Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

need help removing boot.tid serv virus [Closed]

Started by want2fixmypc , Oct 30 2012 12:03 PM

This topic is locked

#1
want2fixmypc

Posted 30 October 2012 - 12:03 PM

Member

Member
27 posts

Hello,
I just found this forum and hopefully one of the experts can help me.

I have Vista 32 bit I believe and recently found that I was infected with 7 cases needing removal according to Norton 2012. I have been on a variety of other sites seeking a solution that will work. So far I have not had any luck which is why I'm here. I have downloaded Malwarebytes Anti-Malware, SpeedyPC, Spyware Doctor, TDSS Killer and still have 2 remaining cases that will not go away.

I have lost my wallpaper and all of my desktop icons except for what was recently downloaded to remove the boot.tid serv virus. I have lost the Internet Explorer icon & Windows Accessories, can only access the net via ebay (since that was a saved application on my start menu).

I have tried booting my laptop (the infected one) via Safe Mode with networking (using the F8 key) but can't get too far there.

I can boot up my infected laptop and try recommended solutions but so far no luck.

Can you please help? Thanks.

#2
Cruise475

Posted 30 October 2012 - 01:17 PM

Trusted Helper

Member
1,348 posts

Hello want2fixmypc, welcome to GeeksToGo! My name is Cruise475 and I will be helping you with your malware problems! Please be patient with my responses as I have just recently returned from a extended absence from GeeksToGo. This being said, to protect you and help me keep my sanity, I will be having a resident staff member checking my responses before they get to you!

Before we begin, I would like to mention a few things!

Malware removal is not an instantaneous task, researching the logs our tools create can sometimes be a lengthy process. So I ask, please be patient with me!
Read each of my posts PRIOR to following the tasks I ask you to perform.
Follow the instructions exactly as I have written them, in the order they were written.
If you are unsure how to proceed, are unable to perform any tasks, stop what you are doing and ask me for clarification!
It is very important that you stay with me until I give you the all clear! A lack of symptoms does not mean the infection is gone.
Please do not attach any logs to your posts unless I specifically request it! It makes my job a lot easier if you copy and paste them into your reply!
For the time that we are working together, do not run any tools, install or uninstall any program, or make any changes to your system without my direction. This can hinder the cleaning process, and make it hard to clean your computer!

Just to be clear, you are able to boot into windows and download some files correct? Also, I will need a copy of the Malwarebytes Reports, as well as TDSS Killer.

The TDSSKiller log will be located on your C:\ drive and will look similar to this. C:\TDSSKiller.2.4.7_23.07.2010_15.31.43_log.txt
The MBAM logs can be obtained from within MBAM itself. Open MBAM and select the LOGS tab. Open the most recent logs and copy and paste them here as well.

Download OTL to your Desktop

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

Under the Custom Scans/Fixes box at the bottom, paste in the following

nnetsvcs
%SYSTEMDRIVE%\*.exe
%systemroot%\assembly\GAC_32\*.ini
%systemroot%\assembly\GAC_64\*.ini
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.exe
%APPDATA%\*.
/md5start
rsvpsp.dll
pnrpnsp.dll 
nwprovau.dll
nlaapi.dll
napinsp.dll
mswsock.dll
winrnr.dll
wshelper.dll
services.exe
atapi.sys
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
csrss.exe
PrintIsolationHost.exe
consrv.dll
user32.dll
/md5stop
C:\Windows\assembly\tmp\U\*.* /s
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemdrive%\$Recycle.Bin|@;true;true;true /fp 
CREATERESTOREPOINT

Please select the Scan All Users checkbox.
Change the File Age dropdown list from 30 days to 60 days.
Under Extra Registry heading, select Use Safelist.
Select LOP Check and Purity Check.
Then click the Run Scan button at the top
Let the program run unhindered, until it is done
Post the log it produces in your next reply.

In your next post please include the following:

MBAM Logs
TDSSKiller Log(s)
OTL Log

Thanks
Cruise

#3
want2fixmypc

Posted 02 November 2012 - 12:13 PM

Member

Topic Starter
Member
27 posts

Thanks Cruise for answering my post. I'm sorry I didn't see your post until today. I've been checking several times a day since I posted and didn't see that there was a reply to my post.

I will start working on all that you requested & post the logs. Thanks for replying.

#4
want2fixmypc

Posted 02 November 2012 - 01:03 PM

Member

Topic Starter
Member
27 posts

Hi Cruise,

Here is the OTL script:

OTL Extras logfile created on: 11/2/2012 2:18:46 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\John\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.94 Gb Total Physical Memory | 0.41 Gb Available Physical Memory | 21.33% Memory free
4.11 Gb Paging File | 2.06 Gb Available in Paging File | 50.15% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 140.62 Gb Total Space | 83.57 Gb Free Space | 59.43% Space Free | Partition Type: NTFS
Drive D: | 8.43 Gb Total Space | 1.80 Gb Free Space | 21.41% Space Free | Partition Type: NTFS

Computer Name: JOHNS_LAPTOP | User Name: John | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_USERS\S-1-5-21-2481245631-879722362-3718759895-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- "%1" %*
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- (EarthLink, Inc.)

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0ADBFAB9-C955-4B9A-91CB-99E0E33E13F4}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{20FC15D8-BF03-4AD6-B2CD-A357A5513194}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{26B5BD9A-3606-415C-AA80-422B5EC5D9C1}" = lport=2869 | protocol=6 | dir=in | app=system |
"{2A46167C-6293-42D1-99A7-DCDD37CB5273}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{35923341-7A65-479C-8DB0-DC8167153101}" = lport=10243 | protocol=6 | dir=in | app=system |
"{3DB4DCC9-DB82-424E-905A-8A27420D1BC4}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{4D7BB535-1C0E-49E2-B6F3-2B5441DE68CD}" = rport=10243 | protocol=6 | dir=out | app=system |
"{503900EF-0D16-4DF6-8361-C4E21AD3E554}" = rport=80 | protocol=6 | dir=out | app=c:\program files\common files\intuit\update service v4\intuitupdater.exe |
"{6B101E9A-3384-43A0-BA68-6D23BD41E5B6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7BD45D72-BE71-4249-AD07-4CDE2B5B6907}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{AA028068-DC74-4252-B833-4D2FEF61ABF8}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AD965737-7013-494E-B596-A2FF4BEBCF18}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B09D42FB-C053-403E-8D82-0C6C6D049471}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B3AAD870-12D0-431D-A5C7-99CDA2F60E74}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B6DE4BBB-4A26-4C00-9628-0D12BF326AE6}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C6939FBE-D9A1-4B86-A5B0-BEAA5C8481A3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{DC165748-A307-40FD-98C6-63B4A72A3E6C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DC537AA3-5DF8-4B93-8103-140713D6DF51}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{E7568BCC-90DF-4E0C-9500-D11B87B0E619}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FBB9C5CF-0EA0-460D-8A11-1E98563B16FE}" = rport=80 | protocol=6 | dir=out | app=c:\program files\common files\intuit\update service v4\intuitupdateservice.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05F6F3EF-B25C-4001-8372-FE26E6D1B328}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{06BC7E4A-360F-4C94-8EE6-8F6A29DB2E38}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0828491A-7748-4279-9BCF-E9063A156B92}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{097692B9-4521-4D1A-9F3E-8E0F924DCDB0}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{0D00B80C-6AEE-49D8-A988-471098983FFE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{4717790A-9EBD-487F-8751-BFCE3FA0876A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{52BF366C-C9F3-462A-B42B-2E49651B58DD}" = dir=in | app=c:\program files\hp\hp officejet pro 8600\bin\devicesetup.exe |
"{5BC58A37-88F1-48D7-8BE5-98236F326965}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{61E43AE3-E19F-47BD-9BF2-862530855E79}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{62DAD364-9054-4450-8B64-1E97F59A49D1}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{6B76B961-7BC3-47C4-B12A-42CF381A1E0A}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{87A0D74F-F719-4D0B-9A9D-EDC91DA7E7E8}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{977244DC-0C6F-4602-9E5D-F53F4137696A}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
"{A008E9FF-E7F3-4D96-8721-A8ECF2648EA7}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A68E2511-C670-4D4D-92B7-32B47CD1DC69}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AC11FE86-3A76-4D2A-AEEF-570606383073}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B56404C7-9535-46A5-A8F5-D88E6C2A4C1B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C45F953C-C973-4D47-9B6F-8E3786D5C7A2}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{C578242B-D36B-451D-82D3-D3643C9ED971}" = protocol=6 | dir=out | app=system |
"{D5CDEC86-78CC-48CC-A5CE-5C63E3C44008}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D7ECB316-E245-4513-AE75-A2807CB4E6B1}" = dir=in | app=c:\program files\hp\hp officejet pro 8600\bin\hpnetworkcommunicator.exe |
"{DDB79537-BE1B-49D8-9E35-865252F6818E}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{E061AABC-11DE-42EE-B91A-B238CC8A1AAB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F238082B-3978-480D-B122-CF2A1C1231A2}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{F531DE3E-70C7-486D-8357-BEBB69ECA0BC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{7D81351D-05C3-4E57-AA37-014BA11ABD04}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{69F2A585-2DC7-42EF-B59E-87A0DFA9981D}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{0BFC200F-C45D-4271-AF34-4CA969225DEB}" = muvee autoProducer 6.0
"{0CFD3BAF-9F4D-4D70-BD0B-638EA2504C25}" = PSSWCORE
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}" = Roxio Creator EasyArchive
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check
"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java™ 6 Update 37
"{290B83AA-093A-45BF-A917-D1C4A1E8D917}" = HP Active Support Library
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java™ SE Runtime Environment 6
"{33C65B6A-5D73-4E3E-A1F9-127C27BD3F72}" = Roxio MyDVD Basic v9
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.20 B1
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Roxio Activation Module
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40F7AED3-0C7D-4582-99F6-484A515C73F2}" = HP Easy Setup - Frontend
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.2
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{54F7A791-38DE-4439-AB3F-B3F7DDA89C75}" = ESU for Microsoft Vista
"{604CD5A1-4520-4844-B064-A3D884B77E91}" = SpeedyPC Pro
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669B49D6-BCA8-4F7C-9248-CE5677750285}" = HP Officejet Pro 8600 Product Improvement Study
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8CEA85DE-955B-4BF4-87F2-0BAA62821633}" = HP Photosmart Essential2.5
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9061CEF2-51F5-42C9-8A70-9ED351C6597A}" = HP Help and Support
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C55C629-6C4F-48A9-8840-C897DF6187ED}" = HP Officejet Pro 8600 Basic Device Software
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements
"{AC76BA86-7AD7-1033-7B44-A80000000002}" = Adobe Reader 8
"{B6F5C6D8-C443-4B55-932F-AE11B5743FC4}" = HP Officejet Pro 8600 Help
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9
"{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR
"{CAF5B770-082F-40C4-853D-3973BB81BDAA}" = TurboTax 2011 WinPerTaxSupport
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D32067CD-7409-4792-BFA0-1469BCD8F0C8}" = HP Wireless Assistant
"{D6C3C9E7-D334-4918-BD57-5B1EF14C207D}" = Bing Bar
"{D9B4D7EE-481C-4C36-86AB-A8F7417725FF}" = LightScribe 1.6.43.1
"{DDFD9BA2-8E26-4E49-92AE-882424DAB1BC}" = HP User Guides 0057
"{E2C15C1A-0E65-4821-BB42-C8C24B621EBA}" = TurboTax 2011 wnciper
"{E463E171-4082-4744-A466-F7CBE8502789}" = TurboTax 2011 WinPerReleaseEngine
"{EE556A3E-EB37-4392-9637-BAA8EC2F47FA}" = TurboTax 2011 wrapper
"{F6B29003-A078-4491-AFBE-62EFB6CFFE19}" = HP Total Care Advisor
"{F7F3B252-E772-48AA-93EB-7964BC326067}" = MSCU for Microsoft Vista
"{FAB0C302-CB18-4A7A-BA03-C3DC23101A68}" = HP Active Support Library 32 bit components
"{FAD3D68B-2F9C-459B-AA79-C04B9090FD72}" = TurboTax 2011 WinPerFedFormset
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Browser Defender_is1" = Browser Guard 4.0
"Citrix Web Client" = Citrix Web Client
"CNXT_HDAUDIO" = Conexant HD Audio
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_5045&SUBSYS_103C30B7" = HDAUDIO Soft Data Fax Modem with SmartCP
"Coupon Printer for Windows5.0.0.1" = Coupon Printer for Windows
"Google Chrome" = Google Chrome
"HitmanPro36" = HitmanPro 3.6
"HP Photosmart Essential" = HP Photosmart Essential 2.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NBRTWizard" = Norton Bootable Recovery Tool Wizard
"NIS" = Norton Internet Security
"NVIDIA Drivers" = NVIDIA Drivers
"Produtools_Forms Toolbar" = Produtools Forms Toolbar
"PROPLUS" = Microsoft Office Professional Plus 2007
"Rapport_msi" = Rapport
"Rhapsody" = Rhapsody
"SmartAudio" = SmartAudio
"Spyware Doctor" = PC Tools Spyware Doctor 9.0
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TurboTax 2011" = TurboTax 2011
"WildTangent hplaptop Master Uninstall" = My HP Games
"Yahoo! Companion" = Yahoo! Toolbar for Internet Explorer
"Yahoo! Toolbar" = Yahoo! Toolbar

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2481245631-879722362-3718759895-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"AIM" = AIM for Windows
"GoToMeeting" = GoToMeeting 5.1.0.880

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 9/5/2012 3:41:19 PM | Computer Name = Johns_Laptop | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 9.0.8112.16448, time stamp
0x4fecf1b7, faulting module MSHTML.dll, version 9.0.8112.16448, time stamp 0x4fecfb0e,
exception code 0xc0000005, fault offset 0x003f786f, process id 0x780, application
start time 0x01cd8b7a3a072c9f.

Error - 9/12/2012 3:09:22 PM | Computer Name = Johns_Laptop | Source = Application Hang | ID = 1002
Description = The program WINWORD.EXE version 12.0.6661.5000 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: d98 Start Time: 01cd90f4e7713b87 Termination Time: 0

Error - 9/21/2012 4:40:21 PM | Computer Name = Johns_Laptop | Source = Windows Search Service | ID = 3026
Description =

Error - 9/29/2012 11:56:02 PM | Computer Name = Johns_Laptop | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 9.0.8112.16450, time stamp
0x503723f6, faulting module MSHTML.dll, version 9.0.8112.16450, time stamp 0x50372c8a,
exception code 0xc0000005, fault offset 0x002bcb7b, process id 0x1244, application
start time 0x01cd9eb1c6188497.

Error - 10/12/2012 10:12:46 AM | Computer Name = Johns_Laptop | Source = Automatic LiveUpdate Scheduler | ID = 101
Description =

Error - 10/12/2012 1:14:22 PM | Computer Name = Johns_Laptop | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16450 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 1220 Start Time: 01cda883348bee71 Termination Time: 0

Error - 10/22/2012 11:40:23 AM | Computer Name = Johns_Laptop | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 9.0.8112.16450, time stamp
0x503723f6, faulting module MSHTML.dll, version 9.0.8112.16450, time stamp 0x50372c8a,
exception code 0xc0000005, fault offset 0x0041e87c, process id 0x1520, application
start time 0x01cdb06b74ad0e62.

Error - 10/22/2012 1:16:10 PM | Computer Name = Johns_Laptop | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 9.0.8112.16450, time stamp
0x503723f6, faulting module ntdll.dll, version 6.0.6002.18541, time stamp 0x4ec3e3d5,
exception code 0xc0000374, fault offset 0x000b06b7, process id 0x12a4, application
start time 0x01cdb06560809fc2.

Error - 10/29/2012 4:29:46 PM | Computer Name = Johns_Laptop | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\NortonInstaller\{16DD5937-8A6A-4e65-A874-E19C3B0708A5}\NBRTWizard\LicenseType\5.1.0.26\lue.dll".
Dependent
Assembly Microsoft.VC90.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.30729.4148"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 10/30/2012 12:08:06 PM | Computer Name = Johns_Laptop | Source = EventSystem | ID = 4609
Description =

[ System Events ]
Error - 10/31/2012 3:05:42 PM | Computer Name = Johns_Laptop | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume .

Error - 10/31/2012 4:59:53 PM | Computer Name = Johns_Laptop | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume .

Error - 10/31/2012 5:00:00 PM | Computer Name = Johns_Laptop | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume .

Error - 10/31/2012 7:16:08 PM | Computer Name = Johns_Laptop | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume .

Error - 10/31/2012 7:16:08 PM | Computer Name = Johns_Laptop | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume .

Error - 11/2/2012 2:06:32 PM | Computer Name = Johns_Laptop | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.1.101 on
the Network Card with network address 001A73C8D483.

Error - 11/2/2012 2:06:46 PM | Computer Name = Johns_Laptop | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume .

Error - 11/2/2012 2:06:47 PM | Computer Name = Johns_Laptop | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume .

Error - 11/2/2012 2:07:16 PM | Computer Name = Johns_Laptop | Source = DCOM | ID = 10010
Description =

Error - 11/2/2012 2:08:35 PM | Computer Name = Johns_Laptop | Source = DCOM | ID = 10010
Description =

< End of report >

#5
want2fixmypc

Posted 02 November 2012 - 01:13 PM

Member

Topic Starter
Member
27 posts

Cruise,
Here is the MBAM log:
2012/10/29 17:29:20 -0400 JOHNS_LAPTOP John MESSAGE Executing scheduled update: Daily
2012/10/29 17:29:31 -0400 JOHNS_LAPTOP John MESSAGE Starting protection
2012/10/29 17:29:31 -0400 JOHNS_LAPTOP John MESSAGE Protection started successfully
2012/10/29 17:29:31 -0400 JOHNS_LAPTOP John MESSAGE Starting IP protection
2012/10/29 17:29:37 -0400 JOHNS_LAPTOP John MESSAGE Scheduled update executed successfully: database updated from version v2012.09.29.05 to version v2012.10.29.12
2012/10/29 17:29:42 -0400 JOHNS_LAPTOP John MESSAGE IP Protection started successfully
2012/10/29 17:29:42 -0400 JOHNS_LAPTOP John MESSAGE Starting database refresh
2012/10/29 17:29:42 -0400 JOHNS_LAPTOP John MESSAGE Stopping IP protection
2012/10/29 17:29:42 -0400 JOHNS_LAPTOP John MESSAGE IP Protection stopped successfully
2012/10/29 17:29:46 -0400 JOHNS_LAPTOP John MESSAGE Database refreshed successfully
2012/10/29 17:29:46 -0400 JOHNS_LAPTOP John MESSAGE Starting IP protection
2012/10/29 17:29:54 -0400 JOHNS_LAPTOP John MESSAGE IP Protection started successfully

2012/10/30 10:50:50 -0400 JOHNS_LAPTOP John MESSAGE Starting protection
2012/10/30 10:50:50 -0400 JOHNS_LAPTOP John MESSAGE Protection started successfully
2012/10/30 10:50:51 -0400 JOHNS_LAPTOP John MESSAGE Starting IP protection
2012/10/30 10:50:59 -0400 JOHNS_LAPTOP John MESSAGE IP Protection started successfully
2012/10/30 12:22:27 -0400 JOHNS_LAPTOP John MESSAGE Starting protection
2012/10/30 12:22:27 -0400 JOHNS_LAPTOP John MESSAGE Protection started successfully
2012/10/30 12:22:27 -0400 JOHNS_LAPTOP John MESSAGE Starting IP protection
2012/10/30 12:22:35 -0400 JOHNS_LAPTOP John MESSAGE IP Protection started successfully

2012/10/31 14:44:44 -0400 JOHNS_LAPTOP (null) MESSAGE Executing scheduled update: Daily
2012/10/31 14:44:45 -0400 JOHNS_LAPTOP (null) ERROR Scheduled update failed: Host not found failed with error code 0
2012/10/31 14:45:12 -0400 JOHNS_LAPTOP John MESSAGE Starting protection
2012/10/31 14:45:12 -0400 JOHNS_LAPTOP John MESSAGE Protection started successfully
2012/10/31 14:45:12 -0400 JOHNS_LAPTOP John MESSAGE Starting IP protection
2012/10/31 14:45:23 -0400 JOHNS_LAPTOP John MESSAGE IP Protection started successfully

2012/11/02 14:08:53 -0400 JOHNS_LAPTOP John MESSAGE Executing scheduled update: Daily
2012/11/02 14:09:04 -0400 JOHNS_LAPTOP John MESSAGE Starting database refresh
2012/11/02 14:09:04 -0400 JOHNS_LAPTOP John MESSAGE Scheduled update executed successfully: database updated from version v2012.10.29.12 to version v2012.11.02.09
2012/11/02 14:09:04 -0400 JOHNS_LAPTOP John MESSAGE Stopping IP protection
2012/11/02 14:09:18 -0400 JOHNS_LAPTOP John MESSAGE IP Protection stopped successfully
2012/11/02 14:10:14 -0400 JOHNS_LAPTOP John MESSAGE Database refreshed successfully
2012/11/02 14:10:14 -0400 JOHNS_LAPTOP John MESSAGE Starting IP protection
2012/11/02 14:10:28 -0400 JOHNS_LAPTOP John MESSAGE IP Protection started successfully

Malwarebytes Anti-Malware (Trial) 1.65.1.1000
www.malwarebytes.org

Database version: v2012.10.29.12

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
John :: JOHNS_LAPTOP [administrator]

Protection: Enabled

10/29/2012 5:30:11 PM
mbam-log-2012-10-29 (17-30-11).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 361869
Time elapsed: 2 hour(s), 1 minute(s), 55 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#6
want2fixmypc

Posted 02 November 2012 - 01:19 PM

Member

Topic Starter
Member
27 posts

Cruise,

There were several TDSS logs, I guess one for each time that I ran it, so I just copied the latest one below, let me know if you want to see the logs that were created for all of the runs. Thanks again for your help.

