WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93124 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

I Might Be Infected? [Solved]

Started by thinkativeone , May 08 2013 08:30 PM

This topic is locked

129 replies to this topic

#16 thinkativeone

Authentic Member

Authentic Member
71 posts

Posted 14 May 2013 - 06:44 PM

I read your instructions, but before I proceed, can you tell me if it is okay to do this with Norton still running? Because despite right-clicking it on the taskbar and disabling antivirus auto-protect and the smart firewall, something with it is always still running and warns me to shut it off or the damage risk thing. I just wanted to make sure before I went ahead with this because whatever is still running I cannot seem to find a way to turn that off. Puzzling.

Advertisements

Register to Remove

#17 jeffce

Malware Guy

Authentic Member
8,693 posts

Posted 15 May 2013 - 05:30 AM

It should not be any problem. You should be just fine to go ahead with the instructions.

#18 thinkativeone

Authentic Member

Authentic Member
71 posts

Posted 15 May 2013 - 04:20 PM

Hi, Jeff!

I followed your instructions and that little blue circle perpetually going round and round over my cursor (which has been going on for months!) is finally gone! I did a shut down/restart just to make sure as every once in awhile it would disappear until I would restart, and then it would return. Thank you SO, SO much! :lol:

Here is the log: 3:12 PM 5/15/2013ComboFix 13-05-15.01 - Peter Boggs 05/15/2013 14:51:04.3.2 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4056.2163 [GMT -7:00] Running from: c:\users\Peter Boggs\Desktop\ComboFix.exe Command switches used :: c:\users\Peter Boggs\Desktop\CFScript.txt AV: Norton Security Suite *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} FW: Norton Security Suite *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} SP: Norton Security Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . FILE :: "c:\program files (x86)\SearchProtect\bin\cltmng.exe" "c:\program files (x86)\SearchProtect\bin\CltMngSvc.exe" "c:\users\Peter Boggs\AppData\Roaming\SearchProtect\bin\cltmng.exe" . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files (x86)\SearchProtect\bin\cltmng.exe c:\program files (x86)\SearchProtect\bin\CltMngSvc.exe c:\users\Peter Boggs\AppData\Roaming\SearchProtect\bin\cltmng.exe . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Service_CltMngSvc . . ((((((((((((((((((((((((( Files Created from 2013-04-15 to 2013-05-15 ))))))))))))))))))))))))))))))) . . 2013-05-15 22:01 . 2013-05-15 22:01 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-05-14 03:15 . 2013-05-14 03:15 -------- d-----w- c:\program files (x86)\SearchProtect 2013-05-14 03:15 . 2013-05-14 03:20 -------- d-----w- c:\users\Peter Boggs\AppData\Roaming\SearchProtect 2013-05-14 02:07 . 2013-05-14 02:07 178 ----a-w- c:\windows\DeleteOnReboot.bat 2013-05-13 13:58 . 2013-05-13 13:58 -------- dc----w- C:\SearchProtect 2013-05-07 22:56 . 2013-05-07 22:56 -------- d-----w- c:\program files (x86)\Common Files\Skype 2013-04-23 19:54 . 2013-04-12 14:45 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys 2013-04-18 03:46 . 2013-04-18 03:46 -------- d-----w- c:\program files (x86)\Common Files\Java 2013-04-18 03:45 . 2013-04-04 12:35 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-05-15 19:55 . 2012-10-16 04:09 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-05-15 19:55 . 2012-03-15 06:49 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-05-15 18:07 . 2010-06-04 04:54 75016696 ----a-w- c:\windows\system32\MRT.exe 2013-05-08 06:10 . 2011-02-20 07:03 421200 ----a-w- c:\windows\SysWow64\msvcp100.dll 2013-05-08 06:10 . 2011-02-19 08:40 770384 ----a-w- c:\windows\SysWow64\msvcr100.dll 2013-05-02 03:56 . 2012-06-21 08:45 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2013-03-19 06:04 . 2013-04-10 20:11 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-03-19 05:46 . 2013-04-10 20:11 43520 ----a-w- c:\windows\system32\csrsrv.dll 2013-03-19 05:04 . 2013-04-10 20:11 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2013-03-19 05:04 . 2013-04-10 20:11 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2013-03-19 04:47 . 2013-04-10 20:11 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll 2013-03-19 03:06 . 2013-04-10 20:11 112640 ----a-w- c:\windows\system32\smss.exe 2013-03-14 07:05 . 2011-11-12 22:27 174200 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS 2013-03-06 06:01 . 2012-09-05 10:05 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll 2013-03-06 06:01 . 2012-03-28 01:08 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll 2013-03-01 03:36 . 2013-04-10 20:11 3153408 ----a-w- c:\windows\system32\win32k.sys 2013-02-15 06:08 . 2013-04-10 20:11 44032 ----a-w- c:\windows\system32\tsgqec.dll 2013-02-15 06:06 . 2013-04-10 20:11 3717632 ----a-w- c:\windows\system32\mstscax.dll 2013-02-15 06:02 . 2013-04-10 20:11 158720 ----a-w- c:\windows\system32\aaclient.dll 2013-02-15 04:37 . 2013-04-10 20:11 3217408 ----a-w- c:\windows\SysWow64\mstscax.dll 2013-02-15 04:34 . 2013-04-10 20:11 131584 ----a-w- c:\windows\SysWow64\aaclient.dll 2013-02-15 03:25 . 2013-04-10 20:11 36864 ----a-w- c:\windows\SysWow64\tsgqec.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ComcastAntispyClient"="c:\program files (x86)\comcasttb\ComcastSpywareScan\ComcastAntispy.exe" [2009-08-19 1589208] "F.lux"="c:\users\Peter Boggs\Local Settings\Apps\F.lux\flux.exe" [2009-08-29 966656] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce] "c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2011-10-05 559616] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Constant Guard.lnk - c:\program files (x86)\Constant Guard Protection Suite\IDVault.exe [2012-3-30 5572168] . c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "mixer"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-03-01 161384] R3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe [2012-02-10 240408] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-20 1255736] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280] S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0502020.003\SYMDS64.SYS [2011-01-27 450680] S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0502020.003\SYMEFA64.SYS [2011-03-15 912504] S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20130502.001\BHDrvx64.sys [2013-04-12 1390680] S1 GIDv2;GIDv2; [x] S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20130514.001\IDSvia64.sys [2013-03-12 513184] S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0502020.003\Ironx64.SYS [2010-11-16 171128] S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\0502020.003\SYMNETS.SYS [2011-04-21 386168] S2 AntiSpywareService;Comcast AntiSpyware;c:\program files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe [2009-06-17 616408] S2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe [2012-02-10 193816] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648] S2 IDVaultSvc;CGPS Service;c:\program files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe [2012-03-30 65608] S2 N360;Norton Security Suite;c:\program files (x86)\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe [2011-04-17 130008] S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-03-14 138912] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-05-08 215552] S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-05-20 393728] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-04-09 20:57 1642448 ----a-w- c:\program files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{9191979D-821C-4EA8-B021-2DA1D859A7C5}-3Reg] 2011-07-05 18:26 435976 ----a-w- c:\program files (x86)\SFT\GuardedID\GIDI.exe . Contents of the 'Scheduled Tasks' folder . 2013-05-15 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-16 19:55] . 2013-05-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-25 00:07] . 2013-05-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-25 00:07] . 2013-05-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3768568771-1687975144-3121408415-1000Core.job - c:\users\Peter Boggs\AppData\Local\Google\Update\GoogleUpdate.exe [2013-05-09 22:51] . 2013-05-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3768568771-1687975144-3121408415-1000UA.job - c:\users\Peter Boggs\AppData\Local\Google\Update\GoogleUpdate.exe [2013-05-09 22:51] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4968960] . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService FontCache . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.com mLocal Page = c:\windows\SysWOW64\blank.htm IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 10.0.1.1 FF - ProfilePath - c:\users\Peter Boggs\AppData\Roaming\Mozilla\Firefox\Profiles\99eglmpc.default-1363030535483\ FF - ExtSQL: 2013-05-06 13:04; firefoxextensions@keynote.com; c:\users\Peter Boggs\AppData\Roaming\Mozilla\Firefox\Profiles\99eglmpc.default-1363030535483\extensions\firefoxextensions@keynote.com FF - ExtSQL: 2013-05-13 20:15; {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}; c:\users\Peter Boggs\AppData\Roaming\Mozilla\Firefox\Profiles\99eglmpc.default-1363030535483\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} FF - ExtSQL: !HIDDEN! 2010-05-15 09:24; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) Wow6432Node-HKLM-Run-<NO NAME> - (no file) . . . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\N360] "ImagePath"="\"c:\program files (x86)\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton Security Suite\Engine\5.2.2.3\diMaster.dll\" /prefetch:1" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-3768568771-1687975144-3121408415-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.download\UserChoice] @Denied: (2) (S-1-5-21-3768568771-1687975144-3121408415-1000) @Denied: (2) (LocalSystem) "Progid"="SafariDownload" . [HKEY_USERS\S-1-5-21-3768568771-1687975144-3121408415-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.Email.1" . [HKEY_USERS\S-1-5-21-3768568771-1687975144-3121408415-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice] @Denied: (2) (S-1-5-21-3768568771-1687975144-3121408415-1000) @Denied: (2) (LocalSystem) "Progid"="FirefoxHTML" . [HKEY_USERS\S-1-5-21-3768568771-1687975144-3121408415-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice] @Denied: (2) (S-1-5-21-3768568771-1687975144-3121408415-1000) @Denied: (2) (LocalSystem) "Progid"="FirefoxHTML" . [HKEY_USERS\S-1-5-21-3768568771-1687975144-3121408415-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.safariextz\UserChoice] @Denied: (2) (S-1-5-21-3768568771-1687975144-3121408415-1000) @Denied: (2) (LocalSystem) "Progid"="SafariExtension" . [HKEY_USERS\S-1-5-21-3768568771-1687975144-3121408415-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice] @Denied: (2) (S-1-5-21-3768568771-1687975144-3121408415-1000) @Denied: (2) (LocalSystem) "Progid"="FirefoxHTML" . [HKEY_USERS\S-1-5-21-3768568771-1687975144-3121408415-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.svg\UserChoice] @Denied: (2) (S-1-5-21-3768568771-1687975144-3121408415-1000) @Denied: (2) (LocalSystem) "Progid"="SafariHTML" . [HKEY_USERS\S-1-5-21-3768568771-1687975144-3121408415-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.VCard.1" . [HKEY_USERS\S-1-5-21-3768568771-1687975144-3121408415-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.webarchive\UserChoice] @Denied: (2) (S-1-5-21-3768568771-1687975144-3121408415-1000) @Denied: (2) (LocalSystem) "Progid"="SafariHTML" . [HKEY_USERS\S-1-5-21-3768568771-1687975144-3121408415-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice] @Denied: (2) (S-1-5-21-3768568771-1687975144-3121408415-1000) @Denied: (2) (LocalSystem) "Progid"="FirefoxHTML" . [HKEY_USERS\S-1-5-21-3768568771-1687975144-3121408415-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice] @Denied: (2) (S-1-5-21-3768568771-1687975144-3121408415-1000) @Denied: (2) (LocalSystem) "Progid"="FirefoxHTML" . [HKEY_USERS\S-1-5-21-3768568771-1687975144-3121408415-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xml\UserChoice] @Denied: (2) (S-1-5-21-3768568771-1687975144-3121408415-1000) @Denied: (2) (LocalSystem) "Progid"="SafariHTML" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10b.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10b.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}] @Denied: (A 2) (Everyone) @="IFlashBroker2" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe c:\program files (x86)\CA\PPRT\bin\ITMRTSVC.exe c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe c:\program files (x86)\Dell Support Center\bin\sprtsvc.exe c:\program files (x86)\Dell DataSafe Local Backup\TOASTER.EXE c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe . ************************************************************************** . Completion time: 2013-05-15 15:11:41 - machine was rebooted ComboFix-quarantined-files.txt 2013-05-15 22:11 ComboFix2.txt 2013-05-14 20:31 ComboFix3.txt 2013-05-14 01:23 . Pre-Run: 246,341,099,520 bytes free Post-Run: 245,889,454,080 bytes free . - - End Of File - - 611D46F63B7BB87F173D0628872E1A39

#19 jeffce

Malware Guy

Authentic Member
8,693 posts

Posted 15 May 2013 - 07:42 PM

Hi,

Glad your system is running better now. :thumbup:

Seems we have some more work to do though....we have some entries that don't want to go away.

