Jump to content

Build Theme!
  •  
  • Infected?

Welcome to What the Tech Forums - Register now for FREE

We're your place for tech questions. Join 87594 others, and join the conversation. Ask questions. Find answers. Share your ideas and opinions. Browse our community. You'll find experts who enjoy helping others. Who explain technical issues in a non-technical way that anyone can understand. Create an account today (it's 100% free)!

Create an Account Login to Account


Photo

Browser Hijacked, Trojan? [Solved]


  • This topic is locked This topic is locked
20 replies to this topic

#1 Jaclyn

Jaclyn

    Authentic Member

  • Authentic Member
  • PipPip
  • 66 posts

Posted 03 September 2012 - 04:20 PM

browser is hijacked and antivirus program shows viruses.


OTL logfile created on: 9/3/2012 6:10:39 PM - Run 1
OTL by OldTimer - Version 3.2.60.0 Folder = C:\Users\Jack\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.91 Gb Total Physical Memory | 3.97 Gb Available Physical Memory | 67.17% Memory free
11.82 Gb Paging File | 9.87 Gb Available in Paging File | 83.52% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 919.58 Gb Total Space | 864.22 Gb Free Space | 93.98% Space Free | Partition Type: NTFS
Drive D: | 11.83 Gb Total Space | 1.45 Gb Free Space | 12.25% Space Free | Partition Type: NTFS
Drive E: | 338.06 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: ZEKE-HP | User Name: Jack | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Jack\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
PRC - C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
PRC - C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit Inc.)
PRC - C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe (HP)
PRC - C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe (HP)
PRC - C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe (HP)
PRC - C:\Program Files (x86)\PDF Complete\pdfsvc.exe (PDF Complete Inc)
PRC - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
PRC - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe (Roxio)
PRC - C:\Program Files (x86)\McAfee Security Scan\2.0.189\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)


========== Modules (No Company Name) ==========


========== Services (SafeList) ==========

SRV:64bit: - (HPAuto) -- C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe (Hewlett-Packard)
SRV:64bit: - (HPClientSvc) -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe (Hewlett-Packard Company)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (Application Updater) -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (IntuitUpdateServiceV4) -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit Inc.)
SRV - (HP Support Assistant Service) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Hewlett-Packard Company)
SRV - (FPLService) -- C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe (HP)
SRV - (pdfcDispatcher) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe (PDF Complete Inc)
SRV - (HPDrvMntSvc.exe) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (SeaPort) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe (Intel Corporation)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (RoxioNow Service) -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe (Roxio)
SRV - (HPSLPSVC) -- C:\Program Files (x86)\Hp\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.)
SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.)
SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\2.0.189\McCHSvc.exe (McAfee, Inc.)
SRV - (NOBU) -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe (Symantec Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (AVGIDSHA) -- C:\Windows\SysNative\drivers\avgidsha.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AVGIDSFilter) -- C:\Windows\SysNative\drivers\avgidsfiltera.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (pmxdrv) -- C:\Windows\SysNative\drivers\pmxdrv.sys ()
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (netr28x) -- C:\Windows\SysNative\drivers\netr28x.sys (Ralink Technology, Corp.)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&...is&o=HPDTDF
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....amp;type=HPDTDF
IE:64bit: - HKLM\..\SearchScopes\{CBEE8B4A-B645-4BB3-985F-45A1625B4BE7}: "URL" = http://www.amazon.co...s={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&...is&o=HPDTDF
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....amp;type=HPDTDF
IE - HKLM\..\SearchScopes\{CBEE8B4A-B645-4BB3-985F-45A1625B4BE7}: "URL" = http://www.amazon.co...s={searchTerms}
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/HPDSK/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
IE - HKCU\..\URLSearchHook: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YTD Toolbar\IE\6.2\ytdToolbarIE.dll (Spigot, Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {8542D6A7-F796-42C2-9B61-7D8CD69AB665}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&...is&o=HPDTDF
IE - HKCU\..\SearchScopes\{8542D6A7-F796-42C2-9B61-7D8CD69AB665}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKCU\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....amp;type=HPDTDF
IE - HKCU\..\SearchScopes\{CBEE8B4A-B645-4BB3-985F-45A1625B4BE7}: "URL" = http://www.amazon.co...s={searchTerms}
IE - HKCU\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKCU\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=937811"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..keyword.URL: "http://search.yahoo....type=937811&p="
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_265.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\6\NP_wtapp.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012/07/17 09:28:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/01/03 18:03:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012/07/02 08:58:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\quickprint@hp.com: C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2011/01/26 15:27:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/08/15 16:09:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/08/31 19:17:11 | 000,000,000 | ---D | M]

[2011/12/19 12:21:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jack\AppData\Roaming\Mozilla\Extensions
[2012/09/03 14:32:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jack\AppData\Roaming\Mozilla\Firefox\Profiles\vgt1h20z.default\extensions
[2012/03/05 00:04:20 | 000,000,000 | ---D | M] (Coupon Alert) -- C:\Users\Jack\AppData\Roaming\Mozilla\Firefox\Profiles\vgt1h20z.default\extensions\2pffxtbr@CouponAlert_2p.com
[2012/07/24 10:21:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/07/24 10:21:42 | 000,000,000 | ---D | M] (TrueSuite Website Logon) -- C:\Program Files (x86)\Mozilla Firefox\extensions\websitelogon@truesuite.com
[2012/07/20 08:43:22 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/02/07 00:40:23 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\NPcol400.dll
[2011/07/13 17:52:56 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll
[2011/07/13 17:52:58 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll
[2012/05/14 22:24:04 | 000,003,739 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/06/27 10:40:39 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/06/27 10:40:39 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll (HP)
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll (HP)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (YTD Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YTD Toolbar\IE\6.2\ytdToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (YTD Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YTD Toolbar\IE\6.2\ytdToolbarIE.dll (Spigot, Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKLM..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : SmartPrint - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0F6796A7-F9F3-4EB2-941F-1588FCCD102D}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/09/09 17:45:49 | 000,000,129 | R--- | M] () - E:\Autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)


Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/09/03 16:40:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2012/09/03 14:40:14 | 000,000,000 | ---D | C] -- C:\Users\Jack\AppData\Roaming\Malwarebytes
[2012/09/03 14:40:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/09/03 14:40:09 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2012/09/03 14:40:06 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/09/03 14:40:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/09/03 14:40:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/09/03 14:38:10 | 000,000,000 | ---D | C] -- C:\Users\Jack\AppData\Local\HP
[2012/09/01 20:09:04 | 000,000,000 | ---D | C] -- C:\Users\Jack\AppData\Local\AuthenTec
[2012/08/31 19:17:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/08/31 19:17:11 | 000,821,736 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2012/08/31 19:17:11 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2012/08/31 19:17:03 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012/08/31 19:17:03 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2012/08/31 19:17:03 | 000,095,208 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2012/08/15 16:09:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Coupons
[2012/08/08 14:01:07 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[2012/08/06 09:04:52 | 000,778,088 | ---- | C] (Hewlett-Packard Co.) -- C:\Windows\SysNative\HPDiscoPM5912.dll

========== Files - Modified Within 30 Days ==========

[2012/09/03 17:48:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/09/03 17:12:23 | 000,315,254 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2012/09/03 16:40:54 | 000,696,520 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/09/03 16:40:54 | 000,073,416 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/09/03 15:06:43 | 000,024,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/03 15:06:43 | 000,024,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/03 15:06:11 | 000,778,660 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/09/03 15:06:11 | 000,660,068 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/09/03 15:06:11 | 000,120,996 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/09/03 14:59:15 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForZeke.job
[2012/09/03 14:59:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/09/03 14:59:05 | 463,351,807 | -HS- | M] () -- C:\hiberfil.sys
[2012/09/03 14:33:27 | 093,601,386 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012/09/02 21:20:48 | 000,002,450 | ---- | M] () -- C:\Users\Public\Desktop\WildTangent Games App - hp.lnk
[2012/08/31 19:16:59 | 000,095,208 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2012/08/31 19:16:58 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2012/08/31 19:16:58 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2012/08/31 19:16:58 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2012/08/31 19:16:58 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012/08/31 19:16:58 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2012/08/30 00:23:59 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForZEKE-HP$.job
[2012/08/26 23:12:00 | 000,210,722 | ---- | M] () -- C:\Windows\hpoins21.dat
[2012/08/26 23:10:22 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\CN25NBR1SK05KD
[2012/08/13 16:57:04 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForMike&Matt.job
[2012/08/06 09:04:51 | 000,002,166 | ---- | M] () -- C:\Users\Public\Desktop\HP Officejet Pro 8600.lnk
[2012/08/06 09:04:51 | 000,001,860 | ---- | M] () -- C:\Users\Public\Desktop\HP ePrintCenter - HP Officejet Pro 8600.lnk
[2012/08/06 09:04:51 | 000,001,154 | ---- | M] () -- C:\Users\Public\Desktop\Shop for Supplies - HP Officejet Pro 8600.lnk
[2012/08/06 09:03:09 | 000,000,057 | ---- | M] () -- C:\ProgramData\Ament.ini

========== Files Created - No Company Name ==========

[2012/09/03 14:59:32 | 000,232,960 | ---- | C] () -- C:\Windows\Installer\{3fc22eb8-6828-94c8-a4f9-b7155f238540}\U\00000008.@
[2012/09/03 14:59:29 | 000,016,896 | ---- | C] () -- C:\Windows\Installer\{3fc22eb8-6828-94c8-a4f9-b7155f238540}\U\80000000.@
[2012/09/03 14:59:29 | 000,001,632 | ---- | C] () -- C:\Windows\Installer\{3fc22eb8-6828-94c8-a4f9-b7155f238540}\U\000000cb.@
[2012/08/26 23:10:22 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\CN25NBR1SK05KD
[2012/08/13 16:38:17 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForMike&Matt.job
[2012/08/08 13:55:48 | 000,090,624 | ---- | C] () -- C:\Windows\Installer\{3fc22eb8-6828-94c8-a4f9-b7155f238540}\U\80000032.@
[2012/08/08 13:55:45 | 000,002,048 | ---- | C] () -- C:\Windows\Installer\{3fc22eb8-6828-94c8-a4f9-b7155f238540}\U\00000004.@
[2012/08/08 13:55:45 | 000,000,804 | ---- | C] () -- C:\Windows\Installer\{3fc22eb8-6828-94c8-a4f9-b7155f238540}\L\00000004.@
[2012/08/08 13:55:43 | 000,077,824 | ---- | C] () -- C:\Windows\Installer\{3fc22eb8-6828-94c8-a4f9-b7155f238540}\U\80000064.@
[2012/08/06 09:04:51 | 000,002,166 | ---- | C] () -- C:\Users\Public\Desktop\HP Officejet Pro 8600.lnk
[2012/08/06 09:04:51 | 000,001,860 | ---- | C] () -- C:\Users\Public\Desktop\HP ePrintCenter - HP Officejet Pro 8600.lnk
[2012/08/06 09:04:51 | 000,001,154 | ---- | C] () -- C:\Users\Public\Desktop\Shop for Supplies - HP Officejet Pro 8600.lnk
[2012/08/06 09:03:09 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2012/07/10 17:46:42 | 000,232,960 | ---- | C] () -- C:\Users\Zeke\AppData\Local\{3fc22eb8-6828-94c8-a4f9-b7155f238540}\U\00000008.@
[2012/07/10 17:46:35 | 000,080,896 | ---- | C] () -- C:\Users\Zeke\AppData\Local\{3fc22eb8-6828-94c8-a4f9-b7155f238540}\U\80000064.@
[2012/07/10 17:46:35 | 000,000,804 | ---- | C] () -- C:\Users\Zeke\AppData\Local\{3fc22eb8-6828-94c8-a4f9-b7155f238540}\L\00000004.@
[2012/07/10 17:46:34 | 000,002,048 | ---- | C] () -- C:\Users\Zeke\AppData\Local\{3fc22eb8-6828-94c8-a4f9-b7155f238540}\U\00000004.@
[2012/07/10 17:46:33 | 000,095,744 | ---- | C] () -- C:\Users\Zeke\AppData\Local\{3fc22eb8-6828-94c8-a4f9-b7155f238540}\U\80000032.@
[2012/07/10 17:46:32 | 000,016,896 | ---- | C] () -- C:\Users\Zeke\AppData\Local\{3fc22eb8-6828-94c8-a4f9-b7155f238540}\U\80000000.@
[2012/07/10 17:46:13 | 000,001,632 | ---- | C] () -- C:\Users\Zeke\AppData\Local\{3fc22eb8-6828-94c8-a4f9-b7155f238540}\U\000000cb.@
[2012/03/24 20:21:31 | 000,000,469 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2012/01/11 06:58:39 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{3fc22eb8-6828-94c8-a4f9-b7155f238540}\@
[2012/01/11 06:58:39 | 000,002,048 | -HS- | C] () -- C:\Users\Zeke\AppData\Local\{3fc22eb8-6828-94c8-a4f9-b7155f238540}\@
[2012/01/03 23:00:21 | 000,005,474 | ---- | C] () -- C:\Windows\hpomdl21.dat.temp
[2012/01/03 18:00:09 | 000,210,722 | ---- | C] () -- C:\Windows\hpoins21.dat
[2012/01/03 18:00:08 | 000,005,474 | ---- | C] () -- C:\Windows\hpomdl21.dat
[2011/12/19 12:04:44 | 000,000,632 | RHS- | C] () -- C:\Users\Jack\ntuser.pol
[2011/10/05 17:30:50 | 000,002,792 | ---- | C] () -- C:\Program Files\HP SimplePass 2011
[2011/10/05 17:09:35 | 000,960,940 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011/10/05 17:09:34 | 000,213,332 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011/10/05 17:09:33 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011/06/21 03:07:00 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL
[2011/02/11 13:15:43 | 000,772,558 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

========== LOP Check ==========

[2011/12/19 12:05:17 | 000,000,000 | ---D | M] -- C:\Users\Jack\AppData\Roaming\AVG2012
[2009/07/14 01:08:49 | 000,015,920 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2011/02/11 13:00:42 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2012/09/03 14:59:05 | 463,351,807 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/05 16:52:19 | 000,000,000 | RHS- | M] () -- C:\OS
[2012/09/03 14:59:05 | 2049,458,175 | -HS- | M] () -- C:\pagefile.sys

< %systemroot%\Fonts\*.com >
[2009/07/14 01:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/14 01:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 01:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 01:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/06/10 16:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2012/03/08 18:37:20 | 000,302,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009/07/14 00:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2009/07/14 00:49:38 | 000,000,146 | -HS- | M] () -- C:\Users\Jack\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

========== Alternate Data Streams ==========

@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:0B4227B4

< End of report >

OTL Extras logfile created on: 9/3/2012 6:10:39 PM - Run 1
OTL by OldTimer - Version 3.2.60.0 Folder = C:\Users\Jack\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.91 Gb Total Physical Memory | 3.97 Gb Available Physical Memory | 67.17% Memory free
11.82 Gb Paging File | 9.87 Gb Available in Paging File | 83.52% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 919.58 Gb Total Space | 864.22 Gb Free Space | 93.98% Space Free | Partition Type: NTFS
Drive D: | 11.83 Gb Total Space | 1.45 Gb Free Space | 12.25% Space Free | Partition Type: NTFS
Drive E: | 338.06 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: ZEKE-HP | User Name: Jack | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [MediaMonkey.1Play] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.)
Directory [MediaMonkey.2PlayNext] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.)
Directory [MediaMonkey.3Enqueue] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [MediaMonkey.1Play] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.)
Directory [MediaMonkey.2PlayNext] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.)
Directory [MediaMonkey.3Enqueue] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{054EF02F-95D8-48F4-9EEB-2F9CE3072ED8}" = AuthenTec TrueAPI
"{05EFBF37-0E52-4579-875C-7EEF0DFB4FCB}" = Network64
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services
"{2D5E3D2B-919F-407C-8757-E64827518BB6}" = HP Officejet Pro 8600 Basic Device Software
"{3C8159DD-1890-4625-A5B2-E3D8D78D4486}" = AVG 2012
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{988329F4-A1A1-4D51-803C-EF2725A97627}" = HP Photosmart All-In-One Driver Software 13.0 Rel. 2
"{A108BD40-0A8C-4385-8874-74C4B6086CC3}" = AVG 2012
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
"{D79A02E9-6713-4335-9668-AAC7474C0C0E}" = HP Vision Hardware Diagnostics
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F792E5B0-11C4-4C68-8A63-FB5F52749180}" = HP Officejet Pro 8600 Product Improvement Study
"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
"AVG" = AVG 2012
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing 4.51
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Shop for HP Supplies" = Shop for HP Supplies