16:54:09.0783 3928 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
16:54:10.0636 3928 ============================================================
16:54:10.0636 3928 Current date / time: 2012/10/29 16:54:10.0636
16:54:10.0636 3928 SystemInfo:
16:54:10.0636 3928
16:54:10.0636 3928 OS Version: 6.0.6002 ServicePack: 2.0
16:54:10.0636 3928 Product type: Workstation
16:54:10.0637 3928 ComputerName: JOHNS_LAPTOP
16:54:10.0637 3928 UserName: John
16:54:10.0637 3928 Windows directory: C:\Windows
16:54:10.0637 3928 System windows directory: C:\Windows
16:54:10.0637 3928 Processor architecture: Intel x86
16:54:10.0637 3928 Number of processors: 2
16:54:10.0637 3928 Page size: 0x1000
16:54:10.0637 3928 Boot type: Normal boot
16:54:10.0637 3928 ============================================================
16:54:13.0838 3928 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
16:54:13.0846 3928 Drive \Device\Harddisk1\DR3 - Size: 0xEE00000 (0.23 Gb), SectorSize: 0x200, Cylinders: 0x1E, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
16:54:13.0848 3928 ============================================================
16:54:13.0848 3928 \Device\Harddisk0\DR0:
16:54:13.0848 3928 MBR partitions:
16:54:13.0848 3928 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1193E536
16:54:13.0848 3928 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1193E575, BlocksNum 0x10DA54C
16:54:13.0848 3928 \Device\Harddisk1\DR3:
16:54:13.0848 3928 MBR partitions:
16:54:13.0848 3928 \Device\Harddisk1\DR3\Partition1: MBR, Type 0x6, StartLBA 0x20, BlocksNum 0x76FE0
16:54:13.0848 3928 ============================================================
16:54:13.0861 3928 C: <-> \Device\Harddisk0\DR0\Partition1
16:54:13.0915 3928 D: <-> \Device\Harddisk0\DR0\Partition2
16:54:13.0915 3928 ============================================================
16:54:13.0915 3928 Initialize success
16:54:13.0915 3928 ============================================================
16:54:20.0420 4676 ============================================================
16:54:20.0420 4676 Scan started
16:54:20.0420 4676 Mode: Manual;
16:54:20.0420 4676 ============================================================
16:54:22.0304 4676 ================ Scan system memory ========================
16:54:22.0304 4676 System memory - ok
16:54:22.0304 4676 ================ Scan services =============================
16:54:22.0468 4676 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys
16:54:22.0474 4676 ACPI - ok
16:54:22.0556 4676 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
16:54:22.0562 4676 AdobeFlashPlayerUpdateSvc - ok
16:54:22.0615 4676 [ 2EDC5BBAC6C651ECE337BDE8ED97C9FB ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
16:54:22.0625 4676 adp94xx - ok
16:54:22.0666 4676 [ B84088CA3CDCA97DA44A984C6CE1CCAD ] adpahci C:\Windows\system32\drivers\adpahci.sys
16:54:22.0674 4676 adpahci - ok
16:54:22.0703 4676 [ 7880C67BCCC27C86FD05AA2AFB5EA469 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
16:54:22.0707 4676 adpu160m - ok
16:54:22.0732 4676 [ 9AE713F8E30EFC2ABCCD84904333DF4D ] adpu320 C:\Windows\system32\drivers\adpu320.sys
16:54:22.0736 4676 adpu320 - ok
16:54:22.0775 4676 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
16:54:22.0778 4676 AeLookupSvc - ok
16:54:22.0835 4676 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys
16:54:22.0895 4676 AFD - ok
16:54:22.0953 4676 [ EF23439CDD587F64C2C1B8825CEAD7D8 ] agp440 C:\Windows\system32\drivers\agp440.sys
16:54:22.0957 4676 agp440 - ok
16:54:23.0005 4676 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
16:54:23.0009 4676 aic78xx - ok
16:54:23.0044 4676 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
16:54:23.0047 4676 ALG - ok
16:54:23.0075 4676 [ 90395B64600EBB4552E26E178C94B2E4 ] aliide C:\Windows\system32\drivers\aliide.sys
16:54:23.0078 4676 aliide - ok
16:54:23.0101 4676 [ 2B13E304C9DFDFA5EB582F6A149FA2C7 ] amdagp C:\Windows\system32\drivers\amdagp.sys
16:54:23.0104 4676 amdagp - ok
16:54:23.0130 4676 [ 0577DF1D323FE75A739C787893D300EA ] amdide C:\Windows\system32\drivers\amdide.sys
16:54:23.0133 4676 amdide - ok
16:54:23.0159 4676 [ DC487885BCEF9F28EECE6FAC0E5DDFC5 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
16:54:23.0162 4676 AmdK7 - ok
16:54:23.0201 4676 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
16:54:23.0203 4676 AmdK8 - ok
16:54:23.0257 4676 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
16:54:23.0259 4676 Appinfo - ok
16:54:23.0283 4676 [ 5F673180268BB1FDB69C99B6619FE379 ] arc C:\Windows\system32\drivers\arc.sys
16:54:23.0286 4676 arc - ok
16:54:23.0314 4676 [ 957F7540B5E7F602E44648C7DE5A1C05 ] arcsas C:\Windows\system32\drivers\arcsas.sys
16:54:23.0318 4676 arcsas - ok
16:54:23.0376 4676 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
16:54:23.0378 4676 AsyncMac - ok
16:54:23.0429 4676 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys
16:54:23.0430 4676 atapi - ok
16:54:23.0492 4676 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
16:54:23.0500 4676 AudioEndpointBuilder - ok
16:54:23.0526 4676 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll
16:54:23.0531 4676 Audiosrv - ok
16:54:23.0696 4676 [ A2494901E7226B356B8C1005C45F1C5F ] BBSvc C:\Program Files\Microsoft\BingBar\7.1.361.0\BBSvc.exe
16:54:23.0701 4676 BBSvc - ok
16:54:23.0717 4676 [ 63B1CBBAE4790B5BAC98F01BF9449722 ] BBUpdate C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.exe
16:54:23.0723 4676 BBUpdate - ok
16:54:23.0772 4676 [ 746F59822A5187510471FC46889B8CC9 ] BCM43XV C:\Windows\system32\DRIVERS\bcmwl6.sys
16:54:23.0795 4676 BCM43XV - ok
16:54:23.0828 4676 [ 746F59822A5187510471FC46889B8CC9 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl6.sys
16:54:23.0834 4676 BCM43XX - ok
16:54:23.0876 4676 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
16:54:23.0890 4676 Beep - ok
16:54:23.0962 4676 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll
16:54:23.0969 4676 BFE - ok
16:54:24.0227 4676 [ E685BA3267C5A4EC4CE9E2B4A1481725 ] BHDrvx86 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20111201.001\BHDrvx86.sys
16:54:24.0261 4676 BHDrvx86 - ok
16:54:24.0358 4676 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\System32\qmgr.dll
16:54:24.0392 4676 BITS - ok
16:54:24.0400 4676 blbdrive - ok
16:54:24.0437 4676 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys
16:54:24.0451 4676 bowser - ok
16:54:24.0496 4676 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
16:54:24.0498 4676 BrFiltLo - ok
16:54:24.0519 4676 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
16:54:24.0521 4676 BrFiltUp - ok
16:54:24.0559 4676 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
16:54:24.0564 4676 Browser - ok
16:54:24.0601 4676 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
16:54:24.0608 4676 Brserid - ok
16:54:24.0642 4676 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
16:54:24.0651 4676 BrSerWdm - ok
16:54:24.0668 4676 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
16:54:24.0671 4676 BrUsbMdm - ok
16:54:24.0680 4676 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
16:54:24.0682 4676 BrUsbSer - ok
16:54:24.0709 4676 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
16:54:24.0712 4676 BTHMODEM - ok
16:54:24.0854 4676 [ 599E7F6259A127C174C49938D2AA6A60 ] ccSet_NIS C:\Windows\system32\drivers\NIS\1305000.091\ccSetx86.sys
16:54:24.0859 4676 ccSet_NIS - ok
16:54:24.0913 4676 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
16:54:24.0917 4676 cdfs - ok
16:54:24.0964 4676 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
16:54:24.0966 4676 cdrom - ok
16:54:25.0059 4676 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll
16:54:25.0062 4676 CertPropSvc - ok
16:54:25.0097 4676 [ DA8E0AFC7BAA226C538EF53AC2F90897 ] circlass C:\Windows\system32\drivers\circlass.sys
16:54:25.0100 4676 circlass - ok
16:54:25.0196 4676 [ DBAFC6734C054FEEF9087754BD80F847 ] CLCapSvc C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
16:54:25.0202 4676 CLCapSvc - ok
16:54:25.0254 4676 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys
16:54:25.0262 4676 CLFS - ok
16:54:25.0309 4676 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:54:25.0312 4676 clr_optimization_v2.0.50727_32 - ok
16:54:25.0393 4676 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:54:25.0397 4676 clr_optimization_v4.0.30319_32 - ok
16:54:25.0424 4676 [ E67F8F036FD882E4AB62501C0D45B536 ] CLSched C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
16:54:25.0430 4676 CLSched - ok
16:54:25.0480 4676 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
16:54:25.0483 4676 CmBatt - ok
16:54:25.0512 4676 [ 45201046C776FFDAF3FC8A0029C581C8 ] cmdide C:\Windows\system32\drivers\cmdide.sys
16:54:25.0514 4676 cmdide - ok
16:54:25.0553 4676 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
16:54:25.0555 4676 Compbatt - ok
16:54:25.0564 4676 COMSysApp - ok
16:54:25.0582 4676 [ 2A213AE086BBEC5E937553C7D9A2B22C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
16:54:25.0585 4676 crcdisk - ok
16:54:25.0610 4676 [ 22A7F883508176489F559EE745B5BF5D ] Crusoe C:\Windows\system32\drivers\crusoe.sys
16:54:25.0613 4676 Crusoe - ok
16:54:25.0663 4676 [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc C:\Windows\system32\cryptsvc.dll
16:54:25.0666 4676 CryptSvc - ok
16:54:25.0769 4676 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll
16:54:25.0791 4676 DcomLaunch - ok
16:54:25.0827 4676 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys
16:54:25.0830 4676 DfsC - ok
16:54:25.0967 4676 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe
16:54:26.0077 4676 DFSR - ok
16:54:26.0115 4676 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll
16:54:26.0120 4676 Dhcp - ok
16:54:26.0167 4676 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys
16:54:26.0170 4676 disk - ok
16:54:26.0225 4676 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll
16:54:26.0228 4676 Dnscache - ok
16:54:26.0246 4676 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll
16:54:26.0252 4676 dot3svc - ok
16:54:26.0288 4676 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
16:54:26.0292 4676 DPS - ok
16:54:26.0337 4676 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
16:54:26.0340 4676 drmkaud - ok
16:54:26.0412 4676 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
16:54:26.0434 4676 DXGKrnl - ok
16:54:26.0479 4676 [ C0B00E55CF82D122D25983C7A6A53DEA ] E100B C:\Windows\system32\DRIVERS\e100b325.sys
16:54:26.0485 4676 E100B - ok
16:54:26.0517 4676 [ F88FB26547FD2CE6D0A5AF2985892C48 ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
16:54:26.0522 4676 E1G60 - ok
16:54:26.0559 4676 [ E88B0CFCECF745211BBA87F44F85D0DD ] eabfiltr C:\Windows\system32\DRIVERS\eabfiltr.sys
16:54:26.0562 4676 eabfiltr - ok
16:54:26.0603 4676 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
16:54:26.0606 4676 EapHost - ok
16:54:26.0686 4676 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys
16:54:26.0692 4676 Ecache - ok
16:54:26.0802 4676 [ 85B8B4032A895A746D46A288A9B30DED ] eeCtrl C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
16:54:26.0825 4676 eeCtrl - ok
16:54:26.0888 4676 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
16:54:26.0895 4676 ehRecvr - ok
16:54:26.0913 4676 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe
16:54:26.0920 4676 ehSched - ok
16:54:26.0934 4676 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll
16:54:26.0936 4676 ehstart - ok
16:54:26.0995 4676 [ E8F3F21A71720C84BCF423B80028359F ] elxstor C:\Windows\system32\drivers\elxstor.sys
16:54:27.0002 4676 elxstor - ok
16:54:27.0077 4676 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
16:54:27.0100 4676 EMDMgmt - ok
16:54:27.0136 4676 [ B5A8A04A6E5B4E86B95B1553AA918F5F ] EraserUtilRebootDrv C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
16:54:27.0139 4676 EraserUtilRebootDrv - ok
16:54:27.0172 4676 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll
16:54:27.0179 4676 EventSystem - ok
16:54:27.0213 4676 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys
16:54:27.0219 4676 exfat - ok
16:54:27.0267 4676 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys
16:54:27.0271 4676 fastfat - ok
16:54:27.0311 4676 [ 63BDADA84951B9C03E641800E176898A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
16:54:27.0314 4676 fdc - ok
16:54:27.0345 4676 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
16:54:27.0348 4676 fdPHost - ok
16:54:27.0370 4676 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
16:54:27.0373 4676 FDResPub - ok
16:54:27.0424 4676 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
16:54:27.0426 4676 FileInfo - ok
16:54:27.0461 4676 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
16:54:27.0464 4676 Filetrace - ok
16:54:27.0482 4676 [ 6603957EFF5EC62D25075EA8AC27DE68 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
16:54:27.0485 4676 flpydisk - ok
16:54:27.0509 4676 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
16:54:27.0516 4676 FltMgr - ok
16:54:27.0604 4676 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll
16:54:27.0638 4676 FontCache - ok
16:54:27.0702 4676 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
16:54:27.0704 4676 FontCache3.0.0.0 - ok
16:54:27.0743 4676 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
16:54:27.0745 4676 Fs_Rec - ok
16:54:27.0775 4676 [ 4E1CD0A45C50A8882616CAE5BF82F3C5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
16:54:27.0778 4676 gagp30kx - ok
16:54:27.0832 4676 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
16:54:27.0835 4676 GEARAspiWDM - ok
16:54:27.0908 4676 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll
16:54:27.0930 4676 gpsvc - ok
16:54:28.0241 4676 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
16:54:28.0251 4676 gupdate - ok
16:54:28.0305 4676 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
16:54:28.0307 4676 gupdatem - ok
16:54:28.0404 4676 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
16:54:28.0409 4676 gusvc - ok
16:54:28.0428 4676 [ DE15777902A5D9121857D155873A1D1B ] HBtnKey C:\Windows\system32\DRIVERS\cpqbttn.sys
16:54:28.0430 4676 HBtnKey - ok
16:54:28.0467 4676 [ A08F4808FB19A40792A6056848187AFE ] HdAudAddService C:\Windows\system32\drivers\CHDART.sys
16:54:28.0473 4676 HdAudAddService - ok
16:54:28.0539 4676 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
16:54:28.0562 4676 HDAudBus - ok
16:54:28.0586 4676 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
16:54:28.0589 4676 HidBth - ok
16:54:28.0606 4676 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
16:54:28.0609 4676 HidIr - ok
16:54:28.0649 4676 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\system32\hidserv.dll
16:54:28.0651 4676 hidserv - ok
16:54:28.0697 4676 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
16:54:28.0699 4676 HidUsb - ok
16:54:28.0746 4676 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
16:54:28.0754 4676 hkmsvc - ok
16:54:28.0835 4676 [ 2CEEB349216FEBD91A907013D4ABCFF7 ] HP Health Check Service C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
16:54:28.0837 4676 HP Health Check Service - ok
16:54:28.0858 4676 [ DF353B401001246853763C4B7AAA6F50 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
16:54:28.0861 4676 HpCISSs - ok
16:54:28.0895 4676 [ 04C1DCBB226C6AE647B794833CE3CEB6 ] hpqwmiex C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
16:54:28.0898 4676 hpqwmiex - ok
16:54:28.0939 4676 [ 46D67209550973257601A533E2AC5785 ] HSFHWAZL C:\Windows\system32\DRIVERS\VSTAZL3.SYS
16:54:28.0945 4676 HSFHWAZL - ok
16:54:29.0010 4676 [ 0D7A055A840C3099C37D576573A42CD5 ] HSF_DPV C:\Windows\system32\DRIVERS\HSX_DPV.sys
16:54:29.0044 4676 HSF_DPV - ok
16:54:29.0075 4676 [ BCC074692882C056B0E1AC97F3331A02 ] HSXHWAZL C:\Windows\system32\DRIVERS\HSXHWAZL.sys
16:54:29.0081 4676 HSXHWAZL - ok
16:54:29.0129 4676 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys
16:54:29.0152 4676 HTTP - ok
16:54:29.0178 4676 [ 324C2152FF2C61ABAE92D09F3CCA4D63 ] i2omp C:\Windows\system32\drivers\i2omp.sys
16:54:29.0182 4676 i2omp - ok
16:54:29.0248 4676 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
16:54:29.0252 4676 i8042prt - ok
16:54:29.0335 4676 [ 496DB78E6A0C4C44023D9A92B4A7AC31 ] ialm C:\Windows\system32\DRIVERS\igdkmd32.sys
16:54:29.0391 4676 ialm - ok
16:54:29.0414 4676 [ C957BF4B5D80B46C5017BF0101E6C906 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
16:54:29.0421 4676 iaStorV - ok
16:54:29.0482 4676 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
16:54:29.0498 4676 IDriverT - ok
16:54:29.0583 4676 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
16:54:29.0616 4676 idsvc - ok
16:54:29.0750 4676 [ B6662611E8FA3A71473C4A9BD0D23755 ] IDSVix86 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20111130.012\IDSVix86.sys
16:54:29.0760 4676 IDSVix86 - ok
16:54:29.0801 4676 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
16:54:29.0804 4676 iirsp - ok
16:54:29.0834 4676 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll
16:54:29.0857 4676 IKEEXT - ok
16:54:29.0881 4676 [ 97469037714070E45194ED318D636401 ] intelide C:\Windows\system32\drivers\intelide.sys
16:54:29.0883 4676 intelide - ok
16:54:29.0922 4676 [ CE44CC04262F28216DD4341E9E36A16F ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
16:54:29.0924 4676 intelppm - ok
16:54:30.0004 4676 [ 1663A135865F0BA6E853353E98E67F2A ] IntuitUpdateServiceV4 C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
16:54:30.0005 4676 IntuitUpdateServiceV4 - ok
16:54:30.0043 4676 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
16:54:30.0048 4676 IPBusEnum - ok
16:54:30.0075 4676 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:54:30.0078 4676 IpFilterDriver - ok
16:54:30.0125 4676 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
16:54:30.0132 4676 iphlpsvc - ok
16:54:30.0146 4676 IpInIp - ok
16:54:30.0189 4676 [ 40F34F8ABA2A015D780E4B09138B6C17 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
16:54:30.0192 4676 IPMIDRV - ok
16:54:30.0219 4676 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
16:54:30.0223 4676 IPNAT - ok
16:54:30.0258 4676 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
16:54:30.0260 4676 IRENUM - ok
16:54:30.0287 4676 [ 350FCA7E73CF65BCEF43FAE1E4E91293 ] isapnp C:\Windows\system32\drivers\isapnp.sys
16:54:30.0290 4676 isapnp - ok
16:54:30.0363 4676 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
16:54:30.0368 4676 iScsiPrt - ok
16:54:30.0393 4676 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
16:54:30.0395 4676 iteatapi - ok
16:54:30.0432 4676 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
16:54:30.0434 4676 iteraid - ok
16:54:30.0466 4676 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
16:54:30.0469 4676 kbdclass - ok
16:54:30.0504 4676 [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
16:54:30.0507 4676 kbdhid - ok
16:54:30.0552 4676 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe
16:54:30.0554 4676 KeyIso - ok
16:54:30.0613 4676 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
16:54:30.0635 4676 KSecDD - ok
16:54:30.0700 4676 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
16:54:30.0723 4676 KtmRm - ok
16:54:30.0768 4676 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\system32\srvsvc.dll
16:54:30.0774 4676 LanmanServer - ok
16:54:30.0816 4676 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
16:54:30.0825 4676 LanmanWorkstation - ok
16:54:30.0867 4676 [ 31D8B705DCD5F2366186E731F87C7A71 ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
16:54:30.0870 4676 LightScribeService - ok
16:54:30.0898 4676 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
16:54:30.0901 4676 lltdio - ok
16:54:30.0949 4676 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
16:54:30.0956 4676 lltdsvc - ok
16:54:30.0985 4676 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
16:54:30.0990 4676 lmhosts - ok
16:54:31.0019 4676 [ A2262FB9F28935E862B4DB46438C80D2 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
16:54:31.0023 4676 LSI_FC - ok
16:54:31.0046 4676 [ 30D73327D390F72A62F32C103DAF1D6D ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
16:54:31.0050 4676 LSI_SAS - ok
16:54:31.0075 4676 [ E1E36FEFD45849A95F1AB81DE0159FE3 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
16:54:31.0079 4676 LSI_SCSI - ok
16:54:31.0115 4676 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
16:54:31.0119 4676 luafv - ok
16:54:31.0142 4676 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
16:54:31.0146 4676 Mcx2Svc - ok
16:54:31.0180 4676 [ 0CEA2D0D3FA284B85ED5B68365114F76 ] mdmxsdk C:\Windows\system32\DRIVERS\mdmxsdk.sys
16:54:31.0183 4676 mdmxsdk - ok
16:54:31.0202 4676 [ D153B14FC6598EAE8422A2037553ADCE ] megasas C:\Windows\system32\drivers\megasas.sys
16:54:31.0205 4676 megasas - ok
16:54:31.0250 4676 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
16:54:31.0254 4676 MMCSS - ok
16:54:31.0284 4676 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
16:54:31.0287 4676 Modem - ok
16:54:31.0322 4676 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
16:54:31.0325 4676 monitor - ok
16:54:31.0344 4676 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
16:54:31.0347 4676 mouclass - ok
16:54:31.0377 4676 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
16:54:31.0380 4676 mouhid - ok
16:54:31.0422 4676 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
16:54:31.0424 4676 MountMgr - ok
16:54:31.0469 4676 [ 583A41F26278D9E0EA548163D6139397 ] mpio C:\Windows\system32\drivers\mpio.sys
16:54:31.0486 4676 mpio - ok
16:54:31.0517 4676 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
16:54:31.0520 4676 mpsdrv - ok
16:54:31.0576 4676 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll
16:54:31.0598 4676 MpsSvc - ok
16:54:31.0621 4676 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
16:54:31.0624 4676 Mraid35x - ok
16:54:31.0681 4676 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
16:54:31.0686 4676 MRxDAV - ok
16:54:31.0724 4676 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
16:54:31.0728 4676 mrxsmb - ok
16:54:31.0744 4676 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:54:31.0750 4676 mrxsmb10 - ok
16:54:31.0766 4676 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:54:31.0770 4676 mrxsmb20 - ok
16:54:31.0812 4676 [ 742AED7939E734C36B7E8D6228CE26B7 ] msahci C:\Windows\system32\drivers\msahci.sys
16:54:31.0815 4676 msahci - ok
16:54:31.0833 4676 [ 3FC82A2AE4CC149165A94699183D3028 ] msdsm C:\Windows\system32\drivers\msdsm.sys
16:54:31.0837 4676 msdsm - ok
16:54:31.0870 4676 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
16:54:31.0875 4676 MSDTC - ok
16:54:31.0914 4676 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
16:54:31.0916 4676 Msfs - ok
16:54:31.0944 4676 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
16:54:31.0947 4676 msisadrv - ok
16:54:31.0976 4676 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
16:54:31.0982 4676 MSiSCSI - ok
16:54:31.0989 4676 msiserver - ok
16:54:32.0019 4676 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
16:54:32.0022 4676 MSKSSRV - ok
16:54:32.0060 4676 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
16:54:32.0062 4676 MSPCLOCK - ok
16:54:32.0086 4676 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
16:54:32.0088 4676 MSPQM - ok
16:54:32.0137 4676 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
16:54:32.0142 4676 MsRPC - ok
16:54:32.0162 4676 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
16:54:32.0165 4676 mssmbios - ok
16:54:32.0185 4676 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
16:54:32.0209 4676 MSTEE - ok
16:54:32.0231 4676 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys
16:54:32.0236 4676 Mup - ok
16:54:32.0280 4676 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll
16:54:32.0289 4676 napagent - ok
16:54:32.0403 4676 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
16:54:32.0408 4676 NativeWifiP - ok
16:54:32.0503 4676 [ 8E4C77AD9BB279900C00F870CC0C674B ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20121029.002\NAVENG.SYS
16:54:32.0507 4676 NAVENG - ok
16:54:32.0591 4676 [ 826F699B69E88A3920C70F344DD42D88 ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20121029.002\NAVEX15.SYS
16:54:32.0671 4676 NAVEX15 - ok
16:54:32.0754 4676 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys
16:54:32.0777 4676 NDIS - ok
16:54:32.0813 4676 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
16:54:32.0816 4676 NdisTapi - ok
16:54:32.0855 4676 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
16:54:32.0858 4676 Ndisuio - ok
16:54:32.0882 4676 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
16:54:32.0887 4676 NdisWan - ok
16:54:32.0920 4676 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
16:54:32.0923 4676 NDProxy - ok
16:54:32.0943 4676 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
16:54:32.0947 4676 NetBIOS - ok
16:54:32.0964 4676 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
16:54:32.0970 4676 netbt - ok
16:54:32.0985 4676 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe
16:54:32.0988 4676 Netlogon - ok
16:54:33.0036 4676 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
16:54:33.0044 4676 Netman - ok
