17 replies to this topic

[zalloy]

I recently upgraded my MWAB to the pro version. It's supposed to start automatically with Windows, but when I reboot, I get a device open error of 2, and I have to start MWAB manually. When I start it manually, the protection is disabled, and I have to enable it. Is this normal? My browsers are both running kind of slow, and they keep hogging memory until they crash. I've had this happen with both Chrome and Firefox. Also, sometimes while posting to forums, it slows down to the point where I'm typing faster than it can keep up, then the last few words of a sentence come up all garbled together.

I ran the MWAB full scan, and it came up with nothing. I also ran Norton Security Suite, with the full scan, and that came up empty as well. I tried running Roguekiller, but it tried to kill my MagicJack software, as well as a few other apps that look pretty normal to me. I didn't see anything else obvious in the logs.

On a side note, I tried the other day to update my Yahoo Messenger, and I got a page from Panda Cloud Antivirus saying that I was trying to go to a malicious site. The people at Yahoo said that I was somehow redirected to a non-Yahoo site, and that's why I got that message. I don't even use Panda, so I'm not sure why I got the message, but it's probably a good thing I got the message instead of whatever malware was at that link.

I'm suspecting that there's something going on here, but I'm not sure what. Help, please. TIA!

[MrCharlie]

Welcome to the forum, please start at the link below:

http://forums.malwar...?showtopic=9573

Post back the 2 logs here.....DDS.txt and Attach.txt

<====><====><====><====><====><====><====><====>

Next.......

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller to your desktop.

For Windows XP, double-click to start.
For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.
When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

MrC

[zalloy]

Okay. Here are the log files. Thank you for your help :