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00FF4EB6-6AAC-4E9D-A60A-8F388691BB27}" = HP SimplePass PE 2011
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0EDEB615-1A60-425E-8306-0E10519C7B55}" = RoxioNow Player
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{120262A6-7A4B-4889-AE85-F5E5688D3683}" = HP MovieStore
"{16FC3056-90C0-4757-8A68-64D8DA846ADA}" = Remote Graphics Receiver
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 3.5
"{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}" = Bing Bar
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20EFC9AA-BBC1-4DFD-81FF-99654F71CBF8}" = HPPhotoSmartDiscLabel_PrintOnDisc
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy
"{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4D090F70-6F08-4B60-9357-A1DFD4458F09}" = Microsoft Mathematics
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1" = AVG PC Tuneup
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{685B0843-6C8D-4E42-B60D-2B86B45526E0}" = PS_AIO_02_Software_Min
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6C528316-05A0-4594-A949-94B792EC396C}" = TurboTax 2011 wpaiper
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.2.0
"{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}" = HP Support Assistant
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App (HP Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}" = HP Support Information
"{7FB00B6B-6843-97EC-EED6-78BD6D35370A}" = Zinio Reader 4
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = 802.11n Wireless LAN Card
"{9008D736-35CA-40DB-A2BE-5F32D954E5AA}" = HP MovieStore
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{912CED74-88D3-4C5B-ACB0-132318649765}" = PressReader
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9368DDD5-CE7F-4BD7-A83A-F00FABE338EC}" = Blio
"{94F8D42D-BB31-4858-9705-7D756D8D9655}" = PS_AIO_02_Software
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = HP Setup Manager
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B28635AB-1DF3-4F07-BFEA-975D911B549B}" = hpphotosmartdisclabelplugin
"{B6F5C6D8-C443-4B55-932F-AE11B5743FC4}" = HP Officejet Pro 8600 Help
"{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer
"{BCC315E7-2E8F-4EFD-8A0B-F8F276FE73F2}" = YTD Toolbar v6.2
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C01A86F5-56E7-101F-9BC9-E3F1025EB779}" = Intel® Identity Protection Technology 1.1.2.0
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CAF5B770-082F-40C4-853D-3973BB81BDAA}" = TurboTax 2011 WinPerTaxSupport
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D35B72B6-F0E4-462B-BDEB-E08032B3B681}" = HP Setup
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{D86B0E2E-DF9A-441C-AF77-8D1A0FF00FA6}" = AIO_Scan
"{D9D8F2CF-FE2D-4644-9762-01F916FE90A9}" = HPPhotoSmartDiscLabel_PaperLabel
"{DB3147AB-4024-4773-8EC0-A1FE5B44933D}" = HP LinkUp
"{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E463E171-4082-4744-A466-F7CBE8502789}" = TurboTax 2011 WinPerReleaseEngine
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EE556A3E-EB37-4392-9637-BAA8EC2F47FA}" = TurboTax 2011 wrapper
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"{FAD3D68B-2F9C-459B-AA79-C04B9090FD72}" = TurboTax 2011 WinPerFedFormset
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Coupon Printer for Windows5.0.0.1" = Coupon Printer for Windows
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FileStream pcPhotos" = FileStream pcPhotos
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"Kobo" = Kobo
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"McAfee Security Scan" = McAfee Security Scan Plus
"MediaMonkey_is1" = MediaMonkey 3.1
"Mozilla Firefox 14.0.1 (x86 en-US)" = Mozilla Firefox 14.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"PDF Complete" = PDF Complete Special Edition
"Rhapsody" = Rhapsody
"SyncBack_is1" = SyncBack
"TurboTax 2011" = TurboTax 2011
"VIP Access SDK" = VIP Access SDK (1.0.1.4)
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite" = Windows Live Essentials
"WTA-11f2f337-e62e-43e0-bc7c-eb0192c4569a" = Vacation Quest - The Hawaiian Islands
"WTA-230ebde5-e2aa-4d01-b228-bc100df002cd" = Agatha Christie - Peril at End House
"WTA-409df81a-8b37-4592-9784-ecff9b88d0ad" = Jewel Quest: The Sleepless Star - Collector's Edition
"WTA-470e2bee-2de1-49cc-97df-79f5367b22be" = Plants vs. Zombies - Game of the Year
"WTA-4c1d531a-5ebd-41a2-8d17-e42d767c132d" = Blackhawk Striker 2
"WTA-5391b64e-4d80-4643-8724-de572ecd1f0e" = Blasterball 3
"WTA-5b706047-8f48-476f-bfae-f14ffeef3cb8" = Mystery of Mortlake Mansion
"WTA-5ea8a6b2-b777-4b53-a433-30fe79752a9c" = Poker Superstars III
"WTA-713fb09c-19fa-4cd7-b645-90d851d740c3" = Virtual Villagers 5 - New Believers
"WTA-7da56451-7769-420e-a5f5-14aa98d1b33c" = Namco All-Stars: PAC-MAN
"WTA-89ccc4aa-f517-44f7-87ff-ccec15258491" = Cradle of Rome 2
"WTA-8fee4af8-0144-4b07-bf4d-c08cfb44f16c" = Bounce Symphony
"WTA-99424bb3-51d0-492b-98f1-e344eaeefe0c" = Mah Jong Medley
"WTA-9a27c006-5649-482d-9ffe-86c03dca17c9" = Polar Bowler
"WTA-9cd40b20-d5e0-420f-977d-89775d4d92da" = Chronicles of Albian
"WTA-a980a788-e984-4453-89d2-bbf795d53208" = Zuma Deluxe
"WTA-b1c0758c-d2ec-46f7-a2b9-8bb644f6d033" = Bejeweled 3
"WTA-b9a9abf7-22bf-467d-a636-f5583f54e488" = Penguins!
"WTA-ba6a9eb4-c681-483e-9e04-2a83bbd5e5c7" = Governor of Poker 2 Premium Edition
"WTA-c32e14ba-c8a5-4352-9519-6c51191cef73" = Cake Mania
"WTA-d59690d6-1fc2-4115-a044-1b22aa9409af" = Polar Golfer
"WTA-dd205137-13b0-4eb7-9700-e596ab85d579" = Chuzzle Deluxe
"WTA-ebb05533-3225-4d24-8924-e66d46cc67fa" = Farm Frenzy
"WTA-ec112294-be97-4ad5-858e-4f52c0536312" = FATE
"WTA-fbb644a1-a698-470c-8c30-6c0e9d20b049" = Slingo Supreme
"ZinioReader4" = Zinio Reader 4

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 2/28/2012 8:01:35 AM | Computer Name = Zeke-HP | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe_HomeGroupListener, version:
6.1.7600.16385, time stamp: 0x4a5bc3c1 Faulting module name: wmp.dll_unloaded, version:
0.0.0.0, time stamp: 0x4ce7ca81 Exception code: 0xc0000005 Fault offset: 0x000007fef27af3ea
Faulting
process id: 0x448 Faulting application start time: 0x01ccf1070085b0f3 Faulting application
path: C:\Windows\System32\svchost.exe Faulting module path: wmp.dll Report Id: f592b3bf-6203-11e1-ae02-386077829cb2

Error - 3/4/2012 8:23:38 PM | Computer Name = Zeke-HP | Source = Application Error | ID = 1000
Description = Faulting application name: Explorer.EXE, version: 6.1.7601.17567,
time stamp: 0x4d672ee4 Faulting module name: unknown, version: 0.0.0.0, time stamp:
0x00000000 Exception code: 0xc0000005 Fault offset: 0x00000000002d9090 Faulting process
id: 0x1d4c Faulting application start time: 0x01ccfa662ec40984 Faulting application
path: C:\Windows\Explorer.EXE Faulting module path: unknown Report Id: 73adf22d-6659-11e1-ae02-386077829cb2

Error - 3/4/2012 8:24:44 PM | Computer Name = Zeke-HP | Source = Application Error | ID = 1000
Description = Faulting application name: GameConsole-wt.exe, version: 4.0.15.18,
time stamp: 0x4f347e54 Faulting module name: unknown, version: 0.0.0.0, time stamp:
0x00000000 Exception code: 0xc0000005 Fault offset: 0x746f6e20 Faulting process id:
0x1048 Faulting application start time: 0x01ccfa664d7c9548 Faulting application path:
C:\Program Files (x86)\WildTangent Games\App\GameConsole-wt.exe Faulting module
path: unknown Report Id: 9b0c5518-6659-11e1-ae02-386077829cb2

Error - 3/24/2012 9:13:41 PM | Computer Name = Zeke-HP | Source = Application Hang | ID = 1002
Description = The program pdfvista.exe version 4.0.54.2001 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 120c Start
Time: 01cd0a1ef1807421 Termination Time: 12 Application Path: C:\Program Files (x86)\PDF
Complete\pdfvista.exe Report Id: bd5655aa-7617-11e1-9cfc-386077829cb2

Error - 3/27/2012 8:11:34 PM | Computer Name = Zeke-HP | Source = Application Error | ID = 1000
Description = Faulting application name: GameConsole-wt.exe, version: 4.0.15.18,
time stamp: 0x4f347e54 Faulting module name: ntdll.dll, version: 6.1.7601.17725,
time stamp: 0x4ec49b8f Exception code: 0xc0000005 Fault offset: 0x00038dc9 Faulting
process id: 0x23e0 Faulting application start time: 0x01cd0c7745d4224e Faulting application
path: C:\Program Files (x86)\WildTangent Games\App\GameConsole-wt.exe Faulting module
path: C:\Windows\SysWOW64\ntdll.dll Report Id: 93ab0160-786a-11e1-b04d-386077829cb2

Error - 4/29/2012 7:42:40 PM | Computer Name = Zeke-HP | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 9.0.8112.16421,
time stamp: 0x4d76255d Faulting module name: ntdll.dll, version: 6.1.7601.17725,
time stamp: 0x4ec49b8f Exception code: 0xc0000374 Fault offset: 0x000ce6c3 Faulting
process id: 0x20d0 Faulting application start time: 0x01cd2661b6c91b03 Faulting application
path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
C:\Windows\SysWOW64\ntdll.dll Report Id: 016c8875-9255-11e1-b83f-386077829cb2

Error - 5/6/2012 11:42:17 PM | Computer Name = Zeke-HP | Source = Application Error | ID = 1000
Description = Faulting application name: TrueSuiteService.exe, version: 5.3.0.194,
time stamp: 0x4df09290 Faulting module name: TrueSuiteService.exe, version: 5.3.0.194,
time stamp: 0x4df09290 Exception code: 0xc0000417 Fault offset: 0x0001280a Faulting
process id: 0x304 Faulting application start time: 0x01cd2c035c5cf571 Faulting application
path: C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe Faulting module
path: C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe Report Id:
a3fe5d39-97f6-11e1-8271-386077829cb2

Error - 5/14/2012 10:24:04 PM | Computer Name = Zeke-HP | Source = Application Error | ID = 1000
Description = Faulting application name: AVGTBInstall.exe, version: 11.0.0.9, time
stamp: 0x4f83f872 Faulting module name: AVGTBInstall.exe, version: 11.0.0.9, time
stamp: 0x4f83f872 Exception code: 0xc00000fd Fault offset: 0x000f01b7 Faulting process
id: 0x19a8 Faulting application start time: 0x01cd3241caa07d9b Faulting application
path: C:\Program Files (x86)\AVG\AVG2012\AVGTBInstall.exe Faulting module path:
C:\Program Files (x86)\AVG\AVG2012\AVGTBInstall.exe Report Id: 0a197159-9e35-11e1-a047-386077829cb2

Error - 6/29/2012 6:32:57 PM | Computer Name = Zeke-HP | Source = Application Error | ID = 1000
Description = Faulting application name: TrueSuiteService.exe, version: 5.3.0.194,
time stamp: 0x4df09290 Faulting module name: TrueSuiteService.exe, version: 5.3.0.194,
time stamp: 0x4df09290 Exception code: 0xc0000417 Fault offset: 0x0001280a Faulting
process id: 0x31c Faulting application start time: 0x01cd56471b64f555 Faulting application
path: C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe Faulting module
path: C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe Report Id:
5f6bc906-c23a-11e1-9d40-386077829cb2

Error - 7/7/2012 10:18:00 PM | Computer Name = Zeke-HP | Source = Application Error | ID = 1000
Description = Faulting application name: GameConsole-wt.exe, version: 4.0.16.40,
time stamp: 0x4f977452 Faulting module name: ntdll.dll, version: 6.1.7601.17725,
time stamp: 0x4ec49b8f Exception code: 0xc0000374 Fault offset: 0x000ce6c3 Faulting
process id: 0x18f8 Faulting application start time: 0x01cd5cafd6cf8cfc Faulting application
path: C:\Program Files (x86)\WildTangent Games\App\GameConsole-wt.exe Faulting module
path: C:\Windows\SysWOW64\ntdll.dll Report Id: 23251728-c8a3-11e1-8f97-386077829cb2

[ Hewlett-Packard Events ]
Error - 6/5/2012 4:14:58 PM | Computer Name = Zeke-HP | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467262HPSF.exe at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(Data
Row
dr, Boolean bOnlyDetected, HPSASession SFSession) Message: Unable to cast object
of type 'System.DBNull' to type 'System.String'. StackTrace: at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(Data
Row
dr, Boolean bOnlyDetected, HPSASession SFSession) Source: HP.SupportAssistant.Common

Name:
HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\HPSF.exe Format: en-US RAM: 6050 Ram Utilization: 30 TargetSite: Void SaveSessionInfo(System.Data.DataRow,
Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession)

Error - 6/27/2012 10:27:00 AM | Computer Name = Zeke-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 6/27/2012 11:59:01 AM | Computer Name = Zeke-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 6/27/2012 4:04:43 PM | Computer Name = Zeke-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 6/27/2012 9:14:37 PM | Computer Name = Zeke-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 8/7/2012 4:24:16 PM | Computer Name = Zeke-HP | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467262 at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(Data
Row
dr, Boolean bOnlyDetected, HPSASession SFSession) Message: Unable to cast object
of type 'System.DBNull' to type 'System.String'. StackTrace: at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(Data
Row
dr, Boolean bOnlyDetected, HPSASession SFSession) Source: HP.SupportAssistant.Common

Name:
HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\HPSF.exe Format: en-US RAM: 6050 Ram Utilization: 30 TargetSite: Void SaveSessionInfo(System.Data.DataRow,
Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession)

Error - 8/7/2012 4:24:17 PM | Computer Name = Zeke-HP | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467262HPSF.exe at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(Data
Row
dr, Boolean bOnlyDetected, HPSASession SFSession) Message: Unable to cast object
of type 'System.DBNull' to type 'System.String'. StackTrace: at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(Data
Row
dr, Boolean bOnlyDetected, HPSASession SFSession) Source: HP.SupportAssistant.Common

Name:
HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\HPSF.exe Format: en-US RAM: 6050 Ram Utilization: 30 TargetSite: Void SaveSessionInfo(System.Data.DataRow,
Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession)

Error - 8/14/2012 4:02:58 PM | Computer Name = Zeke-HP | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467262 at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(Data
Row
dr, Boolean bOnlyDetected, HPSASession SFSession) Message: Unable to cast object
of type 'System.DBNull' to type 'System.String'. StackTrace: at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(Data
Row
dr, Boolean bOnlyDetected, HPSASession SFSession) Source: HP.SupportAssistant.Common

Name:
HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\HPSF.exe Format: en-US RAM: 6050 Ram Utilization: 20 TargetSite: Void SaveSessionInfo(System.Data.DataRow,
Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession)

Error - 8/14/2012 4:02:58 PM | Computer Name = Zeke-HP | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467262HPSF.exe at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(Data
Row
dr, Boolean bOnlyDetected, HPSASession SFSession) Message: Unable to cast object
of type 'System.DBNull' to type 'System.String'. StackTrace: at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(Data
Row
dr, Boolean bOnlyDetected, HPSASession SFSession) Source: HP.SupportAssistant.Common

Name:
HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\HPSF.exe Format: en-US RAM: 6050 Ram Utilization: 20 TargetSite: Void SaveSessionInfo(System.Data.DataRow,
Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession)

Error - 8/21/2012 4:08:52 PM | Computer Name = Zeke-HP | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467262 at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(Data
Row
dr, Boolean bOnlyDetected, HPSASession SFSession) Message: Unable to cast object
of type 'System.DBNull' to type 'System.String'. StackTrace: at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(Data
Row
dr, Boolean bOnlyDetected, HPSASession SFSession) Source: HP.SupportAssistant.Common

Name:
HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\HPSF.exe Format: en-US RAM: 6050 Ram Utilization: 40 TargetSite: Void SaveSessionInfo(System.Data.DataRow,
Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession)

[ System Events ]
Error - 8/28/2012 11:38:36 PM | Computer Name = Zeke-HP | Source = Service Control Manager | ID = 7001
Description = The HomeGroup Provider service depends on the Function Discovery Resource
Publication service which failed to start because of the following error: %%-2147024891

Error - 8/28/2012 11:46:37 PM | Computer Name = Zeke-HP | Source = Service Control Manager | ID = 7023
Description = The Computer Browser service terminated with the following error:
%%1060

Error - 8/28/2012 11:46:38 PM | Computer Name = Zeke-HP | Source = Service Control Manager | ID = 7023
Description = The Function Discovery Resource Publication service terminated with
the following error: %%-2147024891

Error - 8/28/2012 11:46:39 PM | Computer Name = Zeke-HP | Source = Service Control Manager | ID = 7003
Description = The IKE and AuthIP IPsec Keying Modules service depends the following
service: BFE. This service might not be installed.

Error - 8/28/2012 11:46:40 PM | Computer Name = Zeke-HP | Source = Service Control Manager | ID = 7003
Description = The IPsec Policy Agent service depends the following service: BFE.
This service might not be installed.

Error - 8/28/2012 11:47:48 PM | Computer Name = Zeke-HP | Source = DCOM | ID = 10016
Description =

Error - 8/28/2012 11:50:07 PM | Computer Name = Zeke-HP | Source = Service Control Manager | ID = 7023
Description = The Function Discovery Resource Publication service terminated with
the following error: %%-2147024891

Error - 8/28/2012 11:50:07 PM | Computer Name = Zeke-HP | Source = Service Control Manager | ID = 7001
Description = The HomeGroup Provider service depends on the Function Discovery Resource
Publication service which failed to start because of the following error: %%-2147024891

Error - 8/29/2012 10:41:51 AM | Computer Name = Zeke-HP | Source = Service Control Manager | ID = 7001
Description = The HomeGroup Provider service depends on the Function Discovery Resource
Publication service which failed to start because of the following error: %%-2147024891

Error - 8/29/2012 10:41:51 AM | Computer Name = Zeke-HP | Source = Service Control Manager | ID = 7023
Description = The Function Discovery Resource Publication service terminated with
the following error: %%-2147024891


< End of report >

Similar Topics: Browser Hijacked, Trojan? [Solved]     x


#2 jeffce

jeffce

    Super Saiyan

  • Malware Team
  • 8,657 posts
  • MVP

Posted 03 September 2012 - 06:32 PM

Hi and Welcome!! :) My name is Jeff. I would be more than happy to take a look at your malware results logs and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:
  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.

IMPORTANT NOTE : Please do not delete anything unless instructed to.
DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.
Doing so could make your system inoperable and could require a full reinstall of your OS losing all your programs and data.


Vista and Windows 7 users:
These tools MUST be run from the executable (.exe) every time you run them
with Admin Rights (Right click, choose "Run as Administrator")


Stay with this topic until I give you the all clean post.
---------

**WARNING**Unfortunately one or more of the infections I have identified are Backdoor Trojans, IRCBots or other Malware capable of stealing very important information. You need to stop using all Internet Banking sites, change passwords to all sites with sensitive information from a clean computer and phone your bank to inform them that you may be a victim of identify theft. More often than not, we advise users that a full reinstallation of their Operating System is the only way to ensure that their computer will ever be 100% clean again.

Unfortunately I have found what is known as the ZeroAccess rootkit on your system. It is an especially nasty infection that can take quite some time to clean as well as may have damaged your system files itself. As a warning, during the cleaning (if you choose to do so) you may lose internet access with this computer and in the end we may need to reinstall the operating system anyway depending on the extent of the infection.

If you would like to format and reinstall your Operating System please let me know and we can assist you with that.