16:54:33.0084 4676 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
16:54:33.0092 4676 netprofm - ok
16:54:33.0142 4676 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:54:33.0147 4676 NetTcpPortSharing - ok
16:54:33.0175 4676 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
16:54:33.0208 4676 nfrd960 - ok
16:54:33.0466 4676 [ 9D0F43B1D0434B44183D4795E89F6C14 ] NIS C:\Program Files\Norton Internet Security\Engine\19.5.0.145\ccSvcHst.exe
16:54:33.0470 4676 NIS - ok
16:54:33.0512 4676 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
16:54:33.0519 4676 NlaSvc - ok
16:54:33.0578 4676 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys
16:54:33.0581 4676 Npfs - ok
16:54:33.0618 4676 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
16:54:33.0622 4676 nsi - ok
16:54:33.0667 4676 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
16:54:33.0671 4676 nsiproxy - ok
16:54:33.0730 4676 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
16:54:33.0779 4676 Ntfs - ok
16:54:33.0816 4676 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
16:54:33.0818 4676 ntrigdigi - ok
16:54:33.0832 4676 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
16:54:33.0859 4676 Null - ok
16:54:33.0923 4676 [ A1108084B0D2FC43DCC401735770E2A3 ] NVENETFD C:\Windows\system32\DRIVERS\nvmfdx32.sys
16:54:33.0968 4676 NVENETFD - ok
16:54:34.0275 4676 [ 23188EEA47D122C13327070AA5DBCF3F ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
16:54:34.0495 4676 nvlddmkm - ok
16:54:34.0529 4676 [ E69E946F80C1C31C53003BFBF50CBB7C ] nvraid C:\Windows\system32\drivers\nvraid.sys
16:54:34.0536 4676 nvraid - ok
16:54:34.0581 4676 [ 9AEBC32F9D6E02EBEE0369AB296FE7C8 ] nvsmu C:\Windows\system32\DRIVERS\nvsmu.sys
16:54:34.0583 4676 nvsmu - ok
16:54:34.0606 4676 [ 9E0BA19A28C498A6D323D065DB76DFFC ] nvstor C:\Windows\system32\drivers\nvstor.sys
16:54:34.0609 4676 nvstor - ok
16:54:34.0635 4676 [ 07C186427EB8FCC3D8D7927187F260F7 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
16:54:34.0639 4676 nv_agp - ok
16:54:34.0646 4676 NwlnkFlt - ok
16:54:34.0657 4676 NwlnkFwd - ok
16:54:34.0770 4676 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
16:54:34.0814 4676 odserv - ok
16:54:34.0864 4676 [ 6F310E890D46E246E0E261A63D9B36B4 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
16:54:34.0866 4676 ohci1394 - ok
16:54:34.0910 4676 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:54:34.0914 4676 ose - ok
16:54:35.0068 4676 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll
16:54:35.0101 4676 p2pimsvc - ok
16:54:35.0134 4676 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll
16:54:35.0142 4676 p2psvc - ok
16:54:35.0185 4676 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys
16:54:35.0189 4676 Parport - ok
16:54:35.0225 4676 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
16:54:35.0228 4676 partmgr - ok
16:54:35.0245 4676 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
16:54:35.0248 4676 Parvdm - ok
16:54:35.0291 4676 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
16:54:35.0295 4676 PcaSvc - ok
16:54:35.0349 4676 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys
16:54:35.0354 4676 pci - ok
16:54:35.0378 4676 [ 1636D43F10416AEB483BC6001097B26C ] pciide C:\Windows\system32\drivers\pciide.sys
16:54:35.0385 4676 pciide - ok
16:54:35.0405 4676 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
16:54:35.0413 4676 pcmcia - ok
16:54:35.0474 4676 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
16:54:35.0507 4676 PEAUTH - ok
16:54:35.0610 4676 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
16:54:35.0665 4676 pla - ok
16:54:35.0720 4676 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll
16:54:35.0727 4676 PlugPlay - ok
16:54:35.0768 4676 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
16:54:35.0777 4676 PNRPAutoReg - ok
16:54:35.0812 4676 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll
16:54:35.0821 4676 PNRPsvc - ok
16:54:35.0886 4676 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
16:54:35.0909 4676 PolicyAgent - ok
16:54:35.0939 4676 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
16:54:35.0942 4676 PptpMiniport - ok
16:54:35.0970 4676 [ 0E3CEF5D28B40CF273281D620C50700A ] Processor C:\Windows\system32\drivers\processr.sys
16:54:35.0973 4676 Processor - ok
16:54:36.0030 4676 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll
16:54:36.0037 4676 ProfSvc - ok
16:54:36.0053 4676 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
16:54:36.0055 4676 ProtectedStorage - ok
16:54:36.0118 4676 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys
16:54:36.0122 4676 PSched - ok
16:54:36.0161 4676 [ D86B4A68565E444D76457F14172C875A ] PxHelp20 C:\Windows\system32\Drivers\PxHelp20.sys
16:54:36.0165 4676 PxHelp20 - ok
16:54:36.0228 4676 [ CCDAC889326317792480C0A67156A1EC ] ql2300 C:\Windows\system32\drivers\ql2300.sys
16:54:36.0295 4676 ql2300 - ok
16:54:36.0333 4676 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
16:54:36.0337 4676 ql40xx - ok
16:54:36.0378 4676 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
16:54:36.0388 4676 QWAVE - ok
16:54:36.0417 4676 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
16:54:36.0420 4676 QWAVEdrv - ok
16:54:36.0562 4676 [ 9054C4B91761773F0EFA59BED70C54B6 ] RapportCerberus_42020 C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_42020.sys
16:54:36.0573 4676 RapportCerberus_42020 - ok
16:54:36.0614 4676 [ 093B6A040BCF3FD4A0FFF397BAF28330 ] RapportEI C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys
16:54:36.0619 4676 RapportEI - ok
16:54:36.0658 4676 [ 660436FBE447EBC73873EF2B0B2094B4 ] RapportKELL C:\Windows\system32\Drivers\RapportKELL.sys
16:54:36.0662 4676 RapportKELL - ok
16:54:36.0705 4676 [ 61B37C0B3FD7DA7414C20D917469BFFF ] RapportMgmtService C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
16:54:36.0738 4676 RapportMgmtService - ok
16:54:36.0777 4676 [ 3DE33A522BB73E161F20D444687E978B ] RapportPG C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys
16:54:36.0782 4676 RapportPG - ok
16:54:36.0819 4676 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
16:54:36.0823 4676 RasAcd - ok
16:54:36.0867 4676 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
16:54:36.0895 4676 RasAuto - ok
16:54:36.0937 4676 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
16:54:36.0941 4676 Rasl2tp - ok
16:54:37.0005 4676 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll
16:54:37.0013 4676 RasMan - ok
16:54:37.0029 4676 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
16:54:37.0033 4676 RasPppoe - ok
16:54:37.0044 4676 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
16:54:37.0048 4676 RasSstp - ok
16:54:37.0067 4676 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
16:54:37.0074 4676 rdbss - ok
16:54:37.0090 4676 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
16:54:37.0092 4676 RDPCDD - ok
16:54:37.0129 4676 [ E8BD98D46F2ED77132BA927FCCB47D8B ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
16:54:37.0136 4676 rdpdr - ok
16:54:37.0144 4676 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
16:54:37.0147 4676 RDPENCDD - ok
16:54:37.0198 4676 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
16:54:37.0203 4676 RDPWD - ok
16:54:37.0257 4676 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
16:54:37.0262 4676 RemoteAccess - ok
16:54:37.0286 4676 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll
16:54:37.0292 4676 RemoteRegistry - ok
16:54:37.0344 4676 [ 355AAC141B214BEF1DBC1483AFD9BD50 ] rimmptsk C:\Windows\system32\DRIVERS\rimmptsk.sys
16:54:37.0347 4676 rimmptsk - ok
16:54:37.0358 4676 [ A4216C71DD4F60B26418CCFD99CD0815 ] rimsptsk C:\Windows\system32\DRIVERS\rimsptsk.sys
16:54:37.0361 4676 rimsptsk - ok
16:54:37.0378 4676 [ C663AF77E2F4EABF8EB08B388D2F1F36 ] rismxdp C:\Windows\system32\DRIVERS\rixdptsk.sys
16:54:37.0380 4676 rismxdp - ok
16:54:37.0511 4676 [ 08FB7D968805001C7ADCBB14B0651FA2 ] RoxMediaDB9 C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
16:54:37.0546 4676 RoxMediaDB9 - ok
16:54:37.0582 4676 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
16:54:37.0586 4676 RpcLocator - ok
16:54:37.0616 4676 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll
16:54:37.0625 4676 RpcSs - ok
16:54:37.0663 4676 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
16:54:37.0666 4676 rspndr - ok
16:54:37.0686 4676 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe
16:54:37.0689 4676 SamSs - ok
16:54:37.0726 4676 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
16:54:37.0730 4676 sbp2port - ok
16:54:37.0811 4676 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll
16:54:37.0817 4676 SCardSvr - ok
16:54:37.0859 4676 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll
16:54:37.0882 4676 Schedule - ok
16:54:37.0928 4676 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll
16:54:37.0929 4676 SCPolicySvc - ok
16:54:37.0983 4676 [ 8F36B54688C31EED4580129040C6A3D3 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
16:54:37.0988 4676 sdbus - ok
16:54:38.0028 4676 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
16:54:38.0034 4676 SDRSVC - ok
16:54:38.0050 4676 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
16:54:38.0053 4676 secdrv - ok
16:54:38.0089 4676 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
16:54:38.0093 4676 seclogon - ok
16:54:38.0106 4676 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\System32\sens.dll
16:54:38.0111 4676 SENS - ok
16:54:38.0139 4676 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys
16:54:38.0142 4676 Serenum - ok
16:54:38.0150 4676 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys
16:54:38.0154 4676 Serial - ok
16:54:38.0179 4676 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
16:54:38.0181 4676 sermouse - ok
16:54:38.0226 4676 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
16:54:38.0231 4676 SessionEnv - ok
16:54:38.0253 4676 [ 103B79418DA647736EE95645F305F68A ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
16:54:38.0256 4676 sffdisk - ok
16:54:38.0276 4676 [ 8FD08A310645FE872EEEC6E08C6BF3EE ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
16:54:38.0279 4676 sffp_mmc - ok
16:54:38.0290 4676 [ 9CFA05FCFCB7124E69CFC812B72F9614 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
16:54:38.0292 4676 sffp_sd - ok
16:54:38.0302 4676 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
16:54:38.0305 4676 sfloppy - ok
16:54:38.0333 4676 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
16:54:38.0342 4676 SharedAccess - ok
16:54:38.0384 4676 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
16:54:38.0392 4676 ShellHWDetection - ok
16:54:38.0418 4676 [ D2A595D6EEBEEAF4334F8E50EFBC9931 ] sisagp C:\Windows\system32\drivers\sisagp.sys
16:54:38.0461 4676 sisagp - ok
16:54:38.0489 4676 [ CEDD6F4E7D84E9F98B34B3FE988373AA ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
16:54:38.0516 4676 SiSRaid2 - ok
16:54:38.0554 4676 [ DF843C528C4F69D12CE41CE462E973A7 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
16:54:38.0583 4676 SiSRaid4 - ok
16:54:38.0737 4676 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe
16:54:38.0973 4676 slsvc - ok
16:54:39.0054 4676 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
16:54:39.0072 4676 SLUINotify - ok
16:54:39.0111 4676 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys
16:54:39.0161 4676 Smb - ok
16:54:39.0213 4676 [ CDE05A7FB8F3707391716780427DC0FC ] SMR311 C:\Windows\system32\drivers\SMR311.SYS
16:54:39.0246 4676 SMR311 - ok
16:54:39.0297 4676 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
16:54:39.0334 4676 SNMPTRAP - ok
16:54:39.0362 4676 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
16:54:39.0364 4676 spldr - ok
16:54:39.0427 4676 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe
16:54:39.0454 4676 Spooler - ok
16:54:39.0667 4676 [ C16D048FAF2978D2121F9F40594A6BDC ] SRTSP C:\Windows\system32\drivers\NIS\1305000.091\SRTSP.SYS
16:54:39.0763 4676 SRTSP - ok
16:54:39.0789 4676 [ F0D02C2E25970C9C72A5CD278C17CDB6 ] SRTSPX C:\Windows\system32\drivers\NIS\1305000.091\SRTSPX.SYS
16:54:39.0792 4676 SRTSPX - ok
16:54:39.0841 4676 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys
16:54:39.0849 4676 srv - ok
16:54:39.0881 4676 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
16:54:39.0886 4676 srv2 - ok
16:54:39.0902 4676 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
16:54:39.0908 4676 srvnet - ok
16:54:39.0946 4676 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
16:54:39.0953 4676 SSDPSRV - ok
16:54:39.0998 4676 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
16:54:40.0004 4676 SstpSvc - ok
16:54:40.0041 4676 [ EF70B3D22B4BFFDA6EA851ECB063EFAA ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
16:54:40.0044 4676 StillCam - ok
16:54:40.0119 4676 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll
16:54:40.0142 4676 stisvc - ok
16:54:40.0197 4676 [ A9A23C8AF361F7A93FD632E91A8C346F ] stllssvr C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
16:54:40.0201 4676 stllssvr - ok
16:54:40.0209 4676 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
16:54:40.0212 4676 swenum - ok
16:54:40.0272 4676 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll
16:54:40.0313 4676 swprv - ok
16:54:40.0352 4676 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
16:54:40.0355 4676 Symc8xx - ok
16:54:40.0546 4676 [ 690FA0E61B90084C4D9A721BD4F3D779 ] SymDS C:\Windows\system32\drivers\NIS\1305000.091\SYMDS.SYS
16:54:40.0596 4676 SymDS - ok
16:54:40.0658 4676 [ 4E55148A2E044D02245CBCDBB266B98C ] SymEFA C:\Windows\system32\drivers\NIS\1305000.091\SYMEFA.SYS
16:54:40.0823 4676 SymEFA - ok
16:54:40.0895 4676 [ 74E2521E96176A4449570E50BE91954D ] SymEvent C:\Windows\system32\Drivers\SYMEVENT.SYS
16:54:40.0931 4676 SymEvent - ok
16:54:41.0005 4676 [ 2C356CCA706505CF63CBE39D532B9236 ] SymIRON C:\Windows\system32\drivers\NIS\1305000.091\Ironx86.SYS
16:54:41.0011 4676 SymIRON - ok
16:54:41.0053 4676 [ 40C6E6417C8B7D7FCF82CFBE71525795 ] SYMTDIv C:\Windows\system32\drivers\NIS\1305000.091\SYMTDIV.SYS
16:54:41.0163 4676 SYMTDIv - ok
16:54:41.0190 4676 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
16:54:41.0216 4676 Sym_hi - ok
16:54:41.0281 4676 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
16:54:41.0307 4676 Sym_u3 - ok
16:54:41.0428 4676 [ 8327106D1C93E9A7B98E63B9FCC24BB7 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
16:54:41.0455 4676 SynTP - ok
16:54:41.0551 4676 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll
16:54:41.0585 4676 SysMain - ok
16:54:41.0614 4676 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
16:54:41.0620 4676 TabletInputService - ok
16:54:41.0678 4676 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll
16:54:41.0688 4676 TapiSrv - ok
16:54:41.0725 4676 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
16:54:41.0730 4676 TBS - ok
16:54:41.0794 4676 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
16:54:41.0825 4676 Tcpip - ok
16:54:41.0872 4676 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
16:54:41.0881 4676 Tcpip6 - ok
16:54:41.0921 4676 [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
16:54:41.0924 4676 tcpipreg - ok
16:54:41.0960 4676 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
16:54:41.0962 4676 TDPIPE - ok
16:54:41.0986 4676 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
16:54:41.0990 4676 TDTCP - ok
16:54:42.0016 4676 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
16:54:42.0036 4676 tdx - ok
16:54:42.0076 4676 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
16:54:42.0079 4676 TermDD - ok
16:54:42.0111 4676 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll
16:54:42.0166 4676 TermService - ok
16:54:42.0185 4676 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll
16:54:42.0191 4676 Themes - ok
16:54:42.0219 4676 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
16:54:42.0222 4676 THREADORDER - ok
16:54:42.0262 4676 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
16:54:42.0268 4676 TrkWks - ok
16:54:42.0295 4676 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
16:54:42.0298 4676 TrustedInstaller - ok
16:54:42.0324 4676 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
16:54:42.0338 4676 tssecsrv - ok
16:54:42.0367 4676 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
16:54:42.0370 4676 tunmp - ok
16:54:42.0390 4676 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
16:54:42.0393 4676 tunnel - ok
16:54:42.0425 4676 [ C3ADE15414120033A36C0F293D4A4121 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
16:54:42.0428 4676 uagp35 - ok
16:54:42.0492 4676 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
16:54:42.0499 4676 udfs - ok
16:54:42.0538 4676 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
16:54:42.0544 4676 UI0Detect - ok
16:54:42.0566 4676 [ 75E6890EBFCE0841D3291B02E7A8BDB0 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
16:54:42.0570 4676 uliagpkx - ok
16:54:42.0610 4676 [ 3CD4EA35A6221B85DCC25DAA46313F8D ] uliahci C:\Windows\system32\drivers\uliahci.sys
16:54:42.0618 4676 uliahci - ok
16:54:42.0645 4676 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
16:54:42.0649 4676 UlSata - ok
16:54:42.0675 4676 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
16:54:42.0680 4676 ulsata2 - ok
16:54:42.0717 4676 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
16:54:42.0720 4676 umbus - ok
16:54:42.0767 4676 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
16:54:42.0775 4676 upnphost - ok
16:54:42.0825 4676 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
16:54:42.0829 4676 usbccgp - ok
16:54:42.0869 4676 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
16:54:42.0873 4676 usbcir - ok
16:54:42.0910 4676 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
16:54:42.0913 4676 usbehci - ok
16:54:42.0962 4676 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
16:54:42.0969 4676 usbhub - ok
16:54:42.0988 4676 [ CE697FEE0D479290D89BEC80DFE793B7 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
16:54:42.0992 4676 usbohci - ok
16:54:43.0012 4676 [ B51E52ACF758BE00EF3A58EA452FE360 ] usbprint C:\Windows\system32\drivers\usbprint.sys
16:54:43.0015 4676 usbprint - ok
16:54:43.0039 4676 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:54:43.0042 4676 USBSTOR - ok
16:54:43.0055 4676 [ 325DBBACB8A36AF9988CCF40EAC228CC ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
16:54:43.0059 4676 usbuhci - ok
16:54:43.0085 4676 [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
16:54:43.0091 4676 usbvideo - ok
16:54:43.0144 4676 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll
16:54:43.0149 4676 UxSms - ok
16:54:43.0181 4676 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe
16:54:43.0282 4676 vds - ok
16:54:43.0334 4676 [ 7D92BE0028ECDEDEC74617009084B5EF ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
16:54:43.0337 4676 vga - ok
16:54:43.0375 4676 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
16:54:43.0378 4676 VgaSave - ok
16:54:43.0400 4676 [ 045D9961E591CF0674A920B6BA3BA5CB ] viaagp C:\Windows\system32\drivers\viaagp.sys
16:54:43.0403 4676 viaagp - ok
16:54:43.0419 4676 [ 56A4DE5F02F2E88182B0981119B4DD98 ] ViaC7 C:\Windows\system32\drivers\viac7.sys
16:54:43.0422 4676 ViaC7 - ok
16:54:43.0444 4676 [ FD2E3175FCADA350C7AB4521DCA187EC ] viaide C:\Windows\system32\drivers\viaide.sys
16:54:43.0447 4676 viaide - ok
16:54:43.0469 4676 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
16:54:43.0473 4676 volmgr - ok
16:54:43.0496 4676 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
16:54:43.0504 4676 volmgrx - ok
16:54:43.0563 4676 [ 147281C01FCB1DF9252DE2A10D5E7093 ] volsnap C:\Windows\system32\drivers\volsnap.sys
16:54:43.0570 4676 volsnap - ok
16:54:43.0594 4676 [ D984439746D42B30FC65A4C3546C6829 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
16:54:43.0607 4676 vsmraid - ok
16:54:43.0688 4676 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe
16:54:43.0732 4676 VSS - ok
16:54:43.0763 4676 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll
16:54:43.0772 4676 W32Time - ok
16:54:43.0806 4676 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
16:54:43.0809 4676 WacomPen - ok
16:54:43.0845 4676 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
16:54:43.0848 4676 Wanarp - ok
16:54:43.0854 4676 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
16:54:43.0858 4676 Wanarpv6 - ok
16:54:43.0888 4676 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll
16:54:43.0911 4676 wcncsvc - ok
16:54:43.0934 4676 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
16:54:43.0939 4676 WcsPlugInService - ok
16:54:43.0956 4676 [ AFC5AD65B991C1E205CF25CFDBF7A6F4 ] Wd C:\Windows\system32\drivers\wd.sys
16:54:43.0958 4676 Wd - ok
16:54:44.0009 4676 [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
16:54:44.0031 4676 Wdf01000 - ok
16:54:44.0075 4676 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
16:54:44.0081 4676 WdiServiceHost - ok
16:54:44.0089 4676 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
16:54:44.0094 4676 WdiSystemHost - ok
16:54:44.0142 4676 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll
16:54:44.0149 4676 WebClient - ok
16:54:44.0184 4676 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll
16:54:44.0192 4676 Wecsvc - ok
16:54:44.0222 4676 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
16:54:44.0227 4676 wercplsupport - ok
16:54:44.0260 4676 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll
16:54:44.0267 4676 WerSvc - ok
16:54:44.0347 4676 [ 3B4522D0E750BAC8FE7AE61622A57014 ] winachsf C:\Windows\system32\DRIVERS\HSX_CNXT.sys
16:54:44.0369 4676 winachsf - ok
16:54:44.0421 4676 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
16:54:44.0428 4676 WinDefend - ok
16:54:44.0441 4676 WinHttpAutoProxySvc - ok
16:54:44.0523 4676 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
16:54:44.0528 4676 Winmgmt - ok
16:54:44.0604 4676 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
16:54:44.0649 4676 WinRM - ok
16:54:44.0712 4676 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll
16:54:44.0734 4676 Wlansvc - ok
16:54:44.0780 4676 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
16:54:44.0782 4676 WmiAcpi - ok
16:54:44.0811 4676 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
16:54:44.0817 4676 wmiApSrv - ok
16:54:44.0890 4676 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
16:54:44.0923 4676 WMPNetworkSvc - ok
16:54:44.0977 4676 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll
16:54:45.0003 4676 WPCSvc - ok
16:54:45.0070 4676 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
16:54:45.0077 4676 WPDBusEnum - ok
16:54:45.0202 4676 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
16:54:45.0262 4676 WPFFontCache_v0400 - ok
16:54:45.0315 4676 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
16:54:45.0320 4676 ws2ifsl - ok
16:54:45.0380 4676 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\System32\wscsvc.dll
16:54:45.0386 4676 wscsvc - ok
16:54:45.0393 4676 WSearch - ok
16:54:45.0512 4676 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
16:54:45.0599 4676 wuauserv - ok
16:54:45.0660 4676 [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
16:54:45.0663 4676 WUDFRd - ok
16:54:45.0691 4676 [ 575A4190D989F64732119E4114045A4F ] wudfsvc C:\Windows\System32\WUDFSvc.dll
16:54:45.0696 4676 wudfsvc - ok
16:54:45.0738 4676 [ 88AF537264F2B818DA15479CEEAF5D7C ] XAudio C:\Windows\system32\DRIVERS\xaudio.sys
16:54:45.0741 4676 XAudio - ok
16:54:45.0785 4676 [ 15A317674A08DF26BE65164D959E9203 ] XAudioService C:\Windows\system32\DRIVERS\xaudio.exe
16:54:45.0807 4676 XAudioService - ok
16:54:45.0826 4676 ================ Scan global ===============================
16:54:45.0844 4676 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
16:54:45.0901 4676 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
16:54:45.0945 4676 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
16:54:46.0001 4676 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
16:54:46.0024 4676 [Global] - ok
16:54:46.0025 4676 ================ Scan MBR ==================================
16:54:46.0045 4676 [ 1A1A06F62E891045814007163C1C76C3 ] \Device\Harddisk0\DR0
16:54:46.0560 4676 \Device\Harddisk0\DR0 - ok
16:54:46.0572 4676 [ 65E858A8A0293BE11A920B0BC99D695E ] \Device\Harddisk1\DR3
16:54:47.0312 4676 \Device\Harddisk1\DR3 - ok
16:54:47.0313 4676 ================ Scan VBR ==================================
16:54:47.0318 4676 [ BCDF09F82849C28D2ACCB5448232B7F3 ] \Device\Harddisk0\DR0\Partition1
16:54:47.0319 4676 \Device\Harddisk0\DR0\Partition1 - ok
16:54:47.0327 4676 [ 9F13E1F5862FA79FDD3A427B9E01F318 ] \Device\Harddisk0\DR0\Partition2
16:54:47.0329 4676 \Device\Harddisk0\DR0\Partition2 - ok
16:54:47.0338 4676 [ 51021ECFF774B7668F4704876B924414 ] \Device\Harddisk1\DR3\Partition1
16:54:47.0339 4676 \Device\Harddisk1\DR3\Partition1 - ok
16:54:47.0341 4676 ============================================================
16:54:47.0341 4676 Scan finished
16:54:47.0342 4676 ============================================================
16:54:47.0359 4108 Detected object count: 0
16:54:47.0359 4108 Actual detected object count: 0
16:55:08.0863 5472 Deinitialize success

