime.Remoting.ni.dll

MD5: fff324a37cb0a2704d070f41059e5ab0 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\075d9c27aa02085fef8983b5f5f85834\System.ServiceProcess.ni.dll

MD5: 397b4f06383bae9cd93f2b9a90d071cc C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\42ae8760f0a74ab774e82a64368aa1f6\System.Web.ni.dll

MD5: 5764f20720f350d46fd6cef6cb3a4941 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6c51e152e7404188914c9fa4d8503ff9\System.Windows.Forms.ni.dll

MD5: dcc1ac29aa8d2ce725cc86a626cec360 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll

MD5: 3d725c257ea3952158fffbb5874896da C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll

MD5: 04ebaa3e9fa5fbdcd73c1e162a906187 C:\Windows\Downloaded Program Files\DownloadManagerV2.ocx

MD5: d715a946e66028cdb04c9e9f8c7137f5 C:\Windows\Downloaded Program Files\dwusplay.exe

MD5: a04e6a2d1159fe65f25bf7a904e34262 C:\Windows\Downloaded Program Files\ieatgpc.dll

MD5: 2d54daecba60eb03f9e63dd50669f634 C:\Windows\Downloaded Program Files\isusweb.dll

MD5: a594716d8d12bae296da6cf35f3c5748 C:\Windows\Downloaded Program Files\Manager.exe

MD5: 56940b50ab0e5923822f47b0e4463885 C:\Windows\Downloaded Program Files\qsax.dll

MD5: 6ae3ea9448e194f4fa5228eff256439b C:\Windows\Downloaded Program Files\SimCityX.ocx

MD5: a8c362018efc87beb013ee28f29c0863 C:\Windows\ehome\ehRecvr.exe

MD5: 8b88ebbb05a0e56b7dcc708498c02b3e C:\Windows\explorer.exe

MD5: 59d16fd61802739988728790bf1232b3 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll

MD5: 96076b8fcdff3c6db4ccfbf7fe3a9b28 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll

MD5: 972dcc74d4cdcb64086e7cfacbdb74cb C:\Windows\Microsoft.NET\Framework\v2.0.50727\wminet_utils.dll

MD5: c521d7eb6497bb1af6afa89e322fb43c C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

MD5: f5df6846f30e9f54ea60ccaeb3fb2055 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll

MD5: 2c49b175aee1d4364b91b531417fe583 C:\Windows\servicing\TrustedInstaller.exe

MD5: 9a39a2a5f443a756c568c6ed5748afe4 C:\Windows\System32\Actioncenter.dll

MD5: d2958325c1ae1ae37a83334c6229e3bc C:\Windows\system32\actxprxy.dll

MD5: c95638d03aad90f27d0f2855adc316ec C:\Windows\System32\AdobePDF.dll

MD5: 95e2376b3323f062eb562b8586d0f14a C:\Windows\system32\ADVAPI32.dll

MD5: 8b794ae6d5c7d42092804bc39a2eb8f6 c:\windows\system32\AEPIC.dll

MD5: 37ce7a79d901235504f9add99a7ac177 C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll

MD5: 7a044b0746d957bfd7aae18cfd8422c5 C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll

MD5: 0a12d948b2cc7fbb01e28daa5e7c01ea C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll

MD5: cb4863f2bd46aa02d954b86b56a149da C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll

MD5: 2cae4ed96aa903578452b85e5383940c C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll

MD5: e96170a923a69711b4d08e885f05d889 C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll

MD5: 44ca750001f0db8c308d1ca4abd0f8e5 C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll

MD5: 15df9eb8daba744e4d0e9b117f760f49 C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll

MD5: a2385b02cb492131af6f79959a42a93f C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll

MD5: 3ad0832e8e29fbe9bd722e3354dd4f57 C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll

MD5: 88dc1714e38d4eb41a4378aab98e753b C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll

MD5: a1d4deb5176c96b1a80715f6a1fdfb4f C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll

MD5: b302a1630e5aea2d830b76bbcd761d72 C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll

MD5: 22f767bb3b704f79363999bd4a49e68e C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll

MD5: 00b83152f99e846fefb139c574cd4a96 C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll

MD5: 50035c36acee069d0c209288208626d9 C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll

MD5: cdf677ad479fa99f2e4d9766b83ef53c C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll

MD5: 12c34c7325b74e8347e8db75279a8f3f C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll

MD5: 96324ed3218133a13fff82055afac733 C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll

MD5: a7bdf88a46bcc218b73e383e6547ba5f C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll

MD5: 573c70d7076f2f101752a727db7c2280 C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll

MD5: 29b01d02e9ff3d8a63f8747b50a5a1a3 C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll

MD5: 0cc90316b34118e3b8af760d92c262a4 C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll

MD5: 6f399c3e562c4e69df96039743a7aa26 C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll

MD5: f3b94e04053c2483a6fecf953d6661d6 C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll

MD5: c6942a18444bfffc3cceca69a7e1879c C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll

MD5: f47e08b025ae376ef1342fc9ecfecdf1 C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll

MD5: 8a13e14b68e00ac2cb67420396d8a1c5 C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll

MD5: 863f793d15b4026b1a5fdeca873d4d84 C:\Windows\system32\apphelp.dll

MD5: fb1959012294d6ad43e5304df65e3c26 c:\windows\system32\appinfo.dll

MD5: c940f2f5c60b3727c5f18840735b229c C:\Windows\System32\audioses.dll

MD5: ce3b4e731638d2ef62fcb419be0d39f0 c:\windows\system32\audiosrv.dll

MD5: cdd35c1ce1ebfe80c055691cdc8df443 C:\Windows\system32\authui.dll

MD5: 6e30d02aac9cac84f421622e3a2f6178 c:\windows\system32\axinstsv.dll

MD5: dab748ae0439955ed2fa22357533dddb C:\Windows\system32\basesrv.DLL

MD5: 67c1b58706b47eeba4e117ac197289e6 C:\Windows\system32\BatMeter.dll

MD5: 1e2bac209d184bb851e1a187d8a29136 c:\windows\system32\bfe.dll

MD5: f45ed8c4f9af862cd9992849b5203c11 C:\Windows\system32\bitsigd.dll

MD5: 0552a8684bf7566f744d5b19ff6aec6b c:\windows\system32\bitsperf.dll

MD5: 45760eecc8b74b251171be4f247f17cb C:\Windows\system32\BROWCLI.DLL

MD5: 6e11f33d14d020f58d5e02e4d67dfa19 c:\windows\system32\browser.dll

MD5: e6b581a57edfaa22d12094853a58086e C:\Windows\system32\BrUsi09d.dll

MD5: 2dc03543284df9bf594623a2646d42a1 C:\Windows\system32\BrWi209d.dll

MD5: e3d5e244807ad655787fcd25477cc1bc C:\Windows\System32\bthprops.cpl

MD5: 7a6986dd659b96398a11af5173892715 C:\Windows\system32\Cabinet.dll

MD5: d7ee78523e0c1eca8f45d1fd9b395da5 C:\Windows\System32\CAPM1EMN.DLL

MD5: aa608e2e14299979ab2c02ab6fb4bc55 C:\Windows\System32\CAPM1LMK.DLL

MD5: 083c571ee34399199baac5c0daa7d849 C:\Windows\System32\CAPM1PTN.DLL

MD5: d615aec9fc50f2edcd1009350fa0b5d7 C:\Windows\System32\CAPM1RSK.EXE

MD5: e4650bbfa3ae2396687c2b798c0a1259 C:\Windows\System32\CAPM1SMK.DLL

MD5: 44f5c1cf70ac8f7239f3b3667e58697a C:\Windows\system32\certpoleng.dll

MD5: 319c6b309773d063541d01df8ac6f55f C:\Windows\System32\certprop.dll

MD5: b0b4c590c0cae7741da17e3dc86cc828 C:\Windows\system32\CEUTIL.dll

MD5: 3ffaea12666e565ff51bf2fca674f543 C:\Windows\system32\CFGMGR32.dll

MD5: ae9898d5600a232cd8ae3298692162e5 C:\Windows\system32\CLUSAPI.DLL

MD5: ad7b9c14083b52bc532fba5948342b98 C:\Windows\system32\cmd.exe

MD5: 50ba656134f78af64e4dd3c8b6fefd7e C:\Windows\system32\cngaudit.dll

MD5: d1de1eafde97be41cf6585027ff3e732 C:\Windows\system32\COMDLG32.dll

MD5: 4e5fe39c1076d115ec8bfcfe14d75b80 C:\Windows\system32\credssp.dll

MD5: 454e292861a4ef1d72f43f42bbaf6917 C:\Windows\system32\CRYPT32.dll

MD5: a585bebf7d054bd9618eda0922d5484a c:\windows\system32\cryptsvc.dll

MD5: 28ca821606669bb9215ce010767720fa C:\Windows\system32\CRYPTUI.dll

MD5: 465bea35f7ed4a4a57686dea7ea10f47 C:\Windows\system32\cscapi.dll

MD5: 57a51217581614de07f30e34d6bb4993 C:\Windows\System32\CSCDLL.dll

MD5: cf4274ceea9f7791fb7fc40a066bc2c7 C:\Windows\system32\cscobj.dll

MD5: 15f93b37f6801943360d9eb42485d5d3 c:\windows\system32\cscsvc.dll

MD5: 3ec541c196de18ed9a0d0ac82a694d4c C:\Windows\System32\cscui.dll

MD5: 6c062ea09313872d2235027ef7a4554e C:\Windows\system32\CSRSRV.dll

MD5: 342271f6142e7c70805b8a81e1ba5f5c C:\Windows\System32\csrss.exe

MD5: 35cede6439ff0d8903223a0817ffe46c C:\Windows\system32\d2d1.dll

MD5: 2de90400a63818fa38c4c5c9adb166bf C:\Windows\system32\d3d10_1.dll

MD5: 9c36a3ca80f9b204c670336d344f5df8 C:\Windows\system32\d3d10_1core.dll

MD5: 78b7a3bda25c90daa50d36a56a8d1351 C:\Windows\system32\D3D10Warp.dll

MD5: 6ef5f3f18413c367195f06e503ab86a6 C:\Windows\system32\d3d9.dll

MD5: 284b59d7b56fc76c80e622ab856b1fab C:\Windows\System32\davclnt.dll

MD5: 53223b673a3fa2f9a4d1c31c8d3f6cd8 c:\windows\system32\dbghelp.dll

MD5: e9e01eb683c132f7fa27cd607b8a2b63 c:\windows\system32\dhcpcore.dll

MD5: 990a58a0b01720e419b55efc5ff387f8 C:\Windows\System32\dhcpcore6.dll

MD5: b40420876b9288e0a1c8cca8a84e5dc9 C:\Windows\system32\DNSAPI.dll

MD5: 100103c6535c66265267f5eea5f5846e C:\Windows\System32\dnsext.dll

MD5: 33ef4861f19a0736b11314aad9ae28d0 c:\windows\system32\dnsrslvr.dll

MD5: 366ba8fb4b7bb7435e3b9eacb3843f67 C:\Windows\System32\dot3svc.dll

MD5: 8ec04ca86f1d68da9e11952eb85973d6 c:\windows\system32\dps.dll

MD5: 1b133875b8aa8ac48969bd3458afe9f5 C:\Windows\system32\drivers\1394ohci.sys

MD5: cea80c80bed809aa0da6febc04733349 C:\Windows\system32\drivers\ACPI.sys

MD5: 1efbc664abff416d1d07db115dcb264f C:\Windows\system32\drivers\acpipmi.sys

MD5: 9ebbba55060f786f0fcaa3893bfa2806 C:\Windows\system32\drivers\afd.sys

MD5: e7f4d42d8076ec60e21715cd11743a0d C:\Windows\system32\drivers\amdsata.sys

MD5: 146459d2b08bfdcbfa856d9947043c81 C:\Windows\system32\drivers\amdxata.sys

MD5: aea177f783e20150ace5383ee368da19 C:\Windows\system32\drivers\appid.sys

MD5: 8f2da3028d5fcbd1a060a3de64cd6506 C:\Windows\system32\DRIVERS\bowser.sys

MD5: 77361d72a04f18809d0efb6cceb74d4b C:\Windows\system32\DRIVERS\bridge.sys

MD5: 9f80879913dc2712fd0c4d734e3f519b C:\Windows\system32\DRIVERS\BrSerIb.sys

MD5: b67512da42c0c90bf236d5485226c1c7 C:\Windows\system32\DRIVERS\BrUsbSIb.sys

MD5: 7f599e8bcc5ebc78fa711e9e55eea40c C:\Windows\system32\Drivers\CAPM1LP.SYS

MD5: be167ed0fdb9c1fa1133953c18d5a6c9 C:\Windows\system32\drivers\cdrom.sys

MD5: 6427525d76f61d0c519b008d3680e8e7 C:\Windows\System32\Drivers\cng.sys

MD5: cbe8c58a8579cfe5fccf809e6f114e89 C:\Windows\system32\drivers\CompositeBus.sys