If you would like to continue with the cleaning, please continue with the following instructions and I will be more than happy to help. :)
----------

Please download TDSSKiller.zip
  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • click OK
  • Press Start Scan
  • If Malicious objects are found, select Skip by changing the Cure dropdown in the upper right.
  • Do Not Attempt To Fix Anything Now. We just need to look over the report and be sure we are removing the correct
    items.
  • Attach the log in your next reply
  • A copy of the log will be saved automatically to the root of the drive (typically C:\)
----------

#3 Jaclyn

Jaclyn

    Authentic Member

  • Authentic Member
  • PipPip
  • 66 posts

Posted 03 September 2012 - 08:36 PM

I have network attached storage. Would it be unwise to backup data to the network storage at this point? Is there a possibility that the network storage could be compromised as well? Log is below. 22:34:46.0833 5468 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48 22:34:47.0099 5468 ============================================================ 22:34:47.0099 5468 Current date / time: 2012/09/03 22:34:47.0099 22:34:47.0099 5468 SystemInfo: 22:34:47.0099 5468 22:34:47.0099 5468 OS Version: 6.1.7601 ServicePack: 1.0 22:34:47.0099 5468 Product type: Workstation 22:34:47.0099 5468 ComputerName: ZEKE-HP 22:34:47.0099 5468 UserName: Jack 22:34:47.0099 5468 Windows directory: C:\Windows 22:34:47.0099 5468 System windows directory: C:\Windows 22:34:47.0099 5468 Running under WOW64 22:34:47.0099 5468 Processor architecture: Intel x64 22:34:47.0099 5468 Number of processors: 4 22:34:47.0099 5468 Page size: 0x1000 22:34:47.0099 5468 Boot type: Normal boot 22:34:47.0099 5468 ============================================================ 22:34:47.0551 5468 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 22:34:47.0551 5468 ============================================================ 22:34:47.0551 5468 \Device\Harddisk0\DR0: 22:34:47.0551 5468 MBR partitions: 22:34:47.0551 5468 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000 22:34:47.0551 5468 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x72F2A800 22:34:47.0551 5468 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x72F5D000, BlocksNum 0x17A9000 22:34:47.0551 5468 ============================================================ 22:34:47.0582 5468 C: <-> \Device\Harddisk0\DR0\Partition2 22:34:47.0629 5468 D: <-> \Device\Harddisk0\DR0\Partition3 22:34:47.0629 5468 ============================================================ 22:34:47.0629 5468 Initialize success 22:34:47.0629 5468 ============================================================ 22:34:58.0003 5680 ============================================================ 22:34:58.0003 5680 Scan started 22:34:58.0003 5680 Mode: Manual; 22:34:58.0003 5680 ============================================================ 22:34:58.0830 5680 ================ Scan system memory ======================== 22:34:58.0830 5680 System memory - ok 22:34:58.0830 5680 ================ Scan services ============================= 22:34:59.0001 5680 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys 22:34:59.0017 5680 1394ohci - ok 22:34:59.0064 5680 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys 22:34:59.0064 5680 ACPI - ok 22:34:59.0079 5680 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys 22:34:59.0095 5680 AcpiPmi - ok 22:34:59.0235 5680 [ B2B64AF436FACCFA854DD397027C5360 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 22:34:59.0235 5680 AdobeFlashPlayerUpdateSvc - ok 22:34:59.0267 5680 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys 22:34:59.0267 5680 adp94xx - ok 22:34:59.0313 5680 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys 22:34:59.0313 5680 adpahci - ok 22:34:59.0345 5680 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys 22:34:59.0360 5680 adpu320 - ok 22:34:59.0391 5680 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 22:34:59.0407 5680 AeLookupSvc - ok 22:34:59.0438 5680 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys 22:34:59.0438 5680 AFD - ok 22:34:59.0469 5680 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys 22:34:59.0469 5680 agp440 - ok 22:34:59.0485 5680 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe 22:34:59.0485 5680 ALG - ok 22:34:59.0501 5680 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys 22:34:59.0501 5680 aliide - ok 22:34:59.0516 5680 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys 22:34:59.0516 5680 amdide - ok 22:34:59.0532 5680 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys 22:34:59.0532 5680 AmdK8 - ok 22:34:59.0547 5680 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys 22:34:59.0547 5680 AmdPPM - ok 22:34:59.0563 5680 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys 22:34:59.0563 5680 amdsata - ok 22:34:59.0594 5680 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys 22:34:59.0594 5680 amdsbs - ok 22:34:59.0610 5680 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys 22:34:59.0610 5680 amdxata - ok 22:34:59.0641 5680 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys 22:34:59.0641 5680 AppID - ok 22:34:59.0657 5680 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll 22:34:59.0657 5680 AppIDSvc - ok 22:34:59.0672 5680 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll 22:34:59.0672 5680 Appinfo - ok 22:34:59.0766 5680 [ 0805ECF10476A091999E4D59D0DB71A2 ] Application Updater C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe 22:34:59.0766 5680 Application Updater - ok 22:34:59.0781 5680 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys 22:34:59.0781 5680 arc - ok 22:34:59.0797 5680 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys 22:34:59.0797 5680 arcsas - ok 22:34:59.0875 5680 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe 22:34:59.0875 5680 aspnet_state - ok 22:34:59.0906 5680 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 22:34:59.0906 5680 AsyncMac - ok 22:34:59.0922 5680 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys 22:34:59.0922 5680 atapi - ok 22:34:59.0969 5680 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 22:34:59.0969 5680 AudioEndpointBuilder - ok 22:34:59.0984 5680 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll 22:34:59.0984 5680 AudioSrv - ok 22:35:00.0109 5680 [ D67719BCFDE5798F5C30D14EFED3BCAF ] AVGIDSAgent C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe 22:35:00.0156 5680 AVGIDSAgent - ok 22:35:00.0187 5680 [ 1B2E9FCDC26DC7C81D4131430E2DC936 ] AVGIDSDriver C:\Windows\system32\DRIVERS\avgidsdrivera.sys 22:35:00.0187 5680 AVGIDSDriver - ok 22:35:00.0218 5680 [ 0F293406F64B48D5D2F0D3A1117F3A83 ] AVGIDSFilter C:\Windows\system32\DRIVERS\avgidsfiltera.sys 22:35:00.0218 5680 AVGIDSFilter - ok 22:35:00.0218 5680 [ CFFC3A4A638F462E0561CB368B9A7A3A ] AVGIDSHA C:\Windows\system32\DRIVERS\avgidsha.sys 22:35:00.0218 5680 AVGIDSHA - ok 22:35:00.0234 5680 [ 59955B4C288DD2A8B9FD2CD5158355C5 ] Avgldx64 C:\Windows\system32\DRIVERS\avgldx64.sys 22:35:00.0249 5680 Avgldx64 - ok 22:35:00.0265 5680 [ A6AEC362AAE5E2DDA7445E7690CB0F33 ] Avgmfx64 C:\Windows\system32\DRIVERS\avgmfx64.sys 22:35:00.0265 5680 Avgmfx64 - ok 22:35:00.0281 5680 [ 645C7F0A0E39758A0024A9B1748273C0 ] Avgrkx64 C:\Windows\system32\DRIVERS\avgrkx64.sys 22:35:00.0281 5680 Avgrkx64 - ok 22:35:00.0296 5680 [ 1BEE674AD792B1C63BB0DAC5FA724B23 ] Avgtdia C:\Windows\system32\DRIVERS\avgtdia.sys 22:35:00.0296 5680 Avgtdia - ok 22:35:00.0312 5680 [ EA1145DEBCD508FD25BD1E95C4346929 ] avgwd C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe 22:35:00.0327 5680 avgwd - ok 22:35:00.0343 5680 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll 22:35:00.0359 5680 AxInstSV - ok 22:35:00.0374 5680 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys 22:35:00.0390 5680 b06bdrv - ok 22:35:00.0421 5680 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys 22:35:00.0421 5680 b57nd60a - ok 22:35:00.0468 5680 [ 93EE7D9C35AE7E9FFDA148D7805F1421 ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE 22:35:00.0468 5680 BBSvc - ok 22:35:00.0483 5680 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll 22:35:00.0483 5680 BDESVC - ok 22:35:00.0499 5680 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys 22:35:00.0499 5680 Beep - ok 22:35:00.0515 5680 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys 22:35:00.0515 5680 blbdrive - ok 22:35:00.0546 5680 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys 22:35:00.0546 5680 bowser - ok 22:35:00.0577 5680 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys 22:35:00.0577 5680 BrFiltLo - ok 22:35:00.0593 5680 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys 22:35:00.0593 5680 BrFiltUp - ok 22:35:00.0608 5680 [ 8EF0D5C41EC907751B8429162B1239ED ] Browser C:\Windows\System32\browser.dll 22:35:00.0608 5680 Browser - ok 22:35:00.0624 5680 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys 22:35:00.0639 5680 Brserid - ok 22:35:00.0655 5680 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys 22:35:00.0655 5680 BrSerWdm - ok 22:35:00.0671 5680 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys 22:35:00.0671 5680 BrUsbMdm - ok 22:35:00.0686 5680 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys 22:35:00.0702 5680 BrUsbSer - ok 22:35:00.0717 5680 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys 22:35:00.0717 5680 BTHMODEM - ok 22:35:00.0733 5680 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll 22:35:00.0733 5680 bthserv - ok 22:35:00.0733 5680 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 22:35:00.0749 5680 cdfs - ok 22:35:00.0780 5680 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys 22:35:00.0780 5680 cdrom - ok 22:35:00.0795 5680 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll 22:35:00.0795 5680 CertPropSvc - ok 22:35:00.0811 5680 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys 22:35:00.0811 5680 circlass - ok 22:35:00.0842 5680 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys 22:35:00.0842 5680 CLFS - ok 22:35:00.0889 5680 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 22:35:00.0889 5680 clr_optimization_v2.0.50727_32 - ok 22:35:00.0920 5680 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 22:35:00.0920 5680 clr_optimization_v2.0.50727_64 - ok 22:35:00.0967 5680 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 22:35:00.0967 5680 clr_optimization_v4.0.30319_32 - ok 22:35:00.0983 5680 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 22:35:00.0998 5680 clr_optimization_v4.0.30319_64 - ok 22:35:01.0014 5680 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys 22:35:01.0014 5680 CmBatt - ok 22:35:01.0029 5680 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys 22:35:01.0029 5680 cmdide - ok 22:35:01.0076 5680 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys 22:35:01.0076 5680 CNG - ok 22:35:01.0107 5680 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys 22:35:01.0107 5680 Compbatt - ok 22:35:01.0139 5680 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys 22:35:01.0139 5680 CompositeBus - ok 22:35:01.0139 5680 COMSysApp - ok 22:35:01.0154 5680 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys 22:35:01.0154 5680 crcdisk - ok 22:35:01.0185 5680 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll 22:35:01.0185 5680 CryptSvc - ok 22:35:01.0217 5680 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll 22:35:01.0232 5680 DcomLaunch - ok 22:35:01.0248 5680 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll 22:35:01.0263 5680 defragsvc - ok 22:35:01.0295 5680 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys 22:35:01.0295 5680 DfsC - ok 22:35:01.0326 5680 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll 22:35:01.0326 5680 Dhcp - ok 22:35:01.0341 5680 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys 22:35:01.0341 5680 discache - ok 22:35:01.0388 5680 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys 22:35:01.0388 5680 Disk - ok 22:35:01.0419 5680 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll 22:35:01.0419 5680 Dnscache - ok 22:35:01.0435 5680 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll 22:35:01.0435 5680 dot3svc - ok 22:35:01.0435 5680 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll 22:35:01.0451 5680 DPS - ok 22:35:01.0466 5680 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 22:35:01.0466 5680 drmkaud - ok 22:35:01.0497 5680 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 22:35:01.0497 5680 DXGKrnl - ok 22:35:01.0529 5680 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll 22:35:01.0529 5680 EapHost - ok 22:35:01.0591 5680 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys 22:35:01.0622 5680 ebdrv - ok 22:35:01.0653 5680 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe 22:35:01.0653 5680 EFS - ok 22:35:01.0716 5680 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe 22:35:01.0716 5680 ehRecvr - ok 22:35:01.0731 5680 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe 22:35:01.0731 5680 ehSched - ok 22:35:01.0763 5680 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys 22:35:01.0778 5680 elxstor - ok 22:35:01.0794 5680 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys 22:35:01.0794 5680 ErrDev - ok 22:35:01.0825 5680 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll 22:35:01.0825 5680 EventSystem - ok 22:35:01.0841 5680 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys 22:35:01.0841 5680 exfat - ok 22:35:01.0856 5680 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys 22:35:01.0872 5680 fastfat - ok 22:35:01.0887 5680 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe 22:35:01.0903 5680 Fax - ok 22:35:01.0919 5680 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys 22:35:01.0919 5680 fdc - ok 22:35:01.0934 5680 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll 22:35:01.0934 5680 fdPHost - ok 22:35:01.0934 5680 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll 22:35:01.0934 5680 FDResPub - ok 22:35:01.0965 5680 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 22:35:01.0965 5680 FileInfo - ok 22:35:01.0965 5680 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys 22:35:01.0965 5680 Filetrace - ok 22:35:01.0997 5680 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys 22:35:01.0997 5680 flpydisk - ok 22:35:02.0012 5680 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 22:35:02.0012 5680 FltMgr - ok 22:35:02.0043 5680 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll 22:35:02.0059 5680 FontCache - ok 22:35:02.0090 5680 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 22:35:02.0090 5680 FontCache3.0.0.0 - ok 22:35:02.0121 5680 [ 71CDC1D7F58D5EC49EBC2E2332AD3FAE ] FPLService C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe 22:35:02.0137 5680 FPLService - ok 22:35:02.0137 5680 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys 22:35:02.0153 5680 FsDepends - ok 22:35:02.0168 5680 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 22:35:02.0168 5680 Fs_Rec - ok 22:35:02.0199 5680 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys 22:35:02.0199 5680 fvevol - ok 22:35:02.0262 5680 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys 22:35:02.0262 5680 gagp30kx - ok 22:35:02.0371 5680 [ C403C5DB49A0F9AAF4F2128EDC0106D8 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe 22:35:02.0371 5680 GamesAppService - ok 22:35:02.0402 5680 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll 22:35:02.0418 5680 gpsvc - ok 22:35:02.0433 5680 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys 22:35:02.0433 5680 hcw85cir - ok 22:35:02.0465 5680 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 22:35:02.0465 5680 HdAudAddService - ok 22:35:02.0496 5680 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys 22:35:02.0496 5680 HDAudBus - ok 22:35:02.0511 5680 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys 22:35:02.0511 5680 HidBatt - ok 22:35:02.0527 5680 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys 22:35:02.0527 5680 HidBth - ok 22:35:02.0543 5680 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys 22:35:02.0558 5680 HidIr - ok 22:35:02.0558 5680 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll 22:35:02.0558 5680 hidserv - ok 22:35:02.0574 5680 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys 22:35:02.0574 5680 HidUsb - ok 22:35:02.0605 5680 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll 22:35:02.0605 5680 hkmsvc - ok 22:35:02.0621 5680 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll 22:35:02.0621 5680 HomeGroupListener - ok 22:35:02.0652 5680 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll 22:35:02.0652 5680 HomeGroupProvider - ok 22:35:02.0714 5680 [ 13BB1114451C63BFB41BA7DAA4D70A29 ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe 22:35:02.0714 5680 HP Support Assistant Service - ok 22:35:02.0777 5680 [ 7B8C1B09C11E8DB7C4480ABD7D17E821 ] HPAuto C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe 22:35:02.0792 5680 HPAuto - ok 22:35:02.0808 5680 [ 6A181452D4E240B8ECC7614B9A19BDE9 ] HPClientSvc C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe 22:35:02.0823 5680 HPClientSvc - ok 22:35:02.0855 5680 [ BCC4A8B2E2E902F52E7F2E7D8E125765 ] HPDrvMntSvc.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe 22:35:02.0855 5680 HPDrvMntSvc.exe - ok 22:35:02.0917 5680 [ 1DAE5C46D42B02A6D5862E1482EFB390 ] hpqcxs08 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll 22:35:02.0917 5680 hpqcxs08 - ok 22:35:02.0933 5680 [ 99E8EEF42FE2F4AF29B08C3355DD7685 ] hpqddsvc C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll 22:35:02.0948 5680 hpqddsvc - ok 22:35:02.0979 5680 [ EC9739A46F1F83C6E52A7A4697F44A65 ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe 22:35:02.0995 5680 hpqwmiex - ok 22:35:03.0026 5680 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys 22:35:03.0026 5680 HpSAMD - ok 22:35:03.0073 5680 [ F37882F128EFACEFE353E0BAE2766909 ] HPSLPSVC C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL 22:35:03.0089 5680 HPSLPSVC - ok 22:35:03.0104 5680 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys 22:35:03.0120 5680 HTTP - ok 22:35:03.0135 5680 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys 22:35:03.0135 5680 hwpolicy - ok 22:35:03.0167 5680 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys 22:35:03.0167 5680 i8042prt - ok 22:35:03.0198 5680 [ 26CF4275034214ECEDD8EC17B0A18A99 ] iaStor C:\Windows\system32\drivers\iaStor.sys 22:35:03.0198 5680 iaStor - ok 22:35:03.0213 5680 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys 22:35:03.0229 5680 iaStorV - ok 22:35:03.0260 5680 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 22:35:03.0276 5680 idsvc - ok 22:35:03.0432 5680 [ EFE5A0AF39A8E179624117C521F1E012 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys 22:35:03.0557 5680 igfx - ok 22:35:03.0572 5680 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys 22:35:03.0572 5680 iirsp - ok 22:35:03.0603 5680 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll 22:35:03.0619 5680 IKEEXT - ok 22:35:03.0635 5680 [ DD587A55390ED2295BCE6D36AD567DA9 ] Impcd C:\Windows\system32\drivers\Impcd.sys 22:35:03.0635 5680 Impcd - ok 22:35:03.0713 5680 [ C7124DA48E557D8F88D0D7F1254557F4 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys 22:35:03.0744 5680 IntcAzAudAddService - ok 22:35:03.0759 5680 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys 22:35:03.0759 5680 intelide - ok 22:35:03.0775 5680 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\drivers\intelppm.sys 22:35:03.0775 5680 intelppm - ok 22:35:03.0853 5680 [ 1663A135865F0BA6E853353E98E67F2A ] IntuitUpdateServiceV4 C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe 22:35:03.0853 5680 IntuitUpdateServiceV4 - ok 22:35:03.0884 5680 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll 22:35:03.0884 5680 IPBusEnum - ok 22:35:03.0900 5680 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 22:35:03.0915 5680 IpFilterDriver - ok 22:35:03.0931 5680 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys 22:35:03.0931 5680 IPMIDRV - ok 22:35:03.0947 5680 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys 22:35:03.0947 5680 IPNAT - ok 22:35:03.0962 5680 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys 22:35:03.0962 5680 IRENUM - ok 22:35:03.0978 5680 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys 22:35:03.0978 5680 isapnp - ok 22:35:03.0993 5680 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys 22:35:03.0993 5680 iScsiPrt - ok 22:35:04.0040 5680 [ 6C85719A21B3F62C2C76280F4BD36C7B ] jhi_service C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe 22:35:04.0040 5680 jhi_service - ok 22:35:04.0056 5680 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys 22:35:04.0056 5680 kbdclass - ok 22:35:04.0087 5680 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys 22:35:04.0087 5680 kbdhid - ok 22:35:04.0087 5680 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe 22:35:04.0087 5680 KeyIso - ok 22:35:04.0103 5680 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 22:35:04.0103 5680 KSecDD - ok 22:35:04.0118 5680 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys 22:35:04.0134 5680 KSecPkg - ok 22:35:04.0149 5680 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys 22:35:04.0149 5680 ksthunk - ok 22:35:04.0181 5680 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll 22:35:04.0181 5680 KtmRm - ok 22:35:04.0196 5680 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll 22:35:04.0212 5680 LanmanServer - ok 22:35:04.0227 5680 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 22:35:04.0227 5680 LanmanWorkstation - ok 22:35:04.0259 5680 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 22:35:04.0259 5680 lltdio - ok 22:35:04.0274 5680 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll 22:35:04.0274 5680 lltdsvc - ok 22:35:04.0290 5680 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll 22:35:04.0290 5680 lmhosts - ok 22:35:04.0337 5680 [ D75C4B4A8FE6D7FD74A7EECDBAEC729F ] LMS C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe 22:35:04.0337 5680 LMS - ok 22:35:04.0352 5680 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys 22:35:04.0352 5680 LSI_FC - ok 22:35:04.0383 5680 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys 22:35:04.0383 5680 LSI_SAS - ok 22:35:04.0399 5680 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys 22:35:04.0399 5680 LSI_SAS2 - ok 22:35:04.0415 5680 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys 22:35:04.0415 5680 LSI_SCSI - ok 22:35:04.0430 5680 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys 22:35:04.0430 5680 luafv - ok 22:35:04.0493 5680 [ F453D1E6D881E8F8717E20CCD4199E85 ] McComponentHostService C:\Program Files (x86)\McAfee Security Scan\2.0.189\McCHSvc.exe 22:35:04.0493 5680 McComponentHostService - ok 22:35:04.0508 5680 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 22:35:04.0508 5680 Mcx2Svc - ok 22:35:04.0524 5680 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys 22:35:04.0524 5680 megasas - ok 22:35:04.0539 5680 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys 22:35:04.0539 5680 MegaSR - ok 22:35:04.0555 5680 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\Windows\system32\drivers\HECIx64.sys 22:35:04.0555 5680 MEIx64 - ok 22:35:04.0633 5680 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe 22:35:04.0633 5680 Microsoft Office Groove Audit Service - ok 22:35:04.0649 5680 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll 22:35:04.0649 5680 MMCSS - ok 22:35:04.0664 5680 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys 22:35:04.0664 5680 Modem - ok 22:35:04.0664 5680 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys 22:35:04.0664 5680 monitor - ok 22:35:04.0695 5680 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys 22:35:04.0695 5680 mouclass - ok 22:35:04.0711 5680 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 22:35:04.0711 5680 mouhid - ok 22:35:04.0727 5680 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys 22:35:04.0727 5680 mountmgr - ok 22:35:04.0789 5680 [ 46297FA8E30A6007F14118FC2B942FBC ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe 22:35:04.0789 5680 MozillaMaintenance - ok 22:35:04.0805 5680 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys 22:35:04.0805 5680 mpio - ok 22:35:04.0820 5680 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 22:35:04.0820 5680 mpsdrv - ok 22:35:04.0820 5680 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 22:35:04.0820 5680 MRxDAV - ok 22:35:04.0851 5680 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 22:35:04.0851 5680 mrxsmb - ok 22:35:04.0867 5680 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 22:35:04.0883 5680 mrxsmb10 - ok 22:35:04.0883 5680 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 22:35:04.0898 5680 mrxsmb20 - ok 22:35:04.0914 5680 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys 22:35:04.0914 5680 msahci - ok 22:35:04.0929 5680 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys 22:35:04.0929 5680 msdsm - ok 22:35:04.0945 5680 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe 22:35:04.0945 5680 MSDTC - ok 22:35:04.0961 5680 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys 22:35:04.0976 5680 Msfs - ok 22:35:04.0976 5680 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys 22:35:04.0992 5680 mshidkmdf - ok 22:35:04.0992 5680 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 22:35:04.0992 5680 msisadrv - ok 22:35:05.0023 5680 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 22:35:05.0023 5680 MSiSCSI - ok 22:35:05.0023 5680 msiserver - ok 22:35:05.0039 5680 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 