Posted Image

Tweaking.com Registry Backup

Download the tool found here to your Desktop so it is easy to find.
Double click on the file you just downloaded to install it to your system.
Once the tool is installed, double-click on the Tweaking.com Registry Backup icon
**Note** The tool should automatically open to the Backup Registry tab.
Press Backup Now
When the back up is complete, the tool will tell you that Successful */* Files Backed Up
You have now successfully backed up your Registry.

Run OTL.exe

Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

:Services

:Files
c:\program files (x86)\SearchProtect
c:\users\Peter Boggs\AppData\Roaming\SearchProtect
C:\SearchProtect
ipconfig /flushdns /c

:Commands
[emptytemp]
[resethosts]
[start explorer]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot when it is done
Then run a new scan and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )

Post the new OTL log and let me know how your computer is running.

#20 thinkativeone

Authentic Member

Authentic Member
71 posts

Posted 15 May 2013 - 08:59 PM

Thank you.

It's not running so hard or with so much effort already. I backed up, and pasted the text in the custom OTL scan box, but those boxes you mentioned not checking later are already unchecked. Should I check them the first time, then uncheck the next?

#21 jeffce

Malware Guy

Authentic Member
8,693 posts

Posted 16 May 2013 - 05:49 AM

No you have done everything just fine.

Just leave them unchecked and when you get the new OTL log please post that.

#22 thinkativeone

Authentic Member

Authentic Member
71 posts

Posted 16 May 2013 - 01:25 PM

Bad news: After the reboot, the blue circle on the cursor is back. :wacko:

When the computer rebooted it asked me if it was okay to run OTL against a black screen and after I clicked "Run" a log popped up. Do you need that log?

Here is the result of the scan log:

OTL logfile created on: 5/16/2013 12:02:26 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Peter Boggs\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.96 Gb Total Physical Memory | 2.51 Gb Available Physical Memory | 63.37% Memory free
7.92 Gb Paging File | 6.30 Gb Available in Paging File | 79.58% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.40 Gb Total Space | 228.25 Gb Free Space | 80.54% Space Free | Partition Type: NTFS

Computer Name: PETERBOGGS-PC | User Name: Peter Boggs | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Peter Boggs\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe (White Sky, Inc.)
PRC - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE (Microsoft Corporation.)
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe (SoftThinks - Dell)
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe ()
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe (SoftThinks SAS)
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe (SoftThinks - Dell)
PRC - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\ccsvchst.exe (Symantec Corporation)
PRC - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
PRC - C:\Users\Peter Boggs\Local Settings\Apps\F.lux\flux.exe ()
PRC - C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpy.exe ()
PRC - C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe ()
PRC - C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
PRC - C:\Program Files (x86)\CA\PPRT\bin\ITMRTSVC.exe (CA, Inc.)

========== Modules (No Company Name) ==========

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\af525b4bec3b9941b7be8ffbf813da80\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\30e3a21202000677d0a9270572251477\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7eac0dbe9aa20b55e37235f8ee030e6b\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\716959df79685a1eae0fc14275a32b0f\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\764f15e86c82662e977bd418bd6318c1\System.Configuration.ni.dll ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\78967b28f748b8807eaa97c1cb454adc\WindowsFormsIntegration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\7ff638de44686eab4afaa8b3c8a9cfca\System.ServiceProcess.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\64cf6c356be66bb17c4667d6d8aa467b\System.Web.Services.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\5ecf01964c70e453d71e5d7653912ff9\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\302207b4fa3083899fd8ab4db98cecc5\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d7d20811a7ce7cc589153648cbb1ce5c\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\dd20416f723ee13ffb4173ec1afc4ec4\System.Data.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\23da92e38ffc0bbf6673adb1892aa0f4\UIAutomationProvider.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.ServiceModel\3.0.0.0__b77a5c561934e089\System.ServiceModel.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe ()
MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dll ()
MOD - C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll ()
MOD - C:\Users\Peter Boggs\Local Settings\Apps\F.lux\flux.exe ()
MOD - C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpy.exe ()

========== Services (SafeList) ==========

SRV:64bit: - (wltrysvc) -- C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE ()
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (STacSV) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\stacsv64.exe (IDT, Inc.)
SRV:64bit: - (DockLoginService) -- C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (IDVaultSvc) -- C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe (White Sky, Inc.)
SRV - (BBUpdate) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE (Microsoft Corporation.)
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE (Microsoft Corporation.)
SRV - (SftService) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe (SoftThinks SAS)
SRV - (N360) -- C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe (Symantec Corporation)
SRV - (HPSLPSVC) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.)
SRV - (GameConsoleService) -- C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (GoToAssist) -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (STacSV) -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe (IDT, Inc.)
SRV - (AntiSpywareService) -- C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe ()
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (IAANTMON) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (sprtsvc_DellSupportCenter) -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (ITMRTSVC) -- C:\Program Files (x86)\CA\PPRT\bin\ITMRTSVC.exe (CA, Inc.)

========== Driver Services (SafeList) ==========

DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (GIDv2) -- C:\Windows\SysNative\drivers\gidv2.sys (StrikeForce Technologies, Inc.)
DRV:64bit: - (SymNetS) -- C:\Windows\SysNative\drivers\N360x64\0502020.003\symnets.sys (Symantec Corporation)
DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\N360x64\0502020.003\srtsp64.sys (Symantec Corporation)
DRV:64bit: - (SRTSPX) -- C:\Windows\SysNative\drivers\N360x64\0502020.003\srtspx64.sys (Symantec Corporation)
DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\N360x64\0502020.003\symefa64.sys (Symantec Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (SymDS) -- C:\Windows\SysNative\drivers\N360x64\0502020.003\symds64.sys (Symantec Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (SymIRON) -- C:\Windows\SysNative\drivers\N360x64\0502020.003\ironx64.sys (Symantec Corporation)
DRV:64bit: - (ApfiltrService) -- C:\Windows\SysNative\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV:64bit: - (BCM42RLY) -- C:\Windows\SysNative\drivers\bcm42rly.sys (Broadcom Corporation)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20130516.003\ex64.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20130516.003\eng64.sys (Symantec Corporation)
DRV - (BHDrvx64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20130502.001\BHDrvx64.sys (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20130515.001\IDSviA64.sys (Symantec Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{88BD13B2-4B94-4784-B14D-0178E1D4E71D}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{19B20C5E-1EAF-42DF-BAED-B566063A5EEE}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{1507AC85-B643-45B6-9D3F-FF5148DE8F9F}: "URL" = http://search.condui...?...923452&UM=2
IE - HKCU\..\SearchScopes\{C58A4226-5CDF-4CDA-B167-CFF995A6CE17}: "URL" = http://search.yahoo....p={SearchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: firefoxextensions%40keynote.com:17.0.44.0
FF - prefs.js..extensions.enabledAddons: %7B8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94%7D:10.16.2.509
FF - prefs.js..extensions.enabledAddons: %7BBBDA0591-3099-440a-AA10-41764D9DB4DB%7D:11.3.0.9%20-%205
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Peter Boggs\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Peter Boggs\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Peter Boggs\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Peter Boggs\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Peter Boggs\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Peter Boggs\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/05/15 09:24:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPlgn\ [2013/05/16 12:02:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\coFFPlgn_2011_7_13_2 [2013/05/16 12:02:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/05/13 20:15:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/04/11 14:11:35 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/05/15 09:24:14 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/05/13 20:15:54 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/04/11 14:11:35 | 000,000,000 | ---D | M]