MD5: 3c2177a897b4ca2788c6fb0c3fd81d4b C:\Windows\system32\drivers\csc.sys

MD5: f024449c97ec1e464aaffda18593db88 C:\Windows\System32\Drivers\dfsc.sys

MD5: 23f5d28378a160352ba8f817bd8c71cb C:\Windows\System32\drivers\dxgkrnl.sys

MD5: 8a73e79089b282100b9393b644cb853b C:\Windows\System32\DRIVERS\fvevol.sys

MD5: 9036377b8a6c15dc2eec53e489d159b5 C:\Windows\system32\drivers\HDAudBus.sys

MD5: 10c19f8290891af023eaec0832e1eb4d C:\Windows\system32\drivers\hidusb.sys

MD5: 871917b07a141bff43d76d8844d48106 C:\Windows\system32\drivers\HTTP.sys

MD5: 0c4e035c7f105f1299258c90886c64c5 C:\Windows\System32\drivers\hwpolicy.sys

MD5: 01446278d4563b3013c92830ae6cbb26 C:\Windows\system32\DRIVERS\iaStor.sys

MD5: a3cae5d281db4cff7cff8233507ee5ad C:\Windows\system32\drivers\iaStorV.sys

MD5: 8266ae06df974e5ba047b3e9e9e70b3f C:\Windows\system32\DRIVERS\igdkmd32.sys

MD5: 4bd7134618c1d2a27466a099062547bf C:\Windows\system32\drivers\IPMIDrv.sys

MD5: d7b5b5c5130b775ec7e32edd780d737f C:\Windows\system32\DRIVERS\jraid.sys

MD5: 9e3ced91863e6ee98c24794d05e27a71 C:\Windows\system32\drivers\kbdhid.sys

MD5: f4647bb23db9038a7536cf6b68f4207f C:\Windows\System32\Drivers\ksecdd.sys

MD5: e73cae53bbb72ba26918492c6b4c229d C:\Windows\System32\Drivers\ksecpkg.sys

MD5: 65e794e86468b61f2bc79abc48bc4433 C:\Windows\system32\drivers\mbam.sys

MD5: fc8771f45ecccfd89684e38842539b9b C:\Windows\System32\drivers\mountmgr.sys

MD5: 2d699fb6e89ce0d8da14ecc03b3edfe0 C:\Windows\system32\drivers\mpio.sys

MD5: ceb46ab7c01c9f825f8cc6babc18166a C:\Windows\system32\drivers\mrxdav.sys

MD5: 5d16c921e3671636c0eba3bbaac5fd25 C:\Windows\system32\DRIVERS\mrxsmb.sys

MD5: 6d17a4791aca19328c685d256349fefc C:\Windows\system32\DRIVERS\mrxsmb10.sys

MD5: b81f204d146000be76651a50670a5e9e C:\Windows\system32\DRIVERS\mrxsmb20.sys

MD5: 012c5f4e9349e711e11e0f19a8589f0a C:\Windows\system32\drivers\msahci.sys

MD5: 55055f8ad8be27a64c831322a780a228 C:\Windows\system32\drivers\msdsm.sys

MD5: cb7a9abb12b8415bce5d74994c7ba3ae C:\Windows\system32\drivers\msiscsi.sys

MD5: e7c54812a2aaf43316eb6930c1ffa108 C:\Windows\system32\drivers\ndis.sys

MD5: d8a65dafb3eb41cbb622745676fcd072 C:\Windows\system32\DRIVERS\ndisuio.sys

MD5: 38fbe267e7e6983311179230facb1017 C:\Windows\system32\DRIVERS\ndiswan.sys

MD5: 280122ddcf04b378edd1ad54d71c1e54 C:\Windows\System32\DRIVERS\netbt.sys

MD5: ace85af1c31f68bdfee9333f6592917e C:\Windows\system32\drivers\NIS\1308000.00E\ccSetx86.sys

MD5: 2c356cca706505cf63cbe39d532b9236 C:\Windows\system32\drivers\NIS\1308000.00E\Ironx86.SYS

MD5: 7bb297cada42903328e92425d9761da6 C:\Windows\System32\Drivers\NIS\1308000.00E\SRTSP.SYS

MD5: 475fcf0f28d845bf1c8abac27f19003e C:\Windows\system32\drivers\NIS\1308000.00E\SRTSPX.SYS

MD5: 690fa0e61b90084c4d9a721bd4f3d779 C:\Windows\system32\drivers\NIS\1308000.00E\SYMDS.SYS

MD5: 8f88edb211b12537d2dc2a6d73d6067c C:\Windows\system32\drivers\NIS\1308000.00E\SYMEFA.SYS

MD5: 3ee215d6fe821e3edf0f7134d9ae905a C:\Windows\System32\Drivers\NIS\1308000.00E\SYMNETS.SYS