22:35:05.0039 5680 MSKSSRV - ok 22:35:05.0054 5680 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 22:35:05.0054 5680 MSPCLOCK - ok 22:35:05.0070 5680 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 22:35:05.0070 5680 MSPQM - ok 22:35:05.0070 5680 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 22:35:05.0085 5680 MsRPC - ok 22:35:05.0101 5680 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys 22:35:05.0101 5680 mssmbios - ok 22:35:05.0101 5680 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 22:35:05.0101 5680 MSTEE - ok 22:35:05.0117 5680 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys 22:35:05.0117 5680 MTConfig - ok 22:35:05.0117 5680 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys 22:35:05.0132 5680 Mup - ok 22:35:05.0148 5680 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll 22:35:05.0148 5680 napagent - ok 22:35:05.0179 5680 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 22:35:05.0179 5680 NativeWifiP - ok 22:35:05.0226 5680 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys 22:35:05.0241 5680 NDIS - ok 22:35:05.0257 5680 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys 22:35:05.0257 5680 NdisCap - ok 22:35:05.0273 5680 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 22:35:05.0273 5680 NdisTapi - ok 22:35:05.0288 5680 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 22:35:05.0288 5680 Ndisuio - ok 22:35:05.0304 5680 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 22:35:05.0304 5680 NdisWan - ok 22:35:05.0319 5680 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 22:35:05.0319 5680 NDProxy - ok 22:35:05.0366 5680 [ 2334DC48997BA203B794DF3EE70521DB ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll 22:35:05.0366 5680 Net Driver HPZ12 - ok 22:35:05.0382 5680 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 22:35:05.0382 5680 NetBIOS - ok 22:35:05.0397 5680 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys 22:35:05.0397 5680 NetBT - ok 22:35:05.0413 5680 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe 22:35:05.0413 5680 Netlogon - ok 22:35:05.0444 5680 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll 22:35:05.0460 5680 Netman - ok 22:35:05.0475 5680 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 22:35:05.0491 5680 NetMsmqActivator - ok 22:35:05.0491 5680 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 22:35:05.0491 5680 NetPipeActivator - ok 22:35:05.0507 5680 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll 22:35:05.0522 5680 netprofm - ok 22:35:05.0585 5680 [ 8B5D2D7CB0EF5B1967860B8AB742A46C ] netr28x C:\Windows\system32\DRIVERS\netr28x.sys 22:35:05.0600 5680 netr28x - ok 22:35:05.0600 5680 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 22:35:05.0600 5680 NetTcpActivator - ok 22:35:05.0616 5680 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 22:35:05.0616 5680 NetTcpPortSharing - ok 22:35:05.0631 5680 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys 22:35:05.0631 5680 nfrd960 - ok 22:35:05.0663 5680 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll 22:35:05.0663 5680 NlaSvc - ok 22:35:05.0741 5680 [ 5839A8027D6D324A7CD494051A96628C ] NOBU C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe 22:35:05.0772 5680 NOBU - ok 22:35:05.0787 5680 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys 22:35:05.0803 5680 Npfs - ok 22:35:05.0803 5680 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll 22:35:05.0803 5680 nsi - ok 22:35:05.0819 5680 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 22:35:05.0819 5680 nsiproxy - ok 22:35:05.0865 5680 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 22:35:05.0881 5680 Ntfs - ok 22:35:05.0881 5680 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys 22:35:05.0881 5680 Null - ok 22:35:05.0912 5680 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys 22:35:05.0912 5680 nvraid - ok 22:35:05.0928 5680 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys 22:35:05.0928 5680 nvstor - ok 22:35:05.0959 5680 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 22:35:05.0959 5680 nv_agp - ok 22:35:06.0006 5680 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE 22:35:06.0021 5680 odserv - ok 22:35:06.0037 5680 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys 22:35:06.0037 5680 ohci1394 - ok 22:35:06.0084 5680 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 22:35:06.0099 5680 ose - ok 22:35:06.0131 5680 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll 22:35:06.0131 5680 p2pimsvc - ok 22:35:06.0146 5680 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll 22:35:06.0162 5680 p2psvc - ok 22:35:06.0177 5680 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys 22:35:06.0177 5680 Parport - ok 22:35:06.0193 5680 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys 22:35:06.0193 5680 partmgr - ok 22:35:06.0224 5680 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll 22:35:06.0224 5680 PcaSvc - ok 22:35:06.0224 5680 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys 22:35:06.0240 5680 pci - ok 22:35:06.0255 5680 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys 22:35:06.0271 5680 pciide - ok 22:35:06.0287 5680 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys 22:35:06.0287 5680 pcmcia - ok 22:35:06.0302 5680 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys 22:35:06.0302 5680 pcw - ok 22:35:06.0333 5680 pdfcDispatcher - ok 22:35:06.0349 5680 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys 22:35:06.0365 5680 PEAUTH - ok 22:35:06.0411 5680 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe 22:35:06.0411 5680 PerfHost - ok 22:35:06.0458 5680 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll 22:35:06.0474 5680 pla - ok 22:35:06.0505 5680 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll 22:35:06.0521 5680 PlugPlay - ok 22:35:06.0552 5680 [ AC78DF349F0E4CFB8B667C0CFFF83CCE ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll 22:35:06.0567 5680 Pml Driver HPZ12 - ok 22:35:06.0583 5680 [ 0BEE791C7C7ACE453C134E73633C497D ] pmxdrv C:\Windows\system32\drivers\pmxdrv.sys 22:35:06.0583 5680 pmxdrv - ok 22:35:06.0583 5680 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll 22:35:06.0599 5680 PNRPAutoReg - ok 22:35:06.0614 5680 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll 22:35:06.0614 5680 PNRPsvc - ok 22:35:06.0630 5680 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 22:35:06.0645 5680 PolicyAgent - ok 22:35:06.0677 5680 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll 22:35:06.0692 5680 Power - ok 22:35:06.0708 5680 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 22:35:06.0708 5680 PptpMiniport - ok 22:35:06.0723 5680 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys 22:35:06.0723 5680 Processor - ok 22:35:06.0786 5680 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll 22:35:06.0786 5680 ProfSvc - ok 22:35:06.0801 5680 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe 22:35:06.0801 5680 ProtectedStorage - ok 22:35:06.0817 5680 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys 22:35:06.0817 5680 Psched - ok 22:35:06.0864 5680 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys 22:35:06.0879 5680 ql2300 - ok 22:35:06.0895 5680 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys 22:35:06.0895 5680 ql40xx - ok 22:35:06.0911 5680 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll 22:35:06.0926 5680 QWAVE - ok 22:35:06.0942 5680 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 22:35:06.0942 5680 QWAVEdrv - ok 22:35:06.0957 5680 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 22:35:06.0957 5680 RasAcd - ok 22:35:06.0973 5680 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys 22:35:06.0973 5680 RasAgileVpn - ok 22:35:06.0989 5680 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll 22:35:06.0989 5680 RasAuto - ok 22:35:07.0004 5680 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 22:35:07.0004 5680 Rasl2tp - ok 22:35:07.0035 5680 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll 22:35:07.0035 5680 RasMan - ok 22:35:07.0051 5680 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 22:35:07.0051 5680 RasPppoe - ok 22:35:07.0067 5680 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 22:35:07.0067 5680 RasSstp - ok 22:35:07.0082 5680 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 22:35:07.0082 5680 rdbss - ok 22:35:07.0098 5680 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys 22:35:07.0098 5680 rdpbus - ok 22:35:07.0113 5680 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 22:35:07.0113 5680 RDPCDD - ok 22:35:07.0113 5680 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 22:35:07.0113 5680 RDPENCDD - ok 22:35:07.0129 5680 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys 22:35:07.0129 5680 RDPREFMP - ok 22:35:07.0160 5680 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 22:35:07.0176 5680 RDPWD - ok 22:35:07.0191 5680 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys 22:35:07.0191 5680 rdyboost - ok 22:35:07.0207 5680 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll 22:35:07.0207 5680 RemoteAccess - ok 22:35:07.0223 5680 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll 22:35:07.0223 5680 RemoteRegistry - ok 22:35:07.0254 5680 [ 085D18C71AB2611A3D61528132B6501E ] RoxioNow Service C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe 22:35:07.0269 5680 RoxioNow Service - ok 22:35:07.0285 5680 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll 22:35:07.0285 5680 RpcEptMapper - ok 22:35:07.0301 5680 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe 22:35:07.0316 5680 RpcLocator - ok 22:35:07.0332 5680 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll 22:35:07.0347 5680 RpcSs - ok 22:35:07.0379 5680 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 22:35:07.0379 5680 rspndr - ok 22:35:07.0410 5680 [ F4C374B1C46DE294B573BB43723AC3F6 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys 22:35:07.0425 5680 RTL8167 - ok 22:35:07.0441 5680 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe 22:35:07.0441 5680 SamSs - ok 22:35:07.0441 5680 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 22:35:07.0441 5680 sbp2port - ok 22:35:07.0457 5680 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll 22:35:07.0457 5680 SCardSvr - ok 22:35:07.0472 5680 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys 22:35:07.0472 5680 scfilter - ok 22:35:07.0503 5680 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll 22:35:07.0519 5680 Schedule - ok 22:35:07.0535 5680 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll 22:35:07.0535 5680 SCPolicySvc - ok 22:35:07.0550 5680 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll 22:35:07.0550 5680 SDRSVC - ok 22:35:07.0597 5680 [ CC781378E7EDA615D2CDCA3B17829FA4 ] SeaPort C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE 22:35:07.0597 5680 SeaPort - ok 22:35:07.0613 5680 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys 22:35:07.0628 5680 secdrv - ok 22:35:07.0628 5680 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll 22:35:07.0628 5680 seclogon - ok 22:35:07.0659 5680 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll 22:35:07.0659 5680 SENS - ok 22:35:07.0675 5680 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll 22:35:07.0675 5680 SensrSvc - ok 22:35:07.0706 5680 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys 22:35:07.0706 5680 Serenum - ok 22:35:07.0722 5680 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys 22:35:07.0722 5680 Serial - ok 22:35:07.0753 5680 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys 22:35:07.0753 5680 sermouse - ok 22:35:07.0769 5680 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll 22:35:07.0784 5680 SessionEnv - ok 22:35:07.0784 5680 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 22:35:07.0784 5680 sffdisk - ok 22:35:07.0800 5680 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 22:35:07.0800 5680 sffp_mmc - ok 22:35:07.0815 5680 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 22:35:07.0815 5680 sffp_sd - ok 22:35:07.0831 5680 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys 22:35:07.0831 5680 sfloppy - ok 22:35:07.0862 5680 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll 22:35:07.0862 5680 ShellHWDetection - ok 22:35:07.0893 5680 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys 22:35:07.0893 5680 SiSRaid2 - ok 22:35:07.0909 5680 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys 22:35:07.0909 5680 SiSRaid4 - ok 22:35:07.0925 5680 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys 22:35:07.0925 5680 Smb - ok 22:35:07.0956 5680 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe 22:35:07.0956 5680 SNMPTRAP - ok 22:35:07.0971 5680 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys 22:35:07.0971 5680 spldr - ok 22:35:08.0003 5680 [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler C:\Windows\System32\spoolsv.exe 22:35:08.0003 5680 Spooler - ok 22:35:08.0081 5680 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe 22:35:08.0127 5680 sppsvc - ok 22:35:08.0127 5680 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll 22:35:08.0127 5680 sppuinotify - ok 22:35:08.0159 5680 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys 22:35:08.0159 5680 srv - ok 22:35:08.0174 5680 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 22:35:08.0174 5680 srv2 - ok 22:35:08.0174 5680 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 22:35:08.0190 5680 srvnet - ok 22:35:08.0205 5680 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 22:35:08.0221 5680 SSDPSRV - ok 22:35:08.0221 5680 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll 22:35:08.0221 5680 SstpSvc - ok 22:35:08.0237 5680 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys 22:35:08.0237 5680 stexstor - ok 22:35:08.0268 5680 [ DECACB6921DED1A38642642685D77DAC ] StillCam C:\Windows\system32\DRIVERS\serscan.sys 22:35:08.0268 5680 StillCam - ok 22:35:08.0299 5680 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll 22:35:08.0315 5680 stisvc - ok 22:35:08.0330 5680 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys 22:35:08.0346 5680 swenum - ok 22:35:08.0346 5680 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll 22:35:08.0361 5680 swprv - ok 22:35:08.0393 5680 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll 22:35:08.0424 5680 SysMain - ok 22:35:08.0439 5680 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll 22:35:08.0439 5680 TabletInputService - ok 22:35:08.0455 5680 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll 22:35:08.0455 5680 TapiSrv - ok 22:35:08.0471 5680 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll 22:35:08.0471 5680 TBS - ok 22:35:08.0517 5680 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys 22:35:08.0549 5680 Tcpip - ok 22:35:08.0580 5680 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys 22:35:08.0595 5680 TCPIP6 - ok 22:35:08.0627 5680 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 22:35:08.0627 5680 tcpipreg - ok 22:35:08.0627 5680 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 22:35:08.0627 5680 TDPIPE - ok 22:35:08.0658 5680 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 22:35:08.0658 5680 TDTCP - ok 22:35:08.0673 5680 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 22:35:08.0673 5680 tdx - ok 22:35:08.0705 5680 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys 22:35:08.0705 5680 TermDD - ok 22:35:08.0736 5680 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll 22:35:08.0751 5680 TermService - ok 22:35:08.0767 5680 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll 22:35:08.0767 5680 Themes - ok 22:35:08.0767 5680 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll 22:35:08.0767 5680 THREADORDER - ok 22:35:08.0783 5680 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll 22:35:08.0783 5680 TrkWks - ok 22:35:08.0829 5680 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 22:35:08.0829 5680 TrustedInstaller - ok 22:35:08.0829 5680 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 22:35:08.0829 5680 tssecsrv - ok 22:35:08.0861 5680 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys 22:35:08.0861 5680 TsUsbFlt - ok 22:35:08.0876 5680 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys 22:35:08.0876 5680 TsUsbGD - ok 22:35:08.0907 5680 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 22:35:08.0907 5680 tunnel - ok 22:35:08.0923 5680 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys 22:35:08.0923 5680 uagp35 - ok 22:35:08.0939 5680 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys 22:35:08.0954 5680 udfs - ok 22:35:08.0954 5680 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe 22:35:08.0970 5680 UI0Detect - ok 22:35:08.0985 5680 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 22:35:08.0985 5680 uliagpkx - ok 22:35:09.0017 5680 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys 22:35:09.0017 5680 umbus - ok 22:35:09.0032 5680 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys 22:35:09.0032 5680 UmPass - ok 22:35:09.0095 5680 [ 758C2CE427C343F780A205E28555C98D ] UNS C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe 22:35:09.0126 5680 UNS - ok 22:35:09.0141 5680 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll 22:35:09.0157 5680 upnphost - ok 22:35:09.0173 5680 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 22:35:09.0173 5680 usbccgp - ok 22:35:09.0188 5680 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys 22:35:09.0188 5680 usbcir - ok 22:35:09.0219 5680 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys 22:35:09.0219 5680 usbehci - ok 22:35:09.0251 5680 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\drivers\usbhub.sys 22:35:09.0251 5680 usbhub - ok 22:35:09.0266 5680 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys 22:35:09.0266 5680 usbohci - ok 22:35:09.0282 5680 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\drivers\usbprint.sys 22:35:09.0282 5680 usbprint - ok 22:35:09.0297 5680 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 22:35:09.0297 5680 USBSTOR - ok 22:35:09.0313 5680 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys 22:35:09.0313 5680 usbuhci - ok 22:35:09.0329 5680 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll 22:35:09.0329 5680 UxSms - ok 22:35:09.0329 5680 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe 22:35:09.0329 5680 VaultSvc - ok 22:35:09.0360 5680 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys 22:35:09.0360 5680 vdrvroot - ok 22:35:09.0375 5680 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe 22:35:09.0391 5680 vds - ok 22:35:09.0407 5680 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 22:35:09.0407 5680 vga - ok 22:35:09.0422 5680 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys 22:35:09.0422 5680 VgaSave - ok 22:35:09.0438 5680 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys 22:35:09.0438 5680 vhdmp - ok 22:35:09.0469 5680 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys 22:35:09.0469 5680 viaide - ok 22:35:09.0485 5680 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys 22:35:09.0500 5680 volmgr - ok 22:35:09.0516 5680 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 22:35:09.0516 5680 volmgrx - ok 22:35:09.0531 5680 [ DF8126BD41180351A093A3AD2FC8903B ] volsnap C:\Windows\system32\drivers\volsnap.sys 22:35:09.0531 5680 volsnap - ok 22:35:09.0547 5680 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys 22:35:09.0547 5680 vsmraid - ok 22:35:09.0594 5680 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe 22:35:09.0609 5680 VSS - ok 22:35:09.0609 5680 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys 22:35:09.0609 5680 vwifibus - ok 22:35:09.0641 5680 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys 22:35:09.0641 5680 vwififlt - ok 22:35:09.0656 5680 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys 22:35:09.0672 5680 vwifimp - ok 22:35:09.0687 5680 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll 22:35:09.0703 5680 W32Time - ok 22:35:09.0719 5680 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys 22:35:09.0719 5680 WacomPen - ok 22:35:09.0750 5680 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys 22:35:09.0750 5680 WANARP - ok 22:35:09.0750 5680 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 22:35:09.0750 5680 Wanarpv6 - ok 22:35:09.0812 5680 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe 22:35:09.0828 5680 WatAdminSvc - ok 22:35:09.0859 5680 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe 22:35:09.0875 5680 wbengine - ok 22:35:09.0890 5680 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll 22:35:09.0890 5680 WbioSrvc - ok 22:35:09.0921 5680 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll 22:35:09.0921 5680 wcncsvc - ok 22:35:09.0937 5680 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 22:35:09.0937 5680 WcsPlugInService - ok 22:35:09.0953 5680 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys 22:35:09.0953 5680 Wd - ok 22:35:09.0984 5680 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 22:35:09.0999 5680 Wdf01000 - ok 22:35:09.0999 5680 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll 22:35:10.0015 5680 WdiServiceHost - ok 22:35:10.0015 5680 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll 22:35:10.0015 5680 WdiSystemHost - ok 22:35:10.0046 5680 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll 22:35:10.0046 5680 WebClient - ok 22:35:10.0062 5680 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll 22:35:10.0062 5680 Wecsvc - ok 22:35:10.0077 5680 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll 22:35:10.0077 5680 wercplsupport - ok 22:35:10.0109 5680 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll 22:35:10.0124 5680 WerSvc - ok 22:35:10.0140 5680 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys 22:35:10.0140 5680 WfpLwf - ok 22:35:10.0155 5680 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys 22:35:10.0155 5680 WIMMount - ok 22:35:10.0155 5680 WinHttpAutoProxySvc - ok 22:35:10.0202 5680 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 22:35:10.0202 5680 Winmgmt - ok 22:35:10.0233 5680 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll 22:35:10.0265 5680 WinRM - ok 22:35:10.0296 5680 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys 22:35:10.0296 5680 WinUsb - ok 22:35:10.0327 5680 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll 22:35:10.0327 5680 Wlansvc - ok 22:35:10.0374 5680 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe 22:35:10.0374 5680 wlcrasvc - ok 22:35:10.0467 5680 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 22:35:10.0483 5680 wlidsvc - ok 22:35:10.0514 5680 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys 22:35:10.0514 5680 WmiAcpi - ok 22:35:10.0530 5680 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 22:35:10.0545 5680 wmiApSrv - ok 22:35:10.0561 5680 WMPNetworkSvc - ok 22:35:10.0592 5680 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll 22:35:10.0592 5680 WPCSvc - ok 22:35:10.0608 5680 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 22:35:10.0608 5680 WPDBusEnum - ok 22:35:10.0623 5680 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 22:35:10.0623 5680 ws2ifsl - ok 22:35:10.0655 5680 [ 8D918B1DB190A4D9B1753A66FA8C96E8 ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys 22:35:10.0655 5680 WSDPrintDevice - ok 22:35:10.0655 5680 WSearch - ok 22:35:10.0670 5680 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 22:35:10.0686 5680 WudfPf - ok 22:35:10.0686 5680 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 22:35:10.0686 5680 WUDFRd - ok 22:35:10.0701 5680 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll 22:35:10.0701 5680 wudfsvc - ok 22:35:10.0717 5680 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll 22:35:10.0717 5680 WwanSvc - ok 22:35:10.0748 5680 ================ Scan global =============================== 22:35:10.0779 5680 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll 22:35:10.0795 5680 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll 22:35:10.0811 5680 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll 22:35:10.0826 5680 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll 22:35:10.0842 5680 [ 014A9CB92514E27C0107614DF764BC06 ] C:\Windows\system32\services.exe 22:35:10.0857 5680 C:\Windows\system32\services.exe ( Virus.Win64.ZAccess.b ) - infected 22:35:10.0857 5680 C:\Windows\system32\services.exe - detected Virus.Win64.ZAccess.b (0) 22:35:10.0857 5680 ================ Scan MBR ================================== 22:35:10.0857 5680 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0 22:35:11.0076 5680 \Device\Harddisk0\DR0 - ok 22:35:11.0076 5680 ================ Scan VBR ================================== 22:35:11.0076 5680 [ BC4F973134568E1B38163C4234CE878A ] \Device\Harddisk0\DR0\Partition1 22:35:11.0076 5680 \Device\Harddisk0\DR0\Partition1 - ok 22:35:11.0076 5680 [ 9897C84EE14043CC30D85B99783E4D6A ] \Device\Harddisk0\DR0\Partition2 22:35:11.0091 5680 \Device\Harddisk0\DR0\Partition2 - ok 22:35:11.0123 5680 [ 4A663844C3DBD28FF953816B8AC8A0B6 ] \Device\Harddisk0\DR0\Partition3 22:35:11.0123 5680 \Device\Harddisk0\DR0\Partition3 - ok 22:35:11.0123 5680 ============================================================ 22:35:11.0123 5680 Scan finished 22:35:11.0123 5680 ============================================================ 22:35:11.0123 3632 Detected object count: 1 22:35:11.0123 3632 Actual detected object count: 1 22:35:24.0669 3632 C:\Windows\system32\services.exe ( Virus.Win64.ZAccess.b ) - skipped by user 22:35:24.0669 3632 C:\Windows\system32\services.exe ( Virus.Win64.ZAccess.b ) - User select action: Skip