[2012/02/14 02:52:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Peter Boggs\AppData\Roaming\Mozilla\Extensions
[2013/05/14 13:32:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Peter Boggs\AppData\Roaming\Mozilla\Firefox\Profiles\99eglmpc.default-1363030535483\extensions
[2013/05/14 13:32:20 | 000,000,000 | ---D | M] (Swag Bucks) -- C:\Users\Peter Boggs\AppData\Roaming\Mozilla\Firefox\Profiles\99eglmpc.default-1363030535483\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}
[2013/05/06 13:04:19 | 000,000,000 | ---D | M] (Keynote Connector Extension) -- C:\Users\Peter Boggs\AppData\Roaming\Mozilla\Firefox\Profiles\99eglmpc.default-1363030535483\extensions\firefoxextensions@keynote.com
[2013/05/06 13:04:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Peter Boggs\AppData\Roaming\Mozilla\Firefox\Profiles\99eglmpc.default-1363030535483\extensions\firefoxextensions@keynote.com\chrome
[2013/05/06 13:04:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Peter Boggs\AppData\Roaming\Mozilla\Firefox\Profiles\99eglmpc.default-1363030535483\extensions\firefoxextensions@keynote.com\components
[2013/05/06 13:04:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Peter Boggs\AppData\Roaming\Mozilla\Firefox\Profiles\99eglmpc.default-1363030535483\extensions\firefoxextensions@keynote.com\META-INF
[2013/05/13 19:07:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Peter Boggs\AppData\Roaming\Mozilla\Firefox\Profiles\wzi2aots.default\extensions
[2013/04/11 14:11:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/05/16 12:02:17 | 000,000,000 | ---D | M] (Symantec IPS) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPLGN
[2013/04/11 14:11:40 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2013/01/16 13:10:30 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/01/28 00:06:24 | 000,002,024 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\McSiteAdvisor.xml
[2013/02/27 21:35:18 | 000,002,086 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{g
oogle:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{
google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Users\Peter Boggs\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll
CHR - plugin: Java Deployment Toolkit 7.0.110.21 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: Google Docs = C:\Users\Peter Boggs\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Peter Boggs\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Peter Boggs\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Peter Boggs\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Gmail = C:\Users\Peter Boggs\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2013/05/16 11:58:03 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Constant Guard Protection Suite (COM)) - {B84CDBE7-1B46-494B-A188-01D4C52DEB61} - C:\Program Files (x86)\Constant Guard Protection Suite\NativeBHO.dll (WhiteSky)
O2 - BHO: (Updater For XFIN_PORTAL) - {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} - C:\Program Files (x86)\xfin_portal\auxi\comcastAu.dll File not found
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll File not found
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll File not found
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE (Dell Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKCU..\Run: [ComcastAntispyClient] C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntispy.exe ()
O4 - HKCU..\Run: [F.lux] C:\Users\Peter Boggs\Local Settings\Apps\F.lux\flux.exe ()
O4 - HKLM..\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe (Dell)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{04EAB220-19A1-4A18-B73E-2857945EF5B8}: DhcpNameServer = 68.87.69.150 68.87.85.102
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E26C0BF5-7EC8-4DAE-9E88-9C9E7DBA177C}: DhcpNameServer = 10.0.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll File not found
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/05/16 11:56:49 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/05/15 19:52:45 | 000,000,000 | ---D | C] -- C:\RegBackup
[2013/05/15 19:50:24 | 001,345,024 | ---- | C] (Indigo Rose Corporation) -- C:\Users\Peter Boggs\Desktop\uninstall.exe
[2013/05/15 19:50:24 | 000,000,000 | ---D | C] -- C:\Users\Peter Boggs\Desktop\Uninstall
[2013/05/15 19:50:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
[2013/05/15 19:50:24 | 000,000,000 | ---D | C] -- C:\Users\Peter Boggs\Desktop\files
[2013/05/15 15:06:51 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2013/05/15 10:57:49 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/05/15 10:57:48 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/05/15 10:57:48 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/05/15 10:57:47 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013/05/15 10:57:47 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/05/15 10:57:47 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013/05/15 10:57:47 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/05/15 10:57:47 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/05/15 10:57:47 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013/05/15 10:57:47 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/05/15 10:57:47 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013/05/15 10:57:46 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/05/15 10:57:43 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/05/15 10:57:43 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/05/15 10:57:42 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/05/14 13:32:05 | 000,265,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys
[2013/05/14 13:32:05 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2013/05/14 13:32:02 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wwanprotdim.dll
[2013/05/14 13:31:51 | 001,930,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll
[2013/05/14 13:31:50 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll
[2013/05/14 13:31:49 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll
[2013/05/14 13:31:49 | 000,111,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe
[2013/05/13 18:23:28 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/05/13 18:13:21 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/05/13 18:13:21 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/05/13 18:13:21 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/05/13 07:37:31 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/05/13 07:36:54 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/05/13 07:35:47 | 005,066,276 | R--- | C] (Swearware) -- C:\Users\Peter Boggs\Desktop\ComboFix.exe
[2013/05/12 20:37:52 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\Peter Boggs\Desktop\aswMBR.exe
[2013/05/12 16:13:42 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Peter Boggs\Desktop\dds.com
[2013/05/08 16:50:02 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2013/05/07 15:56:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013/05/07 15:56:03 | 000,000,000 | ---D | C] -- C:\Users\Peter Boggs\AppData\Local\{5716B26B-FB76-4D71-807D-FA09843B6F64}
[2013/05/06 15:35:14 | 000,000,000 | ---D | C] -- C:\Users\Peter Boggs\AppData\Local\{1FA89728-E9E9-4CD7-BB64-205BBE8B0FC0}
[2013/04/30 00:00:18 | 001,054,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2013/04/30 00:00:17 | 000,719,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2013/04/30 00:00:17 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
[2013/04/30 00:00:17 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll
[2013/04/30 00:00:17 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2013/04/30 00:00:17 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2013/04/30 00:00:17 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2013/04/30 00:00:17 | 000,137,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013/04/30 00:00:17 | 000,125,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2013/04/30 00:00:17 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2013/04/30 00:00:17 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013/04/30 00:00:17 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2013/04/30 00:00:16 | 001,441,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/04/30 00:00:16 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2013/04/30 00:00:16 | 000,629,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2013/04/30 00:00:16 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2013/04/30 00:00:16 | 000,232,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013/04/30 00:00:16 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2013/04/30 00:00:16 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2013/04/30 00:00:16 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2013/04/30 00:00:16 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2013/04/30 00:00:16 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2013/04/30 00:00:16 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2013/04/30 00:00:16 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2013/04/30 00:00:16 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2013/04/30 00:00:15 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2013/04/30 00:00:15 | 000,762,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2013/04/30 00:00:15 | 000,452,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2013/04/30 00:00:15 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2013/04/30 00:00:15 | 000,281,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2013/04/30 00:00:15 | 000,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2013/04/30 00:00:15 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2013/04/30 00:00:15 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2013/04/30 00:00:14 | 001,509,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013/04/30 00:00:14 | 000,905,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2013/04/30 00:00:14 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013/04/30 00:00:14 | 000,235,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013/04/30 00:00:14 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2013/04/30 00:00:14 | 000,144,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2013/04/30 00:00:14 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2013/04/30 00:00:14 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013/04/30 00:00:14 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2013/04/30 00:00:13 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013/04/30 00:00:13 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2013/04/30 00:00:13 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2013/04/30 00:00:13 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2013/04/30 00:00:13 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2013/04/30 00:00:13 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2013/04/30 00:00:13 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2013/04/30 00:00:13 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2013/04/30 00:00:13 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2013/04/30 00:00:13 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2013/04/30 00:00:13 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2013/04/17 20:46:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013/04/17 20:45:52 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013/04/17 20:45:52 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013/04/17 20:45:52 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

========== Files - Modified Within 30 Days ==========

[2013/05/16 12:06:38 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/05/16 12:06:38 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/05/16 12:02:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/05/16 11:59:20 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/05/16 11:59:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/05/16 11:58:51 | 3190,050,816 | -HS- | M] () -- C:\hiberfil.sys
[2013/05/16 11:58:03 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2013/05/16 11:56:01 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3768568771-1687975144-3121408415-1000UA.job
[2013/05/16 11:55:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/05/16 11:12:52 | 000,343,600 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/05/15 19:56:07 | 000,000,301 | ---- | M] () -- C:\Users\Peter Boggs\Desktop\Settings.ini
[2013/05/15 19:54:07 | 000,000,207 | ---- | M] () -- C:\Windows\tweaking.com-regbackup-PETERBOGGS-PC-Microsoft-Windows-7-Home-Premium-(64-bit).dat
[2013/05/15 19:50:25 | 000,001,559 | ---- | M] () -- C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
[2013/05/15 19:50:24 | 001,345,024 | ---- | M] (Indigo Rose Corporation) -- C:\Users\Peter Boggs\Desktop\uninstall.exe
[2013/05/15 19:50:24 | 000,325,960 | ---- | M] () -- C:\Users\Peter Boggs\Desktop\lua5.1.dll
[2013/05/15 15:56:01 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3768568771-1687975144-3121408415-1000Core.job
[2013/05/15 14:47:50 | 005,066,276 | R--- | M] (Swearware) -- C:\Users\Peter Boggs\Desktop\ComboFix.exe
[2013/05/15 12:55:27 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/05/15 12:55:27 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/05/15 11:03:41 | 000,740,814 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/05/15 11:03:41 | 000,624,412 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/05/15 11:03:41 | 000,106,756 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/05/13 19:07:37 | 000,000,178 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat
[2013/05/12 21:09:05 | 000,628,743 | ---- | M] () -- C:\Users\Peter Boggs\Desktop\AdwCleaner.exe
[2013/05/12 20:39:20 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Peter Boggs\Desktop\aswMBR.exe
[2013/05/12 16:13:43 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Peter Boggs\Desktop\dds.com
[2013/05/07 23:10:12 | 000,770,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcr100.dll
[2013/05/07 23:10:12 | 000,421,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcp100.dll
[2013/05/05 23:12:06 | 742,030,667 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/04/30 00:00:18 | 001,054,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2013/04/30 00:00:17 | 000,719,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2013/04/30 00:00:17 | 000,226,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
[2013/04/30 00:00:17 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll
[2013/04/30 00:00:17 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2013/04/30 00:00:17 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2013/04/30 00:00:17 | 000,138,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2013/04/30 00:00:17 | 000,137,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013/04/30 00:00:17 | 000,125,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2013/04/30 00:00:17 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2013/04/30 00:00:17 | 000,079,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013/04/30 00:00:17 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2013/04/30 00:00:16 | 001,441,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/04/30 00:00:16 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2013/04/30 00:00:16 | 000,629,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2013/04/30 00:00:16 | 000,361,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2013/04/30 00:00:16 | 000,232,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013/04/30 00:00:16 | 000,117,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2013/04/30 00:00:16 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2013/04/30 00:00:16 | 000,073,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2013/04/30 00:00:16 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2013/04/30 00:00:16 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2013/04/30 00:00:16 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2013/04/30 00:00:16 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/04/30 00:00:16 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2013/04/30 00:00:16 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2013/04/30 00:00:15 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2013/04/30 00:00:15 | 000,762,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2013/04/30 00:00:15 | 000,452,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2013/04/30 00:00:15 | 000,441,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2013/04/30 00:00:15 | 000,281,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2013/04/30 00:00:15 | 000,216,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2013/04/30 00:00:15 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2013/04/30 00:00:15 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2013/04/30 00:00:14 | 001,509,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013/04/30 00:00:14 | 000,905,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2013/04/30 00:00:14 | 000,599,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013/04/30 00:00:14 | 000,235,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013/04/30 00:00:14 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2013/04/30 00:00:14 | 000,144,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2013/04/30 00:00:14 | 000,102,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2013/04/30 00:00:14 | 000,097,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013/04/30 00:00:14 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2013/04/30 00:00:14 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013/04/30 00:00:13 | 000,173,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013/04/30 00:00:13 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2013/04/30 00:00:13 | 000,136,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2013/04/30 00:00:13 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2013/04/30 00:00:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2013/04/30 00:00:13 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2013/04/30 00:00:13 | 000,062,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2013/04/30 00:00:13 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2013/04/30 00:00:13 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2013/04/30 00:00:13 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2013/04/30 00:00:13 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2013/04/25 21:32:51 | 000,280,276 | ---- | M] () -- C:\Users\Peter Boggs\Desktop\52157x.jpg
[2013/04/25 21:22:05 | 000,090,775 | ---- | M] () -- C:\Users\Peter Boggs\Desktop\281875_481961278526156_1118977084_n.jpg
[2013/04/23 20:23:24 | 000,017,954 | ---- | M] () -- C:\Users\Peter Boggs\Desktop\3E33N43H75N65E55K3d4hc6adbb2c19d7186d.jpg

========== Files Created - No Company Name ==========

[2013/05/15 19:54:07 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-PETERBOGGS-PC-Microsoft-Windows-7-Home-Premium-(64-bit).dat
[2013/05/15 19:50:24 | 000,325,960 | ---- | C] () -- C:\Users\Peter Boggs\Desktop\lua5.1.dll
[2013/05/15 19:50:24 | 000,001,559 | ---- | C] () -- C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
[2013/05/13 19:07:09 | 000,000,178 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat
[2013/05/13 18:13:21 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/05/13 18:13:21 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/05/13 18:13:21 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/05/13 18:13:21 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/05/13 18:13:21 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/05/12 21:09:05 | 000,628,743 | ---- | C] () -- C:\Users\Peter Boggs\Desktop\AdwCleaner.exe
[2013/05/09 15:51:28 | 000,000,932 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3768568771-1687975144-3121408415-1000UA.job
[2013/05/09 15:51:27 | 000,000,880 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3768568771-1687975144-3121408415-1000Core.job
[2013/04/30 00:00:16 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/04/30 00:00:14 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013/04/25 21:32:51 | 000,280,276 | ---- | C] () -- C:\Users\Peter Boggs\Desktop\52157x.jpg
[2013/04/25 21:22:04 | 000,090,775 | ---- | C] () -- C:\Users\Peter Boggs\Desktop\281875_481961278526156_1118977084_n.jpg
[2013/04/23 20:23:24 | 000,017,954 | ---- | C] () -- C:\Users\Peter Boggs\Desktop\3E33N43H75N65E55K3d4hc6adbb2c19d7186d.jpg
[2013/04/19 09:47:45 | 742,030,667 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/09/05 03:08:58 | 000,000,243 | ---- | C] () -- C:\Users\Peter Boggs\dsj.xml
[2012/09/05 03:08:58 | 000,000,000 | ---- | C] () -- C:\Users\Peter Boggs\G3sessionisrunning
[2012/03/14 23:49:29 | 000,144,768 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2011/09/22 20:56:44 | 000,000,326 | ---- | C] () -- C:\Users\Peter Boggs\AppData\Roaming\wklnhst.dat
[2011/01/15 23:34:22 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat

========== ZeroAccess Check ==========

[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/26 22:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/26 21:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 05:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >

#23 jeffce

Malware Guy

Authentic Member
8,693 posts

Posted 16 May 2013 - 02:23 PM

Do you need that log?