MD5: af2eec9580c1d32fb7eaf105d9784061 C:\Windows\system32\drivers\nvraid.sys

MD5: 9283c58ebaa2618f93482eb5dabcec82 C:\Windows\system32\drivers\nvstor.sys

MD5: bf8f6af06da75b336f07e23aef97d93b C:\Windows\System32\drivers\partmgr.sys

MD5: 673e55c3498eb970088e812ea820aa8f C:\Windows\system32\drivers\pci.sys

MD5: d528bc58a489409ba40334ebf96a311b C:\Windows\system32\DRIVERS\rdbss.sys

MD5: 23dae03f29d253ae74c44f99e515f9a1 C:\Windows\System32\DRIVERS\RDPCDD.sys

MD5: b973fcfc50dc1434e1970a146f7e3885 C:\Windows\System32\drivers\rdpdr.sys

MD5: 518395321dc96fe2c9f0e96ac743b656 C:\Windows\System32\drivers\rdyboost.sys

MD5: d5ede44ca85899e0478208c8413c1c31 C:\Windows\system32\DRIVERS\Rt86win7.sys

MD5: 8b27c21412ae4404eb0acfe1d98579ec C:\Windows\system32\drivers\RTKVHDA.sys

MD5: 05d860da1040f111503ac416ccef2bca C:\Windows\system32\drivers\sbp2port.sys

MD5: 0693b5ec673e34dc147e195779a4dcf6 C:\Windows\System32\DRIVERS\scfilter.sys

MD5: 6d4ccaedc018f1cf52866bbbaa235982 C:\Windows\system32\drivers\sffp_sd.sys

MD5: e4c2764065d66ea1d2d3ebc28fe99c46 C:\Windows\System32\DRIVERS\srv.sys

MD5: 03f0545bd8d4c77fa0ae1ceedfcc71ab C:\Windows\System32\DRIVERS\srv2.sys

MD5: be6bd660caa6f291ae06a718a4fa8abc C:\Windows\System32\DRIVERS\srvnet.sys

MD5: dcaffd62259e0bdb433dd67b5bb37619 C:\Windows\system32\drivers\storvsc.sys

MD5: 555fb450fe6908600310e990738b41d6 C:\Windows\system32\Drivers\SYMEVENT.SYS

MD5: 65d10b191c59c5501a1263fc33f6894b C:\Windows\System32\drivers\tcpip.sys

MD5: cca24162e055c3714ce5a88b100c64ed C:\Windows\System32\drivers\tcpipreg.sys

MD5: 1cb91b2bd8f6dd367dfc2ef26fd751b2 C:\Windows\system32\drivers\tdpipe.sys

MD5: 2c10395baa4847f83042813c515cc289 C:\Windows\system32\drivers\tdtcp.sys

MD5: b459575348c20e8121d6039da063c704 C:\Windows\system32\DRIVERS\tdx.sys

MD5: 04dbf4b01ea4bf25a9a3e84affac9b20 C:\Windows\system32\drivers\termdd.sys

MD5: 254bb140eee3c59d6114c1a86b636877 C:\Windows\System32\DRIVERS\tssecsrv.sys

MD5: fd1d6c73e6333be727cbcc6054247654 C:\Windows\System32\drivers\tsusbflt.sys

MD5: b2fa25d9b17a68bb93d58b0556e8c90d C:\Windows\system32\DRIVERS\tunnel.sys

MD5: ee43346c7e4b5e63e54f927babbb32ff C:\Windows\system32\DRIVERS\udfs.sys

MD5: d295bed4b898f0fd999fcfa9b32b071b C:\Windows\system32\drivers\umbus.sys

MD5: 7e72e7d7e0757d59481d530fd2b0bfae C:\Windows\system32\DRIVERS\usbccgp.sys

MD5: 9d22aad9ac6a07c691a1113e5f860868 C:\Windows\system32\drivers\usbhub.sys

MD5: bf63ebfc6979fefb2bc03df7989a0c1a C:\Windows\system32\DRIVERS\USBSTOR.SYS

MD5: 5461686cca2fda57b024547733ab42e3 C:\Windows\system32\drivers\vhdmp.sys

MD5: c2f2911156fdc7817c52829c86da494e C:\Windows\system32\drivers\vmbus.sys

MD5: d4d77455211e204f370d08f4963063ce C:\Windows\system32\drivers\VMBusHID.sys

MD5: 7fa7f2e249a5dcbb7970630e15e1f482 C:\Windows\system32\drivers\vms3cap.sys

MD5: 472af0311073dceceaa8fa18ba2bdf89 C:\Windows\system32\drivers\vmstorfl.sys

MD5: 4c63e00f2f4b5f86ab48a58cd990f212 C:\Windows\system32\drivers\volmgr.sys

MD5: f497f67932c6fa693d7de2780631cfe7 C:\Windows\system32\drivers\volsnap.sys

MD5: 3c3c78515f5ab448b022bdf5b8ffdd2e C:\Windows\system32\DRIVERS\wanarp.sys

MD5: a67e5f9a400f3bd1be3d80613b45f708 C:\Windows\system32\DRIVERS\WinUsb.sys

MD5: e714a1c0354636837e20ccbf00888ee7 C:\Windows\system32\drivers\WudfPf.sys

MD5: 1023ee888c9b47178c5293ed5336ab69 C:\Windows\system32\DRIVERS\WUDFRd.sys

MD5: 497e59d9f01c6f247e72222a61835119 C:\Windows\system32\dwmcore.dll

MD5: 754afc50022c95da7c86b7020db78136 C:\Windows\system32\dwmredir.dll

MD5: 0a5c7253183a6f956d10a3a4bbc96288 C:\Windows\system32\DWrite.dll

MD5: 0411b7958c524bb2e91ee1b3035fe321 C:\Windows\system32\dxgi.dll

MD5: addb05c93272a62606599b24730bd645 C:\Windows\system32\dxp.dll

MD5: 4312debdacbe338f0b90e7f08e7672be C:\Windows\System32\Dxtmsft.dll

MD5: ca493a92da9880b6f1a89c3dbd54ba5b C:\Windows\System32\Dxtrans.dll

MD5: 3f6d9269e7b3a754b1c2f8533dc7f318 C:\Windows\system32\EFSCORE.dll

MD5: 91f434ff6606ed9bdc6a05d651b69553 C:\Windows\system32\efslsaext.dll

MD5: 00a99da54c14969a899ed316d16e9a9e C:\Windows\system32\efssvc.dll

MD5: 359c3ac547aa1d24eed35be3ab3759dc C:\Windows\system32\EFSUTIL.dll

MD5: 8444a7364d6877922049e99bf4b78c5c C:\Windows\system32\elscore.dll

MD5: 02a2ed8497f437ea200df3aced255afe C:\Windows\system32\ElsLad.dll

MD5: 256503028879103e9741a276fa24d65d c:\windows\system32\ESENT.dll

MD5: 53af1750fd45ddd705c9b68c7dc58827 C:\Windows\System32\EVR.dll

MD5: e2a17bcc08d92f42e08af6ba2f93aba7 C:\Windows\system32\EXPLORERFRAME.dll

MD5: f34cfada6c48daa41b996d24c7d8d3ca C:\Windows\system32\fdPnp.dll

MD5: b3a5ec6b6b6673db7e87c2bcdbddc074 c:\windows\system32\fntcache.dll

MD5: d0481fb85beedd30a0884be327880f80 C:\Windows\System32\framedynos.dll

MD5: e6d90dc604f407b3b5e0fd285e46b2a0 C:\Windows\system32\FVEAPI.dll

MD5: c87f28a34b3840f4b40011d170b1a159 C:\Windows\system32\FVECERTS.dll

MD5: 03a03a453f1aaae0c73aaaf895321c7a C:\Windows\system32\fwpuclnt.dll

MD5: db603d3fd090c66f9709ef6493c26ba3 c:\windows\system32\FwRemoteSvr.DLL

MD5: 126f8331bd023178c7f0ef2f5ede16b3 C:\Windows\System32\FXSMON.DLL

MD5: 967ea5b213e9984cbe270205df37755b C:\Windows\system32\fxssvc.exe

MD5: 19bc13711ac403feb830522e4831701b C:\Windows\System32\gameux.dll

MD5: e87f5393f7d8ce2facc4dff703531392 C:\Windows\system32\GDI32.dll

MD5: e897eaf5ed6ba41e081060c9b447a673 c:\windows\system32\gpsvc.dll

MD5: 6b0450136dbca36c6722c21a746d96cb C:\Windows\System32\hccutils.DLL

MD5: c7952d0a4c43a965a1741916bb134751 C:\Windows\System32\hgcpl.dll

MD5: 3cd5bbda19a1ab4eba359e0a14fdf0f0 C:\Windows\System32\hkcmd.exe

MD5: 490fc0d07f7c0468e232ab8e8e956719 C:\Windows\system32\ieframe.dll

MD5: cdf5b6aec538e02d5579e2e791042a1a C:\Windows\system32\iertutil.dll

MD5: 07970aa4c392efb133d1a1bfbd66a58f C:\Windows\system32\IEUI.dll

MD5: b0335e0e041106e15acc6d36d6d75bf5 C:\Windows\system32\igd10umd32.dll

MD5: 10ab9c9adb89816befb077e72659d029 C:\Windows\system32\igdumd32.dll

MD5: ba38c50f523dc053488ac3f9ef99aa0b C:\Windows\system32\igdumdx32.dll

MD5: fdc6bd427e353d205c1afb6065fa8175 C:\Windows\system32\igfxdev.dll

MD5: 3142195521fee436088ee8a5748de1b1 C:\Windows\System32\igfxpers.exe

MD5: 5bc881b4befcd1f005a7c1845ac63ad7 C:\Windows\system32\igfxrENU.lrc

MD5: 2c00a2f21463e1dda5536720d2bd6195 C:\Windows\System32\igfxress.dll