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_33
Run by Laurie at 19:18:32 on 2012-08-16
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3839.500 [GMT -4:00]
.
AV: Norton Security Suite *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Security Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Security Suite *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Nuance\Nuance Cloud Connector\GladFileMonSvc.exe
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files (x86)\Nuance\Nuance Cloud Connector\WOSVSSSvr.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Norton Security Suite\Engine\6.2.1.5\ccSvcHst.exe
C:\Program Files (x86)\NetRatingsNetSight\NetSight\NielsenUpdate.exe
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
C:\Program Files (x86)\Common Files\Motive\pcCMService.exe
C:\Program Files\Common Files\Motive\pcCMService.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.12.27\ccSvcHst.exe
C:\Program Files (x86)\Common Files\Motive\pcServiceHost.exe
C:\Program Files (x86)\PDF Suite 2012\HelperService.exe
C:\Program Files (x86)\PDF Suite 2012\ConversionService.exe
C:\Windows\system32\svchost.exe -k regsvc
C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
C:\Program Files (x86)\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.12.27\ccSvcHst.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe
C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files (x86)\Norton Security Suite\Engine\6.2.1.5\ccSvcHst.exe
C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\NetRatingsNetSight\NetSight\NielsenOnline.exe
C:\Program Files (x86)\NetRatingsNetSight\NetSight\NielsenOnline.exe
C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter9\NielsenOnline64.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\SFT\GuardedID\gidd.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\SFT\GuardedID\x64\GIDD.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.12.27\SymcPCCULaunchSvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Users\Laurie\AppData\Local\Google\Update\1.3.21.115\GoogleCrashHandler.exe
C:\Users\Laurie\AppData\Local\Google\Update\1.3.21.115\GoogleCrashHandler64.exe
C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files\Comcast\pcTrayApp.exe
C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpy.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Common Files\Motive\pcContextHookShim.exe
C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
C:\Program Files (x86)\Upromise\dca-ua.exe
C:\Program Files (x86)\Upromise\UpromiseTray.exe
C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files (x86)\Comcast\Desktop Doctor\bin\sprtcmd.exe
C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe
C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing-tray.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Users\Laurie\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\Nuance\Nuance Cloud Connector\GladinetClient.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Nuance\PDF Create 7\PdfCreate7Hook.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Iminent\Iminent.exe
C:\Program Files (x86)\Iminent\Iminent.Messengers.exe
C:\Program Files (x86)\Inbox Toolbar\Inbox.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Users\Laurie\AppData\Roaming\mjusbsp\magicJack.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
C:\Windows\system32\msiexec.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://xfinity.comcast.net/?cid=cgps02122012
uSearch Page =
uSearch Bar =
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
uURLSearchHooks: Coupons.com Toolbar: {37153479-1976-43c3-a1ee-557513977b64} - C:\Program Files (x86)\Coupons.com\prxtbCou0.dll
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
uURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll
uURLSearchHooks: H - No File
uURLSearchHooks: YTNavAssist.YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\YTNavAssist.dll
mURLSearchHooks: Coupons.com Toolbar: {37153479-1976-43c3-a1ee-557513977b64} - C:\Program Files (x86)\Coupons.com\prxtbCou0.dll
mURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll
mWinlogon: Userinit=userinit.exe,
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: Coupons.com Toolbar: {37153479-1976-43c3-a1ee-557513977b64} - C:\Program Files (x86)\Coupons.com\prxtbCou0.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Security Suite\Engine\6.2.1.5\coIEPlg.dll
BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Security Suite\Engine\6.2.1.5\IPS\IPSBHO.DLL
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: IMinent WebBooster (BHO): {a09ab6eb-31b5-454c-97ec-9b294d92ee2a} - C:\Program Files (x86)\Iminent\Iminent.WebBooster.InternetExplorer.dll
BHO: PDF Suite 2012 Helper: {a938761b-202b-4828-87e4-f21fec37d02d} - C:\Program Files (x86)\PDF Suite 2012\PDFIEHelper.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Constant Guard Protection Suite (COM): {b84cdbe7-1b46-494b-a188-01d4c52deb61} - C:\ProgramData\White Sky, Inc\ID Vault\IEBHO1.1.716.0\NativeBHO.dll
BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll
BHO: Inbox Toolbar: {d3d233d5-9f6d-436c-b6c7-e63f77503b30} - C:\PROGRA~2\INBOXT~1\Inbox.dll
BHO: WeCareReminder Class: {d824f0de-3d60-4f57-9eb1-66033ecd8abb} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Xfinity.com Toolbar: {dcc70a83-e184-40a3-906b-779af5e941c4} - C:\Program Files (x86)\xfinitytb\xfinitydx.dll
BHO: Updater For Xfinity.com Toolbar 3.5: {e6d0b79e-ecac-411b-8bf6-7a574981af30} - C:\Program Files (x86)\xfinitytb\auxi\xfinityAu.dll
BHO: Upromise TurboSaver: {edc0f17f-f4b7-47e4-b73e-887faeb376fa} - C:\Program Files (x86)\Upromise\upromisetoolbar.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
TB: The Weather Channel Toolbar: {2e5e800e-6ac0-411e-940a-369530a35e43} - C:\Windows\SysWow64\TwcToolbarIe7.dll
TB: Coupons.com Toolbar: {37153479-1976-43c3-a1ee-557513977b64} - C:\Program Files (x86)\Coupons.com\prxtbCou0.dll
TB: Upromise TurboSaver: {06e58e5e-f8cb-4049-991e-a41c03bd419e} - C:\Program Files (x86)\Upromise\upromisetoolbar.dll
TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
TB: Xfinity.com Toolbar: {dcc70a83-e184-40a3-906b-779af5e941c4} - C:\Program Files (x86)\xfinitytb\xfinitydx.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Security Suite\Engine\6.2.1.5\coIEPlg.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll"
TB: PDF Suite 2012 Toolbar: {11aa5c56-b4e2-4b8f-803a-d340415532f3} - C:\Program Files (x86)\PDF Suite 2012\PDFIEPlugin.dll
TB: &Inbox Toolbar: {d7e97865-918f-41e4-9cd0-25ab1c574ce8} - C:\PROGRA~2\INBOXT~1\Inbox.dll
TB: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
TB: {26525CA7-F3FF-47C2-B829-09083718BEE1} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {37483B40-C254-4A72-BDA4-22EE90182C1E} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [ComcastAntispyClient] "C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntispy.exe" /hide
uRun: [cdloader] "C:\Users\Laurie\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK
uRun: [Typing Assistant (English)] C:\Program Files (x86)\Typing Assistant (English) 5.4\Typing Assistant (English).exe
uRun: [SpeechInk Transcription Alerter] C:\Program Files (x86)\SpeechInk Alerter\rss.exe
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [uTorrent] "C:\Users\Laurie\Downloads\utorrent.exe" /MINIMIZED
uRun: [Google Update] "C:\Users\Laurie\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
uRun: [Upromise Update] C:\Program Files (x86)\Upromise\dca-ua.exe
uRun: [Upromise Tray] C:\Program Files (x86)\Upromise\UpromiseTray.exe
uRun: [DW6] "C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe"
uRun: [DW7] "C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe"
uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
mRun: [nmctxth] "C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
mRun: [ddoctorv2] "C:\Program Files (x86)\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2
mRun: [Anti-phishing Domain Advisor] "C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe"
mRun: [NielsenOnline] C:\Program Files (x86)\NetRatingsNetSight\NetSight\NielsenOnline.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [NBAgent] "C:\Program Files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe" /WinStart
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [GIDDesktop] C:\Program Files (x86)\SFT\GuardedID\gidd.exe /s
mRun: [PDF7 Registry Controller] C:\Program Files (x86)\Nuance\PDF Create 7\RegistryController.exe
mRun: [DNS7reminder] "C:\Program Files (x86)\Nuance\NaturallySpeaking11\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\NaturallySpeaking11\Ereg.ini
mRun: [ISUSPM] "C:\ProgramData\FLEXnet\Connect\11\isuspm.exe" -scheduler
mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun: [OmniPage Preload] C:\Program Files (x86)\Nuance\OmniPage18\OmniPage18.exe /preload
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [PDFHook] C:\Program Files (x86)\Nuance\PDF Create 7\pdfcreate7hook.exe
mRun: [Nuance OmniPage 18-reminder] "C:\Program Files (x86)\Nuance\OmniPage18\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\OmniPage 18\Ereg\Ereg.ini"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [Conime] %windir%\system32\conime.exe
mRun: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Iminent] C:\Program Files (x86)\Iminent\Iminent.exe /warmup "F77F87E5-A6BD-4922-A530-EDF63D7E9F8C"
mRun: [IminentMessenger] C:\Program Files (x86)\Iminent\Iminent.Messengers.exe /startup
mRun: [InboxToolbar] "C:\Program Files (x86)\Inbox Toolbar\Inbox.exe" /STARTUP
dRunOnce: [KodakHomeCenter] "C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe"
dRunOnce: [DeleteEngineAfterUpdate] reg DELETE HKCU\Software\AppDataLow\Software\ConduitEngine /f
StartupFolder: C:\Users\Laurie\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Laurie\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\Laurie\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MAGICJ~1.LNK - C:\Users\Laurie\AppData\Roaming\mjusbsp\magicJackLoader.exe
StartupFolder: C:\Users\Laurie\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\CONSTA~1.LNK - C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\NUANCE~1.LNK - C:\Program Files (x86)\Nuance\Nuance Cloud Connector\GladLauncher.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PHRASE~1.LNK - C:\Program Files (x86)\PhraseExpress\phraseexpress.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {06E58E5E-F8CB-4049-991E-A41C03BD419E} - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - C:\Program Files (x86)\Upromise\upromisetoolbar.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {8F6E7FB2-E56B-4F66-A4E1-9765D2565280} - hxxp://www.worldwinner.com/games/launcher/ie/v2.23.01.0/iewwload.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{33419AC7-9DA5-4358-B712-A2F59E883293} : DhcpNameServer = 10.1.10.1
TCP: Interfaces\{4AAE8CCC-600E-457C-AA28-C0D50643B0CA} : DhcpNameServer = 75.75.75.75 75.75.76.76
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\PROGRA~2\INBOXT~1\Inbox.dll
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
mASetup: {9191979D-821C-4EA8-B021-2DA1D859A7C5}-3Reg - C:\Program Files (x86)\SFT\GuardedID\gidi.exe /v
BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO-X64: 0x1 - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO-X64: Coupons.com Toolbar: {37153479-1976-43c3-a1ee-557513977b64} - C:\Program Files (x86)\Coupons.com\prxtbCou0.dll
BHO-X64: Coupons.com - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO-X64: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\6.2.1.5\coIEPlg.dll
BHO-X64: Norton Identity Protection - No File
BHO-X64: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\6.2.1.5\IPS\IPSBHO.DLL
BHO-X64: Norton Vulnerability Protection - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: IMinent WebBooster (BHO): {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Program Files (x86)\Iminent\Iminent.WebBooster.InternetExplorer.dll
BHO-X64: IMinent WebBooster - No File
BHO-X64: PDF Suite 2012 Helper: {a938761b-202b-4828-87e4-f21fec37d02d} - C:\Program Files (x86)\PDF Suite 2012\PDFIEHelper.dll
BHO-X64: PDF Suite 2012 Helper - No File
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Constant Guard Protection Suite (COM): {B84CDBE7-1B46-494B-A188-01D4C52DEB61} - C:\ProgramData\White Sky, Inc\ID Vault\IEBHO1.1.716.0\NativeBHO.dll
BHO-X64: Constant Guard Protection Suite (COM) - No File
BHO-X64: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll
BHO-X64: Vuze Remote - No File
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll
BHO-X64: Inbox Toolbar: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\PROGRA~2\INBOXT~1\Inbox.dll
BHO-X64: WeCareReminder Class: {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll
BHO-X64: WeCareReminder - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: Xfinity.com Toolbar: {dcc70a83-e184-40a3-906b-779af5e941c4} - C:\Program Files (x86)\xfinitytb\xfinitydx.dll
BHO-X64: Xfinity.com Toolbar - No File
BHO-X64: Updater For Xfinity.com Toolbar 3.5: {e6d0b79e-ecac-411b-8bf6-7a574981af30} - C:\Program Files (x86)\xfinitytb\auxi\xfinityAu.dll
BHO-X64: Updater For Xfinity.com Toolbar 3.5 - No File
BHO-X64: Upromise TurboSaver: {EDC0F17F-F4B7-47e4-B73E-887FAEB376FA} - C:\Program Files (x86)\Upromise\upromisetoolbar.dll
BHO-X64: ToolHelper - No File
BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
TB-X64: The Weather Channel Toolbar: {2E5E800E-6AC0-411E-940A-369530A35E43} - C:\Windows\SysWow64\TwcToolbarIe7.dll
TB-X64: Coupons.com Toolbar: {37153479-1976-43c3-a1ee-557513977b64} - C:\Program Files (x86)\Coupons.com\prxtbCou0.dll
TB-X64: Upromise TurboSaver: {06E58E5E-F8CB-4049-991E-A41C03BD419E} - C:\Program Files (x86)\Upromise\upromisetoolbar.dll
TB-X64: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll
TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
TB-X64: Xfinity.com Toolbar: {dcc70a83-e184-40a3-906b-779af5e941c4} - C:\Program Files (x86)\xfinitytb\xfinitydx.dll
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\6.2.1.5\coIEPlg.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll"
TB-X64: PDF Suite 2012 Toolbar: {11aa5c56-b4e2-4b8f-803a-d340415532f3} - C:\Program Files (x86)\PDF Suite 2012\PDFIEPlugin.dll
TB-X64: &Inbox Toolbar: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\PROGRA~2\INBOXT~1\Inbox.dll
TB-X64: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File
TB-X64: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
TB-X64: {26525CA7-F3FF-47C2-B829-09083718BEE1} - No File
TB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB-X64: {37483B40-C254-4A72-BDA4-22EE90182C1E} - No File
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
mRun-x64: [nmctxth] "C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
mRun-x64: [ddoctorv2] "C:\Program Files (x86)\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2
mRun-x64: [Anti-phishing Domain Advisor] "C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe"
mRun-x64: [NielsenOnline] C:\Program Files (x86)\NetRatingsNetSight\NetSight\NielsenOnline.exe
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [NBAgent] "C:\Program Files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe" /WinStart
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [GIDDesktop] C:\Program Files (x86)\SFT\GuardedID\gidd.exe /s
mRun-x64: [PDF7 Registry Controller] C:\Program Files (x86)\Nuance\PDF Create 7\RegistryController.exe