Yes please post that as well. Then we will see what we still have.

#24 thinkativeone

Authentic Member

Authentic Member
71 posts

Posted 16 May 2013 - 03:03 PM

Reboot log:

All processes killed
========== SERVICES/DRIVERS ==========
========== FILES ==========
c:\program files (x86)\SearchProtect\ffprotect folder moved successfully.
c:\program files (x86)\SearchProtect\Dialogs\spsd\images folder moved successfully.
c:\program files (x86)\SearchProtect\Dialogs\spsd folder moved successfully.
c:\program files (x86)\SearchProtect\Dialogs\spbd\images folder moved successfully.
c:\program files (x86)\SearchProtect\Dialogs\spbd folder moved successfully.
c:\program files (x86)\SearchProtect\Dialogs\lib folder moved successfully.
c:\program files (x86)\SearchProtect\Dialogs folder moved successfully.
c:\program files (x86)\SearchProtect\bin folder moved successfully.
c:\program files (x86)\SearchProtect folder moved successfully.
c:\users\Peter Boggs\AppData\Roaming\SearchProtect\ffprotect\SProtectorRepository folder moved successfully.
c:\users\Peter Boggs\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spsd\images folder moved successfully.
c:\users\Peter Boggs\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spsd folder moved successfully.
c:\users\Peter Boggs\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spbd\images folder moved successfully.
c:\users\Peter Boggs\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spbd folder moved successfully.
c:\users\Peter Boggs\AppData\Roaming\SearchProtect\ffprotect\Dialogs\lib folder moved successfully.
c:\users\Peter Boggs\AppData\Roaming\SearchProtect\ffprotect\Dialogs folder moved successfully.
c:\users\Peter Boggs\AppData\Roaming\SearchProtect\ffprotect folder moved successfully.
c:\users\Peter Boggs\AppData\Roaming\SearchProtect\Dialogs\spsd\images folder moved successfully.
c:\users\Peter Boggs\AppData\Roaming\SearchProtect\Dialogs\spsd folder moved successfully.
c:\users\Peter Boggs\AppData\Roaming\SearchProtect\Dialogs\spbd\images folder moved successfully.
c:\users\Peter Boggs\AppData\Roaming\SearchProtect\Dialogs\spbd folder moved successfully.
c:\users\Peter Boggs\AppData\Roaming\SearchProtect\Dialogs\lib folder moved successfully.
c:\users\Peter Boggs\AppData\Roaming\SearchProtect\Dialogs folder moved successfully.
c:\users\Peter Boggs\AppData\Roaming\SearchProtect\bin folder moved successfully.
c:\users\Peter Boggs\AppData\Roaming\SearchProtect folder moved successfully.
C:\SearchProtect\ffprotect folder moved successfully.
C:\SearchProtect folder moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Peter Boggs\Downloads\cmd.bat deleted successfully.
C:\Users\Peter Boggs\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Peter Boggs
->Temp folder emptied: 28611 bytes
->Temporary Internet Files folder emptied: 87843905 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 207727069 bytes
->Google Chrome cache emptied: 41133541 bytes
->Apple Safari cache emptied: 159304704 bytes
->Flash cache emptied: 26350 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 37935 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 78317307 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 749 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 548.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.69.0 log created on 05162013_115649

Files\Folders moved on Reboot...
C:\Users\Peter Boggs\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

#25 jeffce

Malware Guy

Authentic Member
8,693 posts

Posted 17 May 2013 - 05:35 AM

Hi,

While I am researching the other OTL log that you posted, please do the following:

Posted Image

Please download TDSSKiller

Double click TDSSKiller.exe
Press Start Scan but do nothing else as we are just looking for what is there.
If Malicious objects are found, select Skip by changing the Cure dropdown in the upper right.
Attach the log in your next reply
A copy of the log will be saved automatically to the root of the drive (typically C:\)

Malwarebytes Anti-Rootkit

Please download Malwarebytes Anti-Rootkit and save it to your desktop.

Be sure to print out and follow the instructions provided on that same page.
Caution: This is a beta version so please be sure to read the disclaimer and back up all your data before using.
Scan your system for malware
If malware is found, please go to the MBAR folder and then copy/paste the contents of the MBAR-log-***.txt file to your next reply.

If no malware is found please let me know.
----------

Advertisements

Register to Remove

#26 thinkativeone

Authentic Member

Authentic Member
71 posts

Posted 17 May 2013 - 02:29 PM

Thank you. The circle on my cursor is gone again today. :huh:

Here is the first log, however I am having some difficulty getting Malwarebytes to run. I keep getting a system error because a Gui file is not available, and prompted to reinstall to fix the problem. First log: 13:12:40.0049 6064 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42 13:12:41.0346 6064 ============================================================ 13:12:41.0346 6064 Current date / time: 2013/05/17 13:12:41.0346 13:12:41.0346 6064 SystemInfo: 13:12:41.0346 6064 13:12:41.0346 6064 OS Version: 6.1.7601 ServicePack: 1.0 13:12:41.0346 6064 Product type: Workstation 13:12:41.0346 6064 ComputerName: PETERBOGGS-PC 13:12:41.0346 6064 UserName: Peter Boggs 13:12:41.0346 6064 Windows directory: C:\Windows 13:12:41.0346 6064 System windows directory: C:\Windows 13:12:41.0346 6064 Running under WOW64 13:12:41.0346 6064 Processor architecture: Intel x64 13:12:41.0346 6064 Number of processors: 2 13:12:41.0346 6064 Page size: 0x1000 13:12:41.0346 6064 Boot type: Normal boot 13:12:41.0346 6064 ============================================================ 13:12:42.0097 6064 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 13:12:42.0112 6064 ============================================================ 13:12:42.0113 6064 \Device\Harddisk0\DR0: 13:12:42.0113 6064 MBR partitions: 13:12:42.0113 6064 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1D4C000 13:12:42.0113 6064 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1D60000, BlocksNum 0x236CE2B0 13:12:42.0113 6064 ============================================================ 13:12:42.0149 6064 C: <-> \Device\Harddisk0\DR0\Partition2 13:12:42.0149 6064 ============================================================ 13:12:42.0149 6064 Initialize success 13:12:42.0149 6064 ============================================================ 13:12:53.0221 3216 ============================================================ 13:12:53.0221 3216 Scan started 13:12:53.0221 3216 Mode: Manual; 13:12:53.0221 3216 ============================================================ 13:12:53.0566 3216 ================ Scan system memory ======================== 13:12:53.0566 3216 System memory - ok 13:12:53.0566 3216 ================ Scan services ============================= 13:12:53.0801 3216 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys 13:12:53.0806 3216 1394ohci - ok 13:12:53.0851 3216 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys 13:12:53.0856 3216 ACPI - ok 13:12:53.0921 3216 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys 13:12:53.0921 3216 AcpiPmi - ok 13:12:54.0011 3216 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 13:12:54.0016 3216 AdobeARMservice - ok 13:12:54.0226 3216 [ F040037B149FD0F5A5044AE563390FA7 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 13:12:54.0231 3216 AdobeFlashPlayerUpdateSvc - ok 13:12:54.0296 3216 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys 13:12:54.0306 3216 adp94xx - ok 13:12:54.0346 3216 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys 13:12:54.0351 3216 adpahci - ok 13:12:54.0401 3216 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys 13:12:54.0406 3216 adpu320 - ok 13:12:54.0441 3216 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 13:12:54.0446 3216 AeLookupSvc - ok 13:12:54.0506 3216 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys 13:12:54.0511 3216 AFD - ok 13:12:54.0546 3216 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys 13:12:54.0551 3216 agp440 - ok 13:12:54.0606 3216 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe 13:12:54.0611 3216 ALG - ok 13:12:54.0661 3216 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys 13:12:54.0661 3216 aliide - ok 13:12:54.0686 3216 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys 13:12:54.0691 3216 amdide - ok 13:12:54.0736 3216 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys 13:12:54.0736 3216 AmdK8 - ok 13:12:54.0766 3216 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys 13:12:54.0766 3216 AmdPPM - ok 13:12:54.0816 3216 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys 13:12:54.0821 3216 amdsata - ok 13:12:54.0861 3216 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys 13:12:54.0881 3216 amdsbs - ok 13:12:54.0916 3216 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys 13:12:54.0916 3216 amdxata - ok 13:12:55.0016 3216 [ F9DAC844B1D370DA4C984D4C22F5E696 ] AntiSpywareService C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe 13:12:55.0021 3216 AntiSpywareService - ok 13:12:55.0076 3216 [ 9B0B7FDE049CB283FABE5877A49F2611 ] ApfiltrService C:\Windows\system32\DRIVERS\Apfiltr.sys 13:12:55.0081 3216 ApfiltrService - ok 13:12:55.0141 3216 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys 13:12:55.0146 3216 AppID - ok 13:12:55.0196 3216 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll 13:12:55.0196 3216 AppIDSvc - ok 13:12:55.0226 3216 [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo C:\Windows\System32\appinfo.dll 13:12:55.0231 3216 Appinfo - ok 13:12:55.0291 3216 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys 13:12:55.0296 3216 arc - ok 13:12:55.0331 3216 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys 13:12:55.0331 3216 arcsas - ok 13:12:55.0376 3216 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 13:12:55.0381 3216 AsyncMac - ok 13:12:55.0431 3216 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys 13:12:55.0436 3216 atapi - ok 13:12:55.0496 3216 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 13:12:55.0506 3216 AudioEndpointBuilder - ok 13:12:55.0521 3216 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll 13:12:55.0526 3216 AudioSrv - ok 13:12:55.0576 3216 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll 13:12:55.0581 3216 AxInstSV - ok 13:12:55.0631 3216 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys 13:12:55.0641 3216 b06bdrv - ok 13:12:55.0671 3216 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys 13:12:55.0681 3216 b57nd60a - ok 13:12:55.0811 3216 [ A2494901E7226B356B8C1005C45F1C5F ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe 13:12:55.0811 3216 BBSvc - ok 13:12:55.0881 3216 [ 63B1CBBAE4790B5BAC98F01BF9449722 ] BBUpdate C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe 13:12:55.0891 3216 BBUpdate - ok 13:12:55.0921 3216 [ E001DD475A7C27EBE5A0DB45C11BAD71 ] BCM42RLY C:\Windows\system32\drivers\BCM42RLY.sys 13:12:55.0921 3216 BCM42RLY - ok 13:12:56.0021 3216 [ 37394D3553E220FB732C21E217E1BD8B ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys 13:12:56.0046 3216 BCM43XX - ok 13:12:56.0106 3216 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll 13:12:56.0111 3216 BDESVC - ok 13:12:56.0156 3216 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys 13:12:56.0156 3216 Beep - ok 13:12:56.0221 3216 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll 13:12:56.0231 3216 BFE - ok 13:12:56.0416 3216 [ 7B56A40EAAACF1867FF178501D3EA185 ] BHDrvx64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20130502.001\BHDrvx64.sys 13:12:56.0431 3216 BHDrvx64 - ok 13:12:56.0476 3216 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll 13:12:56.0486 3216 BITS - ok 13:12:56.0516 3216 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys 13:12:56.0516 3216 blbdrive - ok 13:12:56.0556 3216 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys 13:12:56.0561 3216 bowser - ok 13:12:56.0586 3216 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys 13:12:56.0591 3216 BrFiltLo - ok 13:12:56.0606 3216 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys 13:12:56.0606 3216 BrFiltUp - ok 13:12:56.0651 3216 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys 13:12:56.0656 3216 BridgeMP - ok 13:12:56.0691 3216 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll 13:12:56.0691 3216 Browser - ok 13:12:56.0731 3216 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys 13:12:56.0736 3216 Brserid - ok 13:12:56.0761 3216 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys 13:12:56.0761 3216 BrSerWdm - ok 13:12:56.0816 3216 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys 13:12:56.0816 3216 BrUsbMdm - ok 13:12:56.0836 3216 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys 13:12:56.0841 3216 BrUsbSer - ok 13:12:56.0881 3216 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys 13:12:56.0886 3216 BTHMODEM - ok 13:12:56.0921 3216 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll 13:12:56.0926 3216 bthserv - ok 13:12:56.0931 3216 catchme - ok 13:12:56.0976 3216 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 13:12:56.0981 3216 cdfs - ok 13:12:57.0036 3216 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys 13:12:57.0036 3216 cdrom - ok 13:12:57.0086 3216 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll 13:12:57.0091 3216 CertPropSvc - ok 13:12:57.0126 3216 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys 13:12:57.0131 3216 circlass - ok 13:12:57.0166 3216 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys 13:12:57.0171 3216 CLFS - ok 13:12:57.0241 3216 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 13:12:57.0246 3216 clr_optimization_v2.0.50727_32 - ok 13:12:57.0316 3216 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 13:12:57.0331 3216 clr_optimization_v2.0.50727_64 - ok 13:12:57.0396 3216 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 13:12:57.0396 3216 clr_optimization_v4.0.30319_32 - ok 13:12:57.0436 3216 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 13:12:57.0441 3216 clr_optimization_v4.0.30319_64 - ok 13:12:57.0476 3216 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys 13:12:57.0476 3216 CmBatt - ok 13:12:57.0516 3216 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys 13:12:57.0521 3216 cmdide - ok 13:12:57.0561 3216 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys 13:12:57.0571 3216 CNG - ok 13:12:57.0631 3216 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys 13:12:57.0636 3216 Compbatt - ok 13:12:57.0661 3216 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys 13:12:57.0661 3216 CompositeBus - ok 13:12:57.0686 3216 COMSysApp - ok 13:12:57.0726 3216 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys 13:12:57.0726 3216 crcdisk - ok 13:12:57.0781 3216 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll 13:12:57.0786 3216 CryptSvc - ok 13:12:57.0836 3216 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll 13:12:57.0846 3216 DcomLaunch - ok 13:12:57.0896 3216 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll 13:12:57.0901 3216 defragsvc - ok 13:12:57.0951 3216 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys 13:12:57.0951 3216 DfsC - ok 13:12:57.0981 3216 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll 13:12:57.0986 3216 Dhcp - ok 13:12:58.0016 3216 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys 13:12:58.0016 3216 discache - ok 13:12:58.0071 3216 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys 13:12:58.0071 3216 Disk - ok 13:12:58.0101 3216 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll 13:12:58.0101 3216 Dnscache - ok 13:12:58.0191 3216 [ 0840ABBBDF438691EE65A20040635CBE ] DockLoginService C:\Program Files\Dell\DellDock\DockLogin.exe 13:12:58.0196 3216 DockLoginService - ok 13:12:58.0221 3216 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll 13:12:58.0226 3216 dot3svc - ok 13:12:58.0281 3216 [ B42ED0320C6E41102FDE0005154849BB ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys 13:12:58.0286 3216 Dot4 - ok 13:12:58.0321 3216 [ E9F5969233C5D89F3C35E3A66A52A361 ] Dot4Print C:\Windows\system32\drivers\Dot4Prt.sys 13:12:58.0326 3216 Dot4Print - ok 13:12:58.0356 3216 [ FD05A02B0370BC3000F402E543CA5814 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys 13:12:58.0361 3216 dot4usb - ok 13:12:58.0391 3216 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll 13:12:58.0396 3216 DPS - ok 13:12:58.0441 3216 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 13:12:58.0441 3216 drmkaud - ok 13:12:58.0491 3216 [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 13:12:58.0501 3216 DXGKrnl - ok 13:12:58.0536 3216 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll 13:12:58.0541 3216 EapHost - ok 13:12:58.0636 3216 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys 13:12:58.0691 3216 ebdrv - ok 13:12:58.0771 3216 [ 4353FF94D47A0A9D52B89ECCF0CDB013 ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys 13:12:58.0776 3216 eeCtrl - ok 13:12:58.0806 3216 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe 13:12:58.0806 3216 EFS - ok 13:12:58.0871 3216 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe 13:12:58.0881 3216 ehRecvr - ok 13:12:58.0916 3216 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe 13:12:58.0921 3216 ehSched - ok 13:12:58.0971 3216 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys 13:12:58.0981 3216 elxstor - ok 13:12:59.0041 3216 [ C5BCCB378D0A896304A3E71BE7215983 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 13:12:59.0041 3216 EraserUtilRebootDrv - ok 13:12:59.0081 3216 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys 13:12:59.0081 3216 ErrDev - ok 13:12:59.0146 3216 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll 13:12:59.0151 3216 EventSystem - ok 13:12:59.0171 3216 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys 13:12:59.0176 3216 exfat - ok 13:12:59.0191 3216 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys 13:12:59.0196 3216 fastfat - ok 13:12:59.0256 3216 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe 13:12:59.0266 3216 Fax - ok 13:12:59.0301 3216 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys 13:12:59.0306 3216 fdc - ok 13:12:59.0336 3216 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll 13:12:59.0336 3216 fdPHost - ok 13:12:59.0356 3216 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll 13:12:59.0361 3216 FDResPub - ok 13:12:59.0376 3216 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 13:12:59.0381 3216 FileInfo - ok 13:12:59.0416 3216 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys 13:12:59.0416 3216 Filetrace - ok 13:12:59.0441 3216 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys 13:12:59.0446 3216 flpydisk - ok 13:12:59.0501 3216 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 13:12:59.0506 3216 FltMgr - ok 13:12:59.0566 3216 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\Windows\system32\FntCache.dll 13:12:59.0586 3216 FontCache - ok 13:12:59.0641 3216 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 13:12:59.0641 3216 FontCache3.0.0.0 - ok 13:12:59.0676 3216 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys 13:12:59.0681 3216 FsDepends - ok 13:12:59.0716 3216 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 13:12:59.0716 3216 Fs_Rec - ok 13:12:59.0766 3216 [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys 13:12:59.0771 3216 fvevol - ok 13:12:59.0811 3216 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys 13:12:59.0811 3216 gagp30kx - ok 13:12:59.0901 3216 [ D154305DE6090E6E84E525F84BB08A06 ] GameConsoleService C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe 13:12:59.0906 3216 GameConsoleService - ok 13:12:59.0946 3216 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 13:12:59.0946 3216 GEARAspiWDM - ok 13:12:59.0976 3216 [ 9BA22AEE7F531EF9CE085CC2E1112BC4 ] GIDv2 C:\Windows\system32\drivers\GIDv2.sys 13:12:59.0981 3216 GIDv2 - ok 13:13:00.0041 3216 [ D3316F6E3C011435F36E3D6E49B3196C ] GoToAssist C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe 13:13:00.0046 3216 GoToAssist - ok 13:13:00.0091 3216 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll 13:13:00.0101 3216 gpsvc - ok 13:13:00.0186 3216 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 13:13:00.0191 3216 gupdate - ok 13:13:00.0206 3216 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 13:13:00.0211 3216 gupdatem - ok 13:13:00.0261 3216 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys 13:13:00.0266 3216 hcw85cir - ok 13:13:00.0316 3216 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys 13:13:00.0321 3216 HDAudBus - ok 13:13:00.0346 3216 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys 13:13:00.0346 3216 HidBatt - ok 13:13:00.0376 3216 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys 13:13:00.0376 3216 HidBth - ok 13:13:00.0396 3216 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys 13:13:00.0401 3216 HidIr - ok 13:13:00.0421 3216 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll 13:13:00.0426 3216 hidserv - ok 13:13:00.0491 3216 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\drivers\hidusb.sys 13:13:00.0496 3216 HidUsb - ok 13:13:00.0531 3216 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll 13:13:00.0536 3216 hkmsvc - ok 13:13:00.0571 3216 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll 13:13:00.0576 3216 HomeGroupListener - ok 13:13:00.0586 3216 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll 13:13:00.0591 3216 HomeGroupProvider - ok 13:13:00.0701 3216 [ 0A3C6AA4A9FC38C20BA4EAC2C3351C05 ] hpqcxs08 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll 13:13:00.0706 3216 hpqcxs08 - ok 13:13:00.0741 3216 [ F3F72A2A86C22610BCA5439FA789DD52 ] hpqddsvc C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll 13:13:00.0741 3216 hpqddsvc - ok 13:13:00.0786 3216 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys 13:13:00.0791 3216 HpSAMD - ok 13:13:00.0841 3216 [ F37882F128EFACEFE353E0BAE2766909 ] HPSLPSVC C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL 13:13:00.0856 3216 HPSLPSVC - ok 13:13:00.0921 3216 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys 13:13:00.0931 3216 HTTP - ok 13:13:00.0961 3216 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys 13:13:00.0961 3216 hwpolicy - ok 13:13:00.0996 3216 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys 13:13:00.0996 3216 i8042prt - ok 13:13:01.0051 3216 [ 7548066DF68A8A1A56B043359F915F37 ] IAANTMON C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe 13:13:01.0056 3216 IAANTMON - ok 13:13:01.0096 3216 [ 1D004CB1DA6323B1F55CAEF7F94B61D9 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys 13:13:01.0096 3216 iaStor - ok 13:13:01.0146 3216 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys 13:13:01.0156 3216 iaStorV - ok 13:13:01.0216 3216 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 13:13:01.0226 3216 idsvc - ok 13:13:01.0341 3216 [ A48928D4CCA6F8B731989DB08CF2C0AB ] IDSVia64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20130516.001\IDSvia64.sys 13:13:01.0346 3216 IDSVia64 - ok 13:13:01.0396 3216 [ 9EB85E7EE5D408FBD7968E695D088570 ] IDVaultSvc C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe 13:13:01.0396 3216 IDVaultSvc - ok 13:13:01.0581 3216 [ BABD5F9B2BCC82CE556A0BAF1AE208A7 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys 13:13:01.0736 3216 igfx - ok 13:13:01.0776 3216 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys 13:13:01.0781 3216 iirsp - ok 13:13:01.0826 3216 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll 13:13:01.0836 3216 IKEEXT - ok 13:13:01.0871 3216 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys 13:13:01.0876 3216 intelide - ok 13:13:01.0916 3216 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 13:13:01.0921 3216 intelppm - ok 13:13:01.0946 3216 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll 13:13:01.0951 3216 IPBusEnum - ok 13:13:01.0981 3216 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 13:13:01.0986 3216 IpFilterDriver - ok 13:13:02.0021 3216 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 13:13:02.0031 3216 iphlpsvc - ok 13:13:02.0066 3216 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys 13:13:02.0071 3216 IPMIDRV - ok 13:13:02.0101 3216 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys 13:13:02.0106 3216 IPNAT - ok 13:13:02.0141 3216 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys 13:13:02.0146 3216 IRENUM - ok 13:13:02.0176 3216 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys 13:13:02.0181 3216 isapnp - ok 13:13:02.0211 3216 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys 13:13:02.0216 3216 iScsiPrt - ok 13:13:02.0266 3216 [ 54F694C6CD3A1149BA3A8BDACC83BADC ] ITMRTSVC C:\Program Files (x86)\CA\PPRT\bin\ITMRTSVC.exe 13:13:02.0271 3216 ITMRTSVC - ok 13:13:02.0326 3216 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys 13:13:02.0326 3216 kbdclass - ok 13:13:02.0371 3216 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys 13:13:02.0371 3216 kbdhid - ok 13:13:02.0391 3216 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe 13:13:02.0396 3216 KeyIso - ok 13:13:02.0421 3216 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 13:13:02.0426 3216 KSecDD - ok 13:13:02.0441 3216 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys 13:13:02.0446 3216 KSecPkg - ok 13:13:02.0501 3216 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys 13:13:02.0501 3216 ksthunk - ok 13:13:02.0551 3216 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll 13:13:02.0556 3216 KtmRm - ok 13:13:02.0611 3216 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll 13:13:02.0616 3216 LanmanServer - ok 13:13:02.0661 3216 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 13:13:02.0661 3216 LanmanWorkstation - ok 13:13:02.0706 3216 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 13:13:02.0706 3216 lltdio - ok 13:13:02.0736 3216 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll 13:13:02.0741 3216 lltdsvc - ok 13:13:02.0761 3216 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll 13:13:02.0766 3216 lmhosts - ok 13:13:02.0806 3216 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys 13:13:02.0811 3216 LSI_FC - ok 13:13:02.0846 3216 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys 13:13:02.0851 3216 LSI_SAS - ok 13:13:02.0881 3216 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys 13:13:02.0886 3216 LSI_SAS2 - ok 13:13:02.0911 3216 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys 13:13:02.0916 3216 LSI_SCSI - ok 13:13:02.0951 3216 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys 13:13:02.0951 3216 luafv - ok 13:13:02.0986 3216 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 13:13:02.0996 3216 Mcx2Svc - ok 13:13:03.0031 3216 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys 13:13:03.0036 3216 megasas - ok 13:13:03.0061 3216 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys 13:13:03.0066 3216 MegaSR - ok 13:13:03.0096 3216 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll 13:13:03.0101 3216 MMCSS - ok 13:13:03.0116 3216 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys 13:13:03.0116 3216 Modem - ok 13:13:03.0156 3216 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys 13:13:03.0156 3216 monitor - ok 13:13:03.0201 3216 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\drivers\mouclass.sys 13:13:03.0201 3216 mouclass - ok 13:13:03.0236 3216 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 13:13:03.0236 3216 mouhid - ok 13:13:03.0276 3216 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys 13:13:03.0276 3216 mountmgr - ok 13:13:03.0366 3216 [ 7EDBBB9351A38C6BB0FE98CFD44DB430 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe 13:13:03.0371 3216 MozillaMaintenance - ok 13:13:03.0401 3216 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys 13:13:03.0406 3216 mpio - ok 13:13:03.0441 3216 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 13:13:03.0441 3216 mpsdrv - ok 13:13:03.0486 3216 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll 13:13:03.0496 3216 MpsSvc - ok 13:13:03.0531 3216 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 13:13:03.0531 3216 MRxDAV - ok 13:13:03.0566 3216 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 13:13:03.0566 3216 mrxsmb - ok 13:13:03.0601 3216 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 13:13:03.0606 3216 mrxsmb10 - ok 13:13:03.0636 3216 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 13:13:03.0641 3216 mrxsmb20 - ok 13:13:03.0671 3216 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys 13:13:03.0671 3216 msahci - ok 13:13:03.0711 3216 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys 13:13:03.0716 3216 msdsm - ok 13:13:03.0741 3216 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe 13:13:03.0746 3216 MSDTC - ok 13:13:03.0781 3216 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys 13:13:03.0781 3216 Msfs - ok 13:13:03.0801 3216 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys 13:13:03.0806 3216 mshidkmdf - ok 13:13:03.0831 3216 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 13:13:03.0831 3216 msisadrv - ok 13:13:03.0876 3216 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 13:13:03.0881 3216 MSiSCSI - ok 13:13:03.0891 3216 msiserver - ok 13:13:03.0941 3216 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 13:13:03.0946 3216 MSKSSRV - ok 13:13:03.0956 3216 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 13:13:03.0961 3216 MSPCLOCK - ok 13:13:03.0981 3216 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 13:13:03.0981 3216 MSPQM - ok 13:13:04.0021 3216 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 13:13:04.0026 3216 MsRPC - ok 13:13:04.0061 3216 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys 13:13:04.0061 3216 mssmbios - ok 13:13:04.0106 3216 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 13:13:04.0111 3216 MSTEE - ok 13:13:04.0131 3216 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys 13:13:04.0136 3216 MTConfig - ok 13:13:04.0166 3216 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys 13:13:04.0171 3216 Mup - ok 13:13:04.0281 3216 [ E78A365CC3E0FBFC018A33DCE01909F8 ] N360 C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe 13:13:04.0281 3216 N360 - ok 13:13:04.0331 3216 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll 13:13:04.0336 3216 napagent - ok 13:13:04.0391 3216 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 13:13:04.0396 3216 NativeWifiP - ok 13:13:04.0491 3216 [ 88A2F45CE66B904285978D6BB13AFEB2 ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20130517.002\ENG64.SYS 13:13:04.0491 3216 NAVENG - ok 13:13:04.0571 3216 [ D2A545DA3A90BBFA40E020C23F1B7A48 ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20130517.002\EX64.SYS 13:13:04.0591 3216 NAVEX15 - ok 13:13:04.0656 3216 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys 13:13:04.0671 3216 NDIS - ok 13:13:04.0716 3216 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys 13:13:04.0721 3216 NdisCap - ok 13:13:04.0756 3216 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 13:13:04.0756 3216 NdisTapi - ok 13:13:04.0811 3216 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 13:13:04.0811 3216 Ndisuio - ok 13:13:04.0846 3216 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 13:13:04.0851 3216 NdisWan - ok 13:13:04.0866 3216 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 13:13:04.0866 3216 NDProxy - ok 13:13:04.0916 3216 [ 2334DC48997BA203B794DF3EE70521DB ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll 13:13:04.0916 3216 Net Driver HPZ12 - ok 13:13:04.0951 3216 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 13:13:04.0951 3216 NetBIOS - ok 13:13:04.0976 3216 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys 13:13:04.0981 3216 NetBT - ok 13:13:04.0991 3216 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe 13:13:04.0996 3216 Netlogon - ok 13:13:05.0051 3216 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll 13:13:05.0061 3216 Netman - ok 13:13:05.0091 3216 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll 13:13:05.0096 3216 netprofm - ok 13:13:05.0126 3216 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe 13:13:05.0141 3216 NetTcpPortSharing - ok 13:13:05.0186 3216 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys 13:13:05.0191 3216 nfrd960 - ok 13:13:05.0226 3216 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll 13:13:05.0231 3216 NlaSvc - ok 13:13:05.0241 3216 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys 13:13:05.0246 3216 Npfs - ok 13:13:05.0266 3216 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll 13:13:05.0266 3216 nsi - ok 13:13:05.0306 3216 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 13:13:05.0306 3216 nsiproxy - ok 13:13:05.0366 3216 [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 13:13:05.0391 3216 Ntfs - ok 13:13:05.0426 3216 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys 13:13:05.0426 3216 Null - ok 13:13:05.0456 3216 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys 13:13:05.0461 3216 nvraid - ok 13:13:05.0496 3216 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys 13:13:05.0501 3216 nvstor - ok 13:13:05.0551 3216 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 13:13:05.0556 3216 nv_agp - ok 13:13:05.0636 3216 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE 13:13:05.0641 3216 odserv - ok 13:13:05.0676 3216 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys 13:13:05.0681 3216 ohci1394 - ok 13:13:05.0726 3216 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 13:13:05.0731 3216 ose - ok 13:13:05.0776 3216 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll 13:13:05.0781 3216 p2pimsvc - ok 13:13:05.0806 3216 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll 13:13:05.0816 3216 p2psvc - ok 13:13:05.0846 3216 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys 13:13:05.0851 3216 Parport - ok 13:13:05.0886 3216 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys 13:13:05.0891 3216 partmgr - ok 13:13:05.0916 3216 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll 13:13:05.0921 3216 PcaSvc - ok 13:13:05.0956 3216 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys 13:13:05.0961 3216 pci - ok 13:13:05.0976 3216 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys 13:13:05.0981 3216 pciide - ok 13:13:06.0011 3216 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys 13:13:06.0021 3216 pcmcia - ok 13:13:06.0031 3216 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys 13:13:06.0031 3216 pcw - ok 13:13:06.0071 3216 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys 13:13:06.0081 3216 PEAUTH - ok 13:13:06.0151 3216 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe 13:13:06.0156 3216 PerfHost - ok 13:13:06.0221 3216 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll 13:13:06.0246 3216 pla - ok 13:13:06.0306 3216 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll 13:13:06.0311 3216 PlugPlay - ok 13:13:06.0366 3216 [ AC78DF349F0E4CFB8B667C0CFFF83CCE ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll 13:13:06.0366 3216 Pml Driver HPZ12 - ok 13:13:06.0386 3216 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll 13:13:06.0391 3216 PNRPAutoReg - ok 13:13:06.0411 3216 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll 13:13:06.0416 3216 PNRPsvc - ok 13:13:06.0446 3216 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 13:13:06.0456 3216 PolicyAgent - ok 13:13:06.0491 3216 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll 13:13:06.0496 3216 Power - ok 13:13:06.0546 3216 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 13:13:06.0546 3216 PptpMiniport - ok 13:13:06.0576 3216 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys 13:13:06.0581 3216 Processor - ok 13:13:06.0621 3216 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll 13:13:06.0626 3216 ProfSvc - ok 13:13:06.0636 3216 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe 13:13:06.0641 3216 ProtectedStorage - ok 13:13:06.0691 3216 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys 13:13:06.0691 3216 Psched - ok 13:13:06.0721 3216 [ 4712CC14E720ECCCC0AA16949D18AAF1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys 13:13:06.0726 3216 PxHlpa64 - ok 13:13:06.0776 3216 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys 13:13:06.0796 3216 ql2300 - ok 13:13:06.0821 3216 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys 13:13:06.0826 3216 ql40xx - ok 13:13:06.0861 3216 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll 13:13:06.0871 3216 QWAVE - ok 13:13:06.0886 3216 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 13:13:06.0891 3216 QWAVEdrv - ok 13:13:06.0921 3216 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 13:13:06.0926 3216 RasAcd - ok 13:13:06.0966 3216 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys 13:13:06.0971 3216 RasAgileVpn - ok 13:13:07.0001 3216 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll 13:13:07.0006 3216 RasAuto - ok 13:13:07.0056 3216 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 13:13:07.0056 3216 Rasl2tp - ok 13:13:07.0081 3216 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll 13:13:07.0086 3216 RasMan - ok 13:13:07.0141 3216 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 13:13:07.0141 3216 RasPppoe - ok 13:13:07.0156 3216 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 13:13:07.0156 3216 RasSstp - ok 13:13:07.0201 3216 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 13:13:07.0206 3216 rdbss - ok 13:13:07.0241 3216 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys 13:13:07.0241 3216 rdpbus - ok 13:13:07.0266 3216 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 13:13:07.0266 3216 RDPCDD - ok 13:13:07.0296 3216 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 13:13:07.0296 3216 RDPENCDD - ok 13:13:07.0321 3216 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys 13:13:07.0321 3216 RDPREFMP - ok 13:13:07.0351 3216 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 13:13:07.0376 3216 RDPWD - ok 13:13:07.0431 3216 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys 13:13:07.0436 3216 rdyboost - ok 13:13:07.0481 3216 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll 13:13:07.0486 3216 RemoteAccess - ok 13:13:07.0511 3216 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll 13:13:07.0516 3216 RemoteRegistry - ok 13:13:07.0566 3216 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll 13:13:07.0571 3216 RpcEptMapper - ok 13:13:07.0596 3216 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe 13:13:07.0601 3216 RpcLocator - ok 13:13:07.0636 3216 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\System32\rpcss.dll 13:13:07.0646 3216 RpcSs - ok 13:13:07.0696 3216 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 13:13:07.0696 3216 rspndr - ok 13:13:07.0741 3216 [ 