MD5: 493164122dc72e1bf6d12f575604fbda C:\Windows\system32\igfxsrvc.dll

MD5: 1029b84ecbe4b95acb8491a3fe63d70f C:\Windows\System32\igfxtray.exe

MD5: f95622f161474511b8d80d6b093aa610 c:\windows\system32\ikeext.dll

MD5: b2fd31e20b423335fe3273b4bf95813c C:\Windows\system32\imagehlp.dll

MD5: 2d11bc8b460957e62e4420373a0d8bda C:\Windows\system32\imapi2.dll

MD5: 4a8e2f20809cc161107faa94f6cf2685 C:\Windows\system32\IMM32.DLL

MD5: bf7ddbe14fa4b68aab6a3c78ef5c96b8 C:\Windows\system32\inetmib1.dll

MD5: d27dde7e0444c7f1819f958469eb7d93 C:\Windows\System32\inetpp.dll

MD5: a90dc9abd65db1a8902f361103029952 C:\Windows\system32\IPHLPAPI.DLL

MD5: 4d65a07b795d6674312f879d09aa7663 c:\windows\system32\iphlpsvc.dll

MD5: 53946b69ba0836bd95b03759530c81ec c:\windows\system32\ipsecsvc.dll

MD5: 2f0971c08f73ee881bb54cc7c11dff7b C:\Windows\System32\jscript9.dll

MD5: 2f4348dc0d06a0eba5f5c4cb435790c1 C:\Windows\system32\kerberos.DLL

MD5: e570cbd732848438eac574eb3442a2a8 C:\Windows\system32\KERNEL32.dll

MD5: a9f8e23c1fc00190376b11ffad9de6c6 C:\Windows\system32\KERNELBASE.dll

MD5: 196b4e3f4cccc24af836ce58facbb699 C:\Windows\system32\kmsvc.dll

MD5: 6658f4404de03d75fe3ba09f7aba6a30 C:\Windows\system32\ListSvc.dll

MD5: 9ede13f62e7be92dba561218eddc4e21 C:\Windows\system32\livessp.DLL

MD5: 55ca01ba19d0006c8f2639b6c045e08b c:\windows\system32\lmhsvc.dll

MD5: 7b27637e896dba10895ecfdecdb1f1fa C:\Windows\System32\LMIport.dll

MD5: dd4952e744611dd061201c2b081ed875 C:\Windows\system32\LMIRfsClientNP.dll

MD5: 12c4e95f468a5fd3fbb8166e27ed4d53 C:\Windows\System32\localspl.dll

MD5: 8ea53101ff2b15bdff934b62a8fb326d C:\Windows\system32\logoncli.dll

MD5: c95ca687d32ddab1c91e1122e80d5e16 C:\Windows\system32\lsasrv.dll

MD5: 81951f51e318aecc2d68559e47485cc4 C:\Windows\System32\lsass.exe

MD5: 8aea9a37c1a3565a204d37c5e72ab791 C:\Windows\System32\lsm.exe

MD5: 8bc9db92c4b2f3be89185beab2afc1f6 C:\Windows\system32\MAPI32.dll

MD5: bfb9ee8ee977efe85d1a3105abef6dd1 C:\Windows\system32\Mcx2Svc.dll

MD5: fdba1dec4f9be4274a00b9b850c63484 C:\Windows\System32\mf.dll

MD5: 1db437c52ac6cb0d2922fd35f84a0af3 C:\Windows\system32\MFC71ENU.DLL

MD5: bfebb6f76a0988a38260870c61a6d1b7 C:\Windows\system32\MFReadWrite.dll

MD5: 243974ec02f7ae49e4179c54624143ab c:\windows\system32\MMDevAPI.DLL

MD5: d4191efab91e00fc09257aa5ebaf503b C:\Windows\System32\MPRAPI.dll

MD5: 9835584e999d25004e1ee8e5f3e3b881 c:\windows\system32\mpssvc.dll

MD5: 938f39b50bafe13d6f58c7790682c010 C:\Windows\system32\MSASN1.dll

MD5: 7f8678c59f188528d60104e697c2361e C:\Windows\system32\mscms.dll

MD5: d83947a58613e9091b4c9cc0f1546a8d C:\Windows\SYSTEM32\MSCOREE.DLL

MD5: 7069aab8536f29ed7323140973a2894b C:\Windows\system32\msdmo.dll

MD5: 3a16ea01fcfaab40882db5bfee632322 C:\Windows\system32\MsftEdit.dll

MD5: 497c9c3db953a60ec4f43a097e15f75e C:\Windows\system32\MSHTML.dll

MD5: 0ce4d3bd306da6d1f6f233c403f5b667 C:\Windows\system32\msi.dll

MD5: eee470f2a771fc0b543bdeef74fceca0 C:\Windows\system32\msiexec.exe

MD5: 35aae2e841aa1a949775168e119482c9 C:\Windows\system32\msls31.dll

MD5: 3de43bfdaf3f8979699650202aa18b12 C:\Windows\System32\msmpeg2vdec.dll

MD5: 387a8a473ecc5ba02cf453277c1f3274 c:\windows\system32\mspatcha.dll

MD5: c90878913df3dc504790282043db5f4c C:\Windows\system32\msprivs.DLL

MD5: db67c7c62038bde813cb6486581a7611 C:\Windows\system32\mssph.dll

MD5: 0241cb16136b9a4939ca0395768ae286 C:\Windows\system32\MSSRCH.DLL

MD5: c5a99a4c0dc9f0f5a95ba0c83d30a549 C:\Windows\System32\mstask.dll

MD5: 56ceed370508f69a1ba04939bd1badda C:\Windows\system32\MSUTB.dll

MD5: 4c1e16b9a53102c8d6fba587cbcb95de C:\Windows\system32\msv1_0.DLL

MD5: 9dc80a8aaaaac397bdab3c67165a824e C:\Windows\system32\msvcrt.dll

MD5: 8999b8631c7fd9f7f9ec3cafd953ba24 C:\Windows\system32\mswsock.dll

MD5: 4205ca4cd43e725db9ff02b0a588a8c6 C:\Windows\System32\msxml3.dll

MD5: 269d867585cda04d3972a39f3694e7df C:\Windows\System32\msxml6.dll

MD5: 8b57a1ad493653bb57f281fe75dd175b C:\Windows\System32\NaturalLanguage6.dll

MD5: 45d9f6cd2469cdb6a640dd4bd2b01471 C:\Windows\system32\NCI.dll

MD5: a4cc7227a452c4909f9499d91b184364 C:\Windows\system32\NCObjAPI.DLL

MD5: 75ea62927355189876081ef863064982 c:\windows\system32\ncsi.dll

MD5: 6dcfaec6d1334aa6cdf8961db4633cbf C:\Windows\system32\negoexts.DLL

MD5: 8ce1a6d16b9077e91e192499eb611c5f c:\windows\system32\NETAPI32.dll

MD5: 1ff7e4f548c7c372c804938f0d5b36ae C:\Windows\system32\netcfgx.dll

MD5: e343cabbd8d600abaf3f11625d33b3d0 C:\Windows\system32\netjoin.dll

MD5: c1809b9907adedaf16f50c894100883b C:\Windows\system32\netlogon.DLL

MD5: eab975db4c2805927fe5bd047d05c9aa C:\Windows\System32\netshell.dll

MD5: 20b3934db73eaba2b49b7177873cb81f C:\Windows\system32\netutils.dll

MD5: 3d57ffbad3ed16b63de3879bab0fb56f C:\Windows\system32\NetworkExplorer.dll

MD5: 104a1070e90f1c530328e69b49718841 C:\Windows\System32\nlaapi.dll

MD5: 912084381d30d8b89ec4e293053f4710 c:\windows\system32\nlasvc.dll

MD5: 2f4781f84c92e8c4b1586e47a78e8a61 C:\Windows\system32\npDeployJava1.dll

MD5: d2a937964199f647b1c3bc435712e5d9 c:\windows\system32\nrpsrv.DLL

MD5: ba387e955e890c8a88306d9b8d06bf17 c:\windows\system32\nsisvc.dll

MD5: c30a91ade8c9cb91e4281ec83c4500c6 C:\Windows\SYSTEM32\ntdll.dll

MD5: d7b7159bc8374e87d8c45a30377a3440 C:\Windows\System32\ntlanman.dll

MD5: 03f3b770dfbed6131653ceda8ca780f0 C:\Windows\system32\ntshrui.dll

MD5: 928cf7268086631f54c3d8e17238c6dd C:\Windows\system32\ole32.dll

MD5: 8e01332cc4b68bc6b5b7effe374442aa C:\Windows\system32\OLEACC.dll

MD5: 6c765e82b57f2e66ce9c54ac238471d9 C:\Windows\system32\OLEAUT32.dll

MD5: f748f53fe09d21d8ecbb6421e6792024 C:\Windows\system32\OneX.DLL

MD5: 487f44b08efeaf5ad087878357b9403d C:\Windows\system32\pdh.dll

MD5: 7e82616bee76bf5eaa5b30f681414e21 C:\Windows\system32\perftrack.dll

MD5: 37cc990d4e2cdfae12ac47f6b620fc13 C:\Windows\system32\pku2u.DLL

MD5: 414bba67a3ded1d28437eb66aeb8a720 C:\Windows\system32\pla.dll

MD5: 3d6f22551d422f97aacb0bb927e4c846 C:\Windows\System32\pnidui.dll

MD5: e98278865e8daba21cfe5fe4be34210a C:\Windows\system32\PortableDeviceApi.dll

MD5: c693e642acfbdd76433af6be3c3eee6f C:\Windows\System32\portabledeviceconnectapi.dll

MD5: 03cf941d031f30272d3063e5a4d686f5 C:\Windows\System32\PrintIsolationProxy.dll