mRun-x64: [DNS7reminder] "C:\Program Files (x86)\Nuance\NaturallySpeaking11\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\NaturallySpeaking11\Ereg.ini
mRun-x64: [ISUSPM] "C:\ProgramData\FLEXnet\Connect\11\isuspm.exe" -scheduler
mRun-x64: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun-x64: [OmniPage Preload] C:\Program Files (x86)\Nuance\OmniPage18\OmniPage18.exe /preload
mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [PDFHook] C:\Program Files (x86)\Nuance\PDF Create 7\pdfcreate7hook.exe
mRun-x64: [Nuance OmniPage 18-reminder] "C:\Program Files (x86)\Nuance\OmniPage18\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\OmniPage 18\Ereg\Ereg.ini"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [Conime] %windir%\system32\conime.exe
mRun-x64: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Iminent] C:\Program Files (x86)\Iminent\Iminent.exe /warmup "F77F87E5-A6BD-4922-A530-EDF63D7E9F8C"
mRun-x64: [IminentMessenger] C:\Program Files (x86)\Iminent\Iminent.Messengers.exe /startup
mRun-x64: [InboxToolbar] "C:\Program Files (x86)\Inbox Toolbar\Inbox.exe" /STARTUP
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Laurie\AppData\Roaming\Mozilla\Firefox\Profiles\6hkwwsku.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2801948&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - NCH EN Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2801948&SearchSource=13
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Motive\npMotive.dll
FF - plugin: C:\Program Files (x86)\Common Files\Motive\npMotiveRequest.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Millisecond Software\Inquisit 3.0 Mozilla Plugin\npInquisit_3050.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\np32asw.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol400.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\nprpplugin.dll
FF - plugin: C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter9\FirefoxAddOns\npfirefoxtracker.dll
FF - plugin: C:\Program Files (x86)\PDF Suite 2012\firefoxextension2012\plugins\NPPdfExt2012.dll
FF - plugin: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Users\Laurie\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Users\Laurie\AppData\Local\HuluDesktop\instances\0.9.14.1\nphdplg.dll
FF - plugin: C:\Users\Laurie\AppData\Local\RunRev\Components\LiveCodePlayer\9\nplcplugin.dll
FF - plugin: C:\Users\Laurie\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
FF - plugin: C:\Users\Laurie\AppData\Roaming\Mozilla\Firefox\Profiles\6hkwwsku.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}\plugins\npAclmPlugin.dll
FF - plugin: C:\Users\Laurie\AppData\Roaming\Mozilla\Firefox\Profiles\6hkwwsku.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}\plugins\npProductDetectPlugin.dll
FF - plugin: C:\Users\Laurie\AppData\Roaming\Mozilla\Firefox\Profiles\6hkwwsku.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\plugins\np-mswmp.dll
FF - plugin: C:\Users\Laurie\AppData\Roaming\Mozilla\plugins\np-mswmp.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
---- FIREFOX POLICIES ----
.
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(yahoo.ytff.general.dontshowhpoffer, true
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\system32\drivers\amd_sata.sys --> C:\Windows\system32\drivers\amd_sata.sys [?]
R0 amd_xata;amd_xata;C:\Windows\system32\drivers\amd_xata.sys --> C:\Windows\system32\drivers\amd_xata.sys [?]
R0 NBVol;Nero Backup Volume Filter Driver;C:\Windows\system32\DRIVERS\NBVol.sys --> C:\Windows\system32\DRIVERS\NBVol.sys [?]
R0 NBVolUp;Nero Backup Volume Upper Filter Driver;C:\Windows\system32\DRIVERS\NBVolUp.sys --> C:\Windows\system32\DRIVERS\NBVolUp.sys [?]
R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\N360x64\0602010.005\SYMDS64.SYS --> C:\Windows\system32\drivers\N360x64\0602010.005\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\N360x64\0602010.005\SYMEFA64.SYS --> C:\Windows\system32\drivers\N360x64\0602010.005\SYMEFA64.SYS [?]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\BASHDefs\20120811.003\BHDrvx64.sys [2012-8-10 1385120]
R1 ccSet_N360;Norton Security Suite Settings Manager;C:\Windows\system32\drivers\N360x64\0602010.005\ccSetx64.sys --> C:\Windows\system32\drivers\N360x64\0602010.005\ccSetx64.sys [?]
R1 GIDv2;GIDv2;C:\Windows\system32\drivers\GIDv2.sys --> C:\Windows\system32\drivers\GIDv2.sys [?]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\IPSDefs\20120815.002\IDSviA64.sys [2012-8-15 509088]
R1 nnfwdk;Nielsen WFP Driver;C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter9\nnfwdk64.sys [2012-6-25 25648]
R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\N360x64\0602010.005\Ironx64.SYS --> C:\Windows\system32\drivers\N360x64\0602010.005\Ironx64.SYS [?]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\N360x64\0602010.005\SYMNETS.SYS --> C:\Windows\system32\Drivers\N360x64\0602010.005\SYMNETS.SYS [?]
R2 AODDriver4.01;AODDriver4.01;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2011-6-24 55424]
R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-8-13 138912]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\drivers\usbfilter.sys --> C:\Windows\system32\drivers\usbfilter.sys [?]
S3 AODDriver4.0;AODDriver4.0;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2011-6-24 55424]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
.
=============== Created Last 30 ================
.
2012-08-16 17:39:33 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-08-16 17:39:33 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2012-08-15 08:58:34 9826504 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-08-13 21:54:02 -------- d-----w- C:\Program Files (x86)\Inbox Toolbar
2012-08-12 16:21:25 -------- d-----w- C:\Users\Laurie\AppData\Roaming\PDF Software
2012-08-12 15:52:55 -------- d-----w- C:\Program Files (x86)\PDF Suite 2012
2012-08-10 22:01:44 -------- d-----w- C:\Program Files (x86)\Free YouTube Downloader
2012-08-10 21:57:04 -------- d-----w- C:\Users\Laurie\AppData\Roaming\Iminent
2012-08-10 21:56:30 -------- d-----w- C:\ProgramData\Iminent
2012-08-10 21:54:46 -------- d-----w- C:\Program Files (x86)\Iminent
2012-07-28 22:31:32 -------- d-----w- C:\Users\Laurie\AppData\Local\CRE
2012-07-27 00:37:00 476976 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2012-07-21 16:01:46 -------- d-----w- C:\Windows\SysWow64\kodak
.
==================== Find3M ====================
.
2012-08-15 08:58:39 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-15 08:58:39 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-07-27 00:36:20 472880 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-07-18 18:15:06 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-07-16 21:14:02 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll
2012-07-16 21:14:02 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2012-07-04 22:13:27 59392 ----a-w- C:\Windows\System32\browcli.dll
2012-07-04 22:13:27 136704 ----a-w- C:\Windows\System32\browser.dll
2012-07-04 21:14:34 41984 ----a-w- C:\Windows\SysWow64\browcli.dll
2012-07-03 17:46:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-06-30 21:47:04 175736 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2012-06-29 03:56:34 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-29 03:49:11 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-29 03:48:07 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-29 03:43:49 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-29 03:39:48 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-29 00:16:58 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-29 00:09:01 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-29 00:08:59 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-29 00:04:43 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-29 00:00:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-06-18 13:48:14 122368 ----a-w- C:\Windows\System32\EKaio2WiaCoInst.dll
2012-06-18 13:48:10 10240 ----a-w- C:\Windows\System32\EKaio2WiaCoInstRes.dll
2012-06-12 13:42:52 1644544 ----a-w- C:\Windows\System32\EKAiO2MON.dll
2012-06-12 13:41:40 177664 ----a-w- C:\Windows\System32\EKAiO2COI09.dll
2012-06-06 12:49:52 1070152 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX
2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll
2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll
2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll
2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-02 19:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-02 19:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
.
============= FINISH: 19:23:01.46 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 7/21/2011 4:14:38 PM
System Uptime: 8/16/2012 3:09:35 PM (4 hours ago)
.
Motherboard: FOXCONN | | 2AB1
Processor: AMD Phenom™ II X2 521 Processor | CPU 1 | 3500/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 920 GiB total, 299.639 GiB free.
D: is FIXED (NTFS) - 11 GiB total, 1.372 GiB free.
E: is CDROM (UDF)
F: is Removable
G: is Removable
H: is Removable
I: is Removable
J: is CDROM ()
K: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP184: 8/12/2012 12:00:03 PM - Installed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
RP185: 8/12/2012 12:04:31 PM - Installed OpenOffice.org 3.4
RP186: 8/12/2012 12:14:15 PM - Installed OpenOffice.org 3.4
RP187: 8/14/2012 11:18:26 PM - Windows Update
RP188: 8/16/2012 7:02:06 PM - Removed Adobe Acrobat X Pro - English, Français, Deutsch.
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Community Help
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Media Player
Adobe Photoshop CS5
Adobe Reader X (10.1.3)
Agatha Christie - Peril at End House
aioscnnr
AMD VISION Engine Control Center
Anonymous Guest v4.20 Pro Multilanguage
Anti-phishing Domain Advisor
Apple Application Support
Apple Software Update
ASPCA Reminder by We-Care.com v5.0.5.1
Audacity 1.3.13 (Unicode)
Bejeweled 2 Deluxe
Bejeweled 3
Bing Bar
Bing Rewards Client Installer
Bitvise Tunnelier 4.40 (remove only)
Blackhawk Striker 2
Blasterball 3
Blio
Bounce Symphony
Build-a-lot 2
C4USelfUpdater
CA Pest Patrol Realtime Protection
Cake Mania
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
center
Chrometa version 2.0.2.3.61
Chuzzle Deluxe
Classic Doom 3 1.3.1
Comcast Desktop Software (v1.2.1)
Constant Guard Protection Suite
Coupon Printer for Windows
Coupons.com Toolbar
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Desktop Doctor
Diner Dash 2 Restaurant Rescue
Dora's World Adventure
Download Updater (AOL LLC)
Dragon NaturallySpeaking 11
Dropbox
EasySolve
essentials
Express Accounts
Express Invoice
Express Rip
Express Scribe
Express Zip File Compression Software
Farm Frenzy
FATE - The Traitor Soul
FLAC 1.2.1b (remove only)
Free YouTube Downloader 3.5.126
FTR TheRecord Player
Google Chrome
Google Earth
Google Update Helper
Grammarly Add-In
GuardedID
Hewlett-Packard ACLM.NET v1.1.2.0
HourGuard Time Sheet
HP Customer Experience Enhancements
HP Games
HP LinkUp
HP MediaSmart/TouchSmart Netflix
HP MovieStore
HP Odometer
HP Product Detection
HP Setup
HP Setup Manager
HP Support Assistant
HP Support Information
HP Update
Hulu Desktop
HydraVision
Iminent
Inbox Toolbar
InqScribe 2.1
JAP
Java Auto Updater
Java™ 6 Update 3
Java™ 6 Update 33
Junk Mail filter update
KeyBlaze Typing Tutor
Kobo
KODAK AiO Software
LabelPrint
LightScribe System Software
MagicDisc 2.7.106
magicJack
Mah Jong Medley
Malwarebytes Anti-Malware version 1.62.0.1300
Mavis Beacon Teaches Typing Platinum 20
Mesh Runtime
Microsoft .NET Framework 1.1
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft WSE 3.0 Runtime
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
MixPad Audio Mixer
Mobipocket Reader 6.2
Morphyre
Mozilla Firefox 14.0.1 (x86 en-US)
Mozilla Maintenance Service
Mozilla Thunderbird 14.0 (x86 en-US)
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Mystery P.I. - Stolen in San Francisco
Namco All-Stars PAC-MAN
Nero 11 Collection 1
Nero 11 Kwik Themes 3
Nero 11 Kwik Themes 4
Nero 11 PiP Effects 1
Nero 11 Video Transitions 1
Nielsen
Norton Online Backup
Norton PC Checkup
Norton Security Suite
Nuance Cloud Connector
Nuance OmniPage 18
ocr
oDesk Team
OpenOffice.org 3.4
PDF Settings CS5
PDF Suite 2012
Penguins!
PhraseExpress v8.0.154
Pidgin
Pixillion Image Converter
Plants vs. Zombies - Game of the Year
PlayReady PC Runtime x86
Poker Superstars III
Polar Bowler
Polar Golfer
Power2Go
PreReq
PressReader
Prism Video File Converter
Pure Networks Platform
QuickTime
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek High Definition Audio Driver
RealUpgrade 1.1
Recovery Manager
Remote Graphics Receiver
Rinse
RoxioNow Player
RunRev LiveCode Player Browser Plugin
Safari
Scansoft PDF Create
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2553322) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2553431) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553260) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589322) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition
Slingo Supreme
SoftWriting
Sony Player Plug-in for Windows Media Player
SoulSeek 157 NS 13e
Spybot - Search & Destroy
Switch Sound File Converter
The FTW Transcriber version 2.1.0
The Weather Channel App
The Weather Channel Desktop 6
The Weather Channel Toolbar
Transcription Buddy 4.0 (build 38)
TuneUp Companion 2.4.6.4
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553272) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598289) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update Installer for WildTangent Games App
Upromise TurboSaver (remove only)
Virtual Villagers 4 - The Tree of Life
VLC media player 2.0.2
Vuze
Vuze Remote Toolbar
WavePad Sound Editor
WebEx Support Manager for Internet Explorer
Wheel of Fortune 2
WildTangent Games App (HP Games)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Xfinity.com Toolbar 3.5
XP Codec Pack
Yahoo! BrowserPlus 2.9.8
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar
Zinio Reader 4
Zuma Deluxe
.
==== Event Viewer Messages From Past Week ========
.
8/16/2012 2:50:04 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
8/16/2012 2:49:03 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
8/16/2012 2:49:03 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
8/16/2012 2:49:02 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
8/16/2012 2:48:52 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
8/16/2012 2:48:44 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
8/16/2012 2:47:56 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx64 ccSet_N360 discache eeCtrl IDSVia64 nnfwdk spldr SRTSP SRTSPX SymIRON SymNetS Wanarpv6
8/16/2012 1:08:56 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Norton Online Backup service to connect.
8/16/2012 1:08:56 PM, Error: Service Control Manager [7000] - The Norton Online Backup service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
8/14/2012 3:02:57 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
8/14/2012 3:01:19 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
8/14/2012 2:53:19 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Sendoriv1 service.
8/13/2012 3:47:25 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the MBAMService service to connect.
8/13/2012 3:47:25 PM, Error: Service Control Manager [7000] - The MBAMService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================