4A25DC970C58104602ED274DACAFD784 ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys 13:13:07.0746 3216 RSUSBSTOR - ok 13:13:07.0761 3216 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe 13:13:07.0766 3216 SamSs - ok 13:13:07.0801 3216 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 13:13:07.0801 3216 sbp2port - ok 13:13:07.0836 3216 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll 13:13:07.0841 3216 SCardSvr - ok 13:13:07.0876 3216 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys 13:13:07.0881 3216 scfilter - ok 13:13:07.0941 3216 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll 13:13:07.0956 3216 Schedule - ok 13:13:07.0976 3216 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll 13:13:07.0976 3216 SCPolicySvc - ok 13:13:08.0001 3216 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll 13:13:08.0006 3216 SDRSVC - ok 13:13:08.0046 3216 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys 13:13:08.0046 3216 secdrv - ok 13:13:08.0081 3216 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll 13:13:08.0081 3216 seclogon - ok 13:13:08.0111 3216 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll 13:13:08.0116 3216 SENS - ok 13:13:08.0151 3216 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll 13:13:08.0156 3216 SensrSvc - ok 13:13:08.0176 3216 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys 13:13:08.0181 3216 Serenum - ok 13:13:08.0221 3216 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys 13:13:08.0226 3216 Serial - ok 13:13:08.0251 3216 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys 13:13:08.0256 3216 sermouse - ok 13:13:08.0306 3216 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll 13:13:08.0311 3216 SessionEnv - ok 13:13:08.0336 3216 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 13:13:08.0341 3216 sffdisk - ok 13:13:08.0356 3216 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 13:13:08.0361 3216 sffp_mmc - ok 13:13:08.0381 3216 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 13:13:08.0381 3216 sffp_sd - ok 13:13:08.0411 3216 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys 13:13:08.0411 3216 sfloppy - ok 13:13:08.0516 3216 [ 74EC60E20516AAA573BE74F31175270F ] SftService C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE 13:13:08.0541 3216 SftService - ok 13:13:08.0596 3216 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll 13:13:08.0601 3216 SharedAccess - ok 13:13:08.0641 3216 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll 13:13:08.0646 3216 ShellHWDetection - ok 13:13:08.0681 3216 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys 13:13:08.0686 3216 SiSRaid2 - ok 13:13:08.0711 3216 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys 13:13:08.0716 3216 SiSRaid4 - ok 13:13:08.0796 3216 [ 875B04A71869D34A415CC8B4D4673EC4 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe 13:13:08.0801 3216 SkypeUpdate - ok 13:13:08.0826 3216 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys 13:13:08.0831 3216 Smb - ok 13:13:08.0891 3216 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe 13:13:08.0896 3216 SNMPTRAP - ok 13:13:08.0921 3216 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys 13:13:08.0921 3216 spldr - ok 13:13:08.0966 3216 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe 13:13:08.0976 3216 Spooler - ok 13:13:09.0071 3216 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe 13:13:09.0126 3216 sppsvc - ok 13:13:09.0151 3216 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll 13:13:09.0156 3216 sppuinotify - ok 13:13:09.0206 3216 [ D630B6F2E8379B6F10DC16E82A426552 ] sprtsvc_DellSupportCenter C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe 13:13:09.0211 3216 sprtsvc_DellSupportCenter - ok 13:13:09.0306 3216 [ 90EF30C3867BCDE4579C01A6D6E75A7A ] SRTSP C:\Windows\System32\Drivers\N360x64\0502020.003\SRTSP64.SYS 13:13:09.0316 3216 SRTSP - ok 13:13:09.0366 3216 [ C513E8A5E7978DA49077F5484344EE1B ] SRTSPX C:\Windows\system32\drivers\N360x64\0502020.003\SRTSPX64.SYS 13:13:09.0366 3216 SRTSPX - ok 13:13:09.0406 3216 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys 13:13:09.0416 3216 srv - ok 13:13:09.0446 3216 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 13:13:09.0451 3216 srv2 - ok 13:13:09.0476 3216 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 13:13:09.0481 3216 srvnet - ok 13:13:09.0541 3216 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 13:13:09.0546 3216 SSDPSRV - ok 13:13:09.0566 3216 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll 13:13:09.0571 3216 SstpSvc - ok 13:13:09.0681 3216 [ 444109453A2B87E6C16BCDA5953E81A9 ] STacSV C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe 13:13:09.0686 3216 STacSV - ok 13:13:09.0711 3216 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys 13:13:09.0716 3216 stexstor - ok 13:13:09.0746 3216 [ 02E784FA49032F84964DB90A3ED81890 ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys 13:13:09.0751 3216 STHDA - ok 13:13:09.0791 3216 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll 13:13:09.0801 3216 stisvc - ok 13:13:09.0826 3216 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys 13:13:09.0826 3216 swenum - ok 13:13:09.0866 3216 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll 13:13:09.0876 3216 swprv - ok 13:13:09.0941 3216 [ 6160145C7A87FC7672E8E3B886888176 ] SymDS C:\Windows\system32\drivers\N360x64\0502020.003\SYMDS64.SYS 13:13:09.0946 3216 SymDS - ok 13:13:10.0016 3216 [ 96AEED40D4D3521568B42027687E69E0 ] SymEFA C:\Windows\system32\drivers\N360x64\0502020.003\SYMEFA64.SYS 13:13:10.0026 3216 SymEFA - ok 13:13:10.0086 3216 [ 21A1C2D694C3CF962D31F5E873AB3D6F ] SymEvent C:\Windows\system32\Drivers\SYMEVENT64x86.SYS 13:13:10.0091 3216 SymEvent - ok 13:13:10.0156 3216 [ BD0D711D8CBFCAA19CA123306EAF53A5 ] SymIRON C:\Windows\system32\drivers\N360x64\0502020.003\Ironx64.SYS 13:13:10.0156 3216 SymIRON - ok 13:13:10.0206 3216 [ A6ADB3D83023F8DAA0F7B6FDA785D83B ] SymNetS C:\Windows\System32\Drivers\N360x64\0502020.003\SYMNETS.SYS 13:13:10.0211 3216 SymNetS - ok 13:13:10.0276 3216 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll 13:13:10.0301 3216 SysMain - ok 13:13:10.0341 3216 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll 13:13:10.0346 3216 TabletInputService - ok 13:13:10.0376 3216 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll 13:13:10.0381 3216 TapiSrv - ok 13:13:10.0411 3216 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll 13:13:10.0411 3216 TBS - ok 13:13:10.0501 3216 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\Windows\system32\drivers\tcpip.sys 13:13:10.0526 3216 Tcpip - ok 13:13:10.0601 3216 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys 13:13:10.0621 3216 TCPIP6 - ok 13:13:10.0656 3216 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 13:13:10.0656 3216 tcpipreg - ok 13:13:10.0696 3216 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 13:13:10.0696 3216 TDPIPE - ok 13:13:10.0711 3216 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 13:13:10.0716 3216 TDTCP - ok 13:13:10.0766 3216 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 13:13:10.0771 3216 tdx - ok 13:13:10.0806 3216 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys 13:13:10.0806 3216 TermDD - ok 13:13:10.0856 3216 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll 13:13:10.0866 3216 TermService - ok 13:13:10.0901 3216 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll 13:13:10.0901 3216 Themes - ok 13:13:10.0931 3216 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll 13:13:10.0931 3216 THREADORDER - ok 13:13:10.0956 3216 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll 13:13:10.0956 3216 TrkWks - ok 13:13:11.0011 3216 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 13:13:11.0016 3216 TrustedInstaller - ok 13:13:11.0061 3216 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 13:13:11.0061 3216 tssecsrv - ok 13:13:11.0106 3216 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys 13:13:11.0106 3216 TsUsbFlt - ok 13:13:11.0161 3216 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 13:13:11.0161 3216 tunnel - ok 13:13:11.0206 3216 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys 13:13:11.0211 3216 uagp35 - ok 13:13:11.0236 3216 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys 13:13:11.0241 3216 udfs - ok 13:13:11.0281 3216 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe 13:13:11.0286 3216 UI0Detect - ok 13:13:11.0336 3216 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 13:13:11.0336 3216 uliagpkx - ok 13:13:11.0381 3216 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys 13:13:11.0381 3216 umbus - ok 13:13:11.0411 3216 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys 13:13:11.0411 3216 UmPass - ok 13:13:11.0446 3216 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll 13:13:11.0456 3216 upnphost - ok 13:13:11.0491 3216 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 13:13:11.0496 3216 usbccgp - ok 13:13:11.0536 3216 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys 13:13:11.0541 3216 usbcir - ok 13:13:11.0576 3216 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys 13:13:11.0576 3216 usbehci - ok 13:13:11.0616 3216 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 13:13:11.0621 3216 usbhub - ok 13:13:11.0641 3216 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys 13:13:11.0641 3216 usbohci - ok 13:13:11.0696 3216 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys 13:13:11.0701 3216 usbprint - ok 13:13:11.0726 3216 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys 13:13:11.0731 3216 usbscan - ok 13:13:11.0761 3216 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\drivers\USBSTOR.SYS 13:13:11.0766 3216 USBSTOR - ok 13:13:11.0796 3216 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys 13:13:11.0801 3216 usbuhci - ok 13:13:11.0821 3216 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll 13:13:11.0821 3216 UxSms - ok 13:13:11.0841 3216 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe 13:13:11.0841 3216 VaultSvc - ok 13:13:11.0886 3216 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys 13:13:11.0886 3216 vdrvroot - ok 13:13:11.0931 3216 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe 13:13:11.0946 3216 vds - ok 13:13:11.0996 3216 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 13:13:12.0001 3216 vga - ok 13:13:12.0016 3216 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys 13:13:12.0016 3216 VgaSave - ok 13:13:12.0041 3216 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys 13:13:12.0051 3216 vhdmp - ok 13:13:12.0081 3216 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys 13:13:12.0086 3216 viaide - ok 13:13:12.0106 3216 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys 13:13:12.0111 3216 volmgr - ok 13:13:12.0141 3216 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 13:13:12.0146 3216 volmgrx - ok 13:13:12.0181 3216 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys 13:13:12.0186 3216 volsnap - ok 13:13:12.0241 3216 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys 13:13:12.0246 3216 vsmraid - ok 13:13:12.0306 3216 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe 13:13:12.0331 3216 VSS - ok 13:13:12.0351 3216 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys 13:13:12.0351 3216 vwifibus - ok 13:13:12.0391 3216 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys 13:13:12.0391 3216 vwififlt - ok 13:13:12.0431 3216 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys 13:13:12.0431 3216 vwifimp - ok 13:13:12.0476 3216 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll 13:13:12.0486 3216 W32Time - ok 13:13:12.0506 3216 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys 13:13:12.0506 3216 WacomPen - ok 13:13:12.0561 3216 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys 13:13:12.0566 3216 WANARP - ok 13:13:12.0571 3216 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 13:13:12.0576 3216 Wanarpv6 - ok 13:13:12.0656 3216 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe 13:13:12.0676 3216 WatAdminSvc - ok 13:13:12.0736 3216 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe 13:13:12.0761 3216 wbengine - ok 13:13:12.0791 3216 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll 13:13:12.0796 3216 WbioSrvc - ok 13:13:12.0831 3216 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll 13:13:12.0841 3216 wcncsvc - ok 13:13:12.0871 3216 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 13:13:12.0876 3216 WcsPlugInService - ok 13:13:12.0906 3216 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys 13:13:12.0911 3216 Wd - ok 13:13:12.0956 3216 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 13:13:12.0966 3216 Wdf01000 - ok 13:13:12.0981 3216 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll 13:13:12.0986 3216 WdiServiceHost - ok 13:13:12.0991 3216 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll 13:13:12.0996 3216 WdiSystemHost - ok 13:13:13.0031 3216 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll 13:13:13.0036 3216 WebClient - ok 13:13:13.0071 3216 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll 13:13:13.0076 3216 Wecsvc - ok 13:13:13.0096 3216 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll 13:13:13.0101 3216 wercplsupport - ok 13:13:13.0141 3216 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll 13:13:13.0146 3216 WerSvc - ok 13:13:13.0181 3216 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys 13:13:13.0181 3216 WfpLwf - ok 13:13:13.0226 3216 [ B14EF15BD757FA488F9C970EEE9C0D35 ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys 13:13:13.0231 3216 WimFltr - ok 13:13:13.0251 3216 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys 13:13:13.0256 3216 WIMMount - ok 13:13:13.0276 3216 WinDefend - ok 13:13:13.0291 3216 WinHttpAutoProxySvc - ok 13:13:13.0351 3216 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 13:13:13.0356 3216 Winmgmt - ok 13:13:13.0436 3216 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll 13:13:13.0466 3216 WinRM - ok 13:13:13.0536 3216 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll 13:13:13.0546 3216 Wlansvc - ok 13:13:13.0706 3216 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 13:13:13.0751 3216 wlidsvc - ok 13:13:13.0781 3216 [ 13B0A570E1AE451C92DA550085D72CF3 ] wltrysvc C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE 13:13:13.0786 3216 wltrysvc - ok 13:13:13.0836 3216 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys 13:13:13.0836 3216 WmiAcpi - ok 13:13:13.0876 3216 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 13:13:13.0881 3216 wmiApSrv - ok 13:13:13.0901 3216 WMPNetworkSvc - ok 13:13:13.0936 3216 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll 13:13:13.0941 3216 WPCSvc - ok 13:13:13.0961 3216 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 13:13:13.0966 3216 WPDBusEnum - ok 13:13:14.0006 3216 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 13:13:14.0006 3216 ws2ifsl - ok 13:13:14.0046 3216 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll 13:13:14.0046 3216 wscsvc - ok 13:13:14.0056 3216 WSearch - ok 13:13:14.0146 3216 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll 13:13:14.0196 3216 wuauserv - ok 13:13:14.0226 3216 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 13:13:14.0226 3216 WudfPf - ok 13:13:14.0261 3216 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 13:13:14.0266 3216 WUDFRd - ok 13:13:14.0291 3216 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll 13:13:14.0296 3216 wudfsvc - ok 13:13:14.0336 3216 [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc C:\Windows\System32\wwansvc.dll 13:13:14.0351 3216 WwanSvc - ok 13:13:14.0396 3216 [ 79D9CE9614C955DD31AA2556B4014662 ] yukonw7 C:\Windows\system32\DRIVERS\yk62x64.sys 13:13:14.0401 3216 yukonw7 - ok 13:13:14.0426 3216 ================ Scan global =============================== 13:13:14.0456 3216 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll 13:13:14.0486 3216 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll 13:13:14.0501 3216 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll 13:13:14.0536 3216 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll 13:13:14.0571 3216 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe 13:13:14.0576 3216 [Global] - ok 13:13:14.0576 3216 ================ Scan MBR ================================== 13:13:14.0591 3216 [ CDB4DE4BBD714F152979DA2DCBEF57EB ] \Device\Harddisk0\DR0 13:13:14.0791 3216 \Device\Harddisk0\DR0 - ok 13:13:14.0791 3216 ================ Scan VBR ================================== 13:13:14.0806 3216 [ 522DB6195B80E4E46575F11BC6E3296C ] \Device\Harddisk0\DR0\Partition1 13:13:14.0811 3216 \Device\Harddisk0\DR0\Partition1 - ok 13:13:14.0826 3216 [ 67EA42A3E058909016206D4A4634646B ] \Device\Harddisk0\DR0\Partition2 13:13:14.0831 3216 \Device\Harddisk0\DR0\Partition2 - ok 13:13:14.0831 3216 ============================================================ 13:13:14.0831 3216 Scan finished 13:13:14.0831 3216 ============================================================ 13:13:14.0851 2020 Detected object count: 0 13:13:14.0851 2020 Actual detected object count: 0