#7
Cruise475

Posted 02 November 2012 - 01:21 PM

Trusted Helper

Member
1,348 posts

Hi There,

There should be one more OTL file. When you initially do a scan, it should produce an OTL.txt and Extras.txt. I need the OTL.txt file:)

You ran OTL from

C:\Users\John\Downloads

so it may be there!

If you can't find the file, you can re-run the scan with the previous instructions.

Thanks
Cruise

#8
want2fixmypc

Posted 02 November 2012 - 01:23 PM

Member

Topic Starter
Member
27 posts

Cruise,
Sorry, the following is actually the last file that was on the log. Let me know if there is anything else you need. Thanks for your help.
want2fixmypc

17:21:25.0786 4204 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
17:21:26.0440 4204 ============================================================
17:21:26.0440 4204 Current date / time: 2012/10/29 17:21:26.0440
17:21:26.0440 4204 SystemInfo:
17:21:26.0440 4204
17:21:26.0440 4204 OS Version: 6.0.6002 ServicePack: 2.0
17:21:26.0440 4204 Product type: Workstation
17:21:26.0440 4204 ComputerName: JOHNS_LAPTOP
17:21:26.0441 4204 UserName: John
17:21:26.0441 4204 Windows directory: C:\Windows
17:21:26.0441 4204 System windows directory: C:\Windows
17:21:26.0441 4204 Processor architecture: Intel x86
17:21:26.0441 4204 Number of processors: 2
17:21:26.0441 4204 Page size: 0x1000
17:21:26.0441 4204 Boot type: Normal boot
17:21:26.0441 4204 ============================================================
17:21:29.0013 4204 BG loaded
17:21:29.0518 4204 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
17:21:29.0523 4204 ============================================================
17:21:29.0523 4204 \Device\Harddisk0\DR0:
17:21:29.0536 4204 MBR partitions:
17:21:29.0536 4204 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1193E536
17:21:29.0536 4204 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1193E575, BlocksNum 0x10DA54C
17:21:29.0537 4204 ============================================================
17:21:29.0596 4204 C: <-> \Device\Harddisk0\DR0\Partition1
17:21:29.0717 4204 D: <-> \Device\Harddisk0\DR0\Partition2
17:21:29.0717 4204 ============================================================
17:21:29.0717 4204 Initialize success
17:21:29.0717 4204 ============================================================
19:36:14.0181 2612 Deinitialize success

#9
want2fixmypc

Posted 02 November 2012 - 01:28 PM

Member

Topic Starter
Member
27 posts

Hi Cruise,

Sorry I didn't send you the right file. Here is the OTL.txt file as requested.

OTL logfile created on: 11/2/2012 2:18:46 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\John\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.94 Gb Total Physical Memory | 0.41 Gb Available Physical Memory | 21.33% Memory free
4.11 Gb Paging File | 2.06 Gb Available in Paging File | 50.15% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 140.62 Gb Total Space | 83.57 Gb Free Space | 59.43% Space Free | Partition Type: NTFS
Drive D: | 8.43 Gb Total Space | 1.80 Gb Free Space | 21.41% Space Free | Partition Type: NTFS

Computer Name: JOHNS_LAPTOP | User Name: John | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days

========== Processes (SafeList) ==========

PRC - [2012/11/02 14:17:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\John\Downloads\OTL.exe
PRC - [2012/10/30 12:27:01 | 000,105,832 | ---- | M] (SurfRight B.V.) -- C:\Program Files\HitmanPro\hmpsched.exe
PRC - [2012/10/16 22:39:50 | 000,692,152 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_11_4_402_287_ActiveX.exe
PRC - [2012/09/29 19:54:26 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/09/29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/08/24 11:50:39 | 000,307,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2012/07/29 20:52:22 | 000,976,728 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2012/07/29 20:52:20 | 001,673,048 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
PRC - [2012/06/22 15:34:12 | 002,673,624 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools\PC Tools Security\pctsGui.exe
PRC - [2012/06/22 15:34:12 | 001,118,680 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools\PC Tools Security\pctsSvc.exe
PRC - [2012/06/22 14:21:50 | 000,402,368 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools\PC Tools Security\pctsAuxs.exe
PRC - [2012/06/22 11:38:46 | 000,575,448 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe
PRC - [2012/06/15 22:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\19.9.0.9\ccsvchst.exe
PRC - [2012/02/10 11:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) -- C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.EXE
PRC - [2011/09/09 16:01:16 | 001,804,648 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
PRC - [2011/08/25 18:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
PRC - [2009/04/10 23:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

========== Modules (No Company Name) ==========

MOD - [2012/08/16 15:32:14 | 000,520,464 | ---- | M] () -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS.dll
MOD - [2012/02/01 14:43:10 | 000,557,056 | ---- | M] () -- C:\Program Files\Trusteer\Rapport\bin\js32.dll
MOD - [2007/04/23 21:11:44 | 000,339,968 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLTinyDB.dll
MOD - [2007/04/23 21:11:34 | 000,237,673 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapEngine.dll
MOD - [2007/04/23 21:11:34 | 000,114,787 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLSchMgr.dll
MOD - [2007/02/16 20:40:42 | 005,521,408 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtGui4.dll
MOD - [2007/02/16 20:40:40 | 001,466,368 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtCore4.dll

========== Services (SafeList) ==========

SRV - [2012/10/30 12:27:01 | 000,105,832 | ---- | M] (SurfRight B.V.) [Auto | Running] -- C:\Program Files\HitmanPro\hmpsched.exe -- (HitmanProScheduler)
SRV - [2012/10/16 22:39:50 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/09/29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/07/29 20:52:22 | 000,976,728 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2012/06/22 15:34:12 | 001,118,680 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\PC Tools\PC Tools Security\pctsSvc.exe -- (sdCoreService)
SRV - [2012/06/22 14:21:50 | 000,402,368 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\PC Tools\PC Tools Security\pctsAuxs.exe -- (sdAuxService)
SRV - [2012/06/22 11:38:46 | 000,575,448 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2012/06/15 22:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe -- (NIS)
SRV - [2012/02/10 11:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.EXE -- (BBUpdate)
SRV - [2012/02/10 11:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files\Microsoft\BingBar\7.1.361.0\BBSvc.EXE -- (BBSvc)
SRV - [2011/08/25 18:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)
SRV - [2008/01/19 03:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2012/10/30 11:05:42 | 000,272,216 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCerberus32_43926.sys -- (RapportCerberus_43926)
DRV - [2012/10/29 14:09:14 | 001,601,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20121102.001\NAVEX15.SYS -- (NAVEX15)
DRV - [2012/10/29 14:09:13 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012/10/29 14:09:13 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/10/29 14:09:13 | 000,092,704 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20121102.001\NAVENG.SYS -- (NAVENG)
DRV - [2012/10/29 13:44:35 | 000,141,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2012/10/27 02:39:18 | 000,386,720 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20121030.003\IDSvix86.sys -- (IDSVix86)
DRV - [2012/10/05 18:25:38 | 000,995,488 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20121005.002\BHDrvx86.sys -- (BHDrvx86)
DRV - [2012/09/29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/08/16 15:32:14 | 000,021,520 | ---- | M] (Trusteer Ltd.) [Kernel | On_Demand | Running] -- c:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportIaso.sys -- (RapportIaso)
DRV - [2012/07/29 20:52:38 | 000,166,840 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2012/07/29 20:52:38 | 000,071,480 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
DRV - [2012/07/29 20:52:38 | 000,065,848 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\RapportKELL.sys -- (RapportKELL)
DRV - [2012/07/05 22:17:57 | 000,574,112 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\NIS\1309000.009\srtsp.sys -- (SRTSP)
DRV - [2012/07/05 22:17:57 | 000,032,928 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1309000.009\srtspx.sys -- (SRTSPX)
DRV - [2012/06/22 15:34:52 | 000,203,120 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\Windows\System32\drivers\PCTSD.sys -- (PCTSD)
DRV - [2012/06/22 11:39:14 | 000,070,768 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PCTBD.sys -- (PCTBD)
DRV - [2012/06/07 00:43:43 | 000,132,768 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1309000.009\ccsetx86.sys -- (ccSet_NIS)
DRV - [2012/05/21 21:37:12 | 000,924,320 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\NIS\1309000.009\symefa.sys -- (SymEFA)
DRV - [2012/04/23 12:36:50 | 000,383,368 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2012/04/17 22:13:32 | 000,345,208 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1309000.009\symtdiv.sys -- (SYMTDIv)
DRV - [2012/04/17 21:42:14 | 000,149,624 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1309000.009\ironx86.sys -- (SymIRON)
DRV - [2012/02/28 11:43:06 | 000,909,728 | ---- | M] (PC Tools) [File_System | Boot | Running] -- C:\Windows\System32\drivers\pctEFA.sys -- (pctEFA)
DRV - [2012/02/28 11:43:00 | 000,342,168 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pctDS.sys -- (pctDS)
DRV - [2011/07/25 22:18:35 | 000,340,088 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\NIS\1309000.009\symds.sys -- (SymDS)
DRV - [2007/07/08 22:57:00 | 007,140,800 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007/04/11 22:30:52 | 000,160,768 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDART.sys -- (HdAudAddService)
DRV - [2007/03/07 00:15:58 | 001,059,112 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2007/02/24 10:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/02/16 19:50:32 | 000,012,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2007/01/23 13:03:28 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/01/23 12:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/11/30 13:24:58 | 000,008,192 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Running] -- C:\Windows\System32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2006/11/28 12:44:52 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2006/06/28 12:54:00 | 000,009,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...ilion&pf=laptop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...ilion&pf=laptop
IE - HKLM\..\URLSearchHook: {76a747b4-edc6-46ff-8a5d-9ae61a889d5b} - C:\Program Files\Produtools_Forms\prxtbProd.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{037039D8-8C53-43CC-95BE-198556E66531}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{8E8176CF-3C72-4F29-B0AF-5E670D763FBD}: "URL" = http://search.yahoo....ing}&fr=hp-pvdt
IE - HKLM\..\SearchScopes\{E4A7BA5D-1FCA-4261-85CA-307FC5471A6D}: "URL" = http://search.live.c...#38;FORM=HVDUS7

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2481245631-879722362-3718759895-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-2481245631-879722362-3718759895-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2481245631-879722362-3718759895-1000\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
IE - HKU\S-1-5-21-2481245631-879722362-3718759895-1000\..\URLSearchHook: {76a747b4-edc6-46ff-8a5d-9ae61a889d5b} - C:\Program Files\Produtools_Forms\prxtbProd.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-2481245631-879722362-3718759895-1000\..\SearchScopes,DefaultScope = {8E8176CF-3C72-4F29-B0AF-5E670D763FBD}
IE - HKU\S-1-5-21-2481245631-879722362-3718759895-1000\..\SearchScopes\{037039D8-8C53-43CC-95BE-198556E66531}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
IE - HKU\S-1-5-21-2481245631-879722362-3718759895-1000\..\SearchScopes\{1551BF5E-9DB1-415E-BCBB-CADA49932304}: "URL" = http://search.condui...&ctid=CT3209602
IE - HKU\S-1-5-21-2481245631-879722362-3718759895-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKU\S-1-5-21-2481245631-879722362-3718759895-1000\..\SearchScopes\{8E8176CF-3C72-4F29-B0AF-5E670D763FBD}: "URL" = http://search.yahoo....ing}&fr=hp-pvdt
IE - HKU\S-1-5-21-2481245631-879722362-3718759895-1000\..\SearchScopes\{E4A7BA5D-1FCA-4261-85CA-307FC5471A6D}: "URL" = http://search.live.c...#38;FORM=HVDUS7
IE - HKU\S-1-5-21-2481245631-879722362-3718759895-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPlgn\ [2012/10/29 13:47:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\coFFPlgn\ [2012/10/31 14:47:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{cb84136f-9c44-433a-9048-c5cd9df1dc16}: C:\Program Files\PC Tools\PC Tools Security\BDT\Firefox\ [2012/10/30 13:07:36 | 000,000,000 | ---D | M]

========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.94\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.94\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 6 U35 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 6.0.350.10 (Enabled) = C:\Windows\system32\npdeployJava1.dll
CHR - plugin: RealNetworks Rhapsody Player Engine (Enabled) = C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Norton Identity Protection = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.0.140_0\
CHR - Extension: Gmail = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - No CLSID value found.
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\19.9.0.9\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\19.9.0.9\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Produtools Forms Toolbar) - {76a747b4-edc6-46ff-8a5d-9ae61a889d5b} - C:\Program Files\Produtools_Forms\prxtbProd.dll (Conduit Ltd.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (Produtools Forms Toolbar) - {76a747b4-edc6-46ff-8a5d-9ae61a889d5b} - C:\Program Files\Produtools_Forms\prxtbProd.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\19.9.0.9\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-2481245631-879722362-3718759895-1000\..\Toolbar\WebBrowser: (Produtools Forms Toolbar) - {76A747B4-EDC6-46FF-8A5D-9AE61A889D5B} - C:\Program Files\Produtools_Forms\prxtbProd.dll (Conduit Ltd.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [ISTray] C:\Program Files\PC Tools\PC Tools Security\pctsGui.exe (PC Tools)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2481245631-879722362-3718759895-1000..\Run: [AIM] C:\Users\John\AppData\Local\AOL\AIM\aim.exe (AOL Inc.)
O4 - HKU\S-1-5-21-2481245631-879722362-3718759895-1000..\Run: [HP Officejet Pro 8600 (NET)] C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
O4 - HKLM..\RunOnce: [Launcher] C:\Windows\SMINST\Launcher.exe (soft thinks)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-21-2481245631-879722362-3718759895-1000\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKU\S-1-5-21-2481245631-879722362-3718759895-1000\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_37)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{38C85B44-5364-4637-8C1C-23C9A07ECB05}: DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3C4C231C-BD71-4AC7-A165-5023550969D3}: NameServer = 4.2.2.2,4.2.2.3
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img35.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img35.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/08/04 07:08:39 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 11:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O33 - MountPoints2\{3b1165c5-a0cc-11dc-ac81-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Start.exe
O33 - MountPoints2\{3b1165c5-a0cc-11dc-ac81-806e6f6e6963}\Shell\Install\Command - "" = E:\Start.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

SafeBootMin: 70265534.sys - Driver
SafeBootMin: 90750859.sys - Driver
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: hitmanpro36 - Reg Error: Value error.
SafeBootMin: hitmanpro36.sys - Reg Error: Value error.
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: 70265534.sys - Driver
SafeBootNet: 90750859.sys - Driver
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: hitmanpro36 - Reg Error: Value error.
SafeBootNet: hitmanpro36.sys - Reg Error: Value error.
SafeBootNet: Messenger - File not found
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - File not found
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 60 Days ==========

[2012/10/30 13:07:35 | 000,070,768 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTBD.sys
[2012/10/30 13:07:34 | 002,267,096 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll
[2012/10/30 13:07:34 | 001,689,560 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDRes.dll
[2012/10/30 13:07:34 | 000,149,464 | ---- | C] (PC Tools) -- C:\Windows\SGDetectionTool.dll
[2012/10/30 13:05:24 | 000,254,944 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctgntdi.sys
[2012/10/30 13:05:24 | 000,107,896 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctwfpfilter.sys
[2012/10/30 13:04:59 | 000,017,880 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctBTFix.sys
[2012/10/30 13:04:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Tools Security
[2012/10/30 13:04:49 | 000,070,568 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctplsg.sys
[2012/10/30 13:04:40 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools
[2012/10/30 13:00:49 | 000,909,728 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctEFA.sys
[2012/10/30 13:00:49 | 000,342,168 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctDS.sys
[2012/10/30 13:00:44 | 000,383,368 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTCore.sys
[2012/10/30 13:00:44 | 000,162,584 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTAppEvent.sys
[2012/10/30 13:00:42 | 000,203,120 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTSD.sys
[2012/10/30 13:00:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2012/10/30 13:00:08 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2012/10/30 13:00:06 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2012/10/30 13:00:03 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\TestApp
[2012/10/30 11:31:42 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\DriverCure
[2012/10/30 11:31:41 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\SpeedyPC Software
[2012/10/30 11:31:33 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedyPC Software
[2012/10/30 11:31:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SpeedyPC Software
[2012/10/30 11:31:22 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedyPC Software
[2012/10/30 11:31:22 | 000,000,000 | ---D | C] -- C:\Program Files\SpeedyPC Software
[2012/10/30 11:07:52 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2012/10/30 11:06:17 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2012/10/29 17:58:35 | 000,345,208 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1309000.009\symtdiv.sys
[2012/10/29 17:58:35 | 000,318,584 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1309000.009\symnets.sys
[2012/10/29 17:58:33 | 000,924,320 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1309000.009\symefa.sys
[2012/10/29 17:58:33 | 000,340,088 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1309000.009\symds.sys
[2012/10/29 17:58:33 | 000,032,928 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1309000.009\srtspx.sys
[2012/10/29 17:58:32 | 000,574,112 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1309000.009\srtsp.sys
[2012/10/29 17:58:32 | 000,149,624 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1309000.009\ironx86.sys
[2012/10/29 17:58:32 | 000,132,768 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1309000.009\ccsetx86.sys
[2012/10/29 17:57:17 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NIS\1309000.009
[2012/10/29 17:29:08 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\Malwarebytes
[2012/10/29 17:28:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/10/29 17:28:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/10/29 17:28:45 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/10/29 17:28:45 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/10/29 17:11:59 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/10/29 16:30:57 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2012/10/29 16:30:24 | 000,106,928 | ---- | C] (GEAR Software Inc.) -- C:\Windows\System32\GEARAspi.dll
[2012/10/29 16:29:51 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NBRTWizard
[2012/10/29 16:29:51 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NBRTWizard\0501000.01A
[2012/10/29 16:29:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Bootable Recovery Tool Wizard
[2012/10/29 16:29:48 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Bootable Recovery Tool Wizard
[2012/10/29 16:25:19 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
[2012/10/29 16:00:08 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\NPE
[2012/10/29 15:56:50 | 000,157,680 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2012/10/29 15:56:50 | 000,149,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2012/10/29 15:56:50 | 000,149,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2012/10/29 13:44:36 | 000,141,944 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2012/10/29 13:44:35 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2012/10/29 13:38:24 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NIS
[2012/10/29 13:37:15 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
[2012/10/29 13:37:15 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Internet Security
[2012/10/29 12:43:55 | 000,000,000 | -H-D | C] -- C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\File Restore
[2012/10/23 13:13:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
[2012/10/23 13:13:26 | 000,000,000 | ---D | C] -- C:\Program Files\Coupons
[2012/10/22 15:24:04 | 000,000,000 | -H-D | C] -- C:\Users\John\AppData\Roaming\Catalina Marketing Corp
[2012/10/22 15:23:57 | 000,000,000 | -H-D | C] -- C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Catalina Marketing Corp
[2012/10/18 11:25:11 | 000,000,000 | -H-D | C] -- C:\Users\John\AppData\Roaming\Google
[2012/10/11 12:10:49 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2012/10/11 12:10:14 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012/10/11 12:10:13 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012/10/02 22:17:20 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2012/10/02 22:17:16 | 000,000,000 | -H-D | C] -- C:\Users\John\AppData\Local\Conduit
[2012/10/02 22:17:12 | 000,000,000 | ---D | C] -- C:\Program Files\Produtools_Forms
[2012/09/22 14:53:24 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/09/22 14:53:21 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012/09/22 14:53:21 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/09/22 14:53:21 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/09/22 14:53:21 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/09/22 14:53:20 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/09/22 14:53:20 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/09/22 14:53:18 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl

========== Files - Modified Within 60 Days ==========

[2012/11/02 14:15:16 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/11/02 14:14:22 | 000,000,394 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Pro.job
[2012/11/02 14:09:07 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/11/02 14:08:17 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/11/02 14:07:35 | 000,000,466 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Registration3.job
[2012/11/02 14:06:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/11/02 14:06:30 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/11/02 14:06:28 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/31 14:47:13 | 000,000,147 | -H-- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2012/10/31 14:45:15 | 000,000,490 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Update Version3 Startup Task.job
[2012/10/31 14:44:21 | 2079,166,464 | -HS- | M] () -- C:\hiberfil.sys
[2012/10/30 13:02:37 | 002,096,593 | ---- | M] () -- C:\Windows\System32\drivers\Cat.DB
[2012/10/30 12:52:24 | 000,000,956 | ---- | M] () -- C:\Users\John\Desktop\Norton Installation Files.lnk
[2012/10/30 12:03:56 | 000,000,438 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Update Version3.job
[2012/10/30 11:31:33 | 000,000,994 | ---- | M] () -- C:\Users\John\Desktop\SpeedyPC Pro.lnk
[2012/10/30 10:50:45 | 000,002,204 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2012/10/30 10:50:20 | 002,078,945 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1309000.009\Cat.DB
[2012/10/29 17:58:56 | 000,010,074 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1309000.009\VT20121008.022
[2012/10/29 17:28:49 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/10/29 16:46:48 | 000,604,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/10/29 16:46:48 | 000,104,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/10/29 16:05:58 | 000,000,680 | ---- | M] () -- C:\Users\John\AppData\Local\d3d9caps.dat
[2012/10/29 13:44:35 | 000,141,944 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2012/10/29 13:44:35 | 000,007,468 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2012/10/29 13:44:35 | 000,000,806 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2012/10/29 12:43:56 | 000,000,184 | -H-- | M] () -- C:\ProgramData\-W99MY0uOJPP7Zkr
[2012/10/29 12:43:56 | 000,000,168 | -H-- | M] () -- C:\ProgramData\-W99MY0uOJPP7Zk
[2012/10/29 12:43:55 | 000,000,629 | -H-- | M] () -- C:\Users\John\Application Data\Microsoft\Internet Explorer\Quick Launch\File_Restore.lnk
[2012/10/29 12:43:55 | 000,000,605 | -H-- | M] () -- C:\Users\John\Desktop\File_Restore.lnk
[2012/10/29 12:43:55 | 000,000,368 | -H-- | M] () -- C:\ProgramData\W99MY0uOJPP7Zk
[2012/10/29 12:17:28 | 000,027,240 | -H-- | M] () -- C:\Users\John\AppData\Roaming\nvModes.001
[2012/10/27 16:14:21 | 000,027,240 | -H-- | M] () -- C:\Users\John\AppData\Roaming\nvModes.dat
[2012/10/18 10:27:01 | 000,224,308 | -H-- | M] () -- C:\Users\John\Documents\Scan0008.pdf
[2012/10/17 13:56:25 | 000,206,826 | -H-- | M] () -- C:\Users\John\Documents\Scan0007.pdf
[2012/10/16 22:40:02 | 000,001,971 | -H-- | M] () -- C:\Users\John\Desktop\Google Chrome.lnk
[2012/10/16 22:40:02 | 000,001,955 | -H-- | M] () -- C:\Users\John\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/10/16 22:39:50 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/10/16 22:39:50 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/10/12 19:35:08 | 000,072,104 | ---- | M] () -- C:\Windows\CouponPrinter.ocx
[2012/09/29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/09/26 06:34:14 | 000,000,172 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1309000.009\isolate.ini
[2012/09/24 15:32:24 | 000,477,168 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\npdeployJava1.dll
[2012/09/24 15:32:20 | 000,473,072 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2012/09/24 15:23:41 | 000,157,680 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2012/09/24 15:23:37 | 000,149,488 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2012/09/24 15:23:26 | 000,149,488 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2012/09/13 09:28:08 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2012/09/12 13:41:00 | 020,154,278 | -H-- | M] () -- C:\Users\John\Documents\Mincy Suncoast records.pdf