[zalloy]

Oops, almost forgot the RogueKiller Report. Here it is:

RogueKiller V7.6.6 [08/10/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User: Laurie [Admin rights]
Mode: Scan -- Date: 08/16/2012 12:45:35

¤¤¤ Bad processes: 4 ¤¤¤
[SUSP PATH] visicom_antiphishing.exe -- C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe -> KILLED [TermProc]
[SUSP PATH] visicom_antiphishing-tray.exe -- C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing-tray.exe -> KILLED [TermProc]
[SUSP PATH] magicJack.exe -- C:\Users\Laurie\AppData\Roaming\mjusbsp\magicJack.exe -> KILLED [TermProc]
[SUSP PATH] agent.exe -- C:\ProgramData\FLEXnet\Connect\11\agent.exe -> KILLED [TermProc]

¤¤¤ Registry Entries: 10 ¤¤¤
[SUSP PATH] HKCU\[...]\Run : cdloader ("C:\Users\Laurie\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK) -> FOUND
[SUSP PATH] HKCU\[...]\Run : DW6 ("C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe") -> FOUND
[SUSP PATH] HKUS\S-1-5-21-3877766120-1356258156-1109172098-1001[...]\Run : cdloader ("C:\Users\Laurie\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK) -> FOUND
[SUSP PATH] HKUS\S-1-5-21-3877766120-1356258156-1109172098-1001[...]\Run : DW6 ("C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe") -> FOUND
[SUSP PATH] HKLM\[...]\Wow6432Node\Run : Anti-phishing Domain Advisor ("C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe") -> FOUND
[SUSP PATH] magicJack.lnk @Laurie : C:\Users\Laurie\AppData\Roaming\mjusbsp\magicJackLoader.exe -> FOUND
[DNS] HKLM\[...]\ControlSet001\Parameters\Interfaces\{4AAE8CCC-600E-457C-AA28-C0D50643B0CA} : NameServer (216.146.35.240,216.146.36.240,75.75.75.75,75.75.76.76) -> FOUND
[DNS] HKLM\[...]\ControlSet002\Parameters\Interfaces\{4AAE8CCC-600E-457C-AA28-C0D50643B0CA} : NameServer (216.146.35.240,216.146.36.240,75.75.75.75,75.75.76.76) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : Root.MBR ¤¤¤

¤¤¤ HOSTS File: ¤¤¤


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Hitachi HDS721010CLA332 SATA Disk Device +++++
--- User ---
[MBR] 0898b5c44c58ee2b233b581feea6ca66
[BSP] 072f3ca5aad42da821a8c268faed96c8 : Windows Vista/7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 942267 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1929969664 | Size: 11500 Mo
User = LL1 ... OK!
User != LL2 ... KO!
--- LL2 ---
[MBR] 0c959f160c0bfdaccc5ebf7fe9c560d2
[BSP] ede960c251a9b1bd984edccbf8c8278d : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 217933824 | Size: 300 Mo

Finished : << RKreport[1].txt >>
RKreport[1].txt

[MrCharlie]

Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

For Windows XP, double-click to start.
For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.



-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.



------------------------

Click the Start Scan button.



-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue
If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
Skip and click on Continue




----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.





--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.
Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

-------------------

Here's a summary of what to do if you would like to print it out:

If a suspicious object is detected, the default action will be Skip, click on Continue
If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
Skip and click on Continue

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

MrC

[zalloy]

Something is definitely going on. Here's hoping I don't lose any of my data, as I have some important stuff I can't afford to lose. Here's the TDSSKiller log. My system is not letting me zip the file. I get an error with ExpressZip and with WinRAR saying that it cannot save the file.