MD5: c8333f1f77a1b2e25f2202e892caf634 C:\Windows\system32\prnfldr.dll

MD5: 43ca4ccc22d52fb58e8988f0198851d0 c:\windows\system32\profsvc.dll

MD5: 12c45e3cb6d65f73209549e2d02eca7a c:\windows\system32\PROPSYS.dll

MD5: dbc02d918fff1cad628acbe0c0eaa8e8 C:\Windows\System32\provsvc.dll

MD5: 02530b0b7e048dd5ac8d52daeacaeb2b C:\Windows\System32\QAgent.dll

MD5: 61d57a5d7c6d9afe10e77dae6e1b445e C:\Windows\system32\qagentRT.dll

MD5: e585445d5021971fae10393f0f1c3961 c:\windows\system32\qmgr.dll

MD5: bd626ef05967d14c772b8096292731a3 C:\Windows\System32\QUtil.dll

MD5: 7ffd52d73352806969d424ef327d10a7 C:\Windows\system32\radardt.dll

MD5: 11fbb8cb6865b7ba387095398eb91ed4 C:\Windows\system32\RAPI.dll

MD5: 3379989f06b31347792836dcf028a325 C:\Windows\system32\rapiproxystub.dll

MD5: b1e4d190cd21cc75ae38562400dd5345 C:\Windows\system32\rapistub.dll

MD5: cb9e04dc05eacf5b9a36ca276d475006 C:\Windows\System32\rasmans.dll

MD5: 2af094c822bd6094f14a8e85fb51d52a C:\Windows\system32\RESUTILS.DLL

MD5: 102cf6879887bbe846a00c459e6d4abc C:\Windows\system32\RICHED20.dll

MD5: b5506b451bfe7148eca7056bda2970bd C:\Windows\system32\riched32.dll

MD5: 6400774e903729add0a62a24a334ee56 C:\Windows\system32\RPCRT4.dll

MD5: 5997d769cdb108390dcfaebf442bf816 C:\Windows\system32\RpcRtRemote.dll

MD5: 7660f01d3b38aca1747e397d21d790af c:\windows\system32\rpcss.dll

MD5: 0915c4db6dbc3bb9e11b7ecbbe4b7159 C:\Windows\System32\rtutils.dll

MD5: 68ecca523ed760aafc03c5d587569859 C:\Windows\system32\samcli.dll

MD5: 245f4691314f42d4d1bc06442f0b2086 C:\Windows\system32\SAMSRV.dll

MD5: 8124944ec89d6a1815e4e53f5b96aaf4 C:\Windows\system32\scecli.DLL

MD5: 250aa41de690561af1282d598914564c C:\Windows\system32\SCESRV.dll

MD5: 3369d021265e369d57317d61fa86dd79 C:\Windows\system32\scext.dll

MD5: 1affb765af1fdcc0c185c38e9ddddaee C:\Windows\system32\schannel.DLL

MD5: a42e7748be906434c5fd17161d168c20 C:\Windows\system32\SCHEDCLI.DLL

MD5: a04bb13f8a72f8b6e8b4071723e4e336 c:\windows\system32\schedsvc.dll

MD5: 08236c4bce5edd0a0318a438af28e0f7 C:\Windows\System32\SDRSVC.dll

MD5: a6cd6b3f71e13e2e45b727fb8a47ea87 C:\Windows\System32\SearchFilterHost.exe

MD5: 236f286e103fd44bd85fdd93097fd5dd C:\Windows\System32\SearchIndexer.exe

MD5: e1ac89f6c5252057e6062843e36a6701 C:\Windows\System32\SearchProtocolHost.exe

MD5: 69678722290c78d5d7198c60b5a4e3e8 C:\Windows\system32\secur32.dll

MD5: 5f1b6a9c35d3d5ca72d6d6fdef9747d6 C:\Windows\System32\services.exe

MD5: 4ae380f39a0032eab7dd953030b26d28 C:\Windows\system32\sessenv.dll

MD5: 10fb16b50affda6d44588f3c445dc273 C:\Windows\system32\SETUPAPI.dll

MD5: f14a9b1778376d0b1788e402ac1f831a C:\Windows\System32\shacct.dll

MD5: be247ae996a9fde007a27b51413a6c79 C:\Windows\System32\shdocvw.dll

MD5: 358fc25391c6733eaf49db480afdfd8c C:\Windows\system32\shell32.dll

MD5: 8cc3c111d653e96f3ea1590891491d71 C:\Windows\system32\SHLWAPI.dll

MD5: 414da952a35bf5d50192e28263b40577 c:\windows\system32\shsvcs.dll

MD5: 16742790895960690237a5143cedec8b C:\Windows\System32\smss.exe

MD5: 2cfa4569350b7f84f815e9ec34e85766 C:\Windows\system32\SndVolSSO.DLL

MD5: d50d8c2380a0f39a47ef2ec76c64f4ef C:\Windows\System32\spool\drivers\w32x86\3\CAPM1LAK.EXE

MD5: 8eafe585d51b9f21d3abbbb634ee65c2 C:\Windows\system32\spool\drivers\w32x86\3\CAPM1PMN.DLL

MD5: e4650bbfa3ae2396687c2b798c0a1259 C:\Windows\system32\spool\drivers\w32x86\3\CAPM1SMK.DLL

MD5: 25a2c52507d8b8cc92ce8424fc323389 C:\Windows\System32\spool\drivers\w32x86\3\CAPM1SWK.EXE

MD5: d94e0bc61dc5dd928d91fd5b9f016197 C:\Windows\system32\spool\PRTPROCS\W32X86\LMIproc.dll

MD5: cd72c6406ba561bed6d42cb145e55307 C:\Windows\system32\spool\PRTPROCS\W32X86\winprint.dll