========== Files Created - No Company Name ==========

[2012/10/30 13:07:34 | 000,767,960 | ---- | C] () -- C:\Windows\BDTSupport.dll
[2012/10/30 13:07:34 | 000,003,488 | ---- | C] () -- C:\Windows\UDB.zip
[2012/10/30 13:07:34 | 000,000,882 | ---- | C] () -- C:\Windows\RegSDImport.xml
[2012/10/30 13:07:34 | 000,000,879 | ---- | C] () -- C:\Windows\RegISSImport.xml
[2012/10/30 13:07:34 | 000,000,131 | ---- | C] () -- C:\Windows\IDB.zip
[2012/10/30 13:00:53 | 002,096,593 | ---- | C] () -- C:\Windows\System32\drivers\Cat.DB
[2012/10/30 12:13:32 | 2079,166,464 | -HS- | C] () -- C:\hiberfil.sys
[2012/10/30 11:31:47 | 000,000,466 | ---- | C] () -- C:\Windows\tasks\SpeedyPC Registration3.job
[2012/10/30 11:31:32 | 000,000,994 | ---- | C] () -- C:\Users\John\Desktop\SpeedyPC Pro.lnk
[2012/10/30 11:31:31 | 000,000,490 | ---- | C] () -- C:\Windows\tasks\SpeedyPC Update Version3 Startup Task.job
[2012/10/30 11:31:29 | 000,000,438 | ---- | C] () -- C:\Windows\tasks\SpeedyPC Update Version3.job
[2012/10/30 11:31:27 | 000,000,394 | ---- | C] () -- C:\Windows\tasks\SpeedyPC Pro.job
[2012/10/30 10:49:03 | 002,078,945 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1309000.009\Cat.DB
[2012/10/29 18:01:55 | 000,010,074 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1309000.009\VT20121008.022
[2012/10/29 17:58:35 | 000,007,877 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1309000.009\symnetv.cat
[2012/10/29 17:58:35 | 000,001,469 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1309000.009\symnetv.inf
[2012/10/29 17:58:35 | 000,001,441 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1309000.009\symnet.inf
[2012/10/29 17:58:34 | 000,007,458 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1309000.009\symnet.cat
[2012/10/29 17:58:33 | 000,007,492 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1309000.009\symds.cat
[2012/10/29 17:58:33 | 000,007,398 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1309000.009\srtspx.cat
[2012/10/29 17:58:33 | 000,003,435 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1309000.009\symefa.inf
[2012/10/29 17:58:33 | 000,002,852 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1309000.009\symds.inf
[2012/10/29 17:58:33 | 000,001,388 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1309000.009\srtspx.inf
[2012/10/29 17:58:32 | 000,007,450 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1309000.009\iron.cat
[2012/10/29 17:58:32 | 000,001,388 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1309000.009\srtsp.inf
[2012/10/29 17:58:32 | 000,000,742 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1309000.009\iron.inf
[2012/10/29 17:58:31 | 000,007,446 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1309000.009\ccsetx86.cat
[2012/10/29 17:58:31 | 000,000,827 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1309000.009\ccsetx86.inf
[2012/10/29 17:57:17 | 000,007,434 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1309000.009\symefa.cat
[2012/10/29 17:57:17 | 000,007,380 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1309000.009\srtsp.cat
[2012/10/29 17:57:17 | 000,000,172 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1309000.009\isolate.ini
[2012/10/29 17:28:49 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/10/29 16:29:51 | 000,000,172 | ---- | C] () -- C:\Windows\System32\drivers\NBRTWizard\0501000.01A\isolate.ini
[2012/10/29 16:25:19 | 000,000,956 | ---- | C] () -- C:\Users\John\Desktop\Norton Installation Files.lnk
[2012/10/29 13:44:36 | 000,007,468 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2012/10/29 13:44:36 | 000,000,806 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2012/10/29 13:43:17 | 000,002,204 | ---- | C] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2012/10/29 12:43:56 | 000,000,184 | -H-- | C] () -- C:\ProgramData\-W99MY0uOJPP7Zkr
[2012/10/29 12:43:56 | 000,000,168 | -H-- | C] () -- C:\ProgramData\-W99MY0uOJPP7Zk
[2012/10/29 12:43:55 | 000,000,629 | -H-- | C] () -- C:\Users\John\Application Data\Microsoft\Internet Explorer\Quick Launch\File_Restore.lnk
[2012/10/29 12:43:55 | 000,000,605 | -H-- | C] () -- C:\Users\John\Desktop\File_Restore.lnk
[2012/10/29 12:43:52 | 000,000,368 | -H-- | C] () -- C:\ProgramData\W99MY0uOJPP7Zk
[2012/10/18 10:27:01 | 000,224,308 | -H-- | C] () -- C:\Users\John\Documents\Scan0008.pdf
[2012/10/17 13:56:25 | 000,206,826 | -H-- | C] () -- C:\Users\John\Documents\Scan0007.pdf
[2012/10/16 22:40:02 | 000,001,971 | -H-- | C] () -- C:\Users\John\Desktop\Google Chrome.lnk
[2012/09/12 13:41:00 | 020,154,278 | -H-- | C] () -- C:\Users\John\Documents\Mincy Suncoast records.pdf
[2012/07/26 16:25:53 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2012/05/14 17:13:36 | 000,009,216 | -H-- | C] () -- C:\Users\John\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/04/18 21:05:48 | 000,060,304 | -H-- | C] () -- C:\Users\John\g2mdlhlpx.exe
[2012/03/12 18:22:29 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2012/03/12 18:20:40 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2012/03/12 18:20:40 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2012/03/05 18:16:56 | 000,000,451 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2008/08/15 10:47:04 | 000,000,680 | ---- | C] () -- C:\Users\John\AppData\Local\d3d9caps.dat
[2008/04/19 16:06:18 | 000,027,240 | -H-- | C] () -- C:\Users\John\AppData\Roaming\nvModes.001
[2008/04/19 15:54:33 | 000,027,240 | -H-- | C] () -- C:\Users\John\AppData\Roaming\nvModes.dat

========== ZeroAccess Check ==========

[2006/11/02 08:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 13:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/10 23:28:20 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/10 23:28:26 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/10/22 15:24:04 | 000,000,000 | -H-D | M] -- C:\Users\John\AppData\Roaming\Catalina Marketing Corp
[2012/10/30 11:31:42 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\DriverCure
[2008/04/25 18:28:13 | 000,000,000 | -H-D | M] -- C:\Users\John\AppData\Roaming\ICAClient
[2012/10/30 11:31:41 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\SpeedyPC Software
[2012/10/30 13:00:03 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\TestApp

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< %systemroot%\assembly\GAC_32\*.ini >

< %systemroot%\assembly\GAC_64\*.ini >

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*.exe >

< %APPDATA%\*. >
[2012/03/25 12:44:33 | 000,000,000 | -H-D | M] -- C:\Users\John\AppData\Roaming\Adobe
[2012/10/22 15:24:04 | 000,000,000 | -H-D | M] -- C:\Users\John\AppData\Roaming\Catalina Marketing Corp
[2012/02/12 17:30:27 | 000,000,000 | -H-D | M] -- C:\Users\John\AppData\Roaming\CyberLink
[2012/10/30 11:31:42 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\DriverCure
[2012/10/18 11:25:52 | 000,000,000 | -H-D | M] -- C:\Users\John\AppData\Roaming\Google
[2008/11/29 00:00:37 | 000,000,000 | -H-D | M] -- C:\Users\John\AppData\Roaming\GTek
[2012/04/23 09:21:23 | 000,000,000 | -H-D | M] -- C:\Users\John\AppData\Roaming\Hewlett-Packard
[2012/02/12 17:30:16 | 000,000,000 | -H-D | M] -- C:\Users\John\AppData\Roaming\HP
[2012/11/02 14:09:33 | 000,000,000 | -H-D | M] -- C:\Users\John\AppData\Roaming\HpUpdate
[2008/04/25 18:28:13 | 000,000,000 | -H-D | M] -- C:\Users\John\AppData\Roaming\ICAClient
[2007/12/01 16:06:13 | 000,000,000 | -H-D | M] -- C:\Users\John\AppData\Roaming\Identities
[2012/03/05 18:20:11 | 000,000,000 | -H-D | M] -- C:\Users\John\AppData\Roaming\Intuit
[2007/12/01 16:02:36 | 000,000,000 | -H-D | M] -- C:\Users\John\AppData\Roaming\Macromedia
[2012/10/29 17:29:08 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Malwarebytes
[2006/11/02 08:37:34 | 000,000,000 | -H-D | M] -- C:\Users\John\AppData\Roaming\Media Center Programs
[2012/10/30 11:35:47 | 000,000,000 | --SD | M] -- C:\Users\John\AppData\Roaming\Microsoft
[2012/07/26 16:31:04 | 000,000,000 | -H-D | M] -- C:\Users\John\AppData\Roaming\Mozilla
[2012/10/30 11:31:41 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\SpeedyPC Software
[2012/10/30 13:00:03 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\TestApp

< MD5 for: ATAPI.SYS >
[2009/04/10 23:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009/04/10 23:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/10 23:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/19 03:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/19 03:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 05:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008/04/26 18:41:03 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2008/04/26 18:41:03 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008/04/26 18:41:02 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys

< MD5 for: CSRSS.EXE >
[2006/11/02 05:45:00 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=117B7C8A8B026A5DCE5E3180ED05E823 -- C:\Windows\winsxs\x86_microsoft-windows-csrss_31bf3856ad364e35_6.0.6000.16386_none_56ad21dbe72a9d78\csrss.exe
[2008/01/19 03:33:05 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=ABCA209EBA02CB59233614DB83B4F50D -- C:\Windows\System32\csrss.exe
[2008/01/19 03:33:05 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=ABCA209EBA02CB59233614DB83B4F50D -- C:\Windows\winsxs\x86_microsoft-windows-csrss_31bf3856ad364e35_6.0.6001.18000_none_58e3e3d7e415ae4c\csrss.exe

< MD5 for: EXPLORER.EXE >
[2008/10/29 02:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 02:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/29 23:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2008/04/26 18:46:27 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2008/04/26 18:46:26 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2009/04/10 23:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/10 23:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/10/27 22:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006/11/02 05:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008/01/19 03:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: MSWSOCK.DLL >
[2006/11/02 05:46:10 | 000,227,328 | ---- | M] (Microsoft Corporation) MD5=54E9576169A248AD62A1EB9773225826 -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.0.6000.16386_none_b61c950a3060adba\mswsock.dll
[2009/04/10 23:28:24 | 000,223,232 | ---- | M] (Microsoft Corporation) MD5=8617350C9B590B63E620881092751BCB -- C:\Windows\System32\mswsock.dll
[2009/04/10 23:28:24 | 000,223,232 | ---- | M] (Microsoft Corporation) MD5=8617350C9B590B63E620881092751BCB -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.0.6002.18005_none_ba3ed0122a6d89da\mswsock.dll
[2008/01/19 03:35:15 | 000,223,232 | ---- | M] (Microsoft Corporation) MD5=89FD0595EEA4E505CABEFCF7008F2612 -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.0.6001.18000_none_b85357062d4bbe8e\mswsock.dll

< MD5 for: NAPINSP.DLL >
[2006/11/02 05:46:11 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=5E72DCFF9FB2374642043899A1C2E446 -- C:\Windows\winsxs\x86_microsoft-windows-n..ider-infrastructure_31bf3856ad364e35_6.0.6000.16386_none_a9e67ecc9245d5ec\NapiNSP.dll
[2008/01/19 03:35:35 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=FC62A635063B762E1C3C60EA77279378 -- C:\Windows\System32\NapiNSP.dll
[2008/01/19 03:35:35 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=FC62A635063B762E1C3C60EA77279378 -- C:\Windows\winsxs\x86_microsoft-windows-n..ider-infrastructure_31bf3856ad364e35_6.0.6001.18000_none_ac1d40c88f30e6c0\NapiNSP.dll

< MD5 for: NLAAPI.DLL >
[2006/11/02 05:46:11 | 000,048,128 | ---- | M] (Microsoft Corporation) MD5=0F0DA05C44E911301028D9CEC6294EBB -- C:\Windows\winsxs\x86_microsoft-windows-nlasvc_31bf3856ad364e35_6.0.6000.16386_none_654f33cb0dff3491\nlaapi.dll
[2008/01/19 03:35:38 | 000,048,128 | ---- | M] (Microsoft Corporation) MD5=D1A84F7D4CAFCFE2A32149FF418056E5 -- C:\Windows\System32\nlaapi.dll
[2008/01/19 03:35:38 | 000,048,128 | ---- | M] (Microsoft Corporation) MD5=D1A84F7D4CAFCFE2A32149FF418056E5 -- C:\Windows\winsxs\x86_microsoft-windows-nlasvc_31bf3856ad364e35_6.0.6001.18000_none_6785f5c70aea4565\nlaapi.dll

< MD5 for: PNRPNSP.DLL >
[2008/01/19 03:36:07 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=690D41DF1D555F96D4898A0F54EBA065 -- C:\Windows\System32\pnrpnsp.dll
[2008/01/19 03:36:07 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=690D41DF1D555F96D4898A0F54EBA065 -- C:\Windows\winsxs\x86_microsoft-windows-peertopeerpnrp_31bf3856ad364e35_6.0.6001.18000_none_717f15b322749509\pnrpnsp.dll
[2006/11/02 08:35:38 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=C0DC476E89558242848572F9ADE1D685 -- C:\Windows\winsxs\x86_microsoft-windows-peertopeerpnrp_31bf3856ad364e35_6.0.6000.16386_none_6f4853b725898435\pnrpnsp.dll

< MD5 for: SERVICES.EXE >
[2008/01/19 03:33:28 | 000,279,040 | ---- | M] (Microsoft Corporation) MD5=2B336AB6286D6C81FA02CBAB914E3C6C -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
[2006/11/02 05:45:40 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=329CF3C97CE4C19375C8ABCABAE258B0 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6000.16386_none_cd28fe6bd05df036\services.exe
[2009/04/10 23:28:00 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\System32\services.exe
[2009/04/10 23:28:00 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe

< MD5 for: SVCHOST.EXE >
[2006/11/02 05:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=10DA15933D582D2FEDCF705EFE394B09 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6000.16386_none_b38497a50862ad11\svchost.exe
[2008/01/19 03:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008/01/19 03:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe
[2012/09/29 19:54:26 | 000,218,184 | ---- | M] () MD5=8846E87210AD131CF71E3E2E49F647B0 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

< MD5 for: USER32.DLL >
[2007/08/04 05:53:28 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=63B4F59D7C89B1BF5277F1FFEFD491CD -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll
[2009/04/10 23:28:26 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\System32\user32.dll
[2009/04/10 23:28:26 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
[2007/08/04 05:53:28 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=9D9F061EDA75425FC67F0365E3467C86 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll
[2008/01/19 03:36:46 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2006/11/02 05:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll

< MD5 for: USERINIT.EXE >
[2008/01/19 03:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/19 03:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006/11/02 05:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe

< MD5 for: WINLOGON.EXE >
[2012/09/29 19:54:26 | 000,218,184 | ---- | M] () MD5=8846E87210AD131CF71E3E2E49F647B0 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/04/10 23:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/10 23:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006/11/02 05:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008/01/19 03:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< MD5 for: WINRNR.DLL >
[2009/04/10 23:28:26 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=C411C80F90D6732380352B98B37BBD53 -- C:\Windows\System32\winrnr.dll
[2009/04/10 23:28:26 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=C411C80F90D6732380352B98B37BBD53 -- C:\Windows\winsxs\x86_microsoft-windows-dns-client-winrnr_31bf3856ad364e35_6.0.6002.18005_none_5b39cbfb4d3802b6\winrnr.dll
[2006/11/02 05:46:14 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=FF78B8E67EDCE9FEED651D7858D77A04 -- C:\Windows\winsxs\x86_microsoft-windows-dns-client-winrnr_31bf3856ad364e35_6.0.6000.16386_none_571790f3532b2696\winrnr.dll

< MD5 for: WSHELPER.DLL >
[2006/11/02 05:46:14 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=20614C9F12A3A09A5015C9EBBD4419D2 -- C:\Windows\System32\wshelper.dll
[2006/11/02 05:46:14 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=20614C9F12A3A09A5015C9EBBD4419D2 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.0.6000.16386_none_024e4071fa6fea95\wshelper.dll

< C:\Windows\assembly\tmp\U\*.* /s >
[2006/11/02 09:01:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2006/11/02 09:01:49 | 000,032,656 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/04/03 10:21:37 | 000,000,830 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
[2012/08/22 15:39:40 | 000,000,878 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2012/08/22 15:39:41 | 000,000,882 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2012/10/30 11:31:27 | 000,000,394 | ---- | C] () -- C:\Windows\Tasks\SpeedyPC Pro.job
[2012/10/30 11:31:29 | 000,000,438 | ---- | C] () -- C:\Windows\Tasks\SpeedyPC Update Version3.job
[2012/10/30 11:31:31 | 000,000,490 | ---- | C] () -- C:\Windows\Tasks\SpeedyPC Update Version3 Startup Task.job
[2012/10/30 11:31:47 | 000,000,466 | ---- | C] () -- C:\Windows\Tasks\SpeedyPC Registration3.job

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: firefox.exe
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: firefox.exe
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2012/10/10 06:06:17 | 001,239,064 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2012/10/10 06:06:17 | 001,239,064 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/10/10 06:06:17 | 001,239,064 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2012/10/10 06:06:17 | 001,239,064 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2012/03/12 21:54:33 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2012/03/12 21:54:33 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2012/03/12 21:54:33 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2012/08/24 03:34:41 | 000,748,680 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: iexplore.exe

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: firefox.exe
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: firefox.exe
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2012/10/10 06:06:17 | 001,239,064 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2012/10/10 06:06:17 | 001,239,064 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/10/10 06:06:17 | 001,239,064 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2012/10/10 06:06:17 | 001,239,064 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2012/03/12 21:54:33 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2012/03/12 21:54:33 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2012/03/12 21:54:33 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2012/08/24 03:34:41 | 000,748,680 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: iexplore.exe

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemdrive%\$Recycle.Bin|@;true;true;true /fp >

========== Alternate Data Streams ==========

@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84

< End of report >

#10
Cruise475

Posted 02 November 2012 - 02:28 PM

Trusted Helper

Member
1,348 posts

Hi There,

Step 1

Download RogueKiller and save it on your desktop.

NOTE: If using IE8 or better Smartscreen Filter will need to be disabled
Quit all programs
Start RogueKiller.exe.
Wait until Prescan has finished ...
Click on Scan

Wait for the end of the scan.
The report has been created on the desktop.
Click on the Delete button.

The report has been created on the desktop.

Next click on the ShortcutsFix
The report has been created on the desktop.

Please post: All RKreport.txt text files located on your desktop.

Step2
Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:Commands
[CREATERESTOREPOINT]

:OTL
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O33 - MountPoints2\{3b1165c5-a0cc-11dc-ac81-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Start.exe
O33 - MountPoints2\{3b1165c5-a0cc-11dc-ac81-806e6f6e6963}\Shell\Install\Command - "" = E:\Start.exe
[2012/10/29 12:43:56 | 000,000,184 | -H-- | M] () -- C:\ProgramData\-W99MY0uOJPP7Zkr
[2012/10/29 12:43:56 | 000,000,168 | -H-- | M] () -- C:\ProgramData\-W99MY0uOJPP7Zk
C:\ProgramData\W99MY0uOJPP7Zk

:Commands

[resethosts]
[emptytemp]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Step 3
Download AdwCleaner from here to your desktop
Run AdwCleaner for Vista and 7 right click and select Run as administrator

Select Delete

Posted Image

Once done it will ask to reboot, allow this
On reboot a log will be produced please post it

In your next post please include the following:

Rogue Killer Logs
OTL Logs (Fix and Scan)
AdwCleaner log
An update on how your computer is running

Thanks
Cruise

#11
want2fixmypc

Posted 05 November 2012 - 01:59 PM

Member

Topic Starter
Member
27 posts

Hi Cruise,
I disabled the Smartfilter but I wasn't able to save the download. I could only run it from the link which then my Norton antivirus 2012 stopped it from running since it says that it's inconclusive software that is new. What should I do next?
want2fixmypc

#12
Cruise475

Posted 05 November 2012 - 04:33 PM

Trusted Helper

Member
1,348 posts

Hi There,

Go ahead and disable Norton Anti-Virus for the download and running of the tools! This should help get them to run!
This article should help you if you don't know how to disable it.