10:21:53.0640 7620 TDSS rootkit removing tool 2.8.6.0 Aug 13 2012 17:24:05
10:21:54.0324 7620 ============================================================
10:21:54.0324 7620 Current date / time: 2012/08/17 10:21:54.0324
10:21:54.0324 7620 SystemInfo:
10:21:54.0324 7620
10:21:54.0324 7620 OS Version: 6.1.7601 ServicePack: 1.0
10:21:54.0324 7620 Product type: Workstation
10:21:54.0324 7620 ComputerName: ZINCS-HP
10:21:54.0324 7620 UserName: Laurie
10:21:54.0324 7620 Windows directory: C:\Windows
10:21:54.0324 7620 System windows directory: C:\Windows
10:21:54.0324 7620 Running under WOW64
10:21:54.0324 7620 Processor architecture: Intel x64
10:21:54.0324 7620 Number of processors: 2
10:21:54.0324 7620 Page size: 0x1000
10:21:54.0324 7620 Boot type: Normal boot
10:21:54.0324 7620 ============================================================
10:21:55.0585 7620 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
10:21:55.0621 7620 ============================================================
10:21:55.0621 7620 \Device\Harddisk0\DR0:
10:21:55.0622 7620 MBR partitions:
10:21:55.0622 7620 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
10:21:55.0622 7620 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x7305D800
10:21:55.0622 7620 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x73090000, BlocksNum 0x1676000
10:21:55.0622 7620 ============================================================
10:21:55.0656 7620 C: <-> \Device\Harddisk0\DR0\Partition2
10:21:55.0706 7620 D: <-> \Device\Harddisk0\DR0\Partition3
10:21:55.0706 7620 ============================================================
10:21:55.0706 7620 Initialize success
10:21:55.0706 7620 ============================================================
10:22:52.0196 9236 ============================================================
10:22:52.0196 9236 Scan started
10:22:52.0196 9236 Mode: Manual; SigCheck; TDLFS;
10:22:52.0196 9236 ============================================================
10:22:52.0869 9236 ================ Scan services =============================
10:22:53.0013 9236 [ a87d604aea360176311474c87a63bb88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
10:22:53.0315 9236 1394ohci - ok
10:22:53.0391 9236 ACDaemon - ok
10:22:53.0436 9236 [ d81d9e70b8a6dd14d42d7b4efa65d5f2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
10:22:53.0450 9236 ACPI - ok
10:22:53.0467 9236 [ 99f8e788246d495ce3794d7e7821d2ca ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
10:22:53.0552 9236 AcpiPmi - ok
10:22:53.0633 9236 [ 62b7936f9036dd6ed36e6a7efa805dc0 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
10:22:53.0642 9236 AdobeARMservice - ok
10:22:53.0782 9236 [ a9d3b95e8466bd58eeb8a1154654e162 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
10:22:53.0793 9236 AdobeFlashPlayerUpdateSvc - ok
10:22:53.0836 9236 [ 2f6b34b83843f0c5118b63ac634f5bf4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
10:22:53.0853 9236 adp94xx - ok
10:22:53.0882 9236 [ 597f78224ee9224ea1a13d6350ced962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
10:22:53.0896 9236 adpahci - ok
10:22:53.0906 9236 [ e109549c90f62fb570b9540c4b148e54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
10:22:53.0918 9236 adpu320 - ok
10:22:53.0938 9236 [ 4b78b431f225fd8624c5655cb1de7b61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
10:22:54.0086 9236 AeLookupSvc - ok
10:22:54.0147 9236 [ 1c7857b62de5994a75b054a9fd4c3825 ] AFD C:\Windows\system32\drivers\afd.sys
10:22:54.0217 9236 AFD - ok
10:22:54.0241 9236 [ 608c14dba7299d8cb6ed035a68a15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
10:22:54.0251 9236 agp440 - ok
10:22:54.0275 9236 [ 3290d6946b5e30e70414990574883ddb ] ALG C:\Windows\System32\alg.exe
10:22:54.0338 9236 ALG - ok
10:22:54.0365 9236 [ 5812713a477a3ad7363c7438ca2ee038 ] aliide C:\Windows\system32\drivers\aliide.sys
10:22:54.0394 9236 aliide - ok
10:22:54.0469 9236 [ 2fdcb3e855076ce97ccb58e2cf8f2a09 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
10:22:54.0515 9236 AMD External Events Utility - ok
10:22:54.0575 9236 AMD FUEL Service - ok
10:22:54.0595 9236 [ 1ff8b4431c353ce385c875f194924c0c ] amdide C:\Windows\system32\drivers\amdide.sys
10:22:54.0606 9236 amdide - ok
10:22:54.0646 9236 [ 6a2eeb0c4133b20773bb3dd0b7b377b4 ] amdiox64 C:\Windows\system32\DRIVERS\amdiox64.sys
10:22:54.0702 9236 amdiox64 - ok
10:22:54.0715 9236 [ 7024f087cff1833a806193ef9d22cda9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
10:22:54.0779 9236 AmdK8 - ok
10:22:54.0938 9236 [ 9920704bf815a5b42da5264f013aaeb7 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
10:22:55.0126 9236 amdkmdag - ok
10:22:55.0188 9236 [ 0d1055a47a8f5dc1caa2701831293ebb ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
10:22:55.0210 9236 amdkmdap - ok
10:22:55.0238 9236 [ 1e56388b3fe0d031c44144eb8c4d6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
10:22:55.0266 9236 AmdPPM - ok
10:22:55.0317 9236 [ d4121ae6d0c0e7e13aa221aa57ef2d49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
10:22:55.0327 9236 amdsata - ok
10:22:55.0349 9236 [ f67f933e79241ed32ff46a4f29b5120b ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
10:22:55.0361 9236 amdsbs - ok
10:22:55.0377 9236 [ 540daf1cea6094886d72126fd7c33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
10:22:55.0387 9236 amdxata - ok
10:22:55.0410 9236 [ caee7c1afc9f1c9ee8dd11acd18d22e7 ] amd_sata C:\Windows\system32\drivers\amd_sata.sys
10:22:55.0420 9236 amd_sata - ok
10:22:55.0424 9236 [ 23726116b4fbcc84fc45b95157c08f5f ] amd_xata C:\Windows\system32\drivers\amd_xata.sys
10:22:55.0433 9236 amd_xata - ok
10:22:55.0511 9236 [ f9dac844b1d370da4c984d4c22f5e696 ] AntiSpywareService C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe
10:22:55.0528 9236 AntiSpywareService - ok
10:22:55.0569 9236 [ f312fad7dbd49ed21a194ac71b497832 ] AODDriver4.0 C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
10:22:55.0578 9236 AODDriver4.0 - ok
10:22:55.0592 9236 [ f312fad7dbd49ed21a194ac71b497832 ] AODDriver4.01 C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
10:22:55.0600 9236 AODDriver4.01 - ok
10:22:55.0631 9236 [ 89a69c3f2f319b43379399547526d952 ] AppID C:\Windows\system32\drivers\appid.sys
10:22:55.0766 9236 AppID - ok
10:22:55.0788 9236 [ 0bc381a15355a3982216f7172f545de1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
10:22:55.0826 9236 AppIDSvc - ok
10:22:55.0843 9236 [ 3977d4a871ca0d4f2ed1e7db46829731 ] Appinfo C:\Windows\System32\appinfo.dll
10:22:55.0880 9236 Appinfo - ok
10:22:55.0992 9236 [ f401929ee0cc92bfe7f15161ca535383 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
10:22:56.0000 9236 Apple Mobile Device - ok
10:22:56.0023 9236 [ c484f8ceb1717c540242531db7845c4e ] arc C:\Windows\system32\drivers\arc.sys
10:22:56.0034 9236 arc - ok
10:22:56.0054 9236 [ 019af6924aefe7839f61c830227fe79c ] arcsas C:\Windows\system32\drivers\arcsas.sys
10:22:56.0065 9236 arcsas - ok
10:22:56.0165 9236 [ 9217d874131ae6ff8f642f124f00a555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
10:22:56.0184 9236 aspnet_state - ok
10:22:56.0210 9236 [ 769765ce2cc62867468cea93969b2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
10:22:56.0252 9236 AsyncMac - ok
10:22:56.0284 9236 [ 02062c0b390b7729edc9e69c680a6f3c ] atapi C:\Windows\system32\drivers\atapi.sys
10:22:56.0294 9236 atapi - ok
10:22:56.0398 9236 [ dbb487d09f56c674430ac454fd8bcab9 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
10:22:56.0415 9236 AtiHDAudioService - ok
10:22:56.0430 9236 [ e82e61f46d1336447f4deff8c074f13e ] AtiPcie C:\Windows\system32\drivers\AtiPcie64.sys
10:22:56.0439 9236 AtiPcie - ok
10:22:56.0472 9236 [ f23fef6d569fce88671949894a8becf1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
10:22:56.0518 9236 AudioEndpointBuilder - ok
10:22:56.0528 9236 [ f23fef6d569fce88671949894a8becf1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
10:22:56.0558 9236 AudioSrv - ok
10:22:56.0584 9236 [ a6bf31a71b409dfa8cac83159e1e2aff ] AxInstSV C:\Windows\System32\AxInstSV.dll
10:22:56.0639 9236 AxInstSV - ok
10:22:56.0670 9236 [ 3e5b191307609f7514148c6832bb0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
10:22:56.0739 9236 b06bdrv - ok
10:22:56.0773 9236 [ b5ace6968304a3900eeb1ebfd9622df2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
10:22:56.0801 9236 b57nd60a - ok
10:22:56.0970 9236 [ a2494901e7226b356b8c1005c45f1c5f ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe
10:22:56.0981 9236 BBSvc - ok
10:22:57.0009 9236 [ 63b1cbbae4790b5bac98f01bf9449722 ] BBUpdate C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe
10:22:57.0022 9236 BBUpdate - ok
10:22:57.0045 9236 [ fde360167101b4e45a96f939f388aeb0 ] BDESVC C:\Windows\System32\bdesvc.dll
10:22:57.0112 9236 BDESVC - ok
10:22:57.0137 9236 [ 16a47ce2decc9b099349a5f840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
10:22:57.0185 9236 Beep - ok
10:22:57.0222 9236 [ 82974d6a2fd19445cc5171fc378668a4 ] BFE C:\Windows\System32\bfe.dll
10:22:57.0268 9236 BFE - ok
10:22:57.0508 9236 [ e99f59342171101ee2446d0cd1a60a8d ] BHDrvx64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\BASHDefs\20120811.003\BHDrvx64.sys
10:22:57.0538 9236 BHDrvx64 - ok
10:22:57.0567 9236 [ 1ea7969e3271cbc59e1730697dc74682 ] BITS C:\Windows\System32\qmgr.dll
10:22:57.0622 9236 BITS - ok
10:22:57.0654 9236 [ 61583ee3c3a17003c4acd0475646b4d3 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
10:22:57.0677 9236 blbdrive - ok
10:22:57.0760 9236 [ ebbcd5dfbb1de70e8f4af8fa59e401fd ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
10:22:57.0774 9236 Bonjour Service - ok
10:22:57.0829 9236 [ 6c02a83164f5cc0a262f4199f0871cf5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
10:22:57.0883 9236 bowser - ok
10:22:57.0908 9236 [ f09eee9edc320b5e1501f749fde686c8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
10:22:57.0927 9236 BrFiltLo - ok
10:22:57.0944 9236 [ b114d3098e9bdb8bea8b053685831be6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
10:22:57.0956 9236 BrFiltUp - ok
10:22:58.0011 9236 [ 05f5a0d14a2ee1d8255c2aa0e9e8e694 ] Browser C:\Windows\System32\browser.dll
10:22:58.0046 9236 Browser - ok
10:22:58.0080 9236 [ 43bea8d483bf1870f018e2d02e06a5bd ] Brserid C:\Windows\System32\Drivers\Brserid.sys
10:22:58.0119 9236 Brserid - ok
10:22:58.0136 9236 [ a6eca2151b08a09caceca35c07f05b42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
10:22:58.0161 9236 BrSerWdm - ok
10:22:58.0178 9236 [ b79968002c277e869cf38bd22cd61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
10:22:58.0200 9236 BrUsbMdm - ok
10:22:58.0225 9236 [ a87528880231c54e75ea7a44943b38bf ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
10:22:58.0241 9236 BrUsbSer - ok
10:22:58.0259 9236 [ 9da669f11d1f894ab4eb69bf546a42e8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
10:22:58.0281 9236 BTHMODEM - ok
10:22:58.0305 9236 [ 95f9c2976059462cbbf227f7aab10de9 ] bthserv C:\Windows\system32\bthserv.dll
10:22:58.0339 9236 bthserv - ok
10:22:58.0455 9236 [ 0e1737a63aec0f6de231bb59836c0a11 ] ccSet_N360 C:\Windows\system32\drivers\N360x64\0602010.005\ccSetx64.sys
10:22:58.0469 9236 ccSet_N360 - ok
10:22:58.0491 9236 [ b8bd2bb284668c84865658c77574381a ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
10:22:58.0518 9236 cdfs - ok
10:22:58.0547 9236 [ f036ce71586e93d94dab220d7bdf4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
10:22:58.0574 9236 cdrom - ok
10:22:58.0629 9236 [ f17d1d393bbc69c5322fbfafaca28c7f ] CertPropSvc C:\Windows\System32\certprop.dll
10:22:58.0668 9236 CertPropSvc - ok
10:22:58.0681 9236 [ d7cd5c4e1b71fa62050515314cfb52cf ] circlass C:\Windows\system32\drivers\circlass.sys
10:22:58.0706 9236 circlass - ok
10:22:58.0724 9236 [ fe1ec06f2253f691fe36217c592a0206 ] CLFS C:\Windows\system32\CLFS.sys
10:22:58.0740 9236 CLFS - ok
10:22:58.0789 9236 [ d88040f816fda31c3b466f0fa0918f29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:22:58.0798 9236 clr_optimization_v2.0.50727_32 - ok
10:22:58.0833 9236 [ d1ceea2b47cb998321c579651ce3e4f8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
10:22:58.0863 9236 clr_optimization_v2.0.50727_64 - ok
10:22:59.0079 9236 [ c5a75eb48e2344abdc162bda79e16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:22:59.0089 9236 clr_optimization_v4.0.30319_32 - ok
10:22:59.0116 9236 [ c6f9af94dcd58122a4d7e89db6bed29d ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
10:22:59.0135 9236 clr_optimization_v4.0.30319_64 - ok
10:22:59.0158 9236 [ 0840155d0bddf1190f84a663c284bd33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
10:22:59.0176 9236 CmBatt - ok
10:22:59.0202 9236 [ e19d3f095812725d88f9001985b94edd ] cmdide C:\Windows\system32\drivers\cmdide.sys
10:22:59.0212 9236 cmdide - ok
10:22:59.0275 9236 [ 9ac4f97c2d3e93367e2148ea940cd2cd ] CNG C:\Windows\system32\Drivers\cng.sys
10:22:59.0323 9236 CNG - ok
10:22:59.0333 9236 [ 102de219c3f61415f964c88e9085ad14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
10:22:59.0342 9236 Compbatt - ok
10:22:59.0360 9236 [ 03edb043586cceba243d689bdda370a8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
10:22:59.0379 9236 CompositeBus - ok
10:22:59.0385 9236 COMSysApp - ok
10:22:59.0408 9236 [ 1c827878a998c18847245fe1f34ee597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