MD5: 629181c26a78eb66b0b4e774e5ac2882 C:\Windows\System32\SPOOLSS.DLL

MD5: 866a43013535dc8587c258e43579c764 C:\Windows\System32\spoolsv.exe

MD5: cf87a1de791347e75b98885214ced2b8 C:\Windows\system32\sppsvc.exe

MD5: b0180b20b065d89232a78a40fe56eaa6 C:\Windows\system32\sppuinotify.dll

MD5: ce292c4c10b8db6070f262ea2733f0dc c:\windows\system32\sqmapi.dll

MD5: 674b0c0f6a448eb185caab9c51d44032 C:\Windows\System32\srchadmin.dll

MD5: 5ccdcd40e732d54e0f7451ac66ac1c87 C:\Windows\system32\srvcli.dll

MD5: d64af876d53eca3668bb97b51b4e70ab c:\windows\system32\srvsvc.dll

MD5: 89e783711af91af09e1ef30ef3107446 C:\Windows\system32\SSCORE.DLL

MD5: 4a054c853031616d161a84becf281f47 C:\Windows\system32\SSPICLI.DLL

MD5: e361ae3010ea4b3123dab5bdae21798f C:\Windows\system32\SspiSrv.dll

MD5: 912649a1b3f9e6acb3899fbdaba2ed5f C:\Windows\system32\stobject.dll

MD5: 0bf669f0a910beda4a32258d363af2a5 C:\Windows\system32\storsvc.dll

MD5: 6a1e8deb746912df47cf651e138401d7 C:\Windows\System32\StructuredQuery.dll

MD5: 919001d2bb17df06ca3f8ac16ad039f6 C:\Windows\system32\sxs.dll

MD5: 364455805e64882844ee9acb72522830 C:\Windows\system32\sxssrv.DLL

MD5: 2ddea2c345da5bc589efd398f220db0e C:\Windows\System32\SyncCenter.dll

MD5: 36650d618ca34c9d357dfd3d89b2c56f c:\windows\system32\sysmain.dll

MD5: ba51ffe170c5b3ae8ec4f5bd2581a29e C:\Windows\system32\SYSNTFY.dll

MD5: 763fecdc3d30c815fe72dd57936c6cd1 C:\Windows\System32\TabSvc.dll

MD5: 613bf4820361543956909043a265c6ac C:\Windows\System32\tapisrv.dll

MD5: 1c3e8371377e988b683797a132effe1b C:\Windows\system32\taskcomp.dll

MD5: 7fa8ba5a780e4757964ac9d4238302b9 C:\Windows\System32\taskhost.exe

MD5: 544eff88ac6c85df5a4d6f18dfe08cfc C:\Windows\system32\taskschd.dll

MD5: eafc149cd3bd78c443e31bb157841197 C:\Windows\system32\tbs.dll

MD5: b390c1d825c7687493bede237c6c2f25 C:\Windows\System32\tcpmon.dll

MD5: 382c804c92811be57829d8e550a900e2 C:\Windows\System32\termsrv.dll

MD5: 7e9917d5309a90e7576653bfe39f80d8 C:\Windows\system32\timedate.cpl

MD5: 465dbf63a5049e4db4bc5c12ffe781cb C:\Windows\system32\TQUERY.DLL

MD5: d29e45078cf4020ce0aac82ec652d1ea C:\Windows\system32\tspkg.DLL

MD5: 7222995615bf93b628dcea4bd6ccacf7 C:\Windows\system32\UBPM.dll

MD5: d33e95c0a2754061233b58dc41f8094c C:\Windows\system32\umb.dll

MD5: ec7bc28d207da09e79b3e9faf8b232ca c:\windows\system32\umpnpmgr.dll

MD5: f87d30e72e03d579a5199ccb3831d6ea c:\windows\system32\umpo.dll

MD5: 409994a8eaceee4e328749c0353527a0 C:\Windows\System32\umrdp.dll

MD5: 954ea9b34f155c844b11f4047a8f6f89 C:\Windows\system32\upnp.dll

MD5: 79f14b5df9e17e12193337ed4ee1c491 C:\Windows\system32\urlmon.dll

MD5: 923cdd30092db73ec4a0ebcddd16c686 C:\Windows\System32\usbmon.dll

MD5: f1dd3acaee5e6b4bbc69bc6df75cef66 C:\Windows\system32\USER32.dll

MD5: d15618a0ff8dbc2c5bf3726bacc75a0b C:\Windows\system32\USERENV.dll

MD5: 61ac3efdfacfdd3f0f11dd4fd4044223 c:\windows\system32\userinit.exe

MD5: 804aaafebb3ad5f49334dd906bcb1de5 C:\Windows\system32\USP10.dll

MD5: a12829e9974f57e9b5dbfea7c93190f6 C:\Windows\system32\UXINIT.dll

MD5: 370349f79315d4db86cd992cacefee61 C:\Windows\system32\van.dll

MD5: c3cd30495687c2a2f66a65ca6fd89be9 C:\Windows\System32\vds.exe

MD5: 13337a3fb17f2242487fd45488ed0485 C:\Windows\system32\VSSAPI.DLL

MD5: 209a3b1901b83aeb8527ed211cce9e4c C:\Windows\system32\vssvc.exe

MD5: 5ae88135c6a86fcd67ba16afbb1c8389 C:\Windows\system32\wbem\esscli.dll

MD5: cfc7d8289d2b5f3cf8d16e2db7f93d4a C:\Windows\system32\wbem\FastProx.dll

MD5: f148865e4ac4f715e322ea06e6e21d84 C:\Windows\system32\wbem\ncprov.dll

MD5: 371e3b05894549113d07cd3081ed55ef C:\Windows\system32\wbem\repdrvfs.dll

MD5: 585eb475e7af55c9065256e8ffb751a1 C:\Windows\system32\wbem\wbemcore.dll

MD5: b350509b6c9296529bc464c60feeaef1 C:\Windows\system32\wbem\wbemess.dll

MD5: 701c9eb15e1e23d22f7c7184c0506673 C:\Windows\system32\wbem\wmidcprv.dll

MD5: 3cde2911462fec80064a409c07710c06 C:\Windows\system32\wbem\wmiprvsd.dll

MD5: 704314fd398c81d5f342caa5df7b7f21 C:\Windows\system32\wbemcomn.dll

MD5: 691e3285e53dca558e1a84667f13e15a C:\Windows\system32\wbengine.exe

MD5: 917422e1b95a72b0328b301bacbf1b07 C:\Windows\system32\wcescommproxy.dll

MD5: 34eee0dfaadb4f691d6d5308a51315dc C:\Windows\System32\wcncsvc.dll

MD5: f0016853fa3f38f55fd868ff74c0359b C:\Windows\system32\wdiasqmmodule.dll

MD5: d205c24a9d069049fe2df2a1b38726a7 C:\Windows\system32\wdmaud.drv

MD5: a399514d3b28c9a3453a486bbaaff1c7 c:\windows\system32\WDSCORE.dll

MD5: 5193de33f3284c447e0d31dafbf92570 c:\windows\system32\webcheck.dll

MD5: a9d880f97530d5b8fee278923349929d C:\Windows\System32\webclnt.dll

MD5: fb19fc5951a88f3c523e35c2c98d23c0 c:\windows\system32\webio.dll

MD5: db846eeca70ee9d2e2ff31147c57b0f4 C:\Windows\System32\webservices.dll

MD5: 590d5c506044fe02ff7643e32ff9bdac C:\Windows\system32\wer.dll

MD5: 1869bd251211fb6275067372a45682d6 C:\Windows\System32\werconcpl.dll

MD5: 241e015dd809cfb23242f890b1fc575b c:\windows\system32\wevtsvc.dll

MD5: 019c372b1a9da73a22d0d35a4d40f5c9 C:\Windows\system32\wfapigp.dll

MD5: e2d56ae1d40e3725084054cd8e9cfbb1 C:\Windows\system32\wiarpc.dll

MD5: e1fb3706030fb4578a0d72c2fc3689e4 c:\windows\system32\wiaservc.dll

MD5: 536e06b5a05c6e39c8748e3941fb083d C:\Windows\System32\win32spl.dll

MD5: 1db71a41daee6b3f8cd0dda8209fa2d5 C:\Windows\system32\WindowsCodecs.dll

MD5: ca9f7888b524d8100b977c81f44c3234 c:\windows\system32\WINHTTP.dll

MD5: 1d94fa7c81d2ffe494af094619ba706f C:\Windows\system32\WININET.dll

MD5: b5c5dcad3899512020d135600129d665 C:\Windows\System32\wininit.exe

MD5: 6d13e1406f50c66e2a95d97f22c47560 C:\Windows\System32\winlogon.exe

MD5: d5aefad57c08349a4393d987df7c715d C:\Windows\system32\WINMM.dll

MD5: 9419abf3163b6f0e3ad3dd2b381c879f C:\Windows\system32\WinSCard.dll

MD5: 9e4b0e7472b4ceba9e17f440b8cb0ab8 C:\Windows\system32\winspool.drv

MD5: 183b4188d5d91b271613ec3efd1b3cef C:\Windows\system32\winsrv.DLL

MD5: 418e881201583a3039d81f43e39e6c78 C:\Windows\system32\WINSTA.dll

MD5: 2d0d2da87bea7144f2a17f19d0d17e4c C:\Windows\system32\WINTRUST.dll

MD5: e5a4a1326a02f8e7b59e6c3270ce7202 C:\Windows\system32\wkscli.dll

MD5: 58405e4f68ba8e4057c6e914f326aba2 c:\windows\system32\wkssvc.dll

MD5: a8bb45f9ecad993461e0fef8e2a99152 C:\Windows\system32\WLDAP32.dll

MD5: 633c2c060cf857099f6c4f8d75c952b1 C:\Windows\system32\wls0wndh.dll

MD5: 5cf15474ffdb5005e54958df6edd97ab C:\Windows\system32\wmdrmdev.dll

MD5: 1957d49a9613faad1c73b508cce02aa5 C:\Windows\system32\wmp.dll

MD5: 0fbc74aa20fe0ae6884279f893169c60 C:\Windows\system32\wmploc.dll

MD5: 3f2b83695e5bf11930c16af50e991f96 C:\Windows\System32\wmpps.dll

MD5: d412b1b72c5ab020218e9a047d90ca05 C:\Windows\system32\WMsgAPI.dll

MD5: aa53356d60af47eacc85bc617a4f3f66 C:\Windows\system32\wpdbusenum.dll

MD5: 735263da17bf5baf9ccd483843bf9d5a C:\Windows\system32\wpdshserviceobj.dll

MD5: 7ff15a4f092cd4a96055ba69f903e3e9 C:\Windows\system32\WS2_32.dll

MD5: a8cdf3768604ff95b54669e20053d569 C:\Windows\System32\WSCAPI.dll

MD5: 7fd5532c142db6c9cc47aa4dcf71fdec C:\Windows\System32\wscui.cpl

MD5: 73f6c5223f7e9b5780dd4a6c30fcf569 C:\Windows\System32\wsdapi.dll

MD5: aaf7beb63e2cc499834b608a85a55e4e C:\Windows\system32\WSDCHNGR.DLL

MD5: a8eb761de499242becf153b2b34f020e C:\Windows\System32\WSDMon.dll

MD5: 81f08948a0f1475894c99d4d19a158a8 C:\Windows\System32\wshqos.dll

MD5: 1b91cd34ea3a90ab6a4ef0550174f4cc C:\Windows\system32\WsmSvc.dll