#27 jeffce

Malware Guy

Authentic Member
8,693 posts

Posted 17 May 2013 - 03:24 PM

Ok don't worry about the Malwarebytes Rootkit scan.

Java

Please go to Start > Control Panel > Programs and Features > uninstall all the Java Programs you see, now download the latest Java from the following link and install it:

http://java.com/en/download/index.jsp
----------

Posted Image

See this page for instructions on how to clear java's cache.

Go into the Control Panel and double-click the Java Icon. (looks like a coffee cup)

Under Temporary Internet Files, click the Delete Files button.
There are three options in the window to clear the cache - Leave ALL 3 Checked
- Downloaded Applets
  Downloaded Applications
  Installed Applications and Applets
Click OK on Delete Temporary Files Window
Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
Click OK to leave the Java Control Panel.

----------

Posted Image

Please download Malwarebytes Anti-Malware to your desktop.

Right-click and Run as Administrator mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan as shown below.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.

The log can also be found here:

Windows 2000 & Windows XP:
C:\Documents and Settings\<USERNAME>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs

Windows Vista & Win7:
C:\Users\<USERNAME>\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs
----------

ESET Online Scanner

Go here to run an online scannner from ESET. Windows Vista/Windows 7 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator

Note: For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.
Turn off the real time scanner of any existing antivirus program while performing the online scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Click Start
Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
Click Scan
Wait for the scan to finish
When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.
Close the ESET online scan, and let me know how things are now.

----------

#28 thinkativeone

Authentic Member

Authentic Member
71 posts

Posted 17 May 2013 - 07:22 PM

Some of these instructions may be for different versions of operating systems, I'm guessing, because I *think* I found the stuff you wanted me to do, but they were arranged differently or worded slightly differently. I did them as best I could, hopefully it will do. :-S I am not noticing any other differences though the blue circle is still gone for now. Here is the first log: Malwarebytes Anti-Malware (Trial) 1.75.0.1300 www.malwarebytes.org Database version: v2013.05.17.07 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16576 Peter Boggs :: PETERBOGGS-PC [administrator] Protection: Enabled 5/17/2013 3:18:17 PM mbam-log-2013-05-17 (15-18-17).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 219792 Time elapsed: 10 minute(s), 27 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) Second log (took a few hours): C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe a variant of Win32/HiddenStart.A application C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A application C:\Program Files (x86)\Mozilla Firefox\nsprotector.js Win32/Conduit.SearchProtect.A application C:\Qoobox\Quarantine\C\Program Files (x86)\SearchProtect\bin\cltmng.exe.vir a variant of Win32/Conduit.SearchProtect.B application C:\Qoobox\Quarantine\C\Users\Peter Boggs\AppData\Roaming\SearchProtect\bin\cltmng.exe.vir a variant of Win32/Conduit.SearchProtect.B application C:\_OTL\MovedFiles\05162013_115649\c_program files (x86)\SearchProtect\bin\ChromeModule.dll a variant of Win32/Conduit.SearchProtect.C application C:\_OTL\MovedFiles\05162013_115649\c_program files (x86)\SearchProtect\bin\FirefoxModule.dll a variant of Win32/Conduit.SearchProtect.C application C:\_OTL\MovedFiles\05162013_115649\c_program files (x86)\SearchProtect\bin\InternetExplorerModule.dll a variant of Win32/Conduit.SearchProtect.C application C:\_OTL\MovedFiles\05162013_115649\c_program files (x86)\SearchProtect\bin\SPHook32.dll probably a variant of Win32/Conduit.SearchProtect.C application C:\_OTL\MovedFiles\05162013_115649\c_program files (x86)\SearchProtect\ffprotect\application.js Win32/Conduit.SearchProtect.A application C:\_OTL\MovedFiles\05162013_115649\c_program files (x86)\SearchProtect\ffprotect\nsprotector.js Win32/Conduit.SearchProtect.A application C:\_OTL\MovedFiles\05162013_115649\c_users\Peter Boggs\AppData\Roaming\SearchProtect\bin\ChromeModule.dll a variant of Win32/Conduit.SearchProtect.C application C:\_OTL\MovedFiles\05162013_115649\c_users\Peter Boggs\AppData\Roaming\SearchProtect\bin\FirefoxModule.dll a variant of Win32/Conduit.SearchProtect.C application C:\_OTL\MovedFiles\05162013_115649\c_users\Peter Boggs\AppData\Roaming\SearchProtect\bin\InternetExplorerModule.dll a variant of Win32/Conduit.SearchProtect.C application C:\_OTL\MovedFiles\05162013_115649\c_users\Peter Boggs\AppData\Roaming\SearchProtect\bin\SPHook32.dll probably a variant of Win32/Conduit.SearchProtect.C application C:\_OTL\MovedFiles\05162013_115649\c_users\Peter Boggs\AppData\Roaming\SearchProtect\ffprotect\application.js Win32/Conduit.SearchProtect.A application C:\_OTL\MovedFiles\05162013_115649\c_users\Peter Boggs\AppData\Roaming\SearchProtect\ffprotect\nsprotector.js Win32/Conduit.SearchProtect.A application

#29 jeffce

Malware Guy

Authentic Member
8,693 posts

Posted 18 May 2013 - 08:13 AM

Hi,

Ok...

First open an elevated command prompt > Click Start and type cmd in Start Search.
When cmd.exe populates above, right click it and select Run as Administrator to open an elevated command prompt.

Copy the contents of the code box > right click in the command window and select paste

del "C:\Program Files (x86)\Mozilla Firefox\nsprotector.js"

Press Enter (you won't actually see anything happen)
Close the Command Prompt window.

Let me know how your system is running.

#30 thinkativeone

Authentic Member

Authentic Member
71 posts

Posted 18 May 2013 - 02:22 PM

Thank you, I did that, shut down and restarted. Blue circle came back.

Body Background

skin color theme