10:22:59.0418 9236 crcdisk - ok
10:22:59.0474 9236 [ 4f5414602e2544a4554d95517948b705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
10:22:59.0494 9236 CryptSvc - ok
10:22:59.0528 9236 [ 5c627d1b1138676c0a7ab2c2c190d123 ] DcomLaunch C:\Windows\system32\rpcss.dll
10:22:59.0573 9236 DcomLaunch - ok
10:22:59.0597 9236 [ 3cec7631a84943677aa8fa8ee5b6b43d ] defragsvc C:\Windows\System32\defragsvc.dll
10:22:59.0635 9236 defragsvc - ok
10:22:59.0656 9236 [ 9bb2ef44eaa163b29c4a4587887a0fe4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
10:22:59.0689 9236 DfsC - ok
10:22:59.0714 9236 [ 43d808f5d9e1a18e5eeb5ebc83969e4e ] Dhcp C:\Windows\system32\dhcpcore.dll
10:22:59.0767 9236 Dhcp - ok
10:22:59.0780 9236 [ 13096b05847ec78f0977f2c0f79e9ab3 ] discache C:\Windows\system32\drivers\discache.sys
10:22:59.0820 9236 discache - ok
10:22:59.0850 9236 [ 9819eee8b5ea3784ec4af3b137a5244c ] Disk C:\Windows\system32\drivers\disk.sys
10:22:59.0860 9236 Disk - ok
10:22:59.0888 9236 [ 16835866aaa693c7d7fceba8fff706e4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
10:22:59.0957 9236 Dnscache - ok
10:22:59.0979 9236 [ b1fb3ddca0fdf408750d5843591afbc6 ] dot3svc C:\Windows\System32\dot3svc.dll
10:23:00.0046 9236 dot3svc - ok
10:23:00.0065 9236 [ b26f4f737e8f9df4f31af6cf31d05820 ] DPS C:\Windows\system32\dps.dll
10:23:00.0112 9236 DPS - ok
10:23:00.0191 9236 [ f7bda38afbda04f0a89deba767eeda79 ] DragonSvc C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
10:23:00.0202 9236 DragonSvc - ok
10:23:00.0221 9236 [ 9b19f34400d24df84c858a421c205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
10:23:00.0242 9236 drmkaud - ok
10:23:00.0267 9236 [ f5bee30450e18e6b83a5012c100616fd ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
10:23:00.0292 9236 DXGKrnl - ok
10:23:00.0313 9236 [ e2dda8726da9cb5b2c4000c9018a9633 ] EapHost C:\Windows\System32\eapsvc.dll
10:23:00.0350 9236 EapHost - ok
10:23:00.0412 9236 [ dc5d737f51be844d8c82c695eb17372f ] ebdrv C:\Windows\system32\drivers\evbda.sys
10:23:00.0464 9236 ebdrv - ok
10:23:00.0542 9236 [ 4353ff94d47a0a9d52b89eccf0cdb013 ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
10:23:00.0559 9236 eeCtrl - ok
10:23:00.0617 9236 [ c118a82cd78818c29ab228366ebf81c3 ] EFS C:\Windows\System32\lsass.exe
10:23:00.0681 9236 EFS - ok
10:23:00.0735 9236 [ c4002b6b41975f057d98c439030cea07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
10:23:00.0810 9236 ehRecvr - ok
10:23:00.0851 9236 [ 4705e8ef9934482c5bb488ce28afc681 ] ehSched C:\Windows\ehome\ehsched.exe
10:23:00.0863 9236 ehSched - ok
10:23:00.0882 9236 [ 0e5da5369a0fcaea12456dd852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
10:23:00.0900 9236 elxstor - ok
10:23:00.0979 9236 [ c5bccb378d0a896304a3e71be7215983 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
10:23:00.0990 9236 EraserUtilRebootDrv - ok
10:23:01.0005 9236 [ 34a3c54752046e79a126e15c51db409b ] ErrDev C:\Windows\system32\drivers\errdev.sys
10:23:01.0023 9236 ErrDev - ok
10:23:01.0066 9236 [ 4166f82be4d24938977dd1746be9b8a0 ] EventSystem C:\Windows\system32\es.dll
10:23:01.0108 9236 EventSystem - ok
10:23:01.0136 9236 [ a510c654ec00c1e9bdd91eeb3a59823b ] exfat C:\Windows\system32\drivers\exfat.sys
10:23:01.0164 9236 exfat - ok
10:23:01.0306 9236 [ e3011c974d3997618f515b493b31a40f ] ExpressAccountsService C:\Program Files (x86)\NCH Software\ExpressAccounts\expressaccounts.exe
10:23:01.0351 9236 ExpressAccountsService ( UnsignedFile.Multi.Generic ) - warning
10:23:01.0351 9236 ExpressAccountsService - detected UnsignedFile.Multi.Generic (1)
10:23:01.0502 9236 [ 785b9452cf862d81305ad5cfef4bf68e ] ExpressInvoiceService C:\Program Files (x86)\NCH Software\ExpressInvoice\expressinvoice.exe
10:23:01.0548 9236 ExpressInvoiceService ( UnsignedFile.Multi.Generic ) - warning
10:23:01.0548 9236 ExpressInvoiceService - detected UnsignedFile.Multi.Generic (1)
10:23:01.0566 9236 [ 0adc83218b66a6db380c330836f3e36d ] fastfat C:\Windows\system32\drivers\fastfat.sys
10:23:01.0605 9236 fastfat - ok
10:23:01.0648 9236 [ dbefd454f8318a0ef691fdd2eaab44eb ] Fax C:\Windows\system32\fxssvc.exe
10:23:01.0713 9236 Fax - ok
10:23:01.0727 9236 [ d765d19cd8ef61f650c384f62fac00ab ] fdc C:\Windows\system32\drivers\fdc.sys
10:23:01.0744 9236 fdc - ok
10:23:01.0761 9236 [ 0438cab2e03f4fb61455a7956026fe86 ] fdPHost C:\Windows\system32\fdPHost.dll
10:23:01.0795 9236 fdPHost - ok
10:23:01.0809 9236 [ 802496cb59a30349f9a6dd22d6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
10:23:01.0836 9236 FDResPub - ok
10:23:01.0868 9236 [ 655661be46b5f5f3fd454e2c3095b930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
10:23:01.0878 9236 FileInfo - ok
10:23:01.0890 9236 [ 5f671ab5bc87eea04ec38a6cd5962a47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
10:23:01.0927 9236 Filetrace - ok
10:23:01.0938 9236 [ c172a0f53008eaeb8ea33fe10e177af5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
10:23:01.0949 9236 flpydisk - ok
10:23:01.0961 9236 [ da6b67270fd9db3697b20fce94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
10:23:01.0976 9236 FltMgr - ok
10:23:02.0015 9236 [ 5c4cb4086fb83115b153e47add961a0c ] FontCache C:\Windows\system32\FntCache.dll
10:23:02.0058 9236 FontCache - ok
10:23:02.0099 9236 [ a8b7f3818ab65695e3a0bb3279f6dce6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
10:23:02.0107 9236 FontCache3.0.0.0 - ok
10:23:02.0125 9236 [ d43703496149971890703b4b1b723eac ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
10:23:02.0136 9236 FsDepends - ok
10:23:02.0163 9236 [ 6bd9295cc032dd3077c671fccf579a7b ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
10:23:02.0173 9236 Fs_Rec - ok
10:23:02.0207 9236 [ 1f7b25b858fa27015169fe95e54108ed ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
10:23:02.0221 9236 fvevol - ok
10:23:02.0253 9236 [ 8c778d335c9d272cfd3298ab02abe3b6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
10:23:02.0263 9236 gagp30kx - ok
10:23:02.0291 9236 [ c403c5db49a0f9aaf4f2128edc0106d8 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
10:23:02.0302 9236 GamesAppService - ok
10:23:02.0320 9236 [ af4dee5531395dee72b35b36c9671fd0 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
10:23:02.0329 9236 GEARAspiWDM - ok
10:23:02.0366 9236 [ 9ba22aee7f531ef9ce085cc2e1112bc4 ] GIDv2 C:\Windows\system32\drivers\GIDv2.sys
10:23:02.0376 9236 GIDv2 - ok
10:23:02.0531 9236 [ a4a2158e8ae73a57f0f1dfd3219a9101 ] GladFileMonSvc C:\Program Files (x86)\Nuance\Nuance Cloud Connector\GladFileMonSvc.exe
10:23:02.0539 9236 GladFileMonSvc - ok
10:23:02.0562 9236 [ 277bbc7e1aa1ee957f573a10eca7ef3a ] gpsvc C:\Windows\System32\gpsvc.dll
10:23:02.0599 9236 gpsvc - ok
10:23:02.0720 9236 [ f02a533f517eb38333cb12a9e8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
10:23:02.0730 9236 gupdate - ok
10:23:02.0741 9236 [ f02a533f517eb38333cb12a9e8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
10:23:02.0750 9236 gupdatem - ok
10:23:02.0767 9236 [ f2523ef6460fc42405b12248338ab2f0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
10:23:02.0825 9236 hcw85cir - ok
10:23:02.0855 9236 [ 975761c778e33cd22498059b91e7373a ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
10:23:02.0881 9236 HdAudAddService - ok
10:23:02.0906 9236 [ 97bfed39b6b79eb12cddbfeed51f56bb ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
10:23:02.0925 9236 HDAudBus - ok
10:23:02.0949 9236 [ 78e86380454a7b10a5eb255dc44a355f ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
10:23:02.0968 9236 HidBatt - ok
10:23:02.0986 9236 [ 7fd2a313f7afe5c4dab14798c48dd104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
10:23:03.0000 9236 HidBth - ok
10:23:03.0015 9236 [ 0a77d29f311b88cfae3b13f9c1a73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
10:23:03.0028 9236 HidIr - ok
10:23:03.0051 9236 [ bd9eb3958f213f96b97b1d897dee006d ] hidserv C:\Windows\system32\hidserv.dll
10:23:03.0078 9236 hidserv - ok
10:23:03.0116 9236 [ 9592090a7e2b61cd582b612b6df70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
10:23:03.0127 9236 HidUsb - ok
10:23:03.0140 9236 [ 387e72e739e15e3d37907a86d9ff98e2 ] hkmsvc C:\Windows\system32\kmsvc.dll
10:23:03.0177 9236 hkmsvc - ok
10:23:03.0197 9236 [ efdfb3dd38a4376f93e7985173813abd ] HomeGroupListener C:\Windows\system32\ListSvc.dll
10:23:03.0219 9236 HomeGroupListener - ok
10:23:03.0240 9236 [ 908acb1f594274965a53926b10c81e89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
10:23:03.0266 9236 HomeGroupProvider - ok
10:23:03.0346 9236 [ 13bb1114451c63bfb41ba7daa4d70a29 ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
10:23:03.0354 9236 HP Support Assistant Service - ok
10:23:03.0401 9236 [ 7b8c1b09c11e8db7c4480abd7d17e821 ] HPAuto C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe
10:23:03.0419 9236 HPAuto - ok
10:23:03.0444 9236 [ 6a181452d4e240b8ecc7614b9a19bde9 ] HPClientSvc C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
10:23:03.0457 9236 HPClientSvc - ok
10:23:03.0539 9236 [ bcc4a8b2e2e902f52e7f2e7d8e125765 ] HPDrvMntSvc.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
10:23:03.0547 9236 HPDrvMntSvc.exe - ok
10:23:03.0603 9236 [ ec9739a46f1f83c6e52a7a4697f44a65 ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
10:23:03.0623 9236 hpqwmiex - ok
10:23:03.0647 9236 [ 39d2abcd392f3d8a6dce7b60ae7b8efc ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
10:23:03.0658 9236 HpSAMD - ok
10:23:03.0691 9236 [ 0ea7de1acb728dd5a369fd742d6eee28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
10:23:03.0734 9236 HTTP - ok
10:23:03.0739 9236 [ a5462bd6884960c9dc85ed49d34ff392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
10:23:03.0748 9236 hwpolicy - ok
10:23:03.0786 9236 [ fa55c73d4affa7ee23ac4be53b4592d3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
10:23:03.0798 9236 i8042prt - ok
10:23:03.0849 9236 [ aaaf44db3bd0b9d1fb6969b23ecc8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
10:23:03.0865 9236 iaStorV - ok
10:23:03.0906 9236 [ 5988fc40f8db5b0739cd1e3a5d0d78bd ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
10:23:03.0927 9236 idsvc - ok
10:23:04.0070 9236 [ ce0bf35c79e03bb89da6b14fac838605 ] IDSVia64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\IPSDefs\20120815.002\IDSvia64.sys
10:23:04.0087 9236 IDSVia64 - ok
10:23:04.0203 9236 [ a744324e96d6c12a007a4a11e910afdb ] IDVaultSvc C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe
10:23:04.0241 9236 IDVaultSvc - ok
10:23:04.0510 9236 [ a87261ef1546325b559374f5689cf5bc ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
10:23:04.0620 9236 igfx - ok
10:23:04.0639 9236 [ 5c18831c61933628f5bb0ea2675b9d21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
10:23:04.0649 9236 iirsp - ok
10:23:04.0675 9236 [ fcd84c381e0140af901e58d48882d26b ] IKEEXT C:\Windows\System32\ikeext.dll
10:23:04.0717 9236 IKEEXT - ok
10:23:04.0773 9236 [ 589b94a9b73a0e819ff873743a480834 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
10:23:04.0821 9236 IntcAzAudAddService - ok
10:23:04.0832 9236 [ f00f20e70c6ec3aa366910083a0518aa ] intelide C:\Windows\system32\drivers\intelide.sys
10:23:04.0842 9236 intelide - ok
10:23:04.0867 9236 [ ada036632c664caa754079041cf1f8c1 ] intelppm C:\Windows\system32\drivers\intelppm.sys
10:23:04.0889 9236 intelppm - ok
10:23:04.0909 9236 [ 098a91c54546a3b878dad6a7e90a455b ] IPBusEnum C:\Windows\system32\ipbusenum.dll
10:23:04.0946 9236 IPBusEnum - ok
10:23:04.0964 9236 [ c9f0e1bd74365a8771590e9008d22ab6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:23:04.0989 9236 IpFilterDriver - ok
10:23:05.0005 9236 [ a34a587fffd45fa649fba6d03784d257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
10:23:05.0050 9236 iphlpsvc - ok
10:23:05.0077 9236 [ 0fc1aea580957aa8817b8f305d18ca3a ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
10:23:05.0096 9236 IPMIDRV - ok
10:23:05.0102 9236 [ af9b39a7e7b6caa203b3862582e9f2d0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
10:23:05.0129 9236 IPNAT - ok
10:23:05.0211 9236 [ a9ab99ee7d39725eafec82732d2b3271 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
10:23:05.0234 9236 iPod Service - ok
10:23:05.0260 9236 [ 3abf5e7213eb28966d55d58b515d5ce9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
10:23:05.0275 9236 IRENUM - ok
10:23:05.0286 9236 [ 2f7b28dc3e1183e5eb418df55c204f38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
10:23:05.0296 9236 isapnp - ok
10:23:05.0312 9236 [ d931d7309deb2317035b07c9f9e6b0bd ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
10:23:05.0326 9236 iScsiPrt - ok
10:23:05.0397 9236 [ 54f694c6cd3a1149ba3a8bdacc83badc ] ITMRTSVC C:\Program Files (x86)\CA\PPRT\bin\ITMRTSVC.exe
10:23:05.0416 9236 ITMRTSVC - ok
10:23:05.0435 9236 [ bc02336f1cba7dcc7d1213bb588a68a5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
10:23:05.0445 9236 kbdclass - ok
10:23:05.0467 9236 [ 0705eff5b42a9db58548eec3b26bb484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
10:23:05.0491 9236 kbdhid - ok
10:23:05.0501 9236 [ c118a82cd78818c29ab228366ebf81c3 ] KeyIso C:\Windows\system32\lsass.exe
10:23:05.0512 9236 KeyIso - ok
10:23:05.0573 9236 [ 162a5e3a691b903111526147c8d29e6d ] Kodak AiO Network Discovery Service C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
10:23:05.0590 9236 Kodak AiO Network Discovery Service - ok