If you need any assistance let me know!
Cruise

#13
want2fixmypc

Posted 05 November 2012 - 10:14 PM

Member

Topic Starter
Member
27 posts

Cruise,
Here are the RKReport files:
Here is .txt file 1 that was created:
RogueKiller V8.2.2 [11/03/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Website: http://tigzy.geeksto...roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : John [Admin rights]
Mode : Scan -- Date : 11/05/2012 22:57:50

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 20 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : AIM ("C:\Users\John\AppData\Local\AOL\AIM\aim.exe") -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-2481245631-879722362-3718759895-1000[...]\Run : AIM ("C:\Users\John\AppData\Local\AOL\AIM\aim.exe") -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyDocs (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowUser (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowControlPanel (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowHelp (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowRun (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_TrackProgs (0) -> FOUND
[HJ DESK] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
[HJ DESK] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
SSDT[13] : NtAlertResumeThread @ 0x8249665D -> HOOKED (Unknown @ 0x86F6BBA8)
SSDT[14] : NtAlertThread @ 0x8240F295 -> HOOKED (Unknown @ 0x86F6BC88)
SSDT[18] : NtAllocateVirtualMemory @ 0x8244B54B -> HOOKED (Unknown @ 0x86F62580)
SSDT[21] : NtAlpcConnectPort @ 0x823ED88B -> HOOKED (Unknown @ 0x86EC6A58)
SSDT[42] : NtAssignProcessToJobObject @ 0x823C0B47 -> HOOKED (Unknown @ 0x86F6B350)
SSDT[67] : NtCreateMutant @ 0x82423862 -> HOOKED (Unknown @ 0x86F6B8F8)
SSDT[77] : NtCreateSymbolicLinkObject @ 0x823C335E -> HOOKED (Unknown @ 0x86F6B070)
SSDT[78] : NtCreateThread @ 0x82494C74 -> HOOKED (Unknown @ 0x86F629C8)
SSDT[116] : NtDebugActiveProcess @ 0x82467D78 -> HOOKED (Unknown @ 0x86F6B430)
SSDT[129] : NtDuplicateObject @ 0x823FB581 -> HOOKED (Unknown @ 0x86F62710)
SSDT[147] : NtFreeVirtualMemory @ 0x82287F1D -> HOOKED (Unknown @ 0x86F62398)
SSDT[156] : NtImpersonateAnonymousToken @ 0x823BDF16 -> HOOKED (Unknown @ 0x86F6B9E8)
SSDT[158] : NtImpersonateThread @ 0x823D3553 -> HOOKED (Unknown @ 0x86F6BAC8)
SSDT[165] : NtLoadDriver @ 0x8236EDEE -> HOOKED (Unknown @ 0x86EAC810)
SSDT[177] : NtMapViewOfSection @ 0x824138DA -> HOOKED (Unknown @ 0x86F622B8)
SSDT[184] : NtOpenEvent @ 0x823FCDFF -> HOOKED (Unknown @ 0x86F6B818)
SSDT[194] : NtOpenProcess @ 0x82423FFE -> HOOKED (Unknown @ 0x86F628B0)
SSDT[195] : NtOpenProcessToken @ 0x82404A60 -> HOOKED (Unknown @ 0x86F62650)
SSDT[197] : NtOpenSection @ 0x824146AD -> HOOKED (Unknown @ 0x86F6B658)
SSDT[201] : NtOpenThread @ 0x8241F54F -> HOOKED (Unknown @ 0x86F627E0)
SSDT[210] : NtProtectVirtualMemory @ 0x8241D332 -> HOOKED (Unknown @ 0x86F6B260)
SSDT[282] : NtResumeThread @ 0x8241EB9A -> HOOKED (Unknown @ 0x86F6BD68)
SSDT[289] : NtSetContextThread @ 0x8249610B -> HOOKED (Unknown @ 0x86F62068)
SSDT[305] : NtSetInformationProcess @ 0x82417908 -> HOOKED (Unknown @ 0x86F62108)
SSDT[317] : NtSetSystemInformation @ 0x823E9EEF -> HOOKED (Unknown @ 0x86F6B510)
SSDT[330] : NtSuspendProcess @ 0x82496597 -> HOOKED (Unknown @ 0x86F6B738)
SSDT[331] : NtSuspendThread @ 0x8239D92D -> HOOKED (Unknown @ 0x86F6BE48)
SSDT[334] : NtTerminateProcess @ 0x823F4173 -> HOOKED (Unknown @ 0x86F62AA8)
SSDT[335] : NtTerminateThread @ 0x8241F584 -> HOOKED (Unknown @ 0x86F6BF28)
SSDT[348] : NtUnmapViewOfSection @ 0x82413B9D -> HOOKED (Unknown @ 0x86F621F8)
SSDT[358] : NtWriteVirtualMemory @ 0x8241096D -> HOOKED (Unknown @ 0x86F62468)
SSDT[382] : NtCreateThreadEx @ 0x8241F039 -> HOOKED (Unknown @ 0x86F6B160)
S_SSDT[317] : NtUserAttachThreadInput -> HOOKED (Unknown @ 0x877092B8)
S_SSDT[397] : NtUserGetAsyncKeyState -> HOOKED (Unknown @ 0x876F9E00)
S_SSDT[428] : NtUserGetKeyboardState -> HOOKED (Unknown @ 0x876F9D40)
S_SSDT[430] : NtUserGetKeyState -> HOOKED (Unknown @ 0x876F9EC0)
S_SSDT[442] : NtUserGetRawInputData -> HOOKED (Unknown @ 0x876F9F80)
S_SSDT[479] : NtUserMessageCall -> HOOKED (Unknown @ 0x876F9AD0)
S_SSDT[497] : NtUserPostMessage -> HOOKED (Unknown @ 0x876F9C70)
S_SSDT[498] : NtUserPostThreadMessage -> HOOKED (Unknown @ 0x876F9BA0)
S_SSDT[573] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0x86A5D2E8)
S_SSDT[576] : NtUserSetWinEventHook -> HOOKED (Unknown @ 0x86FCD2E0)

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost
::1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: FUJITSU MHW2160BH PL ATA Device +++++
--- User ---
[MBR] 185e79c7e5534bac4acbbf60eefb037d
[BSP] d359f184b4f987f009da31b68d9a3d90 : HP tatooed MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 143996 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 294905205 | Size: 8628 Mo
2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 312576705 | Size: 2 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1]_S_11052012_02d2257.txt >>
RKreport[1]_S_11052012_02d2257.txt

Here is .txt file 2:
RogueKiller V8.2.2 [11/03/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Website: http://tigzy.geeksto...roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : John [Admin rights]
Mode : Remove -- Date : 11/05/2012 23:00:44

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 19 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : AIM ("C:\Users\John\AppData\Local\AOL\AIM\aim.exe") -> DELETED
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyDocs (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowUser (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowControlPanel (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowHelp (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowRun (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_TrackProgs (0) -> REPLACED (1)
[HJ DESK] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0)
[HJ DESK] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
SSDT[13] : NtAlertResumeThread @ 0x8249665D -> HOOKED (Unknown @ 0x86F6BBA8)
SSDT[14] : NtAlertThread @ 0x8240F295 -> HOOKED (Unknown @ 0x86F6BC88)
SSDT[18] : NtAllocateVirtualMemory @ 0x8244B54B -> HOOKED (Unknown @ 0x86F62580)
SSDT[21] : NtAlpcConnectPort @ 0x823ED88B -> HOOKED (Unknown @ 0x86EC6A58)
SSDT[42] : NtAssignProcessToJobObject @ 0x823C0B47 -> HOOKED (Unknown @ 0x86F6B350)
SSDT[67] : NtCreateMutant @ 0x82423862 -> HOOKED (Unknown @ 0x86F6B8F8)
SSDT[77] : NtCreateSymbolicLinkObject @ 0x823C335E -> HOOKED (Unknown @ 0x86F6B070)
SSDT[78] : NtCreateThread @ 0x82494C74 -> HOOKED (Unknown @ 0x86F629C8)
SSDT[116] : NtDebugActiveProcess @ 0x82467D78 -> HOOKED (Unknown @ 0x86F6B430)
SSDT[129] : NtDuplicateObject @ 0x823FB581 -> HOOKED (Unknown @ 0x86F62710)
SSDT[147] : NtFreeVirtualMemory @ 0x82287F1D -> HOOKED (Unknown @ 0x86F62398)
SSDT[156] : NtImpersonateAnonymousToken @ 0x823BDF16 -> HOOKED (Unknown @ 0x86F6B9E8)
SSDT[158] : NtImpersonateThread @ 0x823D3553 -> HOOKED (Unknown @ 0x86F6BAC8)
SSDT[165] : NtLoadDriver @ 0x8236EDEE -> HOOKED (Unknown @ 0x86EAC810)
SSDT[177] : NtMapViewOfSection @ 0x824138DA -> HOOKED (Unknown @ 0x86F622B8)
SSDT[184] : NtOpenEvent @ 0x823FCDFF -> HOOKED (Unknown @ 0x86F6B818)
SSDT[194] : NtOpenProcess @ 0x82423FFE -> HOOKED (Unknown @ 0x86F628B0)
SSDT[195] : NtOpenProcessToken @ 0x82404A60 -> HOOKED (Unknown @ 0x86F62650)
SSDT[197] : NtOpenSection @ 0x824146AD -> HOOKED (Unknown @ 0x86F6B658)
SSDT[201] : NtOpenThread @ 0x8241F54F -> HOOKED (Unknown @ 0x86F627E0)
SSDT[210] : NtProtectVirtualMemory @ 0x8241D332 -> HOOKED (Unknown @ 0x86F6B260)
SSDT[282] : NtResumeThread @ 0x8241EB9A -> HOOKED (Unknown @ 0x86F6BD68)
SSDT[289] : NtSetContextThread @ 0x8249610B -> HOOKED (Unknown @ 0x86F62068)
SSDT[305] : NtSetInformationProcess @ 0x82417908 -> HOOKED (Unknown @ 0x86F62108)
SSDT[317] : NtSetSystemInformation @ 0x823E9EEF -> HOOKED (Unknown @ 0x86F6B510)
SSDT[330] : NtSuspendProcess @ 0x82496597 -> HOOKED (Unknown @ 0x86F6B738)
SSDT[331] : NtSuspendThread @ 0x8239D92D -> HOOKED (Unknown @ 0x86F6BE48)
SSDT[334] : NtTerminateProcess @ 0x823F4173 -> HOOKED (Unknown @ 0x86F62AA8)
SSDT[335] : NtTerminateThread @ 0x8241F584 -> HOOKED (Unknown @ 0x86F6BF28)
SSDT[348] : NtUnmapViewOfSection @ 0x82413B9D -> HOOKED (Unknown @ 0x86F621F8)
SSDT[358] : NtWriteVirtualMemory @ 0x8241096D -> HOOKED (Unknown @ 0x86F62468)
SSDT[382] : NtCreateThreadEx @ 0x8241F039 -> HOOKED (Unknown @ 0x86F6B160)
S_SSDT[317] : NtUserAttachThreadInput -> HOOKED (Unknown @ 0x877092B8)
S_SSDT[397] : NtUserGetAsyncKeyState -> HOOKED (Unknown @ 0x876F9E00)
S_SSDT[428] : NtUserGetKeyboardState -> HOOKED (Unknown @ 0x876F9D40)
S_SSDT[430] : NtUserGetKeyState -> HOOKED (Unknown @ 0x876F9EC0)
S_SSDT[442] : NtUserGetRawInputData -> HOOKED (Unknown @ 0x876F9F80)
S_SSDT[479] : NtUserMessageCall -> HOOKED (Unknown @ 0x876F9AD0)
S_SSDT[497] : NtUserPostMessage -> HOOKED (Unknown @ 0x876F9C70)
S_SSDT[498] : NtUserPostThreadMessage -> HOOKED (Unknown @ 0x876F9BA0)
S_SSDT[573] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0x86A5D2E8)
S_SSDT[576] : NtUserSetWinEventHook -> HOOKED (Unknown @ 0x86FCD2E0)

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost
::1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: FUJITSU MHW2160BH PL ATA Device +++++
--- User ---
[MBR] 185e79c7e5534bac4acbbf60eefb037d
[BSP] d359f184b4f987f009da31b68d9a3d90 : HP tatooed MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 143996 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 294905205 | Size: 8628 Mo
2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 312576705 | Size: 2 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2]_D_11052012_02d2300.txt >>
RKreport[1]_S_11052012_02d2257.txt ; RKreport[2]_D_11052012_02d2300.txt

Here is .txt file 3:
RogueKiller V8.2.2 [11/03/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Website: http://tigzy.geeksto...roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : John [Admin rights]
Mode : Shortcuts HJfix -- Date : 11/05/2012 23:05:56

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ File attributes restored: ¤¤¤
Desktop: Success 7 / Fail 0
Quick launch: Success 7 / Fail 0
Programs: Success 1321 / Fail 0
Start menu: Success 32 / Fail 0
User folder: Success 6934 / Fail 0
My documents: Success 18 / Fail 18
My favorites: Success 74 / Fail 0
My pictures: Success 629 / Fail 0
My music: Success 2 / Fail 0
My videos: Success 2 / Fail 0
Local drives: Success 8213 / Fail 18
Backup: [FOUND] Success 3 / Fail 0 / Exists 1

Drives:
[C:] \Device\HarddiskVolume1 -- 0x3 --> Restored
[D:] \Device\HarddiskVolume2 -- 0x3 --> Restored
[E:] \Device\CdRom0 -- 0x5 --> Skipped

Finished : << RKreport[3]_SC_11052012_02d2305.txt >>
RKreport[1]_S_11052012_02d2257.txt ; RKreport[2]_D_11052012_02d2300.txt ; RKreport[3]_SC_11052012_02d2305.txt

#14
want2fixmypc

Posted 05 November 2012 - 10:34 PM

Member

Topic Starter
Member
27 posts

Here is the OTL log:

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1E8A6170-7264-4D0F-BEAE-D42A53123C75}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1E8A6170-7264-4D0F-BEAE-D42A53123C75}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3b1165c5-a0cc-11dc-ac81-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3b1165c5-a0cc-11dc-ac81-806e6f6e6963}\ not found.
File E:\Start.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3b1165c5-a0cc-11dc-ac81-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3b1165c5-a0cc-11dc-ac81-806e6f6e6963}\ not found.
File E:\Start.exe not found.
C:\ProgramData\-W99MY0uOJPP7Zkr moved successfully.
C:\ProgramData\-W99MY0uOJPP7Zk moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: John
->Temp folder emptied: 135273273 bytes
->Temporary Internet Files folder emptied: 48900705 bytes
->Java cache emptied: 8027982 bytes
->Google Chrome cache emptied: 12000601 bytes
->Flash cache emptied: 8237940 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 136131960 bytes
RecycleBin emptied: 35376912 bytes

Total Files Cleaned = 366.00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 11052012_231747

Files\Folders moved on Reboot...
C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\John\AppData\Local\Trusteer\Rapport\user\logs\gp_iexplore.4820.log moved successfully.
C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\John\AppData\Local\Trusteer\Rapport\user\logs\koan.4820.log moved successfully.
C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\John\AppData\Local\Trusteer\Rapport\user\logs\koan.5040.log moved successfully.
C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\John\AppData\Local\Trusteer\Rapport\user\logs\koanlight.4820.log moved successfully.
C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\John\AppData\Local\Trusteer\Rapport\user\logs\koanlight.5040.log moved successfully.
C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XI58UL2T\pixel[1].htm moved successfully.
C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\IZ5VAXI0\pd[1].htm moved successfully.
C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\GABMC6AO\pd[1].htm moved successfully.
C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\GABMC6AO\xd_arbiter[1].htm moved successfully.
C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FL67RMBQ\BentonSans-Bold[1].htm moved successfully.
C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FL67RMBQ\BentonSansExtraComp-Bold[1].htm moved successfully.
C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FL67RMBQ\tweet_button.1351848862[1].htm moved successfully.
C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FL67RMBQ\xd_arbiter[1].htm moved successfully.
C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\EEEG0Y68\1[1].htm moved successfully.
C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\EEEG0Y68\BentonSansCond-Medium[1].htm moved successfully.
C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\EEEG0Y68\Rocky-Bold[1].htm moved successfully.
C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\EEEG0Y68\turn-off-norton-antivirus-firewall-11856[1].htm moved successfully.
C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ECBSKQML\3582728540[1].htm moved successfully.
C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ECBSKQML\above_fold[1].htm moved successfully.
C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DYNZX182\above_fold[1].htm moved successfully.
C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DYNZX182\below_fold[1].htm moved successfully.
C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DYNZX182\below_fold[2].htm moved successfully.
C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DYNZX182\xd_arbiter[1].htm moved successfully.
C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DCLKPH3P\google-single[1].htm moved successfully.
C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BN1BK69N\like[1].htm moved successfully.
C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B3SCOOAK\adoapn_AppNexusDemoActionTag_1[1].htm moved successfully.
C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ADCF8LUX\cms-2-frame[1].htm moved successfully.
C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ADCF8LUX\ddc[1].htm moved successfully.
C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\9Q8W8K7W\like[1].htm moved successfully.
C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

#15
want2fixmypc

Posted 05 November 2012 - 11:24 PM

Member

Topic Starter
Member
27 posts

Here is the AdwCleaner log:

# AdwCleaner v2.006 - Logfile created 11/06/2012 at 00:11:11
# Updated 30/10/2012 by Xplode
# Operating system : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# User : John - JOHNS_LAPTOP
# Boot Mode : Normal
# Running from : C:\Users\John\Downloads\AdwCleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\InternetHelper1.5
Folder Deleted : C:\Program Files\Produtools_Forms
Folder Deleted : C:\Users\John\AppData\Local\Conduit
Folder Deleted : C:\Users\John\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\John\AppData\LocalLow\InternetHelper1.5
Folder Deleted : C:\Users\John\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\John\AppData\LocalLow\Produtools_Forms