MD5: 6357e2b68753a1f5cf4a68a25c4fd14a C:\Windows\System32\wsnmp32.dll

MD5: 6a6b2ee4565a178035be2a4ff6f2c968 C:\Windows\system32\WTSAPI32.dll

MD5: 1a617835452eee5060976c9b9f5fe635 C:\Windows\system32\wuapi.dll

MD5: 2e0b0a051ffaa86e358465bb0880d453 C:\Windows\System32\wuauclt.exe

MD5: fc3ec24fce372c89423e015a2ac1a31e c:\windows\system32\wuaueng.dll

MD5: 285c594c4913fa9dc7bb6ba3ad6f101a C:\Windows\system32\wucltux.dll

MD5: 9fbcfd7e88a7ace0e94456504895dd7f c:\windows\system32\WUDFPlatform.dll

MD5: 8d1e1e529a2c9e9b6a85b55a345f7629 c:\windows\system32\wudfsvc.dll

MD5: 3458eda96e30fbd0477a2800d3fb1909 C:\Windows\system32\wups.dll

MD5: bdc0c99e472176c8c2c853a68adc5073 C:\Windows\system32\wups2.dll

MD5: edf2a5e96bec469da3f64e9bdd386111 C:\Windows\System32\XmlLite.dll

MD5: a2f0b6a45ef5b68173aaa2a39690904e C:\Windows\system32\zipfldr.dll

MD5: d5d7c7cbdd63c5938c83846b313fcf3b C:\Windows\WindowsMobile\BthASPlugin.dll

MD5: 523df3b590d8a353a49235b1b7c571ad C:\Windows\windowsmobile\dtptdns.dll

MD5: 8f97d374ad1857e1eed85a79f29a1d3d c:\windows\windowsmobile\rapimgr.dll

MD5: 8c8c82633a7e90a33e8d7d9617b2b46c c:\windows\windowsmobile\TCP2UDP.dll

MD5: 59e19bd13c3bdb857646b9e436ba27f7 c:\windows\windowsmobile\wcescomm.dll

MD5: 96b3c4e20f02ca16aa1e3e425bffcc8b C:\Windows\WindowsMobile\wmdcBase.exe

MD5: c9564cf4976e7e96b4052737aa2492b4 C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dll

MD5: e2c48cd0132d4d1dc7d0df9a6bef686a C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\MFC80U.DLL

MD5: 28a09777d2d952122567a8a82f1a2c7b C:\Windows\WinSxS\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_03ce2c72205943d3\MFC80ENU.DLL

MD5: db001faea818ae2e14a74e0adc530fc0 C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_50916076bcb9a742\MSVCP90.dll

MD5: b3892e6da8e2c8ce4b0a9d3eb9a185e5 C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_50916076bcb9a742\MSVCR90.dll

MD5: bdac1aa64495d0f7e1ff810ebbf1f018 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\COMCTL32.dll

MD5: 352b3dc62a0d259a82a052238425c872 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\COMCTL32.dll

MD5: 0029eba325f2fc9b6ba46bee33f32a09 C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll

No file uploaded.

Scan finished - communication took 3 sec

Total traffic - 0.03 MB sent, 2.50 KB recvd

Scanned 1081 files and modules - 59 seconds

==============================================================================

Results of screen317's Security Check version 0.99.50

Windows 7 Service Pack 1 x86 (UAC is enabled)

Internet Explorer 9

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

Norton Internet Security

WMI entry may not exist for antivirus; attempting automatic update.

`````````Anti-malware/Other Utilities Check:`````````

Malwarebytes Anti-Malware version 1.65.0.1400

JavaFX 2.1.1

Java version out of Date!

Adobe Reader X (10.1.4)

Mozilla Firefox (14.0.1)

Google Chrome 21.0.1180.83

Google Chrome 21.0.1180.89

````````Process Check: objlist.exe by Laurent````````

Norton ccSvcHst.exe

Malwarebytes Anti-Malware mbamservice.exe

MJ Desktop Virus Battle SecurityCheck.exe

Malwarebytes' Anti-Malware mbamscheduler.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 0%

````````````````````End of Log``````````````````````

Link to post
Share on other sites
Maurice Naggar

Maurice Naggar

Posted
Posted

javaicon.gifYour Java runtime is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

  • Accept the EULA & Download the latest version of >> Windows Offline << from here
    or >> from here <<
    and save it to your desktop.
  • Get the Offline version that corresponds to your "bit-tedness" of your Windows (32-bit or 64-bit)
    How to determine whether a computer is running a 32-bit version or 64-bit version of the Windows operating system
  • Close any programs you may have running - especially your web browser(s).
  • Go to Start > Control Panel, select Programs and Features and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-7u7-windows-i586.exe to install the newest version.
    ( jre-7u7-windows-x64.exe if this is a 64-bit Windows o.s.)

  • After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup) javaicon.gif
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cache - Leave BOTH Checked
      • Applications and Applets
        Trace and Log Files

      [*]Click OK on Delete Temporary Files Window

      Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.

      [*]Click OK to leave the Temporary Files Window

Small tweaks for Java runtime, since most all users do not need to load Java at each Windows startup:

Click Advanced Tab. Expand the Miscellaneous item.

UN-check the line Java quick starter

Press Apply then OK. Close the applet when done.

Let's see how things go for the next 24 hours or so, then we can proceed to cleanups & closure of this case.

Link to post
Share on other sites
Maurice Naggar

Maurice Naggar

Posted
Posted

That's allright, then on the Java.

We can wrap this up now. I see that you are clear of your original issues.

If you have a problem with these steps, or something does not quite work here, do let me know.

The following few steps will remove tools we used. Advise me after you have completed the cleanups.

We have to remove Combofix and all its associated folders. By whichever name you named it, ( you had named it ComboFix icon_exclaim.gif),

put that name in the RUN box stated just below.

The "/uninstall" in the Run line below is to start Combofix for it's cleanup & removal function.

Note the space before the slash mark.

The utility must be removed to prevent any un-intentional or accidental usage, PLUS, to free up much space on your hard disk.

  • Highlight the line in this CODEBOX.
    Select & Copy the entire line within this codebox (so that it is in Windows clipboard memory)
    c:\users\MJ\Desktop\ComboFix.exe /uninstall


  • Start >> type in cmd >> press the Ctrl+Shift+Enter keyboard combination and cmd.exe will be launched as if you selected Run as Administrator. You will then see a User Account Control prompt asking if you would like to allow the Command Prompt to be able to make changes on your computer. Click on the Yes button and you will now be at the Elevated Command Prompt.
    Do a Right click within the command prompt window and select Paste. This must show the line from Codebox above.
    Then tap Enter

IF in the case Combofix un-install has an issue, skip that step.

NEXT

  • Download OTC to your desktop and run it
  • Click Yes to beginning the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.

ERUNT you should keep and use periodically to backup Windows registry.

Delete the following if still present:

aswMBR.exe

RogueKiller.exe

TDSSKILLER.exe

SecurityCheck.exe

Stinger.exe

Use Control Panel >> Programs and Features and Uninstall BitDefender Quickscan

Safer practices & malware prevention

We are finished here. Best regards. cool.gif

Link to post
Share on other sites
Maurice Naggar

Maurice Naggar

Posted
Posted

OK, you did well. Stay safe. Cheers.

I am closing this thread. To casual observers: Note that procedures used here were only for this system.

If anyone else has similar issues: MBAM customers may contact the help desk.

Others, should open their own help topic.

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.