10:23:05.0608 9236 [ b5e53fca219a6491e9a1ba146a5d2452 ] Kodak AiO Status Monitor Service C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
10:23:05.0631 9236 Kodak AiO Status Monitor Service ( UnsignedFile.Multi.Generic ) - warning
10:23:05.0632 9236 Kodak AiO Status Monitor Service - detected UnsignedFile.Multi.Generic (1)
10:23:05.0680 9236 [ 97a7070aea4c058b6418519e869a63b4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
10:23:05.0690 9236 KSecDD - ok
10:23:05.0706 9236 [ 26c43a7c2862447ec59deda188d1da07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
10:23:05.0718 9236 KSecPkg - ok
10:23:05.0744 9236 [ 6869281e78cb31a43e969f06b57347c4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
10:23:05.0778 9236 ksthunk - ok
10:23:05.0807 9236 [ 6ab66e16aa859232f64deb66887a8c9c ] KtmRm C:\Windows\system32\msdtckrm.dll
10:23:05.0843 9236 KtmRm - ok
10:23:05.0868 9236 [ d9f42719019740baa6d1c6d536cbdaa6 ] LanmanServer C:\Windows\system32\srvsvc.dll
10:23:05.0902 9236 LanmanServer - ok
10:23:05.0921 9236 [ 851a1382eed3e3a7476db004f4ee3e1a ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
10:23:05.0957 9236 LanmanWorkstation - ok
10:23:05.0997 9236 [ 71c6a95a5f0ccc87298c4dd0f2c3635a ] LightScribeService C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
10:23:06.0002 9236 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
10:23:06.0002 9236 LightScribeService - detected UnsignedFile.Multi.Generic (1)
10:23:06.0023 9236 [ 1538831cf8ad2979a04c423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
10:23:06.0063 9236 lltdio - ok
10:23:06.0093 9236 [ c1185803384ab3feed115f79f109427f ] lltdsvc C:\Windows\System32\lltdsvc.dll
10:23:06.0165 9236 lltdsvc - ok
10:23:06.0183 9236 [ f993a32249b66c9d622ea5592a8b76b8 ] lmhosts C:\Windows\System32\lmhsvc.dll
10:23:06.0209 9236 lmhosts - ok
10:23:06.0248 9236 [ 1a93e54eb0ece102495a51266dcdb6a6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
10:23:06.0259 9236 LSI_FC - ok
10:23:06.0272 9236 [ 1047184a9fdc8bdbff857175875ee810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
10:23:06.0283 9236 LSI_SAS - ok
10:23:06.0297 9236 [ 30f5c0de1ee8b5bc9306c1f0e4a75f93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
10:23:06.0307 9236 LSI_SAS2 - ok
10:23:06.0325 9236 [ 0504eacaff0d3c8aed161c4b0d369d4a ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
10:23:06.0336 9236 LSI_SCSI - ok
10:23:06.0358 9236 [ 43d0f98e1d56ccddb0d5254cff7b356e ] luafv C:\Windows\system32\drivers\luafv.sys
10:23:06.0397 9236 luafv - ok
10:23:06.0487 9236 [ dc8490812a3b72811ae534f423b4c206 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
10:23:06.0496 9236 MBAMProtector - ok
10:23:06.0575 9236 [ 43683e970f008c93c9429ef428147a54 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
10:23:06.0596 9236 MBAMService - ok
10:23:06.0669 9236 [ 79d51e7f5926e8ce1b3ebecebae28cff ] mcdbus C:\Windows\system32\DRIVERS\mcdbus.sys
10:23:06.0683 9236 mcdbus - ok
10:23:06.0714 9236 [ 0be09cd858abf9df6ed259d57a1a1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
10:23:06.0776 9236 Mcx2Svc - ok
10:23:06.0801 9236 [ a55805f747c6edb6a9080d7c633bd0f4 ] megasas C:\Windows\system32\drivers\megasas.sys
10:23:06.0810 9236 megasas - ok
10:23:06.0838 9236 [ baf74ce0072480c3b6b7c13b2a94d6b3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
10:23:06.0851 9236 MegaSR - ok
10:23:06.0909 9236 Microsoft SharePoint Workspace Audit Service - ok
10:23:06.0939 9236 [ e40e80d0304a73e8d269f7141d77250b ] MMCSS C:\Windows\system32\mmcss.dll
10:23:06.0965 9236 MMCSS - ok
10:23:06.0984 9236 [ 800ba92f7010378b09f9ed9270f07137 ] Modem C:\Windows\system32\drivers\modem.sys
10:23:07.0017 9236 Modem - ok
10:23:07.0042 9236 [ b03d591dc7da45ece20b3b467e6aadaa ] monitor C:\Windows\system32\DRIVERS\monitor.sys
10:23:07.0062 9236 monitor - ok
10:23:07.0074 9236 [ 7d27ea49f3c1f687d357e77a470aea99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
10:23:07.0084 9236 mouclass - ok
10:23:07.0111 9236 [ d3bf052c40b0c4166d9fd86a4288c1e6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
10:23:07.0129 9236 mouhid - ok
10:23:07.0145 9236 [ 32e7a3d591d671a6df2db515a5cbe0fa ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
10:23:07.0157 9236 mountmgr - ok
10:23:07.0262 9236 [ 46297fa8e30a6007f14118fc2b942fbc ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
10:23:07.0273 9236 MozillaMaintenance - ok
10:23:07.0284 9236 [ a44b420d30bd56e145d6a2bc8768ec58 ] mpio C:\Windows\system32\drivers\mpio.sys
10:23:07.0296 9236 mpio - ok
10:23:07.0317 9236 [ 6c38c9e45ae0ea2fa5e551f2ed5e978f ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
10:23:07.0344 9236 mpsdrv - ok
10:23:07.0370 9236 [ 54ffc9c8898113ace189d4aa7199d2c1 ] MpsSvc C:\Windows\system32\mpssvc.dll
10:23:07.0414 9236 MpsSvc - ok
10:23:07.0501 9236 [ 9bd4dcb5412921864a7aacdedfbd1923 ] MREMP50 C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS
10:23:07.0513 9236 MREMP50 ( UnsignedFile.Multi.Generic ) - warning
10:23:07.0513 9236 MREMP50 - detected UnsignedFile.Multi.Generic (1)
10:23:07.0629 9236 [ c2758df79c83a0d12a5599a040ca1818 ] MREMP50a64 C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS
10:23:07.0638 9236 MREMP50a64 - ok
10:23:07.0641 9236 MREMPR5 - ok
10:23:07.0656 9236 MRENDIS5 - ok
10:23:07.0676 9236 [ 07c02c892e8e1a72d6bf35004f0e9c5e ] MRESP50 C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS
10:23:07.0689 9236 MRESP50 ( UnsignedFile.Multi.Generic ) - warning
10:23:07.0689 9236 MRESP50 - detected UnsignedFile.Multi.Generic (1)
10:23:07.0701 9236 [ 38bd5b32e0722752be8465d2a6da43d9 ] MRESP50a64 C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS
10:23:07.0710 9236 MRESP50a64 - ok
10:23:07.0724 9236 [ dc722758b8261e1abafd31a3c0a66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
10:23:07.0751 9236 MRxDAV - ok
10:23:07.0768 9236 [ a5d9106a73dc88564c825d317cac68ac ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
10:23:07.0798 9236 mrxsmb - ok
10:23:07.0849 9236 [ d711b3c1d5f42c0c2415687be09fc163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:23:07.0863 9236 mrxsmb10 - ok
10:23:07.0876 9236 [ 9423e9d355c8d303e76b8cfbd8a5c30c ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:23:07.0889 9236 mrxsmb20 - ok
10:23:07.0899 9236 [ c25f0bafa182cbca2dd3c851c2e75796 ] msahci C:\Windows\system32\drivers\msahci.sys
10:23:07.0909 9236 msahci - ok
10:23:07.0921 9236 [ db801a638d011b9633829eb6f663c900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
10:23:07.0933 9236 msdsm - ok
10:23:07.0949 9236 [ de0ece52236cfa3ed2dbfc03f28253a8 ] MSDTC C:\Windows\System32\msdtc.exe
10:23:07.0975 9236 MSDTC - ok
10:23:08.0004 9236 [ aa3fb40e17ce1388fa1bedab50ea8f96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
10:23:08.0030 9236 Msfs - ok
10:23:08.0060 9236 [ f9d215a46a8b9753f61767fa72a20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
10:23:08.0086 9236 mshidkmdf - ok
10:23:08.0100 9236 [ d916874bbd4f8b07bfb7fa9b3ccae29d ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
10:23:08.0109 9236 msisadrv - ok
10:23:08.0125 9236 [ 808e98ff49b155c522e6400953177b08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
10:23:08.0213 9236 MSiSCSI - ok
10:23:08.0218 9236 msiserver - ok
10:23:08.0239 9236 [ 49ccf2c4fea34ffad8b1b59d49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
10:23:08.0274 9236 MSKSSRV - ok
10:23:08.0289 9236 [ bdd71ace35a232104ddd349ee70e1ab3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
10:23:08.0327 9236 MSPCLOCK - ok
10:23:08.0338 9236 [ 4ed981241db27c3383d72092b618a1d0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
10:23:08.0370 9236 MSPQM - ok
10:23:08.0394 9236 [ 759a9eeb0fa9ed79da1fb7d4ef78866d ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
10:23:08.0409 9236 MsRPC - ok
10:23:08.0426 9236 [ 0eed230e37515a0eaee3c2e1bc97b288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
10:23:08.0437 9236 mssmbios - ok
10:23:08.0453 9236 [ 2e66f9ecb30b4221a318c92ac2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
10:23:08.0485 9236 MSTEE - ok
10:23:08.0509 9236 [ 7ea404308934e675bffde8edf0757bcd ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
10:23:08.0521 9236 MTConfig - ok
10:23:08.0534 9236 [ f9a18612fd3526fe473c1bda678d61c8 ] Mup C:\Windows\system32\Drivers\mup.sys
10:23:08.0544 9236 Mup - ok
10:23:08.0591 9236 [ c6948f034d7edabcfa2234d399fc78bc ] N360 C:\Program Files (x86)\Norton Security Suite\Engine\6.2.1.5\ccSvcHst.exe
10:23:08.0604 9236 N360 - ok
10:23:08.0626 9236 [ 582ac6d9873e31dfa28a4547270862dd ] napagent C:\Windows\system32\qagentRT.dll
10:23:08.0669 9236 napagent - ok
10:23:08.0697 9236 [ 1ea3749c4114db3e3161156ffffa6b33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
10:23:08.0724 9236 NativeWifiP - ok
10:23:08.0799 9236 [ 8043d41f881d6ace40b854ad6e32217f ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20120816.048\ENG64.SYS
10:23:08.0809 9236 NAVENG - ok
10:23:08.0872 9236 [ 9a9ab2fc45d701daed465d14980f1305 ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20120816.048\EX64.SYS
10:23:08.0914 9236 NAVEX15 - ok
10:23:08.0974 9236 [ 7b2d90bbbbed11c8dfba441d34ae901e ] NBVol C:\Windows\system32\DRIVERS\NBVol.sys
10:23:08.0984 9236 NBVol - ok
10:23:09.0008 9236 [ 4fe7b5757279d82c4d171e9f7fd52a75 ] NBVolUp C:\Windows\system32\DRIVERS\NBVolUp.sys
10:23:09.0017 9236 NBVolUp - ok
10:23:09.0038 9236 [ 79b47fd40d9a817e932f9d26fac0a81c ] NDIS C:\Windows\system32\drivers\ndis.sys
10:23:09.0062 9236 NDIS - ok
10:23:09.0088 9236 [ 9f9a1f53aad7da4d6fef5bb73ab811ac ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
10:23:09.0121 9236 NdisCap - ok
10:23:09.0138 9236 [ 30639c932d9fef22b31268fe25a1b6e5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
10:23:09.0164 9236 NdisTapi - ok
10:23:09.0174 9236 [ 136185f9fb2cc61e573e676aa5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
10:23:09.0200 9236 Ndisuio - ok
10:23:09.0215 9236 [ 53f7305169863f0a2bddc49e116c2e11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
10:23:09.0253 9236 NdisWan - ok
10:23:09.0270 9236 [ 015c0d8e0e0421b4cfd48cffe2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
10:23:09.0296 9236 NDProxy - ok
10:23:09.0306 9236 [ 86743d9f5d2b1048062b14b1d84501c4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
10:23:09.0341 9236 NetBIOS - ok
10:23:09.0355 9236 [ 09594d1089c523423b32a4229263f068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
10:23:09.0383 9236 NetBT - ok
10:23:09.0392 9236 [ c118a82cd78818c29ab228366ebf81c3 ] Netlogon C:\Windows\system32\lsass.exe
10:23:09.0403 9236 Netlogon - ok
10:23:09.0431 9236 [ 847d3ae376c0817161a14a82c8922a9e ] Netman C:\Windows\System32\netman.dll
10:23:09.0469 9236 Netman - ok
10:23:09.0558 9236 [ d22cd77d4f0d63d1169bb35911bff12d ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:23:09.0569 9236 NetMsmqActivator - ok
10:23:09.0577 9236 [ d22cd77d4f0d63d1169bb35911bff12d ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:23:09.0589 9236 NetPipeActivator - ok
10:23:09.0609 9236 [ 5f28111c648f1e24f7dbc87cdeb091b8 ] netprofm C:\Windows\System32\netprofm.dll
10:23:09.0653 9236 netprofm - ok
10:23:09.0658 9236 [ d22cd77d4f0d63d1169bb35911bff12d ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:23:09.0667 9236 NetTcpActivator - ok
10:23:09.0671 9236 [ d22cd77d4f0d63d1169bb35911bff12d ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:23:09.0680 9236 NetTcpPortSharing - ok
10:23:09.0704 9236 [ 77889813be4d166cdab78ddba990da92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
10:23:09.0714 9236 nfrd960 - ok
10:23:09.0836 9236 [ 56e7999ee68837453b177298542f5a75 ] NielsenUpdate C:\Program Files (x86)\NetRatingsNetSight\NetSight\NielsenUpdate.exe
10:23:09.0855 9236 NielsenUpdate - ok
10:23:09.0888 9236 [ 1ee99a89cc788ada662441d1e9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
10:23:09.0928 9236 NlaSvc - ok
10:23:09.0969 9236 [ cd2fe9c33cfd0fe0af124e05907e5c3d ] nmservice C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
10:23:09.0987 9236 nmservice - ok
10:23:10.0112 9236 [ 9e0eb61f9f56549e020c7af4defccead ] nnfwdk C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter9\nnfwdk64.sys
10:23:10.0121 9236 nnfwdk - ok
10:23:10.0172 9236 [ 5839a8027d6d324a7cd494051a96628c ] NOBU C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
10:23:10.0223 9236 NOBU - ok
10:23:10.0287 9236 Norton PC Checkup Application Launcher - ok
10:23:10.0310 9236 [ 1e4c4ab5c9b8dd13179bbdc75a2a01f7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
10:23:10.0336 9236 Npfs - ok
10:23:10.0357 9236 [ d54bfdf3e0c953f823b3d0bfe4732528 ] nsi C:\Windows\system32\nsisvc.dll
10:23:10.0396 9236 nsi - ok
10:23:10.0406 9236 [ e7f5ae18af4168178a642a9247c63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
10:23:10.0433 9236 nsiproxy - ok
10:23:10.0503 9236 [ a2f74975097f52a00745f9637451fdd8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
10:23:10.0543 9236 Ntfs - ok
10:23:10.0552 9236 [ 9899284589f75fa8724ff3d16aed75c1 ] Null C:\Windows\system32\drivers\Null.sys
10:23:10.0578 9236 Null - ok
10:23:10.0599 9236 [ 0a92cb65770442ed0dc44834632f66ad ] nvraid C:\Windows\system32\drivers\nvraid.sys
10:23:10.0633 9236 nvraid - ok
10:23:10.0667 9236 [ dab0e87525c10052bf65f06152f37e4a ] nvstor C:\Windows\system32\drivers\nvstor.sys