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Produtools_Forms Toolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1930E38A-DEEF-4CF4-9BFB-9C4EA3689A9D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{76A747B4-EDC6-46FF-8A5D-9AE61A889D5B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1930E38A-DEEF-4CF4-9BFB-9C4EA3689A9D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{76A747B4-EDC6-46FF-8A5D-9AE61A889D5B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C22D3DA8-D964-4E1E-9B4B-28EC1FEDCDD6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1930E38A-DEEF-4CF4-9BFB-9C4EA3689A9D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{76A747B4-EDC6-46FF-8A5D-9AE61A889D5B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C22D3DA8-D964-4E1E-9B4B-28EC1FEDCDD6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CF0A6C67-CFD0-40B0-A375-4B9893C2B339}
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3209602
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3247201
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\InternetHelper1.5
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2ADEC5B1-1D9F-49AC-BFCE-C2A67FDF757B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4FD36236-06DB-4E2C-B59D-6BCFD59FCE69}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7DC2BECB-EBEC-4BBD-9AA8-8EFCE0D5D909}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9A74DCD2-7EE4-4D96-A908-946DFEC46EC4}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1930E38A-DEEF-4CF4-9BFB-9C4EA3689A9D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{76A747B4-EDC6-46FF-8A5D-9AE61A889D5B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C22D3DA8-D964-4E1E-9B4B-28EC1FEDCDD6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CF0A6C67-CFD0-40B0-A375-4B9893C2B339}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InternetHelper1.5 Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Produtools_Forms Toolbar
Key Deleted : HKLM\Software\Produtools_Forms
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{1930E38A-DEEF-4CF4-9BFB-9C4EA3689A9D}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{76A747B4-EDC6-46FF-8A5D-9AE61A889D5B}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{1930E38A-DEEF-4CF4-9BFB-9C4EA3689A9D}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{76A747B4-EDC6-46FF-8A5D-9AE61A889D5B}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{1930E38A-DEEF-4CF4-9BFB-9C4EA3689A9D}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{76A747B4-EDC6-46FF-8A5D-9AE61A889D5B}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{1930E38A-DEEF-4CF4-9BFB-9C4EA3689A9D}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{76A747B4-EDC6-46FF-8A5D-9AE61A889D5B}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.1] : icon_url ={"browser":{"check_default_browser":false,"last_known_google_url":"hxxp://www.google.com/","last_prompted_google_url":"hxxp://www.google.com/","window_placement":{"bottom":760,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":770,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"countryid_at_install":21843,"default_apps_install_state":1,"default_search_provider":{"enabled":true,"encodings":"UTF-8","hxxp://www.google.com/favicon.ico","id":"2","instant_url":"{google:baseURL}webhp?{google:RLZ}sourceid=chrome-instant&ie={inputEncoding}{google:instantEnabledParameter}{searchTerms}","keyword":"google.com","name":"Google","prepopulate_id":"1","search_url":"{google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}","suggest_url":"{google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}"},"distribution":{"create_all_shortcuts":true,"do_not_launch_chrome":true,"import_history":false,"import_search_engine":false,"make_chrome_default":true,"ping_delay":10,"show_welcome_page":true,"skip_first_run_ui":false,"verbose_logging":false},"dns_prefetching":{"host_referral_list":[2,["hxxp://a1.interclick.com/",["hxxp://a1.interclick.com/",2.2086570657060003,"hxxp://ad.doubleclick.net/",2.2086570657060003,"hxxp://ad.yieldmanager.com/",2.2086570657060003,"hxxp://cdn.interclick.com/",2.529573049612,"hxxp://choices-st.truste.com/",3.1714050174239996,"hxxp://choices.truste.com/",2.2086570657060003,"hxxp://osmsync.interclick.com/",2.2086570657060003,"hxxp://s0.2mdn.net/",2.529573049612]],["hxxp://ad.download.cnet.com/",["hxxp://ajax.googleapis.com/",0.182554230711349,"hxxp://cdn-ad.download.cnet.com/",1.5379648394327163,"hxxp://i.i.com.com/",0.74000283126906]],["hxxp://ad.yieldmanager.com/",["hxxp://a.collective-media.net/",2.850489033518,"hxxp://ak1.abmr.net/",2.2086570657060003,"hxxp://c.betrad.com/",3.8132369852359993,"hxxp://d37x6ru616myg2.cloudfront.net/",5.738732888671998,"hxxp://ib.adnxs.com/",3.1714050174239996,"hxxp://l.betrad.com/",2.2086570657060003,"hxxp://l.collective-media.net/",2.529573049612,"hxxp://load.exelator.com/",2.2086570657060003,"hxxp://r.nexac.com/",2.2086570657060003,"hxxp://tags.bluekai.com/",2.2086570657060003]],["hxxp://answers.yahoo.com/",["hxxp://ad.yieldmanager.com/",3.1714050174239996,"hxxp://b.scorecardresearch.com/",2.529573049612,"hxxp://l.yimg.com/",14.403464454133996,"hxxp://scripts.chitika.net/",2.529573049612,"hxxp://socialprofiles.zenfs.com/",2.2086570657060003,"hxxp://ucs.query.yahoo.com/",2.2086570657060003,"hxxp://us.bc.yahoo.com/",2.2086570657060003,"hxxp://yui.yahooapis.com/",3.1714050174239996]],["hxxp://bwp.download.cnet.com/",["hxxp://i.i.com.com/",1.1018820204109874]],["hxxp://cdn.interclick.com/",["hxxp://cdn.interclick.com/",6.18544793826915,"hxxp://cm.g.doubleclick.net/",2.2086570657060003,"hxxp://g-pixel.invitemedia.com/",2.2086570657060003,"hxxp://ib.mookie1.com/",0.9620910178215336,"hxxp://ic.nexac.com/",1.1018820204109874,"hxxp://load.s3.amazonaws.com/",2.2086570657060003,"hxxp://loadm.exelator.com/",2.529573049612,"hxxp://osmsync.interclick.com/",2.2086570657060003,"hxxp://tag.crsspxl.com/",0.9620910178215336,"hxxp://va.px.invitemedia.com/",2.2086570657060003]],["hxxp://d37x6ru616myg2.cloudfront.net/",["hxxp://d37x6ru616myg2.cloudfront.net/",2.2086570657060003]],["hxxp://download.cnet.com/",["hxxp://asset1.cbsistatic.com/",2.2086570657060003,"hxxp://gscounters.gigya.com/",3.8132369852359993,"hxxp://i.i.com.com/",4.4550689530479985,"hxxp://platform.twitter.com/",3.4923210013299997,"hxxp://static.ak.facebook.com/",3.8132369852359993,"hxxp://www.facebook.com/",3.8132369852359993,"hxxps://platform.twitter.com/",2.529573049612,"hxxps://s-static.ak.facebook.com/",2.529573049612,"hxxps://ssl.gstatic.com/",2.2086570657060003,"hxxps://www.facebook.com/",3.1714050174239996]],["hxxp://ic.nexac.com/",["hxxp://cdn.interclick.com/",2.529573049612]],["hxxp://platform.twitter.com/",["hxxp://cdn.api.twitter.com/",0.24583659918041922,"hxxp://p.twitter.com/",0.24583659918041922,"hxxp://r.twimg.com/",0.24583659918041922]],["hxxp://tags.bluekai.com/",["hxxp://a.collective-media.net/",0.4799798080910261,"hxxp://ak1.abmr.net/",0.41908684736306007,"hxxp://i.i.com.com/",0.41908684736306007]],["hxxp://tools.google.com/",["hxxp://fonts.googleapis.com/",2.4575561048895462,"hxxp://nikkomsgchannel/",2.1457765990453503,"hxxp://themes.googleusercontent.com/",2.4575561048895462,"hxxp://tools.google.com/",3.7046741282663302,"hxxp://www.google-analytics.com/",2.4575561048895462,"hxxp://www.google.com/",3.0811151165779385]],["hxxp://view.atdmt.com/",["hxxp://ib.adnxs.com/",2.2086570657060003,"hxxp://spe.atdmt.com/",2.2086570657060003]],["hxxp://www.facebook.com/",["hxxp://static.ak.fbcdn.net/",0.09107490143857885]],["hxxp://www.geekstogo.com/",["hxxp://1-ps.googleusercontent.com/",3.4530170556783997,"hxxp://2-ps.googleusercontent.com/",2.7428339108015996,"hxxp://b.scorecardresearch.com/",2.2733802,"hxxp://cms.quantserve.com/",0.6535877139792,"hxxp://ib.adnxs.com/",0.6535877139792,"hxxp://nikkomsgchannel/",1.2688051226368,"hxxp://passets-cdn.pinterest.com/",1.4581155930992,"hxxp://www.geekstogo.com/",0.7485534501984,"hxxp://www.google-analytics.com/",2.2733802,"hxxps://dl.dropbox.com/",3.2643407999999994]],["hxxp://www.google.com/",["hxxp://accounts.google.com/",0.7065375499313251,"hxxp://nikkomsgchannel/",2.2202100411266157,"hxxp://ssl.gstatic.com/",1.1018820204109874,"hxxp://www.google.com/",3.478329064431698,"hxxps://accounts.google.com/",0.7065375499313251,"hxxps://www.google.com/",0.8858082715556911]],["hxxp://www.malwarebytes.org/",["hxxp://css.cdn.static.malwarebytes.org/",6.701480840389999,"hxxp://fonts.googleapis.com/",2.2086570657060003,"hxxp://images.cdn.static.malwarebytes.org/",4.775984936953999,"hxxp://js.cdn.static.malwarebytes.org/",3.4923210013299997,"hxxp://nikkomsgchannel/",2.2086570657060003,"hxxp://themes.googleusercontent.com/",2.529573049612,"hxxp://www.google-analytics.com/",2.529573049612,"hxxp://www.malwarebytes.org/",2.529573049612]],["hxxp://www.pctools.com/",["hxxp://secure.pctools.com/",2.2733802,"hxxps://secure.pctools.com/",2.6037003999999997]],["hxxp://www.sammsoft.com/",["hxxp://api.choicestream.com/",2.850489033518,"hxxp://fei.pro-market.net/",2.2086570657060003,"hxxp://ib.adnxs.com/",3.1714050174239996,"hxxp://load.exelator.com/",2.2086570657060003,"hxxp://nikkomsgchannel/",2.529573049612,"hxxp://pixel.quantserve.com/",2.2086570657060003,"hxxp://view.atdmt.com/",2.529573049612,"hxxp://www.google-analytics.com/",2.529573049612,"hxxp://www.sammsoft.com/",5.096900920859999,"hxxps://api.choicestream.com/",2.2086570657060003]],["hxxps://www.google.com/",["hxxps://ssl.gstatic.com/",2.1457765990453503,"hxxps://www.google.com/",4.640012645798919]]],"startup_list":[1,"hxxp://ak1.abmr.net/","hxxp://nexus.ensighten.com/","hxxp://pctools.tt.omtrdc.net/","hxxp://request.pctools.com/","hxxp://rs.instantservice.com/","hxxp://ts.istrack.com/","hxxp://www.google-analytics.com/","hxxp://www.pctools.com/","hxxps://apis.google.com/","hxxps://seal.buysafe.com/"]},"download":{"directory_upgrade":true,"extensions_to_open":""},"extensions":{"alerts":{"initialized":true},"autoupdate":{"last_check":"12996620343688044","next_check":"12996637309418044"},"blacklistupdate":{"lastpingday":"12996576000153044","version":"0.0.0.131"},"chrome_url_overrides":{"bookmarks":["chrome-extension://eemcgdkfndhakfknompkggombfjjjeno/main.html"]},"settings":{"aakhlmakppmkkmfkoibponkmmpgpmjgl":{"blacklist":true},"aandpgohbohmlknpjbblpmoladhoochg":{"blacklist":true},"abciiempgohamehppammbkhkicmkgkob":{"blacklist":true},"abfclfmhaemoockhhinpplncjehfpdbd":{"blacklist":true},"acmpfcamncegnhjdeiodgilikjafcamg":{"blacklist":true},"acomnmbomlajgjbcijkflekoojdfcldj":{"blacklist":true},"aconhjfogglfnkjhkjipaifepjklolog":{"blacklist":true},"aebfkgcamgnimcbnbiopgdakknjgggnm":{"blacklist":true},"aemcjbfajnnmhblifaejadoecfoaebld":{"blacklist":true},"afenhmponmfmdmbmccbmglppcmjhmhmh":{"blacklist":true},"aglmapjbjphdidmnileogpjkgpdoliep":{"blacklist":true},"agmhonoepgcnakccfpidhjehlocaeaaj":{"blacklist":true},"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["appNotifications","management","webstorePrivate"]},"app_launcher_ordinal":"n","page_ordinal":"n"},"ahjfgnikolodijnpakeknpilnemojlhc":{"blacklist":true},"aieglpnmmhleoenpbmfaffppfomgjmba":{"blacklist":true},"aieihijcjcccdiepockaiekhpflicdii":{"blacklist":true},"aifmjmboebdkdelpjenakhaodgneempp":{"blacklist":true},"ajlkjjdbgcjdiklbcomhnfghjigfccoh":{"blacklist":true},"alcbnnpmipohgdllkkglhkbncijplago":{"blacklist":true},"aldalonecchncedclgcndcndgilaclnk":{"blacklist":true},"alfahpoknocfdebmiclonikapcnljlob":{"blacklist":true},"aljdncnajablgppdcfbehhmidlmbndda":{"blacklist":true},"amfgdngndpfldigimkcindjalokfnmem":{"blacklist":true},"amoobcjlpgloocplpikcldcpjjdnoeii":{"blacklist":true},"anmjpohfnlopdfaojooicpemopnliimn":{"blacklist":true},"aofechiiopolnegcjcddgedjabmkemhf":{"blacklist":true},"apdmgffkfhjfeejmbjidennfjdkmmmbl":{"blacklist":true},"aphncaagnlabkeipnbbicmcahnamibgb":{"blacklist":true},"bcddmcejgphfgofbpoocakaeapfomlek":{"blacklist":true},"bdgijcibmhjjccgbdohofncdjcophknj":{"blacklist":true},"benclngoadbppljglhphhnfknoppmjoa":{"blacklist":true},"bhdkpmneahdelgdgfhddianklldfoell":{"blacklist":true},"bilgncckogfgfipdlejkffnbkgjkmflh":{"blacklist":true},"bioeopenmokdgbekbgpgnacecjmpckbb":{"blacklist":true},"bjihddggcgnblgojnmhpnngonofbnkaj":{"blacklist":true},"bkhafliomebnpccanacmlfaemgfiofko":{"blacklist":true},"bkkchglolnigbfncnbnnbhhempjkdpkf":{"blacklist":true},"bkplhcigeaiiliajeehehiikokgocbhb":{"blacklist":true},"bldgnkigdcpgnbfehgbameigoohecdfl":{"blacklist":true},"blpcfgokakmgnkcojhhkbfbldkacnbeo":{"ack_external":true,"active_permissions":{"api":["appNotifications"]},"app_launcher_ordinal":"x","events":["runtime.onInstalled"],"from_bookmark":true,"from_webstore":true,"install_time":"12994915220146404","lastpingday":"12996576000214044","location":2,"manifest":{"app":{"launch":{"container":"tab","web_url":"hxxp://www.youtube.com/"},"web_content":{"enabled":true,"origin":"hxxp://www.youtube.com"}},"current_locale":"en_US","default_locale":"en","description":"The world's most popular online video community.","icons":{"128":"128.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDC/HotmFlyuz5FaHaIbVBhhL4BwbcUtsfWwzgUMpZt5ZsLB2nW/Y5xwNkkPANYGdVsJkT2GPpRRIKBO5QiJ7jPMa3EZtcZHpkygBlQLSjMhdrAKevpKgIl6YTkwzNvExY6rzVDzeE9zqnIs33eppY4S5QcoALMxuSWlMKqgFQjHQIDAQAB","name":"YouTube","permissions":["appNotifications"],"update_url":"hxxp://clients2.google.com/service/update2/crx","version":"4.2.5"},"page_ordinal":"n","path":"blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.5_0","state":1},"bndahdijlcnncjbpammoedeapmlobllc":{"blacklist":true},"bnffnggkphadlnoopcoakdnkellnifjp":{"blacklist":true},"boaoagnmpennjoigkkmnjhecapibhfko":{"blacklist":true},"boclfockfmgcppbajihcgajhpggaakgl":{"blacklist":true},"bokkificjhapflinbdejegngffgkcgfe":{"blacklist":true},"caphkimknlmnhpjoneddiaakmcaajagb":{"blacklist":true},"cbbbpmlnlpnjojeplppgeilanlihoojg":{"blacklist":true},"cbbjhegipokkofhhicbckicchjpcpeni":{"blacklist":true},"cbjlfaogacjpkplebfbijaakaifoflno":{"blacklist":true},"cdogaeccgljmkecjmoedambgiekkllij":{"blacklist":true},"cekdjgnecpoooikhmceokdhojckkkhmh":{"blacklist":true},"cepfogmgfkddnllaopgknbdfkceejmhk":{"blacklist":true},"cfbdodejdeejbkffcmiaknpmojjeibpn":{"blacklist":true},"cfogpbanfnocakdckmgafapdlmclpiln":{"blacklist":true},"cgnegjfmdfenjojhjffejinpnpoglmlh":{"blacklist":true},"cgnkbnaiipmfbakpmhllalggoepniemh":{"blacklist":true},"cihlkpohodpdkdnfalhdkhhlhmhffmbe":{"blacklist":true},"cjhklhdjonhcohlacgggcbklpnldleck":{"blacklist":true},"cjohbbapkbkkhpohinffggbphnhoblea":{"blacklist":true},"ckckpgefkpjfopjppjfcikppehdhceah":{"blacklist":true},"ckphhghhpjbfddcgkpfbelfeojcciglo":{"blacklist":true},"clapnamcglekekmamicmbahkghdcjaeh":{"blacklist":true},"cmjphjljejnfgdbkdgdlclaabimpknna":{"blacklist":true},"cmlokmkdolieoaoddlfhaidnlmiadhik":{"blacklist":true},"cnimdnlablahacgompaahbgohcokcclp":{"blacklist":true},"coajchbkdbfhmhbgcjepiofllfjjcpfp":{"blacklist":true},"coobgpohoikkiipiblmjeljniedjpjpf":{"ack_external":true,"app_launcher_ordinal":"t","events":["runtime.onInstalled"],"from_bookmark":true,"from_webstore":true,"install_time":"12994915213475404","lastpingday":"12996576000214044","location":2,"manifest":{"app":{"launch":{"web_url":"hxxp://www.google.com/webhp?source=search_app"},"urls":["*://www.google.com/search","*://www.google.com/webhp","*://www.google.com/imgres"]},"current_locale":"en_US","default_locale":"en","description":"The fastest way to search the web.","icons":{"128":"128.png","16":"16.png","32":"32.png","48":"48.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDIiso3Loy5VJHL40shGhUl6it5ZG55XB9q/2EX6aa88jAxwPutbCgy5d9bm1YmBzLfSgpX4xcpgTU08ydWbd7b50fbkLsqWl1mRhxoqnN01kuNfv9Hbz9dWWYd+O4ZfD3L2XZs0wQqo0y6k64n+qeLkUMd1MIhf6MR8Xz1SOA8pwIDAQAB","name":"Google Search","update_url":"hxxp://clients2.google.com/service/update2/crx","version":"0.0.0.19"},"page_ordinal":"n","path":"coobgpohoikkiipiblmjeljniedjpjpf\\0.0.0.19_0","state":1},"copjbedljgpkaakkmbhgkpoaadeahido":{"blacklist":true},"cpiiakoibaohkfoaijaigdnocfolnmll":{"blacklist":true},"dadcalgappognjbjpalfophhcfakoeac":{"blacklist":true},"danapgfidmepmcfbjjacceiaiiioieio":{"blacklist":true},"dbanhghadfmjndnjmmejdgfdmgidlbpm":{"blacklist":true},"dbiblcmlcgdjjbdpbmbcpineegngkiip":{"blacklist":true},"dbmdicehacbaohlockjgdglcobimmjkh":{"blacklist":true},"dejippphmhbpgckbhdidnjmdcpfccbaj":{"blacklist":true},"deonbedlmakdddidplniclflladdjoep":{"blacklist":true},"dfafokiagoiocidlpglcanjkcdbdnioi":{"blacklist":true},"dfoegfajplmijblljfancdapbdaopebb":{"blacklist":true},"dgaehaeahdegbdlenicbmkbakhdgoeml":{"blacklist":true},"dgcfmgdfbfbgcpbendbhbkfjppboebed":{"blacklist":true},"dgkemngdheppgohkjjelnkjmdeimmfml":{"blacklist":true},"dhclobcklknojliojkkclgjndemadnig":{"blacklist":true},"diinokaoicgobepmadnmedlhdfnpehcj":{"blacklist":true},"dinhjcapnfbffhiihdlnbdfjdjjfhcbk":{"blacklist":true},"djnahdkbfgnhgpakidinfonfcjbagkgp":{"blacklist":true},"dkhkecikbdfpoiopnnpoeglbdphgflmf":{"blacklist":true},"dlobhinihbmedmheccecfnkcadpehmbf":{"blacklist":true},"dmhgenmamfphbclmhdgmffajkfommkom":{"blacklist":true},"dmhjdbigobajgnfoabodjgmcdgoeoljm":{"blacklist":true},"dmkdhgkknhnfpdjeicefnpmhcpbimden":{"blacklist":true},"dnemhlkdpajbbniphgkgceplmnkfnhfo":{"blacklist":true},"doneghboglgnflpdicnkaojmmljgejkj":{"blacklist":true},"dpgenihgggagjjggfocjceeobjkadcbc":{"blacklist":true},"dpmloehicimdjkibmobhmpgdndgbcced":{"blacklist":true},"ebdcdchjcndpjhehacedepnggfdbfkpn":{"blacklist":true},"echngajnlpjeacbanjejlhcajjfoedcc":{"blacklist":true},"edmnikahahfkfilbbjbdoiabnghbkmjc":{"blacklist":true},"efbeabpbbkahnnjalakldjfhljboclkf":{"blacklist":true},"efhjelcghjkfigiagdfbfilndaffpmdj":{"blacklist":true},"efnaljpgehfilpmkhobibbjceeeondmn":{"blacklist":true},"egljdhfnbjahogjahnigfnbpidlmdagi":{"blacklist":true},"ehgoiaffgjoinpkllmmnikghgpghnabc":{"blacklist":true},"ehmjnpjodmgeocfphkjjnheiheehcoid":{"blacklist":true},"ehomcoocpagnlcakcbecdaknmacmedld":{"blacklist":true},"eihjeehdobnpkonebmpanonopghepfle":{"blacklist":true},"eijbdinddjecmebnlienfoijpjjobkjh":{"blacklist":true},"ejakhnjbomgngodiidgbkapjgbdckhnh":{"blacklist":true},"ejijgghlncnaphklndknkbkclebfboca":{"blacklist":true},"ejlekamipdcfcfpgfepjmklllbpeecaj":{"blacklist":true},"elcaigjcaijbfpjngaekbblphmfjdhfo":{"blacklist":true},"eofejpelggimkodeojpeojnbijgiglgh":{"blacklist":true},"eopmhecjnginkckggjmhombbopmkjpam":{"blacklist":true},"epbmnbdplhcomkedpjfceakddnbgfjmf":{"blacklist":true},"fafoohpbicgbcejffcplajonhhooddle":{"blacklist":true},"fbhiehmngojjcmljddjmgpmcockbccmo":{"blacklist":true},"fcfepemfihgibdacjlnlecebknaaepmj":{"blacklist":true},"ffgfbfakpcnngelphjnppokmoicdollk":{"blacklist":true},"fhlkffpjoajppmhcakbkjndbjfljccpi":{"blacklist":true},"fiapkdjniadkodmdibdnchoifkpfoiid":{"blacklist":true},"fibgploapkhokkbncddlkcmbmiengcfp":{"blacklist":true},"fihepkmlkmciffbhijldnpmifhbkiinp":{"blacklist":true},"fjhfnfakmfcejgmfkmnapemgblmehppf":{"blacklist":true},"fjjeecfjmgfnleghoellhldedkaocjfc":{"blacklist":true},"fleljamdchegbjeiipbnmiebnhgheeld":{"blacklist":true},"flmmgcfcpbfddenepkfmgfpbaceolcoe":{"blacklist":true},"fmcccidacjgnfiafddkngmeolkoiihil":{"blacklist":true},"fmonlemffgbabjifjfaoamdflijecdbk":{"blacklist":true},"fngolbdmkneakeaoiieafkilnogbocda":{"blacklist":true},"fnhcgnmfccojojojacgeiaaeacefdohb":{"blacklist":true},"fnkaadkanmfgpfbmdcllhjdgmdbgljpi":{"blacklist":true},"fnnmbghphdnmmjdapccfobgjemjadeli":{"blacklist":true},"fnoadkjdjfgafomgmablhmffooijcfbn":{"blacklist":true},"foenbafkkmajnmfnlcmejonkfaipdmme":{"blacklist":true},"fomljmklmcefndkgpakgifbiiidgbjej":{"blacklist":true},"fommcgokigkhmnhlhlkckfjhefnmfohd":{"blacklist":true},"fpbippbofbmgmbojjmgfcifpmdaelcmd":{"blacklist":true},"fpjdackpllilinpkgmhkpidkanmccblc":{"blacklist":true},"fpmajanjndhgpifbcbnklbiehgnpkgmf":{"blacklist":true},"fpoajjnnpmledpmohlgpgbmlhbgkgahg":{"blacklist":true},"fpokembamndopkflopmplkklbdngnknd":{"blacklist":true},"gaicmfjflflabagobdiodejfpjikheeo":{"blacklist":true},"gandihaiobadcggbfkhpbkocmiemjlnf":{"blacklist":true},"gbenikfjhilhpgagllmfgggdjaflbmbi":{"blacklist":true},"gdggdkkjecogagaffaemnbfmllcoihjp":{"blacklist":true},"gekkhpjigmckhgmgngadbeknekgpgolb":{"blacklist":true},"ggkpicnfnljflddbdoeeaajjgepapcbf":{"blacklist":true},"ghgphbmpcfgkfneodjpbdanmdoemklio":{"blacklist":true},"ghmaokcegalalefnhlfcnjhnpdbanjkj":{"blacklist":true},"gifglngcdbggmlgkcombebegdaoknkho":{"blacklist":true},"gjkbghdignnlcknknflbigpammebiolo":{"blacklist":true},"gjmhdmobkhfhkpfmfegnkkimlamjdldi":{"blacklist":true},"gkhbgnodbilglgholifcjdblbgdaieah":{"blacklist":true},"gkjeccpmibljcfpfapfljciimedljpnm":{"blacklist":true},"gkjmgdpdndoaiholejnmdbbpdaafahmm":{"blacklist":true},"gmghjgfdialcnhadahmjefeflgnhcjeb":{"blacklist":true},"gnapdhmknipknfmhhnhdmhakdfhgeing":{"blacklist":true},"gncfgndgeoddelbfhlndhljnecoednaa":{"blacklist":true},"gngmkbiihflpghldjnbpemaicedhdddk":{"blacklist":true},"gobjcjhhebpjbmjdgmejhebbleadnceo":{"blacklist":true},"goedioiidkokkbobdnopnlnaaalniegm":{"blacklist":true},"gplgjmecjpbfcdikpbicknafcnfcidek":{"blacklist":true},"hbaajkahagmlkdekmbdabikbopdgpaac":{"blacklist":true},"hbdhabpmbbanaopgkbaondabkkepjfaf":{"blacklist":true},"hbmlheccjkodhfejcmblndjodllmnlnl":{"blacklist":true},"hcapokajkngndbglnfglpfdpoeidmpha":{"blacklist":true},"hcpndbchnlgojmnijaldkicigmihmdca":{"blacklist":true},"hdijkiondgomjpehfhopomicjbiodmcm":{"blacklist":true},"hdnbmmfjbblajkjkcaeofolgfnljpnim":{"blacklist":true},"hecijapnccjhonbmacmkmffooodfokoo":{"blacklist":true},"hefmoncdemhjembgbnkgglhlookbipdc":{"blacklist":true},"hfcgbiofoebieldldghfocjfnnajmpej":{"blacklist":true},"hfjpjodbolkmheaehcnmfhjakjileoof":{"blacklist":true},"hfpfbhnmbbigpmoodjemilggabklpopj":{"blacklist":true},"hgbaomphocgmdpmiohjclchaaljpaelp":{"blacklist":true},"hgboiaecclcbjphldpbgfgggcbihmnai":{"blacklist":true},"hgjgaeknhmidehalnmokomhpfhbfmpcm":{"blacklist":true},"hhfffemhgkginfafaoapljdllodppana":{"blacklist":true},"hhfiljkpjapjjphcocclhhaldpfkkjbi":{"blacklist":true},"hhjmkijkgojfifipdgmiemghfikbohcm":{"blacklist":true},"hhlgbfcfbkhlmajakkcjippgpcmejkko":{"blacklist":true},"hilncbjbdpnfepdidfchmdclhpnlegpj":{"blacklist":true},"hjkhligcnpfjhjlapmejaiaiigibofif":{"blacklist":true},"hkbgccpdcpbdckohbknjlamamelcnlki":{"blacklist":true},"hkjcejgfmaanpncnpoidgbhoikcaeepd":{"blacklist":true},"hkjfdgjkgpbbdmadbglcgljjjddkcdha":{"blacklist":true},"hmmoglffhpmacaacfbbmbbkcbdkjphnc":{"blacklist":true},"hnbcdmfeoldeppcbnnjmjkdofohaljbn":{"blacklist":true},"hncomkjbbkchfjelocejkbbflmjhlhfp":{"blacklist":true},"hnipgljcblpgnnojcfldehpeknhakbgj":{"blacklist":true},"hnkcpoijaeegompjgbjjhkdmljldaccg":{"blacklist":true},"hnnebfeppcbhhbhiifeaajgcjnkljlld":{"blacklist":true},"hnonhhpgjnjcjfbkjdpfbkfpaodcmncb":{"blacklist":true},"hpcdoodjfcmpcpkeendjnjkeinimhkih":{"blacklist":true},"hpibmhghjndideebpackbdlpncgkcppp":{"blacklist":true},"iablioliielnhdianpbiijaoncbmfend":{"blacklist":true},"iccblehkchfmjgfafjcpjlkjcponhdhl":{"blacklist":true},"icihfeaofpcfehanhbnjigdlpfahjlee":{"blacklist":true},"iemfpgbdjfoihicbocpbjppipdbfimeh":{"blacklist":true},"ifbkndkaolfbjjhnnhfmkbkoclpdkpli":{"blacklist":true},"ifeijfpkjckedpclgncedmgdiaoeahmk":{"blacklist":true},"igaajdmlejbjcbmpmnigopikfdaccdcm":{"blacklist":true},"igbaoknfddliiaoimhehfbkfekpmmfll":{"blacklist":true},"igghanohiioehififjoalfkdoicafjof":{"blacklist":true},"ihnembcpodnfgkafmiojebccomjekopm":{"blacklist":true},"iiiinekimabooeihccihfopoadcaaphn":{"blacklist":true},"ijecjbcgpblkacpijljpaienknanaloa":{"blacklist":true},"ijenlpgidnapbndonoinbkhekgjonojg":{"blacklist":true},"ijjmbbddenkbenbcfldgghhjgjmcnioo":{"blacklist":true},"ilhjicgcglhjigdehkcehjdokmkahbjl":{"blacklist":true},"imfbomjbodpfgfhfahlgkkcllmhbelhk":{"blacklist":true},"imkffpjpdngdkpgadcmnlkhhmhdocijn":{"blacklist":true},"indfhnliadamglhalanplbajgenpjdml":{"blacklist":true},"iobnpmeeecphddicmhhmdjbnlbdhjlne":{"blacklist":true},"iomejadoamfilglofmeaffghddcgapmf":{"blacklist":true},"jabpdgllijbnknhkgjideeajfofafckp":{"blacklist":true},"jaejgaoiipdjjlbnapngknalafalbkej":{"blacklist":true},"janhdpmhnighonkkbkdpnljcoenpfkbh":{"blacklist":true},"jbfebbkjjmkcoldeaeelhpconkmgjhbg":{"blacklist":true},"jbmbiepnidbnhbbfdbgioomdkgnbcacj":{"blacklist":true},"jbnafcjbcfgejacaanogofkkehcomamp":{"blacklist":true},"jcmipejepoimfflnoapdmkdephgjinck":{"blacklist":true},"jddbdddmbfencninofcgnodekclofpaj":{"blacklist":true},"jdiakcmbpmcnniggjcmcjknnklpdlogc":{"blacklist":true},"jeehjhnmgohgpfpjneglogiholalkeip":{"blacklist":true},"jfalnphfjdoalcdhlnhdpekbmmopkgkj":{"blacklist":true},"jfhmafmjfdblceidmfdmoihamolaaeco":{"blacklist":true},"jfjagidcpadkoaonbogmbgfimmnefeie":{"blacklist":true},"jgdkappiifgomhgikcjbanhnmlekpeje":{"blacklist":true},"jgmpapdckakiohhebmeoemejibommimi":{"blacklist":true},"jhhabiomopkibeecgngiggmopkeofacl":{"blacklist":true},"jindbcpkhnnnjgcjgmkjedbibibiojjf":{"blacklist":true},"jiofcofpcbijcnlpekdkpmgjdppajbjb":{"blacklist":true},"jjnkfllhcgkgnfbekpnmoikpfihpjfli":{"blacklist":true},"jkihmglffmfjedfbpbpdbbimcodjbmdh":{"blacklist":true},"jkmhalpofmlfeglboejbchpoijnkmcgh":{"blacklist":true},"jljfnkmkkdkppfndippkedacgfkafped":{"blacklist":true},"jmbkhogpjgjpfjhpdikloblkbkljkgao":{"blacklist":true},"jmeanodbelbflfmnkfdjgpikmldgjjko":{"blacklist":true},"jmifipgdcllamghkhdplfjffkciekbgo":{"blacklist":true},"jpehgolpfgnknboibogccapmdcadjkbd":{"blacklist":true},"jpeijjbllejgmokmahkeommcodahoobm":{"blacklist":true},"jpgidahfcgiajlcbleeiaibpmmblcmnb":{"blacklist":true},"jpkdlckejfjidmplieobnhijmoiecbhl":{"blacklist":true},"kbipembkfhbdmkkkfbigmohilmknjnof":{"blacklist":true},"kcanfkmhccbaheheaackijegkclkaeic":{"blacklist":true},"kcfnnanmpghdnoompcfclakpacapnfbn":{"blacklist":true},"kcgplbmkmfcpngilmhjmebdgkkpbdemp":{"blacklist":true},"kdchmeaiapjkejkcbeclgjklemecieeg":{"blacklist":true},"kdfahjokahcbmecgaandpobmgiiknagf":{"blacklist":true},"kdjhalklkkcmodeicjiaekcgifkcepaf":{"blacklist":true},"kelcbonmemlciepjdmfcifnhloeammhj":{"blacklist":true},"kelljdoinjlkmkncffgadbebgpmlcang":{"blacklist":true},"kffhenjbibjnbnjhlkcdlmpeccpaohio":{"blacklist":true},"kgbkdabomfdpfoibliicpmibceaoohgh":{"blacklist":true},"kgdhnhadbnpeibkghaebmhmngobdafag":{"blacklist":true},"kgdkcodealpfjolmiagcogfbgmaamegh":{"blacklist":true},"kgdmldjagfciieddcnlhampgkajkpanc":{"blacklist":true},"kibgmcdcfmcglajcfbecilngejnfppjp":{"blacklist":true},"kiipngoehgkgkackngaidmhmnchfbmio":{"blacklist":true},"kinhljbhjmcmoddhdoodekeklmjapjff":{"blacklist":true},"kkhomejdleoonmbdhcigkhkjcghngncf":{"blacklist":true},"kleaapgdkahaekcocmkbgfainbhihccj":{"blacklist":true},"kljhmdlkclaglodecegamnpioaflmage":{"blacklist":true},"kmlebjoghkhpapfhbdikannggmmffnco":{"blacklist":true},"kolbbghckjilleabphhgeggcgpfidofi":{"blacklist":true},"lambangeielkjcnmioccboaphdfcffib":{"blacklist":true},"lbaddolhebpnhdcdkicpcflhnfamcemn":{"blacklist":true},"lbficnmfealeidppcbgdcbemgfjodbkg":{"blacklist":true},"lceaiepehinnomgijphkmjccbigkljkj":{"blacklist":true},"lcfkojlnjnedeoepfemhdgkhiabkeadc":{"blacklist":true},"lcmpleboacinanffcdgenhhbkboclkjb":{"blacklist":true},"ldgfapfmnplpaohbbadnecegcpfkfall":{"blacklist":true},"ldmoahefokhfelhpbgfjpelcdbahdofk":{"blacklist":true},"leccghfplhenabeogpibljliijgapfgb":{"blacklist":true},"lgalokbapphhklmilicdefmgbjkcmldf":{"blacklist":true},"lgcnahanhlfpceencjmlehpfklokhojk":{"blacklist":true},"lhajoamjgchgljkdjigcgmmcehjkagan":{"blacklist":true},"likifpgnijjfbdegfepoalpamlgnfofi":{"blacklist":true},"liomofjeffddiiccaolcnllbhnipbkhe":{"blacklist":true},"ljcicfibknpmlcmcecddjlbgkejehhpa":{"blacklist":true},"ljeihpebkahejeacdalhkhmckmggppif":{"blacklist":true},"ljmjoloiepllcndinchenhomcdcgbgef":{"blacklist":true},"lkdimamelhbiijkiljlnedmhnnkkmlbl":{"blacklist":true},"lkfdchejjogilmloogbbjlnlpbhgjfab":{"blacklist":true},"lkhcbijhgfchgdmklonlobkfbcadbokg":{"blacklist":true},"lljnngafekbnkpdfophmcdlbfebcbcld":{"blacklist":true},"lnahlgmhpghkhmafjppdidhcoaomipfg":{"blacklist":true},"lnbeebaenahmkbffnimghceldeeihfak":{"blacklist":true},"lncjcfkpannmofmpgdfoonkniofdnaba":{"blacklist":true},"lndempehphjoeimfchjflohpmhamiamf":{"blacklist":true},"lnjgjionmhobdfdegbciceafphgemjnc":{"blacklist":true},"lnlaeblencbjjjeaanegaldcjfekeled":{"blacklist":true},"lodollblmkailkkdiijmoccefdfjohgk":{"blacklist":true},"loggadfheaoeabmkgolecncpfdfioefa":{"blacklist":true},"lojppnndedobolgfepahepphhloediji":{"blacklist":true},"loldehkdjdncebfnncknlkdchjclifbn":{"blacklist":true},"lookpbabilcplifjdeifacodednpacmk":{"blacklist":true},"lpgiafapdmlapiokjnmpbbfkomiceoml":{"blacklist":true},"lplmcpcnhpbffpcfiaddbeaplhhbengd":{"blacklist":true},"maakimnachffhlgdhfomaejeeaikgjap":{"blacklist":true},"mamfageekafifnickhgkibkofcclfefe":{"blacklist":true},"mandondadnlimicalgkbkaohmeopdojj":{"blacklist":true},"mbmdaiddhfoljplpdhohimgieioblfif":{"blacklist":true},"mcbkimglepddodbiongpohpeidioafgk":{"blacklist":true},"mcknnlhkkdbcppajgefagceglahcafjd":{"blacklist":true},"mdiehnlecbjlppbpaaipmlnhhjgepfcg":{"blacklist":true},"mdngbiejioalifclonjepjjfppmbgned":{"blacklist":true},"megkcfpbmemnpkgadkoompnoajcolpni":{"blacklist":true},"mfffdpnblflpobcnekhekiahepofaane":{"blacklist":true},"mfhfkclojmdocagbmecgcnlofppebebd":{"blacklist":true},"mfncimdpmknolnnnccdmkpnpkaofonkc":{"blacklist":true},"mgdgiplcofghdmpekdeeceolepakodcb":{"blacklist":true},"mjalegijammcloleihdmooifidcjggjp":{"blacklist":true},"mjgobkikdipfikmaoakdcdbicpioljgg":{"blacklist":true},"mjolnadmlahbpepjaemohnkhpjkbhmef":{"blacklist":true},"mkfokfffehpeedafpekjeddnmnjhmcmk":{"ack_external":true,"active_permissions":{"api":["history","plugin","tabs"],"scriptable_host":["\u003Call_urls\u003E"]},"events":["runtime.onInstalled"],"from_bookmark":false,"from_webstore":false,"install_time":"12996618089154044","lastpingday":"12996576000214044","location":3,"manifest":{"background_page":"background.html","browser_action":{"default_icon":"images/StatusButton/coBA_unknown.png","default_popup":"","default_title":"Norton Toolbar"},"content_scripts":[{"all_frames":true,"js":["docstart.js","wcid.js","wax.js"],"matches":["\u003Call_urls\u003E"],"run_at":"document_start"},{"all_frames":true,"js":["docend.js"],"matches":["\u003Call_urls\u003E"],"run_at":"document_end"}],"current_locale":"en_US","default_locale":"en","description":"Symantec Corporation","icons":{"48":"images/48_Norton_Ext_Icon.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCN17j8JLKorF+VBEKJgK4pj8g17X7JvJhwca8GU6eC+m33Mp7Wts5uLKDpImOPe0r/0VHiO54Bmwz0E9G67599bllrlhbIjHGKLeicrh4hmOaG1zArNN/DLDDUkcxU50odaPSgDoFUsp6TreA9lwoE5ypYw+lGnbo+BJwNe0hnQQIDAQAB","minimum_chrome_version":"18.0","name":"Norton Identity Protection","permissions":["tabs","history"],"plugins":[{"path":"npcoplgn.dll","public":true}],"version":"2012.5.6.10"},"path":"mkfokfffehpeedafpekjeddnmnjhmcmk\\2012.5.6.10_0","state":1},"mknjbohhleiicbpagpgmhoaigbblmnic":{"blacklist":true},"mkobblpffgbncfhijabakfafmkjdmmnm":{"blacklist":true},"mlmegahemifabfmdnndafagnncfbnahn":{"blacklist":true},"mlmmbepkgelpbenpobinockmiehdahai":{"blacklist":true},"mlnoedbhndgbjcbeadjfnmjloejlgojk":{"blacklist":true},"mmjodihhmnpkldljaifiajmlnpflfhpm":{"blacklist":true},"mndoohjdoechinpkfbkolflbonciahfo":{"blacklist":true},"mnhcgaghminpdabllkbkecahjfkdiabk":{"blacklist":true},"mnichagcickblneeijmfnmoiakigmmhf":{"blacklist":true},"mnllienogacopjnkmhgnniopjpgjpopp":{"blacklist":true},"mogepbcllienegdibkfpmombhefhcoic":{"blacklist":true},"mpgehpkneknbopplhmmkfijfiniddipf":{"blacklist":true},"mplhbhmkccidaokcelbcbcmhhedebcng":{"blacklist":true},"naopgnjebjeeedbbhcadkhkmeefmloho":{"blacklist":true},"nbieffehfdniifkgdckbndjhojohbfjj":{"blacklist":true},"nckmikohoilfkcoahbjpbgbpegcjgngm":{"blacklist":true},"ncpdanjmicnihdlijomcggnnekloephc":{"blacklist":true},"ndhkiimgbjnendpcfbiadlifmangejoa":{"blacklist":true},"ndiogongcmocdgjciemhagfhpjamehpe":{"blacklist":true},"negkalblfongjbphdcbbhddlickhlamd":{"blacklist":true},"nepfiodmbijheamafkiglonfkjebdjmf":{"blacklist":true},"nfecfkjnlkbphobjbcnphimihniieehc":{"blacklist":true},"nhbfbnmmdjkjahhfdeklgphihfodfgnb":{"blacklist":true},"nhboiakpmibkbkbeehchlfkggmhphpnk":{"blacklist":true},"nhkmojkfnknbbmhbnacjdlodokeophkl":{"blacklist":true},"nibohffepnilngkecenfdgnokfhmnkod":{"blacklist":true},"nidmbljkkcbdfklgdkklgjgmhejmbojn":{"blacklist":true},"nidodbfomffkfabciljelkbdiabkeehe":{"blacklist":true},"nifbebeekindefklojhchehidpikbjfc":{"blacklist":true},"nihhbeikpchdddoillfdcdinnnnllmna":{"blacklist":true},"nlgapikcofpablcmfgaoodlhiejiehhh":{"blacklist":true},"nloaaepkhcnmoakooihnefhhggbmemed":{"blacklist":true},"nmgpbidjnaebdlbdbpjggenmbaolmfoi":{"blacklist":true},"nmmnodocfckpoddcgihiihcdinaonckb":{"blacklist":true},"nmphbnbmgfccfhcmibikmhcgajjpelpf":{"blacklist":true},"nnioepmjbjjlflmdgjanlcmbjahljeeo":{"blacklist":true},"nochkknnbahbhmmknnmdhagelcnfagom":{"blacklist":true},"noefghcilkpcabnhhilojimkkjplhcnd":{"blacklist":true},"npadaghbcdejfngcjpbnoikajdnongca":{"blacklist":true},"npolaghondefgiomhkbiiompikfjneep":{"blacklist":true},"oakhllhnbcpgagdafgbninlpjdemdmjk":{"blacklist":true},"oanjogmonneelfpnfmdlalfddkeckdej":{"blacklist":true},"obgljnmbldahelaakfdbjkplokjoneip":{"blacklist":true},"ocmhjnhildbnglmlfimkjnnfgddelacb":{"blacklist":true},"ocnlnkjmfnolmbclblfhfhcakldceiec":{"blacklist":true},"odnamglmogfldajnhkfodmloofeokcmm":{"blacklist":true},"oghphhcagopecifjblgdcfihjnlcbcfc":{"blacklist":true},"ogjbodghhojomghbdfnlkppdagkfjede":{"blacklist":true},"oidjdpbndkjhmhmgdoggibcjnippkcgo":{"blacklist":true},"ojglppmhgfohhfeinlhklglifnbfebak":{"blacklist":true},"ojmdhklabgbnnkkilmkcfcemdhognifc":{"blacklist":true},"omceiakkomngangmllpgbjcoeloglald":{"blacklist":true},"omnicnmbagoinlpamknknbcgopadcoci":{"blacklist":true},"onfbaaifbbahonepmednhkjbhdgogkbl":{"blacklist":true},"onjaecbdddgibdijafoemfiachlbcgkj":{"blacklist":true},"onpnpccdagncipgnoofbhchlbajcjnkd":{"blacklist":true},"oocfbmollajebjjpkahmlnclfhkjijea":{"blacklist":true},"ookcgejbfhcmcanfkfmmmpahflnlajbl":{"blacklist":true},"opnnngnphijodjhemhdafpnnpdjggofe":{"blacklist":true},"pajgiddgjidlcajihkjoacjbplimkgfe":{"blacklist":true},"pbdgmppmccanplobanhfkjndjkmmabgk":{"blacklist":true},"pbekednmpdekknlffkiopooofokfmkla":{"blacklist":true},"pbglijbamgmlcpnnpbfjkbdeheejjloj":{"blacklist":true},"pcaedgdgamlfffkfblocmakhgieggoak":{"blacklist":true},"peahabnpipmmfiajjjhgfggbeigbmbgp":{"blacklist":true},"peiijdmlgbelnnmnkighhkpeihmmamio":{"blacklist":true},"pfaooklcbjnkgconjjepimkohgcjmdji":{"blacklist":true},"pfcelnbmkeoaeicedjomcjkcammlkdbk":{"blacklist":true},"pfgmgcnbngcnhjddppmnloflcidemopc":{"blacklist":true},"pfhlnanelpgjbhndafjamnpfhkjadoip":{"blacklist":true},"pfoiaildicnbcjojocjlpcibenphhbln":{"blacklist":true},"pfonklmafadkmcedjlodommcoipgbcde":{"blacklist":true},"pgelifedkjaohmjehecojkfldinjlamn":{"blacklist":true},"pgjpnfpidejcmjibaaohcmehfohacckf":{"blacklist":true},"pgldfhecfiofkhnbgcncepnkjkeoahlk":{"blacklist":true},"phkpgooenaonkpnabopdbjjfmphclela":{"blacklist":true},"pihcfdffalbcnmbghijdfcaanagapelf":{"blacklist":true},"pjdhkkcnlbfebiokpeghfffajaabahfo":{"blacklist":true},"pjgbfgdpkbfimabdalhjmmeeelbmkcac":{"blacklist":true},"pjkljhegncpnkpknbcohdijeoejaedia":{"ack_external":true,"active_permissions":{"api":["notifications"]},"app_launcher_ordinal":"w","events":["runtime.onInstalled"],"from_bookmark":false,"from_webstore":true,"install_time":"12994915216081404","lastpingday":"12996576000214044","location":2,"manifest":{"app":{"launch":{"container":"tab","web_url":"hxxps://mail.google.com/mail/ca"},"urls":["*://mail.google.com/mail/ca"]},"current_locale":"en_US","default_locale":"en","description":"Fast, searchable email with less spam.","icons":{"128":"128.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDCuGglK43iAz3J9BEYK/Mz6ZhloIMMDqQSAaf3vJt4eHbTbSDsu4WdQ9dQDRcKlg8nwQdePBt0C3PSUBtiSNSS37Z3qEGfS7LCju3h6pI1Yr9MQtxw+jUa7kXXIS09VV73pEFUT/F7c6Qe8L5ZxgAcBvXBh1Fie63qb02I9XQ/CQIDAQAB","name":"Gmail","options_page":"hxxps://mail.google.com/mail/ca/#settings","permissions":["notifications"],"update_url":"hxxp://clients2.google.com/service/update2/crx","version":"7"},"page_ordinal":"n","path":"pjkljhegncpnkpknbcohdijeoejaedia\\7_0","state":1},"pjloefkigphblpjminnlpbhjchjafcfc":{"blacklist":true},"pkbbbncikcipejaiiiioboongndhmjgl":{"blacklist":true},"pkbkkendemaimikinaefldfljliecapm":{"blacklist":true},"pkhidkonipdjidjglnkfcfhnkfnlefbk":{"blacklist":true},"plfijddblbcdcnammpdmfccchkbdekmm":{"blacklist":true},"pnaiiipilbpcceggeanphcpkkihnojan":{"blacklist":true},"pndadpldhngimdmhnajebjldbmcbpjol":{"blacklist":true},"pnnbdjcjeiobikdfikegpclkcimgafpp":{"blacklist":true},"pnpfkfanlgljpkpilhgiimfadggfmhcd":{"blacklist":true},"pnpgiaejfbdapllkchhgchjpdbcpiooa":{"blacklist":true},"pobponmhkpmphbnfhpjdagklbkmjhked":{"blacklist":true},"ppmfajacidhcjbddpgmcmigffpppcadd":{"blacklist":true},"fgkbmedckhcibhkdhaokebnllokeokek":{"ack_external":true}},"toolbar":["mkfokfffehpeedafpekjeddnmnjhmcmk"],"toolbarsize":-1},"first_run_tabs":["hxxp://www.google.com/","hxxp://welcome_page"],"homepage":"hxxp://search.conduit.com/?ctid=CT3247201&SearchSource=48","homepage_is_newtabpage":false,"net":{"hxxp_server_properties":{"servers":{"accounts.google.com:443":{"settings":{"4":100},"supports_spdy":true},"apis.google.com:443":{"settings":{"4":100,"5":25,"6":0},"supports_spdy":true},"clients2.google.com:443":{"settings":{"4":100,"5":10,"6":0},"supports_spdy":true},"p5-vyewdf5hgi5q6-gjn2fsbrrfg3vkmo-919848-i1-v6exp3-v4.metric.gstatic.com:443":{"settings":{"4":100},"supports_spdy":true},"p5-vyewdf5hgi5q6-gjn2fsbrrfg3vkmo-919848-s1-v6exp3-v4.metric.gstatic.com:443":{"settings":{"4":100},"supports_spdy":true},"ssl.gstatic.com:443":{"settings":{"4":100,"5":23,"6":0},"supports_spdy":true},"www.google.com:443":{"settings":{"4":100,"5":10,"6":0},"supports_spdy":true},"www.gstatic.com:443":{"settings":{"4":100,"5":32,"6":0},"supports_spdy":true}},"version":1}},"ntp":{"app_page_names":["Apps"],"promo_resource_cache_update":"1352144474.527044"},"plugins":{"enabled_internal_pdf3":true,"enabled_nacl":true,"last_internal_directory":"C:\\Program Files\\Google\\Chrome\\Application\\22.0.1229.94","migrated_to_pepper_flash":true,"plugins_list":[{"enabled":true,"name":"Shockwave Flash","path":"C:\\Program Files\\Google\\Chrome\\Application\\22.0.1229.94\\PepperFlash\\pepflashplayer.dll","version":"11.4.31.110"},{"enabled":true,"name":"Flash"},{"enabled":true,"name":"Chrome Remote Desktop Viewer","path":"internal-remoting-viewer","version":""},{"enabled":true,"name":"Chrome Remote Desktop Viewer"},{"enabled":true,"name":"Native Client","path":"C:\\Program Files\\Google\\Chrome\\Application\\22.0.1229.94\\ppGoogleNaClPluginChrome.dll","version":""},{"enabled":true,"name":"Native Client"},{"enabled":true,"name":"Chrome PDF Viewer","path":"C:\\Program Files\\Google\\Chrome\\Application\\22.0.1229.94\\pdf.dll","version":""},{"enabled":true,"name":"Chrome PDF Viewer"},{"enabled":true,"name":"Adobe Acrobat","path":"C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\Browser\\nppdf32.dll","version":"8.0.0.2006102200"},{"enabled":false,"name":"Adobe Acrobat"},{"enabled":true,"name":"Google Update","path":"C:\\Program Files\\Google\\Update\\1.3.21.123\\npGoogleUpdate3.dll","version":"1.3.21.123"},{"enabled":true,"name":"Google Update"},{"enabled":true,"name":"Java™ Platform SE 6 U35","path":"C:\\Program Files\\Java\\jre6\\bin\\plugin2\\npjp2.dll","version":"6.0.350.10"},{"enabled":true,"name":"Java Deployment Toolkit 6.0.350.10","path":"C:\\Windows\\system32\\npdeployJava1.dll","version":"6.0.350.10"},{"enabled":true,"name":"Java"},{"enabled":true,"name":"RealNetworks Rhapsody Player Engine","path":"C:\\Program Files\\Real\\RhapsodyPlayerEngine\\nprhapengine.dll","version":"1.0.2.603"},{"enabled":true,"name":"RealNetworks Rhapsody Player Engine"},{"enabled":true,"name":"Silverlight Plug-In","path":"c:\\Program Files\\Microsoft Silverlight\\4.1.10329.0\\npctrl.dll","version":"4.1.10329.0"},{"enabled":true,"name":"Silverlight"},{"enabled":true,"name":"Windows Presentation Foundation","path":"c:\\Windows\\Microsoft.NET\\Framework\\v3.5\\Windows Presentation Foundation\\NPWPF.dll","version":"3.5.30729.1 built by: SP"},{"enabled":true,"name":"Windows Presentation Foundation"}]},"profile":{"avatar_index":0,"content_settings":{"clear_on_exit_migrated":true,"pref_version":1},"exited_cleanly":true,"name":"First user","shortcut_created":true},"session":{"restore_on_startup":4,"restore_on_startup_migrated":true,"urls_to_restore_on_startup":["hxxp://www.google.com/",["hxxp://search.conduit.com/?ctid=CT3247201&SearchSource=48"]]},"sync_promo":{"show_on_first_run_allowed":false}}

*************************

AdwCleaner[S1].txt - [42616 octets] - [06/11/2012 00:11:11]

########## EOF - C:\AdwCleaner[S1].txt - [42677 octets] ##########

Update on how my computer is running:
It's better, most of my desktop icons have been restored; however, Norton antivirus 2012 is still showing the boot.tidserv virus is still on my computer.

I just reran the Norton and now it is showing that that the virus has been resolved. Yeah!

Please advise as to the next step to complete if there are any remaining in this process.

Thanks Cruise for all your help.