Edited by Jaclyn, 03 September 2012 - 11:39 PM.


#4 jeffce

jeffce

    Super Saiyan

  • Malware Team
  • 8,657 posts
  • MVP

Posted 04 September 2012 - 05:37 AM

Hi,

For the time being I think that you should be ok with your storage. As long as you are only saving personal files, music, pictures and the like but no actual programs you should be fine.

Download Combofix from the link below, and save it to your desktop.
Link

**Note: It is important that it is saved directly to your desktop**
If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.


--------------------------------------------------------------------

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

--------------------------------------------------------------------

Right-Click and Run as Administrator on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt for further review.
----------

Please download Listparts64
Run the tool, click Scan and post the log (Result.txt) it makes.
------------

Please post the logs made by ComboFix and ListParts.

#5 Jaclyn

Jaclyn

    Authentic Member

  • Authentic Member
  • PipPip
  • 66 posts

Posted 04 September 2012 - 08:03 PM

Regarding the network storage, downloaded programs are also backed up there.

On the computer...
  • Temporarily disabled AVG. Ran Combofix but it shut off and produced no log.
  • Ran Combofix again,got hung up in first window, still no log.
  • Restarted in Safe Mode with Networking and tried to run Combofix and got an error message, "Error launching installer".
  • Restarted Windows normally, while it was "preparing desktop" got a dialog box titled "Location is not available" with the message "C:\\Windows\system32\config\systemprofile\Desktop is not accessible. Access is denied." Also a pop-up bubble in the lower-right which says "Failed to connect to a windows service. Windows could not connect to the System Event Notification Service service. This problem prevents standard users from logging on to the system. As an administrative user, you can review the System Event Log for details about why the service didn't respond" All that shows on the desktop is the recycle bin. Forgot to disable AVG, browsed to Desktop, ran Combofix, got hung up, computer shut down and restarted itself.
  • Opened with a "Warning!!" message that Combofix detected AVG running. Tried to open AVG interface to disable, got an error message "Illegal operation attempted on a registry key that has been marked for deletion.", Ctrl+Alt+Del restart
  • Temporarily disabled AVG. Ran Combofix, got to command window, got to deleting folders and restarted itself. Opened to Combofix preparing a log report.

ComboFix 12-09-04.02 - Jack 09/04/2012 21:45:40.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6051.4732 [GMT -4:00]
Running from: c:\users\Jack\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\CouponAlert_2p
c:\users\Zeke\AppData\Roaming\Roaming
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\Installer\{3fc22eb8-6828-94c8-a4f9-b7155f238540}\@
c:\windows\Installer\{3fc22eb8-6828-94c8-a4f9-b7155f238540}\L\00000004.@
c:\windows\Installer\{3fc22eb8-6828-94c8-a4f9-b7155f238540}\L\201d3dde
c:\windows\Installer\{3fc22eb8-6828-94c8-a4f9-b7155f238540}\U\00000004.@
c:\windows\Installer\{3fc22eb8-6828-94c8-a4f9-b7155f238540}\U\00000008.@
c:\windows\Installer\{3fc22eb8-6828-94c8-a4f9-b7155f238540}\U\000000cb.@
c:\windows\Installer\{3fc22eb8-6828-94c8-a4f9-b7155f238540}\U\80000000.@
c:\windows\Installer\{3fc22eb8-6828-94c8-a4f9-b7155f238540}\U\80000032.@
c:\windows\Installer\{3fc22eb8-6828-94c8-a4f9-b7155f238540}\U\80000064.@
.
Infected copy of c:\windows\system32\services.exe was found and disinfected
Restored copy from - c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-08-05 to 2012-09-05 )))))))))))))))))))))))))))))))
.
.
2012-09-04 20:35 . 2012-09-04 20:35 -------- d-----w- c:\users\Jack\AppData\Roaming\Hewlett-Packard
2012-09-04 20:34 . 2012-09-04 20:34 -------- d-----w- c:\users\Jack\AppData\Roaming\HpUpdate
2012-09-04 20:34 . 2012-09-04 20:34 -------- d-----w- c:\users\Jack\AppData\Local\Hewlett-Packard
2012-09-03 18:40 . 2012-09-03 18:40 -------- d-----w- c:\users\Jack\AppData\Roaming\Malwarebytes
2012-09-03 18:40 . 2010-03-30 04:46 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2012-09-03 18:40 . 2012-09-03 18:41 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-09-03 18:40 . 2012-09-03 18:40 -------- d-----w- c:\programdata\Malwarebytes
2012-09-03 18:40 . 2012-07-03 17:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-03 18:38 . 2012-09-03 18:38 -------- d-----w- c:\users\Jack\AppData\Local\HP
2012-09-03 14:07 . 2012-09-03 14:07 -------- d-----w- c:\users\Mike&Matt\AppData\Local\Diagnostics
2012-09-03 01:21 . 2012-09-03 01:35 -------- d-----w- c:\users\Mike&Matt\AppData\Local\Microsoft Games
2012-09-03 01:20 . 2012-09-03 01:20 -------- d-----w- c:\users\Mike&Matt\AppData\Roaming\WildTangent
2012-09-02 00:09 . 2012-09-02 00:09 -------- d-----w- c:\users\Jack\AppData\Local\AuthenTec
2012-08-31 23:17 . 2012-08-31 23:17 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-08-31 23:17 . 2012-08-31 23:16 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-08-31 23:17 . 2012-08-31 23:16 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-08-15 20:09 . 2012-08-15 20:09 -------- d-----w- c:\program files (x86)\Coupons
2012-08-14 18:09 . 2012-08-14 18:23 -------- d-----w- c:\users\Zeke\AppData\Local\Roblox
2012-08-13 20:38 . 2012-08-13 20:38 -------- d--h--w- c:\users\Mike&Matt\AppData\Roaming\Hewlett-Packard
2012-08-13 20:38 . 2012-08-13 20:38 -------- d--h--w- c:\users\Mike&Matt\AppData\Local\Hewlett-Packard
2012-08-08 18:01 . 2012-08-08 18:01 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-08-06 13:04 . 2011-09-09 20:22 778088 ------w- c:\windows\system32\HPDiscoPM5912.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-03 20:40 . 2012-04-11 20:13 696520 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-09-03 20:40 . 2011-10-05 21:25 73416 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-31 23:16 . 2011-12-19 09:31 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-07-18 02:34 . 2012-07-18 02:35 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-07-11 07:01 . 2012-01-02 19:20 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-06-12 03:08 . 2012-07-11 07:03 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-06-09 05:43 . 2012-07-10 23:47 14172672 ----a-w- c:\windows\system32\shell32.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]
"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2011-05-05 658424]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"SearchSettings"="c:\program files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe" [2012-07-26 1095560]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.189\SSScheduler.exe [2010-9-2 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-03 250568]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-02 183560]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-02-27 158976]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.189\McCHSvc.exe [2010-09-02 227232]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-20 113120]
R3 pmxdrv;pmxdrv;c:\windows\system32\drivers\pmxdrv.sys [2011-10-05 31152]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-12-10 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-02-22 289872]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-03-19 383808]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 Application Updater;Application Updater;c:\program files (x86)\Application Updater\ApplicationUpdater.exe [2012-07-26 794560]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2012-07-04 5160568]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-06-09 264008]
S2 HPAuto;HP Auto;c:\program files\Hewlett-Packard\HP Auto\HPAuto.exe [2011-02-17 682040]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2012-02-06 13672]
S2 jhi_service;Intel® Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [2011-02-24 212944]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2011-05-05 1128952]
S2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-02-01 2656280]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys [2010-10-19 56344]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2011-04-22 1360960]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-04-22 471144]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-11 20:40]
.
2012-09-05 c:\windows\Tasks\HPCeeScheduleForJack.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
2012-08-13 c:\windows\Tasks\HPCeeScheduleForMike&Matt.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
2012-08-30 c:\windows\Tasks\HPCeeScheduleForZEKE-HP$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
2012-09-03 c:\windows\Tasks\HPCeeScheduleForZeke.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-25 168216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-25 391960]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-25 418584]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Jack\AppData\Roaming\Mozilla\Firefox\Profiles\vgt1h20z.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2012-09-04 21:58:39 - machine was rebooted
ComboFix-quarantined-files.txt 2012-09-05 01:58
.
Pre-Run: 929,032,691,712 bytes free
Post-Run: 929,327,706,112 bytes free
.
- - End Of File - - 6759E1EC0580B0DE4F91E04FC8062565

ListParts by Farbar Version: 10-08-2012
Ran by Jack (administrator) on 04-09-2012 at 22:01:19
Windows 7 (X64)
Running From: C:\Users\Jack\Desktop
Language: 0409
************************************************************

========================= Memory info ======================

Percentage of memory in use: 26%
Total physical RAM: 6050.52 MB
Available physical RAM: 4420.55 MB
Total Pagefile: 12099.22 MB
Available Pagefile: 10505.57 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:919.58 GB) (Free:865.59 GB) NTFS
2 Drive d: (HP_RECOVERY) (Fixed) (Total:11.83 GB) (Free:1.45 GB) NTFS ==>[System with boot components (obtained from reading drive)]
3 Drive e: (HP OJ8600) (CDROM) (Total:0.33 GB) (Free:0 GB) CDFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 931 GB 0 B
Disk 1 No Media 0 B 0 B
Disk 2 No Media 0 B 0 B
Disk 3 No Media 0 B 0 B
Disk 4 No Media 0 B 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 919 GB 101 MB
Partition 3 Primary 11 GB 919 GB

================================================================================
======================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 SYSTEM NTFS Partition 100 MB Healthy System (partition with boot components)

================================================================================
======================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C OS NTFS Partition 919 GB Healthy Boot

================================================================================
======================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 D HP_RECOVERY NTFS Partition 11 GB Healthy

================================================================================
======================

****** End Of Log ******

#6 jeffce

jeffce

    Super Saiyan

  • Malware Team
  • 8,657 posts
  • MVP

Posted 04 September 2012 - 08:10 PM

Hi,

Great job getting all of that ran.
----------


FRST

Download Farbar Recovery Scan Tool64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt

[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
[/list]----------

#7 Jaclyn

Jaclyn

    Authentic Member

  • Authentic Member
  • PipPip
  • 66 posts

Posted 04 September 2012 - 08:27 PM

Scan result of Farbar Recovery Scan Tool (x64) Version: 04-09-2012 Ran by SYSTEM at 04-09-2012 22:25:57 Running from K:\ Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US) The current controlset is ControlSet001 ==================== Registry (Whitelisted) =================== HKLM\...\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard) HKLM-x32\...\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation) HKLM-x32\...\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe [658424 2011-05-05] (PDF Complete Inc) HKLM-x32\...\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation) HKLM-x32\...\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" [2587008 2012-04-05] (AVG Technologies CZ, s.r.o.) HKLM-x32\...\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard) HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-09] (Hewlett-Packard) HKLM-x32\...\Run: [SearchSettings] "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe" [1095560 2012-07-26] (Spigot, Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.) HKU\Jack\...\Policies\system: [LogonHoursAction] 2 HKU\Jack\...\Policies\system: [DontDisplayLogonHoursWarnings] 1 HKU\Mike&Matt\...\Policies\system: [LogonHoursAction] 2 HKU\Mike&Matt\...\Policies\system: [DontDisplayLogonHoursWarnings] 1 HKU\Zeke\...\Run: [HP Officejet Pro 8600 (NET)] "C:\Program Files\hp\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe" -deviceID "CN25NBR1SK05KD:NW" -scfn "HP Officejet Pro 8600 (NET)" -AutoStart 1 [2676584 2011-09-09] (Hewlett-Packard Co.) HKU\Zeke\...\Policies\system: [LogonHoursAction] 2 HKU\Zeke\...\Policies\system: [DontDisplayLogonHoursWarnings] 1 HKU\Zeke\...\Winlogon: [Shell] Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Startup: C:\Users\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) Startup: C:\Users\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\2.0.189\SSScheduler.exe (McAfee, Inc.) Startup: C:\Users\Zeke\Start Menu\Programs\Startup\Monitor Ink Alerts - .lnk ShortcutTarget: Monitor Ink Alerts - .lnk -> C:\Windows\System32\RunDll32.exe (Microsoft Corporation) ==================== Services (Whitelisted) ====== 2 AVGIDSAgent; "C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe" [5160568 2012-07-04] (AVG Technologies CZ, s.r.o.) 2 avgwd; "C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe" [193288 2012-02-14] (AVG Technologies CZ, s.r.o.) 2 HPAuto; "C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe" [682040 2011-02-16] (Hewlett-Packard) 3 McComponentHostService; "C:\Program Files (x86)\McAfee Security Scan\2.0.189\McCHSvc.exe" [227232 2010-09-02] (McAfee, Inc.) 2 NOBU; "C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe" SERVICE [2804568 2010-06-01] (Symantec Corporation) ==================== Drivers (Whitelisted) =================== 3 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [124496 2011-12-23] (AVG Technologies CZ, s.r.o. ) 3 AVGIDSFilter; C:\Windows\System32\DRIVERS\avgidsfiltera.sys [29776 2011-12-23] (AVG Technologies CZ, s.r.o. ) 0 AVGIDSHA; C:\Windows\System32\Drivers\AVGIDSHA.sys [28480 2012-04-19] (AVG Technologies CZ, s.r.o. ) 1 Avgldx64; C:\Windows\System32\Drivers\Avgldx64.sys [289872 2012-02-22] (AVG Technologies CZ, s.r.o.) 1 Avgmfx64; C:\Windows\System32\Drivers\Avgmfx64.sys [47696 2011-12-23] (AVG Technologies CZ, s.r.o.) 0 Avgrkx64; C:\Windows\System32\Drivers\Avgrkx64.sys [36944 2012-01-31] (AVG Technologies CZ, s.r.o.) 1 Avgtdia; C:\Windows\System32\Drivers\Avgtdia.sys [383808 2012-03-19] (AVG Technologies CZ, s.r.o.) 3 pmxdrv; C:\Windows\System32\Drivers\pmxdrv.sys [31152 2011-10-05] () 3 catchme; \??\C:\ComboFix\catchme.sys [x] ==================== NetSvcs (Whitelisted) ================= ==================== One Month Created Files and Folders ====================== 2012-09-04 22:25 - 2012-09-04 22:25 - 00000000 ____D C:\FRST 2012-09-04 18:01 - 2012-09-04 18:01 - 00002922 ____A C:\Users\Jack\Desktop\Result.txt 2012-09-04 17:58 - 2012-09-04 17:58 - 00017755 ____A C:\ComboFix.txt 2012-09-04 17:42 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe 2012-09-04 17:42 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe 2012-09-04 17:42 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe 2012-09-04 17:42 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe 2012-09-04 17:42 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe 2012-09-04 17:42 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe 2012-09-04 17:42 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe 2012-09-04 17:42 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe 2012-09-04 17:16 - 2012-09-04 17:58 - 00000000 ____D C:\Qoobox 2012-09-04 17:15 - 2012-09-04 17:57 - 00000000 ____D C:\Windows\erdnt 2012-09-04 17:13 - 2012-09-04 17:12 - 04744582 ____R (Swearware) C:\Users\Jack\Desktop\ComboFix.exe 2012-09-04 17:13 - 2012-09-04 17:12 - 00814913 ____A (Farbar) C:\Users\Jack\Desktop\ListParts64.exe 2012-09-04 12:36 - 2012-09-04 17:17 - 00000328 ____A C:\Windows\Tasks\HPCeeScheduleForJack.job 2012-09-04 12:35 - 2012-09-04 12:35 - 00000000 ____D C:\Users\Jack\AppData\Roaming\Hewlett-Packard 2012-09-04 12:34 - 2012-09-04 12:34 - 00000000 ____D C:\Users\Jack\AppData\Roaming\HpUpdate 2012-09-04 12:34 - 2012-09-04 12:34 - 00000000 ____D C:\Users\Jack\AppData\Local\Hewlett-Packard 2012-09-03 14:15 - 2012-09-03 14:15 - 00076220 ____A C:\Users\Jack\Downloads\Extras.Txt 2012-09-03 14:14 - 2012-09-03 14:14 - 00082672 ____A C:\Users\Jack\Downloads\OTL.Txt 2012-09-03 12:50 - 2012-09-03 12:50 - 00599040 ____A (OldTimer Tools) C:\Users\Jack\Downloads\OTL.exe 2012-09-03 12:40 - 2012-09-03 12:46 - 00000000 ____D C:\Users\All Users\Adobe 2012-09-03 10:41 - 2012-09-03 10:41 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Jack\Downloads\mbam-setup-1.62.0.1300.exe 2012-09-03 10:40 - 2012-09-03 10:41 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-09-03 10:40 - 2012-09-03 10:40 - 00000000 ____D C:\Users\Jack\AppData\Roaming\Malwarebytes 2012-09-03 10:40 - 2012-09-03 10:40 - 00000000 ____D C:\Users\All Users\Malwarebytes 2012-09-03 10:40 - 2012-07-03 09:46 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys 2012-09-03 10:40 - 2010-03-29 20:46 - 00038224 ____A (Malwarebytes Corporation) C:\Windows\SysWOW64\Drivers\mbamswissarmy.sys 2012-09-03 10:38 - 2012-09-03 10:38 - 00000000 ____D C:\Users\Jack\AppData\Local\HP 2012-09-03 08:27 - 2012-09-03 08:27 - 00000000 ___AH C:\Users\Zeke\Documents\Default.rdp 2012-09-02 17:21 - 2012-09-02 17:35 - 00000000 ____D C:\Users\Mike&Matt\AppData\Local\Microsoft Games 2012-09-02 17:20 - 2012-09-02 17:20 - 00000000 ____D C:\Users\Mike&Matt\AppData\Roaming\WildTangent 2012-09-01 16:09 - 2012-09-01 16:09 - 00000000 ____D C:\Users\Jack\AppData\Local\AuthenTec 2012-08-31 15:17 - 2012-08-31 15:16 - 00821736 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll 2012-08-31 15:17 - 2012-08-31 15:16 - 00246760 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2012-08-31 15:17 - 2012-08-31 15:16 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2012-08-31 15:17 - 2012-08-31 15:16 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2012-08-31 15:17 - 2012-08-31 15:16 - 00095208 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2012-08-31 15:15 - 2012-08-31 15:15 - 00894952 ____A (Oracle Corporation) C:\Users\Jack\Downloads\jxpiinstall.exe 2012-08-29 10:58 - 2012-08-29 10:58 - 04755448 ____A C:\Users\Zeke\Downloads\HPPSdr.exe 2012-08-28 19:50 - 2012-08-28 19:50 - 00999840 ____A (Solid State Networks) C:\Users\Zeke\Downloads\install_flashplayer11x32_mssa_au_aih.exe 2012-08-26 19:10 - 2012-08-26 19:10 - 00000000 ___AT C:\Windows\System32\CN25NBR1SK05KD 2012-08-24 09:28 - 2012-09-03 18:34 - 02211928 ____A (Kaspersky Lab ZAO) C:\Users\Jack\Desktop\TDSSKiller.exe 2012-08-21 14:43 - 2012-08-21 14:44 - 06717808 ____A (Support.com ) C:\Users\Zeke\Downloads\ARO2012_tbt(1).exe 2012-08-21 14:43 - 2012-08-21 14:43 - 06717808 ____A (Support.com ) C:\Users\Zeke\Downloads\ARO2012_tbt.exe 2012-08-15 12:09 - 2012-08-15 12:09 - 00000000 ____D C:\Program Files (x86)\Coupons 2012-08-14 10:09 - 2012-08-20 08:04 - 00001350 ____A C:\Users\Zeke\Desktop\ROBLOX Player.lnk 2012-08-14 10:09 - 2012-08-14 10:23 - 00000000 ____D C:\Users\Zeke\AppData\Local\Roblox 2012-08-14 10:08 - 2012-08-14 10:08 - 00504248 ____A (Roblox Corporation) C:\Users\Zeke\Downloads\RobloxPlayerLauncher.exe 2012-08-13 12:38 - 2012-08-13 12:57 - 00000348 ____A C:\Windows\Tasks\HPCeeScheduleForMike&Matt.job 2012-08-13 12:38 - 2012-08-13 12:38 - 00000000 ___HD C:\Users\Mike&Matt\AppData\Roaming\Hewlett-Packard 2012-08-13 12:38 - 2012-08-13 12:38 - 00000000 ___HD C:\Users\Mike&Matt\AppData\Local\Hewlett-Packard 2012-08-08 10:01 - 2012-08-08 10:01 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA% 2012-08-06 05:04 - 2012-08-06 05:04 - 00002166 ____A C:\Users\Public\Desktop\HP Officejet Pro 8600.lnk 2012-08-06 05:04 - 2012-08-06 05:04 - 00001860 ____A C:\Users\Public\Desktop\HP ePrintCenter - HP Officejet Pro 8600.lnk 2012-08-06 05:04 - 2012-08-06 05:04 - 00001154 ____A C:\Users\Public\Desktop\Shop for Supplies - HP Officejet Pro 8600.lnk 2012-08-06 05:04 - 2011-09-09 12:22 - 00778088 ____N (Hewlett-Packard Co.) C:\Windows\System32\HPDiscoPM5912.dll 2012-08-06 05:03 - 2012-08-06 05:03 - 00000057 ____A C:\Users\All Users\Ament.ini ==================== 3 Months Modified Files ================================ 2012-09-04 18:21 - 2011-12-05 10:51 - 02039457 ____A C:\Windows\WindowsUpdate.log 2012-09-04 18:20 - 2009-07-13 20:51 - 00046086 ____A C:\Windows\setupact.log 2012-09-04 18:01 - 2012-09-04 18:01 - 00002922 ____A C:\Users\Jack\Desktop\Result.txt 2012-09-04 18:01 - 2009-07-13 20:45 - 00024608 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2012-09-04 18:01 - 2009-07-13 20:45 - 00024608 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2012-09-04 17:59 - 2009-07-13 21:13 - 00778660 ____A C:\Windows\System32\PerfStringBackup.INI 2012-09-04 17:58 - 2012-09-04 17:58 - 00017755 ____A C:\ComboFix.txt 2012-09-04 17:53 - 2009-07-13 18:34 - 00000215 ____A C:\Windows\system.ini 2012-09-04 17:52 - 2010-11-20 19:47 - 00824526 ____A C:\Windows\PFRO.log 2012-09-04 17:52 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2012-09-04 17:48 - 2012-04-11 12:13 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2012-09-04 17:32 - 2009-07-13 21:08 - 00017904 ____A C:\Windows\Tasks\SCHEDLGU.TXT 2012-09-04 17:26 - 2011-12-19 08:04 - 00000632 _RASH C:\Users\Jack\ntuser.pol 2012-09-04 17:17 - 2012-09-04 12:36 - 00000328 ____A C:\Windows\Tasks\HPCeeScheduleForJack.job 2012-09-04 17:12 - 2012-09-04 17:13 - 04744582 ____R (Swearware) C:\Users\Jack\Desktop\ComboFix.exe 2012-09-04 17:12 - 2012-09-04 17:13 - 00814913 ____A (Farbar) C:\Users\Jack\Desktop\ListParts64.exe 2012-09-04 12:35 - 2011-12-09 19:16 - 00000052 ____A C:\Windows\SysWOW64\DOErrors.log 2012-09-03 18:34 - 2012-08-24 09:28 - 02211928 ____A (Kaspersky Lab ZAO) C:\Users\Jack\Desktop\TDSSKiller.exe 2012-09-03 14:15 - 2012-09-03 14:15 - 00076220 ____A C:\Users\Jack\Downloads\Extras.Txt 2012-09-03 14:14 - 2012-09-03 14:14 - 00082672 ____A C:\Users\Jack\Downloads\OTL.Txt 2012-09-03 12:50 - 2012-09-03 12:50 - 00599040 ____A (OldTimer Tools) C:\Users\Jack\Downloads\OTL.exe 2012-09-03 12:40 - 2012-04-11 12:13 - 00696520 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2012-09-03 12:40 - 2011-10-05 13:25 - 00073416 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2012-09-03 10:59 - 2011-12-05 13:10 - 00000328 ____A C:\Windows\Tasks\HPCeeScheduleForZeke.job 2012-09-03 10:41 - 2012-09-03 10:41 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Jack\Downloads\mbam-setup-1.62.0.1300.exe 2012-09-03 08:27 - 2012-09-03 08:27 - 00000000 ___AH C:\Users\Zeke\Documents\Default.rdp 2012-09-02 17:20 - 2012-02-13 16:15 - 00002450 ____N C:\Users\Public\Desktop\WildTangent Games App - hp.lnk 2012-08-31 15:16 - 2012-08-31 15:17 - 00821736 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll 2012-08-31 15:16 - 2012-08-31 15:17 - 00246760 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2012-08-31 15:16 - 2012-08-31 15:17 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2012-08-31 15:16 - 2012-08-31 15:17 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2012-08-31 15:16 - 2012-08-31 15:17 - 00095208 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2012-08-31 15:16 - 2011-12-19 01:31 - 00746984 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll 2012-08-31 15:15 - 2012-08-31 15:15 - 00894952 ____A (Oracle Corporation) C:\Users\Jack\Downloads\jxpiinstall.exe 2012-08-29 20:23 - 2011-12-17 12:05 - 00000340 ____A C:\Windows\Tasks\HPCeeScheduleForZEKE-HP$.job 2012-08-29 10:58 - 2012-08-29 10:58 - 04755448 ____A C:\Users\Zeke\Downloads\HPPSdr.exe 2012-08-28 19:50 - 2012-08-28 19:50 - 00999840 ____A (Solid State Networks) C:\Users\Zeke\Downloads\install_flashplayer11x32_mssa_au_aih.exe 2012-08-26 19:12 - 2012-01-03 14:00 - 00210722 ____A C:\Windows\hpoins21.dat 2012-08-26 19:12 - 2012-01-03 10:35 - 00005469 ____A C:\Users\All Users\hpzinstall.log 2012-08-26 19:10 - 2012-08-26 19:10 - 00000000 ___AT C:\Windows\System32\CN25NBR1SK05KD 2012-08-21 14:44 - 2012-08-21 14:43 - 06717808 ____A (Support.com ) C:\Users\Zeke\Downloads\ARO2012_tbt(1).exe 2012-08-21 14:43 - 2012-08-21 14:43 - 06717808 ____A (Support.com ) C:\Users\Zeke\Downloads\ARO2012_tbt.exe 2012-08-20 08:04 - 2012-08-14 10:09 - 00001350 ____A C:\Users\Zeke\Desktop\ROBLOX Player.lnk 2012-08-14 10:08 - 2012-08-14 10:08 - 00504248 ____A (Roblox Corporation) C:\Users\Zeke\Downloads\RobloxPlayerLauncher.exe 2012-08-13 12:57 - 2012-08-13 12:38 - 00000348 ____A C:\Windows\Tasks\HPCeeScheduleForMike&Matt.job 2012-08-13 08:20 - 2012-07-30 07:56 - 00001355 ___AH C:\Users\Mike&Matt\Desktop\ROBLOX Player.lnk 2012-08-13 08:20 - 2012-07-30 07:56 - 00001154 ___AH C:\Users\Mike&Matt\Desktop\ROBLOX Studio.lnk 2012-08-06 05:04 - 2012-08-06 05:04 - 00002166 ____A C:\Users\Public\Desktop\HP Officejet Pro 8600.lnk 2012-08-06 05:04 - 2012-08-06 05:04 - 00001860 ____A C:\Users\Public\Desktop\HP ePrintCenter - HP Officejet Pro 8600.lnk 2012-08-06 05:04 - 2012-08-06 05:04 - 00001154 ____A C:\Users\Public\Desktop\Shop for Supplies - HP Officejet Pro 8600.lnk 2012-08-06 05:03 - 2012-08-06 05:03 - 00000057 ____A C:\Users\All Users\Ament.ini 2012-07-24 12:43 - 2011-12-20 13:10 - 00000000 ____A C:\Windows\System32\HP_ActiveX_Patch_NOT_DETECTED.txt 2012-07-17 18:34 - 2011-10-05 13:27 - 00000583 ____A C:\Windows\DirectX.log 2012-07-17 05:28 - 2011-12-18 09:36 - 00000967 ____A C:\Users\Public\Desktop\AVG 2012.lnk 2012-07-10 23:20 - 2009-07-13 20:45 - 00422080 ____A C:\Windows\System32\FNTCACHE.DAT 2012-07-10 23:03 - 2009-07-13 18:34 - 00000478 ____A C:\Windows\win.ini 2012-07-10 23:01 - 2012-01-02 11:20 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe 2012-07-03 09:46 - 2012-09-03 10:40 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys 2012-06-15 07:38 - 2012-06-15 07:38 - 03879304 ____A (AVG Technologies) C:\Users\Zeke\Downloads\avg_free_stb_all_2012_2180_cnet.exe 2012-06-11 19:08 - 2012-07-10 23:03 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2012-06-08 21:43 - 2012-07-10 15:47 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll 2012-06-08 20:41 - 2012-07-10 15:47 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll ZeroAccess: C:\Windows\Installer\{3fc22eb8-6828-94c8-a4f9-b7155f238540} C:\Windows\Installer\{3fc22eb8-6828-94c8-a4f9-b7155f238540}\L C:\Windows\Installer\{3fc22eb8-6828-94c8-a4f9-b7155f238540}\U ZeroAccess: C:\Users\Zeke\AppData\Local\{3fc22eb8-6828-94c8-a4f9-b7155f238540} C:\Users\Zeke\AppData\Local\{3fc22eb8-6828-94c8-a4f9-b7155f238540}\@ C:\Users\Zeke\AppData\Local\{3fc22eb8-6828-94c8-a4f9-b7155f238540}\L C:\Users\Zeke\AppData\Local\{3fc22eb8-6828-94c8-a4f9-b7155f238540}\U C:\Users\Zeke\AppData\Local\{3fc22eb8-6828-94c8-a4f9-b7155f238540}\L\00000004.@ C:\Users\Zeke\AppData\Local\{3fc22eb8-6828-94c8-a4f9-b7155f238540}\L\1afb2d56 C:\Users\Zeke\AppData\Local\{3fc22eb8-6828-94c8-a4f9-b7155f238540}\U\00000004.@ C:\Users\Zeke\AppData\Local\{3fc22eb8-6828-94c8-a4f9-b7155f238540}\U\00000008.@ C:\Users\Zeke\AppData\Local\{3fc22eb8-6828-94c8-a4f9-b7155f238540}\U\000000cb.@ C:\Users\Zeke\AppData\Local\{3fc22eb8-6828-94c8-a4f9-b7155f238540}\U\80000000.@ C:\Users\Zeke\AppData\Local\{3fc22eb8-6828-94c8-a4f9-b7155f238540}\U\80000032.@ C:\Users\Zeke\AppData\Local\{3fc22eb8-6828-94c8-a4f9-b7155f238540}\U\80000064.@ ==================== Known DLLs (Whitelisted) ================= ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= Restore point made on: 2012-08-02 20:36:56 Restore point made on: 2012-08-10 20:00:10 Restore point made on: 2012-08-17 20:00:16 Restore point made on: 2012-08-25 20:00:10 Restore point made on: 2012-08-26 18:20:24 Restore point made on: 2012-08-31 15:14:51 Restore point made on: 2012-08-31 15:16:51 Restore point made on: 2012-09-03 14:11:45 ==================== Memory info =========================== Percentage of memory in use: 16% Total physical RAM: 6050.52 MB Available physical RAM: 5027.49 MB Total Pagefile: 6048.71 MB Available Pagefile: 5017.65 MB Total Virtual: 8192 MB Available Virtual: 8191.89 MB ==================== Partitions ============================ 1 Drive c: (OS) (Fixed) (Total:919.58 GB) (Free:865.52 GB) NTFS 2 Drive e: (HP_RECOVERY) (Fixed) (Total:11.83 GB) (Free:1.45 GB) NTFS ==>[System with boot components (obtained from reading drive)] 3 Drive f: (HP OJ8600) (CDROM) (Total:0.33 GB) (Free:0 GB) CDFS 8 Drive k: (KINGSTON) (Removable) (Total:1.89 GB) (Free:1.85 GB) FAT 9 Drive x: (Boot) (Fixed) (Total:0.12 GB) (Free:0.12 GB) NTFS 10 Drive y: (SYSTEM) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)] Disk ### Status Size Free Dyn Gpt -------- ------------- ------- ------- --- --- Disk 0 Online 931 GB 0 B Disk 1 No Media 0 B 0 B Disk 2 No Media 0 B 0 B Disk 3 No Media 0 B 0 B Disk 4 No Media 0 B 0 B Disk 5 Online 1937 MB 0 B Partitions of Disk 0: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 100 MB 1024 KB Partition 2 Primary 919 GB 101 MB Partition 3 Primary 11 GB 919 GB ================================================================================ == Disk: 0 Partition 1 Type : 07 Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 1 Y SYSTEM NTFS Partition 100 MB Healthy ================================================================================ == Disk: 0 Partition 2 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 2 C OS NTFS Partition 919 GB Healthy ================================================================================ == Disk: 0 Partition 3 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 3 E HP_RECOVERY NTFS Partition 11 GB Healthy ================================================================================ == Partitions of Disk 5: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 1933 MB 4032 KB ================================================================================ == Disk: 5 Partition 1 Type : 0E Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 8 K KINGSTON FAT Removable 1933 MB Healthy ================================================================================ == Last Boot: 2012-08-26 20:24 ==================== End Of Log =============================

#8 jeffce

jeffce

    Super Saiyan

  • Malware Team
  • 8,657 posts
  • MVP

Posted 05 September 2012 - 05:33 AM

Hi,

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt

HKLM-x32\...\Run: [SearchSettings] "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe" [1095560 2012-07-26] (Spigot, Inc.)
C:\Windows\Installer\{3fc22eb8-6828-94c8-a4f9-b7155f238540}
C:\Windows\Installer\{3fc22eb8-6828-94c8-a4f9-b7155f238540}\L
C:\Windows\Installer\{3fc22eb8-6828-94c8-a4f9-b7155f238540}\U
C:\Users\Zeke\AppData\Local\{3fc22eb8-6828-94c8-a4f9-b7155f238540}
C:\Users\Zeke\AppData\Local\{3fc22eb8-6828-94c8-a4f9-b7155f238540}\@
C:\Users\Zeke\AppData\Local\{3fc22eb8-6828-94c8-a4f9-b7155f238540}\L
C:\Users\Zeke\AppData\Local\{3fc22eb8-6828-94c8-a4f9-b7155f238540}\U
C:\Users\Zeke\AppData\Local\{3fc22eb8-6828-94c8-a4f9-b7155f238540}\L\00000004.@
C:\Users\Zeke\AppData\Local\{3fc22eb8-6828-94c8-a4f9-b7155f238540}\L\1afb2d56
C:\Users\Zeke\AppData\Local\{3fc22eb8-6828-94c8-a4f9-b7155f238540}\U\00000004.@
C:\Users\Zeke\AppData\Local\{3fc22eb8-6828-94c8-a4f9-b7155f238540}\U\00000008.@
C:\Users\Zeke\AppData\Local\{3fc22eb8-6828-94c8-a4f9-b7155f238540}\U\000000cb.@
C:\Users\Zeke\AppData\Local\{3fc22eb8-6828-94c8-a4f9-b7155f238540}\U\80000000.@
C:\Users\Zeke\AppData\Local\{3fc22eb8-6828-94c8-a4f9-b7155f238540}\U\80000032.@
C:\Users\Zeke\AppData\Local\{3fc22eb8-6828-94c8-a4f9-b7155f238540}\U\80000064.@

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.
----------

#9 Jaclyn

Jaclyn

    Authentic Member

  • Authentic Member
  • PipPip
  • 66 posts

Posted 05 September 2012 - 07:53 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 04-09-2012 Ran by SYSTEM at 2012-09-05 21:52:17 Run:1 Running from K:\ ============================================== HKEY_LOCAL_MACHINE\software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SearchSettings Value deleted successfully. C:\Windows\Installer\{3fc22eb8-6828-94c8-a4f9-b7155f238540} moved successfully. C:\Windows\Installer\{3fc22eb8-6828-94c8-a4f9-b7155f238540}\L not found. C:\Windows\Installer\{3fc22eb8-6828-94c8-a4f9-b7155f238540}\U not found. C:\Users\Zeke\AppData\Local\{3fc22eb8-6828-94c8-a4f9-b7155f238540} moved successfully. C:\Users\Zeke\AppData\Local\{3fc22eb8-6828-94c8-a4f9-b7155f238540}\@ not found. C:\Users\Zeke\AppData\Local\{3fc22eb8-6828-94c8-a4f9-b7155f238540}\L not found. C:\Users\Zeke\AppData\Local\{3fc22eb8-6828-94c8-a4f9-b7155f238540}\U not found. C:\Users\Zeke\AppData\Local\{3fc22eb8-6828-94c8-a4f9-b7155f238540}\L\00000004.@ not found. C:\Users\Zeke\AppData\Local\{3fc22eb8-6828-94c8-a4f9-b7155f238540}\L\1afb2d56 not found. C:\Users\Zeke\AppData\Local\{3fc22eb8-6828-94c8-a4f9-b7155f238540}\U\00000004.@ not found. C:\Users\Zeke\AppData\Local\{3fc22eb8-6828-94c8-a4f9-b7155f238540}\U\00000008.@ not found. C:\Users\Zeke\AppData\Local\{3fc22eb8-6828-94c8-a4f9-b7155f238540}\U\000000cb.@ not found. C:\Users\Zeke\AppData\Local\{3fc22eb8-6828-94c8-a4f9-b7155f238540}\U\80000000.@ not found. C:\Users\Zeke\AppData\Local\{3fc22eb8-6828-94c8-a4f9-b7155f238540}\U\80000032.@ not found. C:\Users\Zeke\AppData\Local\{3fc22eb8-6828-94c8-a4f9-b7155f238540}\U\80000064.@ not found. ==== End of Fixlog ====

#10 jeffce

jeffce

    Super Saiyan

  • Malware Team
  • 8,657 posts
  • MVP

Posted 05 September 2012 - 08:04 PM

Great job!!

Clear Java Cache

See this page for instructions on how to clear java's cache.

Go into the Control Panel and double-click the Java Icon. (looks like a coffee cup)
  • Under Temporary Internet Files, click the Delete Files button.
  • There are three options in the window to clear the cache - Leave ALL 3 Checked
    • Downloaded Applets
      Downloaded Applications
      Other Files
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Java Control Panel.
----------

I see that your Java software is out of date. Please go to Start >> Control Panel >> Programs and Features >> delete all versions of Java.

Now download and install the newest version from here >> http://java.com/en/download/index.jsp
-------------

Malwarebytes

I see that you have Malwarebytes already on your computer. Please open Malwarebytes, update it and then run a Quick Scan. Save the log that is created for your next reply.
----------

Go here to run an online scannner from ESET. Windows Vista/Windows 7 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator
  • Note: For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
  • Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.
  • Close the ESET online scan, and let me know how things are now.
----------

#11 Jaclyn

Jaclyn

    Authentic Member

  • Authentic Member
  • PipPip
  • 66 posts

Posted 05 September 2012 - 10:10 PM

Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Database version: v2012.09.03.08 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Jack :: ZEKE-HP [administrator] 9/5/2012 10:15:39 PM mbam-log-2012-09-05 (22-15-39).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 249538 Time elapsed: 4 minute(s), 54 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) C:\FRST\Quarantine\{3fc22eb8-6828-94c8-a4f9-b7155f238540}\{3fc22eb8-6828-94c8-a4f9-b7155f238540}\U\00000008.@ Win64/Agent.BA trojan C:\FRST\Quarantine\{3fc22eb8-6828-94c8-a4f9-b7155f238540}\{3fc22eb8-6828-94c8-a4f9-b7155f238540}\U\000000cb.@ Win64/Conedex.B trojan C:\FRST\Quarantine\{3fc22eb8-6828-94c8-a4f9-b7155f238540}\{3fc22eb8-6828-94c8-a4f9-b7155f238540}\U\80000000.@ Win64/Sirefef.AE trojan C:\FRST\Quarantine\{3fc22eb8-6828-94c8-a4f9-b7155f238540}\{3fc22eb8-6828-94c8-a4f9-b7155f238540}\U\80000032.@ a variant of Win32/Sirefef.FD trojan C:\FRST\Quarantine\{3fc22eb8-6828-94c8-a4f9-b7155f238540}\{3fc22eb8-6828-94c8-a4f9-b7155f238540}\U\80000064.@ Win64/Sirefef.AN trojan C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe a variant of Win32/Toolbar.Widgi application C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll a variant of Win32/Toolbar.Widgi application C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.10 a variant of Win32/Toolbar.Widgi application C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.11 a variant of Win32/Toolbar.Widgi application C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.12 a variant of Win32/Toolbar.Widgi application C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.13 a variant of Win32/Toolbar.Widgi application C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.14 a variant of Win32/Toolbar.Widgi application C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.15 a variant of Win32/Toolbar.Widgi application C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.5 a variant of Win32/Toolbar.Widgi application C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.6 a variant of Win32/Toolbar.Widgi application C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.7 a variant of Win32/Toolbar.Widgi application C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.8 a variant of Win32/Toolbar.Widgi application C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.9 a variant of Win32/Toolbar.Widgi application C:\Program Files (x86)\YTD Toolbar\IE\6.2\ytdToolbarIE.dll a variant of Win32/Toolbar.Widgi application C:\ProgramData\YouTube Downloader\ytd_installer.exe Win32/Toolbar.Widgi application C:\Qoobox\Quarantine\C\Windows\Installer\{3fc22eb8-6828-94c8-a4f9-b7155f238540}\U\00000008.@.vir Win64/Agent.BA trojan C:\Qoobox\Quarantine\C\Windows\Installer\{3fc22eb8-6828-94c8-a4f9-b7155f238540}\U\000000cb.@.vir Win64/Conedex.B trojan C:\Qoobox\Quarantine\C\Windows\Installer\{3fc22eb8-6828-94c8-a4f9-b7155f238540}\U\80000000.@.vir Win64/Sirefef.AP trojan C:\Qoobox\Quarantine\C\Windows\Installer\{3fc22eb8-6828-94c8-a4f9-b7155f238540}\U\80000032.@.vir a variant of Win32/Sirefef.FD trojan C:\Qoobox\Quarantine\C\Windows\System32\services.exe.vir Win64/Patched.B.Gen trojan C:\Users\All Users\YouTube Downloader\ytd_installer.exe Win32/Toolbar.Widgi application C:\Users\Mike&Matt\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\EG7VRW48\q[1].htm HTML/Iframe.B.Gen virus C:\Users\Mike&Matt\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36\87d7164-7172b72f Java/Exploit.CVE-2012-0507.DR trojan C:\Users\Zeke\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13\263b4acd-77eda4a3 Java/Exploit.CVE-2011-3544.AV trojan C:\Users\Zeke\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22\3ea2a0d6-7f5e9431 a variant of Java/TrojanDownloader.Agent.AD trojan C:\Users\Zeke\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22\4ace8d16-7071f9ec a variant of Java/Exploit.CVE-2012-1723.BG trojan C:\Users\Zeke\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24\1ecc2fd8-148cd553 multiple threats C:\Users\Zeke\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34\63c20f22-26ebd3cd Java/Agent.EA trojan C:\Users\Zeke\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\1de1e2b-75310e65 a variant of Java/Exploit.CVE-2012-0507.B trojan C:\Users\Zeke\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\41fe522e-40edc995 Java/Exploit.Agent.NBS trojan C:\Users\Zeke\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\4c24ee72-65dd08c5 Java/Exploit.CVE-2011-3544.T trojan C:\Users\Zeke\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51\1edc87b3-377feafb Java/Exploit.Agent.NBS trojan C:\Users\Zeke\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\4af09c36-2429e206 Java/Exploit.CVE-2012-0507.DF trojan C:\Users\Zeke\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\29f90af7-18e3d52d multiple threats C:\Users\Zeke\AppData\Roaming\AVG\Rescue\PC Tuneup 2011\111223002127881.rsc multiple threats C:\Users\Zeke\Desktop\AZ's Stuff\couponprinter.exe probably a variant of Win32/Adware.Softomate.AD application C:\Users\Zeke\Downloads\musicoasis.exe a variant of Win32/InstallIQ application C:\Users\Zeke\Downloads\PhotoCutterSetup.exe multiple threats C:\Users\Zeke\Downloads\registrybooster.exe Win32/RegistryBooster application C:\Users\Zeke\Downloads\YouTubeDownloaderSetup33 (1).exe a variant of Win32/Toolbar.Widgi application C:\Users\Zeke\Downloads\YouTubeDownloaderSetup33.exe a variant of Win32/Toolbar.Widgi application C:\Users\Zeke\Downloads\YouTubeDownloaderSetup35.exe Win32/Toolbar.Widgi application C:\Windows\Installer\9cd3dd3.msi a variant of Win32/Toolbar.Widgi application

#12 jeffce

jeffce

    Super Saiyan

  • Malware Team
  • 8,657 posts
  • MVP

Posted 06 September 2012 - 06:06 AM

Hi,
  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the box below:


    ClearJavaCache::

    File::
    C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe
    C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll
    C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.10
    C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.11
    C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.12
    C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.13
    C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.14
    C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.15
    C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.5
    C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.6
    C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.7
    C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.8
    C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.9
    C:\Program Files (x86)\YTD Toolbar\IE\6.2\ytdToolbarIE.dll
    C:\ProgramData\YouTube Downloader\ytd_installer.exe
    C:\Users\All Users\YouTube Downloader\ytd_installer.exe
    C:\Users\Mike&Matt\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\EG7VRW48\q[1].htm
    C:\Users\Mike&Matt\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36\87d7164-7172b72f
    C:\Users\Zeke\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13\263b4acd-77eda4a3
    C:\Users\Zeke\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22\3ea2a0d6-7f5e9431
    C:\Users\Zeke\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22\4ace8d16-7071f9ec
    C:\Users\Zeke\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24\1ecc2fd8-148cd553
    C:\Users\Zeke\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34\63c20f22-26ebd3cd
    C:\Users\Zeke\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\1de1e2b-75310e65
    C:\Users\Zeke\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\41fe522e-40edc995
    C:\Users\Zeke\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\4c24ee72-65dd08c5
    C:\Users\Zeke\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51\1edc87b3-377feafb
    C:\Users\Zeke\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\4af09c36-2429e206
    C:\Users\Zeke\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\29f90af7-18e3d52d
    C:\Users\Zeke\AppData\Roaming\AVG\Rescue\PC Tuneup 2011\111223002127881.rsc
    C:\Users\Zeke\Desktop\AZ's Stuff\couponprinter.exe
    C:\Users\Zeke\Downloads\musicoasis.exe
    C:\Users\Zeke\Downloads\PhotoCutterSetup.exe
    C:\Users\Zeke\Downloads\registrybooster.exe
    C:\Users\Zeke\Downloads\YouTubeDownloaderSetup33 (1).exe
    C:\Users\Zeke\Downloads\YouTubeDownloaderSetup33.exe
    C:\Users\Zeke\Downloads\YouTubeDownloaderSetup35.exe
    C:\Windows\Installer\9cd3dd3.msi

  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

    Posted Image
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix may request an update; please allow it.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
----------

Please post the new ComboFix log and let me know how your system is running now. :)

#13 Jaclyn

Jaclyn

    Authentic Member

  • Authentic Member
  • PipPip
  • 66 posts

Posted 07 September 2012 - 07:40 PM

I ran combofix, then tried to start firefox and got that error message "Illegal operation attempted on a registry key that has been marked for deletion." so I restarted. Firefox opened fine. Doesn't seem to be hijacked anymore. ComboFix 12-09-07.03 - Jack 09/07/2012 21:18:49.2.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6051.4754 [GMT -4:00] Running from: c:\users\Jack\Desktop\ComboFix.exe Command switches used :: c:\users\Jack\Desktop\CFScript.txt AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . FILE :: "c:\program files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe" "c:\program files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll" "c:\program files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.10" "c:\program files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.11" "c:\program files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.12" "c:\program files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.13" "c:\program files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.14" "c:\program files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.15" "c:\program files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.5" "c:\program files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.6" "c:\program files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.7" "c:\program files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.8" "c:\program files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.9" "c:\program files (x86)\YTD Toolbar\IE\6.2\ytdToolbarIE.dll" "c:\programdata\YouTube Downloader\ytd_installer.exe" "c:\users\All Users\YouTube Downloader\ytd_installer.exe" "c:\users\Mike&Matt\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\EG7VRW48\q[1].htm" "c:\users\Mike&Matt\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36\87d7164-7172b72f" "c:\users\Zeke\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13\263b4acd-77eda4a3" "c:\users\Zeke\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22\3ea2a0d6-7f5e9431" "c:\users\Zeke\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22\4ace8d16-7071f9ec" "c:\users\Zeke\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24\1ecc2fd8-148cd553" "c:\users\Zeke\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34\63c20f22-26ebd3cd" "c:\users\Zeke\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\1de1e2b-75310e65" "c:\users\Zeke\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\41fe522e-40edc995" "c:\users\Zeke\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\4c24ee72-65dd08c5" "c:\users\Zeke\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51\1edc87b3-377feafb" "c:\users\Zeke\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\4af09c36-2429e206" "c:\users\Zeke\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\29f90af7-18e3d52d" "c:\users\Zeke\AppData\Roaming\AVG\Rescue\PC Tuneup 2011\111223002127881.rsc" "c:\users\Zeke\Desktop\AZ's Stuff\couponprinter.exe" "c:\users\Zeke\Downloads\musicoasis.exe" "c:\users\Zeke\Downloads\PhotoCutterSetup.exe" "c:\users\Zeke\Downloads\registrybooster.exe" "c:\users\Zeke\Downloads\YouTubeDownloaderSetup33 (1).exe" "c:\users\Zeke\Downloads\YouTubeDownloaderSetup33.exe" "c:\users\Zeke\Downloads\YouTubeDownloaderSetup35.exe" "c:\windows\Installer\9cd3dd3.msi" . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe c:\program files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll c:\program files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.10 c:\program files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.11 c:\program files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.12 c:\program files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.13 c:\program files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.14 c:\program files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.15 c:\program files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.5 c:\program files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.6 c:\program files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.7 c:\program files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.8 c:\program files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.9 c:\program files (x86)\YTD Toolbar\IE\6.2\ytdToolbarIE.dll c:\programdata\YouTube Downloader\ytd_installer.exe c:\users\All Users\YouTube Downloader\ytd_installer.exe c:\users\Mike&Matt\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\EG7VRW48\q[1].htm c:\users\Zeke\AppData\Roaming\AVG\Rescue\PC Tuneup 2011\111223002127881.rsc c:\users\Zeke\Desktop\AZ's Stuff\couponprinter.exe c:\users\Zeke\Downloads\musicoasis.exe c:\users\Zeke\Downloads\PhotoCutterSetup.exe c:\users\Zeke\Downloads\registrybooster.exe c:\users\Zeke\Downloads\YouTubeDownloaderSetup33 (1).exe c:\users\Zeke\Downloads\YouTubeDownloaderSetup33.exe c:\users\Zeke\Downloads\YouTubeDownloaderSetup35.exe c:\windows\Installer\9cd3dd3.msi . . ((((((((((((((((((((((((( Files Created from 2012-08-08 to 2012-09-08 ))))))))))))))))))))))))))))))) . . 2012-09-08 01:24 . 2012-09-08 01:24 -------- d-----w- c:\users\Zeke\AppData\Local\temp 2012-09-08 01:24 . 2012-09-08 01:24 -------- d-----w- c:\users\Mike&Matt\AppData\Local\temp 2012-09-08 01:24 . 2012-09-08 01:24 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-09-06 02:23 . 2012-09-06 02:23 -------- d-----w- c:\program files (x86)\ESET 2012-09-06 02:15 . 2012-09-06 02:15 -------- d-----w- c:\program files (x86)\Common Files\Java 2012-09-06 02:15 . 2012-09-06 02:15 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2012-09-05 06:25 . 2012-09-05 06:25 -------- d-----w- C:\FRST 2012-09-04 20:35 . 2012-09-04 20:35 -------- d-----w- c:\users\Jack\AppData\Roaming\Hewlett-Packard 2012-09-04 20:34 . 2012-09-04 20:34 -------- d-----w- c:\users\Jack\AppData\Roaming\HpUpdate 2012-09-04 20:34 . 2012-09-04 20:34 -------- d-----w- c:\users\Jack\AppData\Local\Hewlett-Packard 2012-09-03 18:40 . 2012-09-03 18:40 -------- d-----w- c:\users\Jack\AppData\Roaming\Malwarebytes 2012-09-03 18:40 . 2010-03-30 04:46 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys 2012-09-03 18:40 . 2012-09-03 18:41 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-09-03 18:40 . 2012-09-03 18:40 -------- d-----w- c:\programdata\Malwarebytes 2012-09-03 18:40 . 2012-07-03 17:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-09-03 18:38 . 2012-09-03 18:38 -------- d-----w- c:\users\Jack\AppData\Local\HP 2012-09-03 14:07 . 2012-09-03 14:07 -------- d-----w- c:\users\Mike&Matt\AppData\Local\Diagnostics 2012-09-03 01:21 . 2012-09-03 01:35 -------- d-----w- c:\users\Mike&Matt\AppData\Local\Microsoft Games 2012-09-03 01:20 . 2012-09-03 01:20 -------- d-----w- c:\users\Mike&Matt\AppData\Roaming\WildTangent 2012-09-02 00:09 . 2012-09-02 00:09 -------- d-----w- c:\users\Jack\AppData\Local\AuthenTec 2012-08-31 23:17 . 2012-09-06 02:15 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll 2012-08-15 20:09 . 2012-08-15 20:09 -------- d-----w- c:\program files (x86)\Coupons 2012-08-14 18:09 . 2012-08-14 18:23 -------- d-----w- c:\users\Zeke\AppData\Local\Roblox 2012-08-13 20:38 . 2012-08-13 20:38 -------- d--h--w- c:\users\Mike&Matt\AppData\Roaming\Hewlett-Packard 2012-08-13 20:38 . 2012-08-13 20:38 -------- d--h--w- c:\users\Mike&Matt\AppData\Local\Hewlett-Packard . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-09-06 02:15 . 2011-12-19 09:31 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-09-03 20:40 . 2012-04-11 20:13 696520 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-09-03 20:40 . 2011-10-05 21:25 73416 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-07-18 02:34 . 2012-07-18 02:35 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2012-07-11 07:01 . 2012-01-02 19:20 59701280 ----a-w- c:\windows\system32\MRT.exe 2012-06-12 03:08 . 2012-07-11 07:03 3148800 ----a-w- c:\windows\system32\win32k.sys . . ((((((((((((((((((((((((((((( SnapShot@2012-09-05_01.53.35 ))))))))))))))))))))))))))))))))))))))))) . + 2010-11-21 03:09 . 2012-09-08 01:17 34582 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin + 2009-07-14 05:10 . 2012-09-08 01:17 33968 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2011-10-13 17:28 . 2012-09-06 02:08 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2011-10-13 17:28 . 2012-09-03 19:01 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2011-10-13 17:28 . 2012-09-06 02:08 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2011-10-13 17:28 . 2012-09-03 19:01 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-07-14 04:54 . 2012-09-03 19:01 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-07-14 04:54 . 2012-09-06 02:08 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-07-14 04:46 . 2012-09-08 01:19 93232 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat + 2012-09-05 01:27 . 2012-09-08 01:17 3170 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3805376401-1662035509-791222529-1003_UserData.bin - 2012-09-05 01:52 . 2012-09-05 01:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2012-09-08 01:25 . 2012-09-08 01:25 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2012-09-08 01:25 . 2012-09-08 01:25 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2012-09-05 01:52 . 2012-09-05 01:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2012-09-06 02:15 . 2012-09-06 02:15 246760 c:\windows\SysWOW64\javaws.exe - 2012-08-31 23:17 . 2012-08-31 23:16 246760 c:\windows\SysWOW64\javaws.exe - 2012-08-31 23:17 . 2012-08-31 23:16 174056 c:\windows\SysWOW64\javaw.exe + 2012-09-06 02:15 . 2012-09-06 02:15 174056 c:\windows\SysWOW64\javaw.exe - 2012-08-31 23:17 . 2012-08-31 23:16 174056 c:\windows\SysWOW64\java.exe + 2012-09-06 02:15 . 2012-09-06 02:15 174056 c:\windows\SysWOW64\java.exe + 2009-07-14 04:54 . 2012-09-08 01:15 147456 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2009-07-14 04:54 . 2012-09-05 01:39 147456 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2009-07-14 02:36 . 2012-09-05 01:46 660068 c:\windows\system32\perfh009.dat + 2009-07-14 02:36 . 2012-09-08 01:22 660068 c:\windows\system32\perfh009.dat + 2009-07-14 02:36 . 2012-09-08 01:22 120996 c:\windows\system32\perfc009.dat - 2009-07-14 02:36 . 2012-09-05 01:46 120996 c:\windows\system32\perfc009.dat + 2009-07-14 05:01 . 2012-09-08 01:24 395796 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat - 2009-07-14 05:01 . 2012-09-05 01:52 395796 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2012-09-06 02:15 . 2012-09-06 02:15 179200 c:\windows\Installer\47997.msi + 2012-01-04 05:51 . 2012-09-08 01:15 4348868 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3805376401-1662035509-791222529-1003-8192.dat - 2009-07-14 04:54 . 2012-09-05 01:39 15695872 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-07-14 04:54 . 2012-09-08 01:15 15695872 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-07-14 04:54 . 2012-09-08 01:15 16187392 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2009-07-14 04:54 . 2012-09-05 01:39 16187392 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2012-09-06 02:14 . 2012-09-06 02:14 27545600 c:\windows\Installer\47991.msi . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2011-05-05 658424] "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040] "hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528] "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-03 250568] R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-02 183560] R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072] R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-02-27 158976] R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.189\McCHSvc.exe [2010-09-02 227232] R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-20 113120] R3 pmxdrv;pmxdrv;c:\windows\system32\drivers\pmxdrv.sys [2011-10-05 31152] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-12-10 1255736] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184] S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480] S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944] S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-02-22 289872] S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696] S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-03-19 383808] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] S2 Application Updater;Application Updater;c:\program files (x86)\Application Updater\ApplicationUpdater.exe [2012-07-26 794560] S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2012-07-04 5160568] S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288] S2 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-06-09 264008] S2 HPAuto;HP Auto;c:\program files\Hewlett-Packard\HP Auto\HPAuto.exe [2011-02-17 682040] S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168] S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264] S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2012-02-06 13672] S2 jhi_service;Intel® Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [2011-02-24 212944] S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x] S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2011-05-05 1128952] S2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344] S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-02-01 2656280] S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496] S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776] S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys [2010-10-19 56344] S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2011-04-22 1360960] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-04-22 471144] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920] S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Contents of the 'Scheduled Tasks' folder . 2012-09-08 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-11 20:40] . 2012-09-05 c:\windows\Tasks\HPCeeScheduleForJack.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15] . 2012-08-13 c:\windows\Tasks\HPCeeScheduleForMike&Matt.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15] . 2012-09-06 c:\windows\Tasks\HPCeeScheduleForZEKE-HP$.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15] . 2012-09-03 c:\windows\Tasks\HPCeeScheduleForZeke.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-25 168216] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-25 391960] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-25 418584] "hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000 Trusted Zone: intuit.com\ttlc TCP: DhcpNameServer = 192.168.0.1 FF - ProfilePath - c:\users\Jack\AppData\Roaming\Mozilla\Firefox\Profiles\vgt1h20z.default\ FF - prefs.js: browser.search.selectedEngine - Yahoo FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p= . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher] "ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe . ************************************************************************** . Completion time: 2012-09-07 21:30:04 - machine was rebooted ComboFix-quarantined-files.txt 2012-09-08 01:30 ComboFix2.txt 2012-09-05 01:58 . Pre-Run: 928,533,979,136 bytes free Post-Run: 928,355,930,112 bytes free . - - End Of File - - B0E2EDFE356F182F78740468285FC418

#14 jeffce

jeffce

    Super Saiyan

  • Malware Team
  • 8,657 posts
  • MVP

Posted 07 September 2012 - 09:15 PM

Hi,

Glad to hear things are running better. :)

Providing there are no other malware related problems...

IT APPEARS THAT YOUR LOGS ARE NOW CLEAN :D SO LETS DO A COUPLE OF THINGS TO WRAP THIS UP!! :D

This infection appears to have been cleaned, but I can not give you any absolute guarantees. As a precaution, I would go ahead and change all of your passwords as this is especially important after an infection.
----------

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following text into the Run box as shown and click OK.
Combofix /Uninstall
(Note: There is a space between the ..X and the /U that needs to be there.)

Posted Image
----------

Clean up with OTL:
  • Right-click and Run as Administrator OTL.exe to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.
----------

Any of the logs that you created for use in the forums or remaining tools that have not yet been removed can be deleted so they aren't cluttering up your desktop.
If you didn't already have it I would keep Malwarebytes AntiMalware though.


Here are some tips to reduce the potential for spyware infection in the future:

1. Internet Explorer. Even if you don't use it as your main browser it should be kept up-to-date because that is the browser Windows uses for updates.
Make your Internet Explorer more secure
- This can be done by following these simple instructions:
  • From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.
  • Change the Download signed ActiveX controls to Prompt
  • Change the Download unsigned ActiveX controls to Disable
  • Change the Initialize and script ActiveX controls not marked as safe to Disable
  • Change the Installation of desktop items to Prompt
  • Change the Launching programs and files in an IFRAME to Prompt
  • Change the Navigate sub-frames across different domains to Prompt
  • When all these settings have been made, click on the OK button.
  • If it prompts you as to whether or not you want to save the settings, press the Yes button.
  • Next press the Apply button and then the OK to exit the Internet Properties page.
2. Enable Protected Mode in Internet Explorer. This helps Windows Vista users stay more protected from attack by running Internet Explorer with restricted privileges as well as reducing the ability to write, alter or destroy data on your system or install malicious code. To make sure this is running follow these steps:
  • Open Internet Explorer
  • Click on Tools > Internet Options
  • Press Security tab
  • Select Internet zone then place check next to Enable Protected Mode if not already done
  • Do the same for Local Intranet, Trusted Sites and Restricted Sites and then press Apply
  • Restart Internet Explorer and in the bottom right corner of your screen you will see Protected Mode: On showing you it is enabled.
3. Use and update an anti-virus software - I can not overemphasize the need for you to use and update your anti-virus application on a regular basis. With the ever increasing number of new variants of malware arriving on the scene daily, you become very susceptible to an attack without updated protection.

4. Firewall
Using a third-party firewall will allow you to give/deny access for applications that want to go online. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a firewall in its default configuration can lower your risk greatly. I would personally only recommend using one of the following two below:
Online Armor Free
Agnitum Outpost Firewall Free

5. Make sure you keep your Windows OS current. Windows XP users can visit Windows update regularly to download and install any critical updates and service packs. Windows Vista/7 users can open the Start menu > All Programs > Windows Update > Check for Updates (in left hand task pane) to update these systems. Without these you are leaving the back door open.

6. WOT (Web of Trust) As "Googling" is such an integral part of internet life, this free browser add on warns you about risky websites that try to scam visitors, deliver malware or send spam. It is especially helpful when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites. WOT has an add-on available for Firefox, Internet Explorer as well as Google Chrome.

7.Finally, I strongly recommend that you read TonyKlein's good advice So how did I get infected in the first place?

Please reply to this thread once more if you are satisfied so that we can mark the problem as resolved.

#15 Jaclyn

Jaclyn

    Authentic Member

  • Authentic Member
  • PipPip
  • 66 posts

Posted 07 September 2012 - 10:02 PM

I ran Windows Update, but update installation keeps failing.


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users