10:23:10.0679 9236 nvstor - ok
10:23:10.0691 9236 [ 270d7cd42d6e3979f6dd0146650f0e05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
10:23:10.0703 9236 nv_agp - ok
10:23:10.0721 9236 [ 3589478e4b22ce21b41fa1bfc0b8b8a0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
10:23:10.0733 9236 ohci1394 - ok
10:23:10.0801 9236 [ 9d10f99a6712e28f8acd5641e3a7ea6b ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:23:10.0811 9236 ose - ok
10:23:10.0940 9236 [ 61bffb5f57ad12f83ab64b7181829b34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
10:23:11.0042 9236 osppsvc - ok
10:23:11.0078 9236 [ 3eac4455472cc2c97107b5291e0dcafe ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
10:23:11.0153 9236 p2pimsvc - ok
10:23:11.0172 9236 [ 927463ecb02179f88e4b9a17568c63c3 ] p2psvc C:\Windows\system32\p2psvc.dll
10:23:11.0188 9236 p2psvc - ok
10:23:11.0209 9236 [ 0086431c29c35be1dbc43f52cc273887 ] Parport C:\Windows\system32\drivers\parport.sys
10:23:11.0221 9236 Parport - ok
10:23:11.0273 9236 [ e9766131eeade40a27dc27d2d68fba9c ] partmgr C:\Windows\system32\drivers\partmgr.sys
10:23:11.0284 9236 partmgr - ok
10:23:11.0299 9236 [ 3aeaa8b561e63452c655dc0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
10:23:11.0324 9236 PcaSvc - ok
10:23:11.0384 9236 [ 3e73b088f57666a8f0f15496f0a602ee ] pcCMService C:\Program Files (x86)\Common Files\Motive\pcCMService.exe
10:23:11.0403 9236 pcCMService ( UnsignedFile.Multi.Generic ) - warning
10:23:11.0403 9236 pcCMService - detected UnsignedFile.Multi.Generic (1)
10:23:11.0469 9236 [ 7551e3d275082c73b63ae484f72caef5 ] pcCMService64 C:\Program Files\Common Files\Motive\pcCMService.exe
10:23:11.0480 9236 pcCMService64 ( UnsignedFile.Multi.Generic ) - warning
10:23:11.0480 9236 pcCMService64 - detected UnsignedFile.Multi.Generic (1)
10:23:11.0537 9236 [ 2f86be1818c2d7ac90478e3323ee7fcb ] PCCUJobMgr C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.12.27\ccSvcHst.exe
10:23:11.0546 9236 PCCUJobMgr - ok
10:23:11.0568 9236 [ 94575c0571d1462a0f70bde6bd6ee6b3 ] pci C:\Windows\system32\drivers\pci.sys
10:23:11.0580 9236 pci - ok
10:23:11.0594 9236 [ b5b8b5ef2e5cb34df8dcf8831e3534fa ] pciide C:\Windows\system32\drivers\pciide.sys
10:23:11.0603 9236 pciide - ok
10:23:11.0615 9236 [ b2e81d4e87ce48589f98cb8c05b01f2f ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
10:23:11.0627 9236 pcmcia - ok
10:23:11.0645 9236 [ a4d6449cebb5931685ae310dc2d7966d ] pcServiceHost C:\Program Files (x86)\Common Files\Motive\pcServiceHost.exe
10:23:11.0665 9236 pcServiceHost ( UnsignedFile.Multi.Generic ) - warning
10:23:11.0665 9236 pcServiceHost - detected UnsignedFile.Multi.Generic (1)
10:23:11.0688 9236 [ d6b9c2e1a11a3a4b26a182ffef18f603 ] pcw C:\Windows\system32\drivers\pcw.sys
10:23:11.0700 9236 pcw - ok
10:23:11.0808 9236 [ f82b76ca75c6b9e64663203589e627db ] PDF Suite 2012 Helper Service C:\Program Files (x86)\PDF Suite 2012\HelperService.exe
10:23:11.0827 9236 PDF Suite 2012 Helper Service - ok
10:23:11.0844 9236 [ 4a9a17fd833ef41cfb8100db554d49b0 ] PDF Suite 2012 Service C:\Program Files (x86)\PDF Suite 2012\ConversionService.exe
10:23:11.0862 9236 PDF Suite 2012 Service - ok
10:23:11.0881 9236 [ 68769c3356b3be5d1c732c97b9a80d6e ] PEAUTH C:\Windows\system32\drivers\peauth.sys
10:23:11.0927 9236 PEAUTH - ok
10:23:12.0004 9236 [ e495e408c93141e8fc72dc0c6046ddfa ] PerfHost C:\Windows\SysWow64\perfhost.exe
10:23:12.0023 9236 PerfHost - ok
10:23:12.0071 9236 [ c7cf6a6e137463219e1259e3f0f0dd6c ] pla C:\Windows\system32\pla.dll
10:23:12.0114 9236 pla - ok
10:23:12.0175 9236 [ 25fbdef06c4d92815b353f6e792c8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
10:23:12.0212 9236 PlugPlay - ok
10:23:12.0236 9236 [ 4ff73a83a25d0eead4f5e6c841bb6704 ] pnarp C:\Windows\system32\DRIVERS\pnarp.sys
10:23:12.0243 9236 pnarp - ok
10:23:12.0252 9236 [ 7195581cec9bb7d12abe54036acc2e38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
10:23:12.0274 9236 PNRPAutoReg - ok
10:23:12.0294 9236 [ 3eac4455472cc2c97107b5291e0dcafe ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
10:23:12.0307 9236 PNRPsvc - ok
10:23:12.0339 9236 [ 4f15d75adf6156bf56eced6d4a55c389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
10:23:12.0381 9236 PolicyAgent - ok
10:23:12.0403 9236 [ 6ba9d927dded70bd1a9caded45f8b184 ] Power C:\Windows\system32\umpo.dll
10:23:12.0441 9236 Power - ok
10:23:12.0457 9236 [ f92a2c41117a11a00be01ca01a7fcde9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
10:23:12.0497 9236 PptpMiniport - ok
10:23:12.0521 9236 [ 0d922e23c041efb1c3fac2a6f943c9bf ] Processor C:\Windows\system32\drivers\processr.sys
10:23:12.0537 9236 Processor - ok
10:23:12.0598 9236 [ 53e83f1f6cf9d62f32801cf66d8352a8 ] ProfSvc C:\Windows\system32\profsvc.dll
10:23:12.0622 9236 ProfSvc - ok
10:23:12.0634 9236 [ c118a82cd78818c29ab228366ebf81c3 ] ProtectedStorage C:\Windows\system32\lsass.exe
10:23:12.0643 9236 ProtectedStorage - ok
10:23:12.0663 9236 [ 0557cf5a2556bd58e26384169d72438d ] Psched C:\Windows\system32\DRIVERS\pacer.sys
10:23:12.0703 9236 Psched - ok
10:23:12.0729 9236 [ 9a68a89f10f283a23afee2a1bfe4bffb ] purendis C:\Windows\system32\DRIVERS\purendis.sys
10:23:12.0737 9236 purendis - ok
10:23:12.0787 9236 [ a53a15a11ebfd21077463ee2c7afeef0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
10:23:12.0820 9236 ql2300 - ok
10:23:12.0836 9236 [ 4f6d12b51de1aaeff7dc58c4d75423c8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
10:23:12.0847 9236 ql40xx - ok
10:23:12.0870 9236 [ 906191634e99aea92c4816150bda3732 ] QWAVE C:\Windows\system32\qwave.dll
10:23:12.0888 9236 QWAVE - ok
10:23:12.0911 9236 [ 76707bb36430888d9ce9d705398adb6c ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
10:23:12.0938 9236 QWAVEdrv - ok
10:23:12.0950 9236 [ 5a0da8ad5762fa2d91678a8a01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
10:23:12.0981 9236 RasAcd - ok
10:23:13.0008 9236 [ 7ecff9b22276b73f43a99a15a6094e90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
10:23:13.0056 9236 RasAgileVpn - ok
10:23:13.0061 9236 [ 8f26510c5383b8dbe976de1cd00fc8c7 ] RasAuto C:\Windows\System32\rasauto.dll
10:23:13.0109 9236 RasAuto - ok
10:23:13.0123 9236 [ 471815800ae33e6f1c32fb1b97c490ca ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
10:23:13.0150 9236 Rasl2tp - ok
10:23:13.0179 9236 [ ee867a0870fc9e4972ba9eaad35651e2 ] RasMan C:\Windows\System32\rasmans.dll
10:23:13.0209 9236 RasMan - ok
10:23:13.0223 9236 [ 855c9b1cd4756c5e9a2aa58a15f58c25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
10:23:13.0260 9236 RasPppoe - ok
10:23:13.0274 9236 [ e8b1e447b008d07ff47d016c2b0eeecb ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
10:23:13.0314 9236 RasSstp - ok
10:23:13.0343 9236 [ 77f665941019a1594d887a74f301fa2f ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
10:23:13.0385 9236 rdbss - ok
10:23:13.0400 9236 [ 302da2a0539f2cf54d7c6cc30c1f2d8d ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
10:23:13.0412 9236 rdpbus - ok
10:23:13.0432 9236 [ cea6cc257fc9b7715f1c2b4849286d24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
10:23:13.0458 9236 RDPCDD - ok
10:23:13.0470 9236 [ bb5971a4f00659529a5c44831af22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
10:23:13.0503 9236 RDPENCDD - ok
10:23:13.0522 9236 [ 216f3fa57533d98e1f74ded70113177a ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
10:23:13.0547 9236 RDPREFMP - ok
10:23:13.0601 9236 [ e61608aa35e98999af9aaeeea6114b0a ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
10:23:13.0659 9236 RDPWD - ok
10:23:13.0683 9236 [ 34ed295fa0121c241bfef24764fc4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
10:23:13.0695 9236 rdyboost - ok
10:23:13.0717 9236 [ 254fb7a22d74e5511c73a3f6d802f192 ] RemoteAccess C:\Windows\System32\mprdim.dll
10:23:13.0771 9236 RemoteAccess - ok
10:23:13.0806 9236 [ e4d94f24081440b5fc5aa556c7c62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
10:23:13.0834 9236 RemoteRegistry - ok
10:23:13.0869 9236 [ 085d18c71ab2611a3d61528132b6501e ] RoxioNow Service C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
10:23:13.0883 9236 RoxioNow Service - ok
10:23:13.0898 9236 [ e4dc58cf7b3ea515ae917ff0d402a7bb ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
10:23:13.0932 9236 RpcEptMapper - ok
10:23:13.0948 9236 [ d5ba242d4cf8e384db90e6a8ed850b8c ] RpcLocator C:\Windows\system32\locator.exe
10:23:13.0959 9236 RpcLocator - ok
10:23:13.0977 9236 [ 5c627d1b1138676c0a7ab2c2c190d123 ] RpcSs C:\Windows\system32\rpcss.dll
10:23:14.0008 9236 RpcSs - ok
10:23:14.0026 9236 [ ddc86e4f8e7456261e637e3552e804ff ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
10:23:14.0054 9236 rspndr - ok
10:23:14.0080 9236 [ afc12dfa4c7b089673ad67402ca19edb ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
10:23:14.0096 9236 RTL8167 - ok
10:23:14.0108 9236 [ c118a82cd78818c29ab228366ebf81c3 ] SamSs C:\Windows\system32\lsass.exe
10:23:14.0119 9236 SamSs - ok
10:23:14.0147 9236 [ ac03af3329579fffb455aa2daabbe22b ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
10:23:14.0158 9236 sbp2port - ok
10:23:14.0239 9236 [ 794d4b48dfb6e999537c7c3947863463 ] SBSDWSCService C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
10:23:14.0268 9236 SBSDWSCService - ok
10:23:14.0296 9236 [ 9b7395789e3791a3b6d000fe6f8b131e ] SCardSvr C:\Windows\System32\SCardSvr.dll
10:23:14.0325 9236 SCardSvr - ok
10:23:14.0341 9236 [ 253f38d0d7074c02ff8deb9836c97d2b ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
10:23:14.0374 9236 scfilter - ok
10:23:14.0399 9236 [ 262f6592c3299c005fd6bec90fc4463a ] Schedule C:\Windows\system32\schedsvc.dll
10:23:14.0446 9236 Schedule - ok
10:23:14.0470 9236 [ f17d1d393bbc69c5322fbfafaca28c7f ] SCPolicySvc C:\Windows\System32\certprop.dll
10:23:14.0494 9236 SCPolicySvc - ok
10:23:14.0520 9236 [ 6ea4234dc55346e0709560fe7c2c1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
10:23:14.0576 9236 SDRSVC - ok
10:23:14.0603 9236 [ 3ea8a16169c26afbeb544e0e48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
10:23:14.0630 9236 secdrv - ok
10:23:14.0634 9236 [ bc617a4e1b4fa8df523a061739a0bd87 ] seclogon C:\Windows\system32\seclogon.dll
10:23:14.0660 9236 seclogon - ok
10:23:14.0669 9236 [ c32ab8fa018ef34c0f113bd501436d21 ] SENS C:\Windows\System32\sens.dll
10:23:14.0703 9236 SENS - ok
10:23:14.0724 9236 [ 0336cffafaab87a11541f1cf1594b2b2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
10:23:14.0740 9236 SensrSvc - ok
10:23:14.0761 9236 [ cb624c0035412af0debec78c41f5ca1b ] Serenum C:\Windows\system32\drivers\serenum.sys
10:23:14.0787 9236 Serenum - ok
10:23:14.0802 9236 [ c1d8e28b2c2adfaec4ba89e9fda69bd6 ] Serial C:\Windows\system32\drivers\serial.sys
10:23:14.0814 9236 Serial - ok
10:23:14.0835 9236 [ 1c545a7d0691cc4a027396535691c3e3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
10:23:14.0855 9236 sermouse - ok
10:23:14.0883 9236 [ 0b6231bf38174a1628c4ac812cc75804 ] SessionEnv C:\Windows\system32\sessenv.dll
10:23:14.0924 9236 SessionEnv - ok
10:23:14.0941 9236 [ a554811bcd09279536440c964ae35bbf ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
10:23:14.0967 9236 sffdisk - ok
10:23:14.0981 9236 [ ff414f0baefeba59bc6c04b3db0b87bf ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
10:23:14.0994 9236 sffp_mmc - ok
10:23:15.0010 9236 [ dd85b78243a19b59f0637dcf284da63c ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
10:23:15.0022 9236 sffp_sd - ok
10:23:15.0044 9236 [ a9d601643a1647211a1ee2ec4e433ff4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
10:23:15.0067 9236 sfloppy - ok
10:23:15.0094 9236 [ b95f6501a2f8b2e78c697fec401970ce ] SharedAccess C:\Windows\System32\ipnathlp.dll
10:23:15.0147 9236 SharedAccess - ok
10:23:15.0187 9236 [ aaf932b4011d14052955d4b212a4da8d ] ShellHWDetection C:\Windows\System32\shsvcs.dll
10:23:15.0225 9236 ShellHWDetection - ok
10:23:15.0243 9236 [ 843caf1e5fde1ffd5ff768f23a51e2e1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
10:23:15.0253 9236 SiSRaid2 - ok
10:23:15.0263 9236 [ 6a6c106d42e9ffff8b9fcb4f754f6da4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
10:23:15.0274 9236 SiSRaid4 - ok
10:23:15.0294 9236 [ 548260a7b8654e024dc30bf8a7c5baa4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
10:23:15.0330 9236 Smb - ok
10:23:15.0354 9236 [ 6313f223e817cc09aa41811daa7f541d ] SNMPTRAP C:\Windows\System32\snmptrap.exe
10:23:15.0379 9236 SNMPTRAP - ok
10:23:15.0396 9236 [ b9e31e5cacdfe584f34f730a677803f9 ] spldr C:\Windows\system32\drivers\spldr.sys
10:23:15.0406 9236 spldr - ok
10:23:15.0465 9236 [ 85daa09a98c9286d4ea2ba8d0e644377 ] Spooler C:\Windows\System32\spoolsv.exe
10:23:15.0506 9236 Spooler - ok
10:23:15.0581 9236 [ e17e0188bb90fae42d83e98707efa59c ] sppsvc C:\Windows\system32\sppsvc.exe
10:23:15.0666 9236 sppsvc - ok
10:23:15.0682 9236 [ 93d7d61317f3d4bc4f4e9f8a96a7de45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
10:23:15.0709 9236 sppuinotify - ok
10:23:15.0819 9236 [ c3716ec0d36ad924b6888d794563e647 ] sprtsvc_ddoctorv2 C:\Program Files (x86)\Comcast\Desktop Doctor\bin\sprtsvc.exe
10:23:15.0829 9236 sprtsvc_ddoctorv2 - ok
10:23:15.0931 9236 [ 06b9a7ba94356ec5207c5ddb59540378 ] SRTSP C:\Windows\System32\Drivers\N360x64\0602010.005\SRTSP64.SYS
10:23:15.0951 9236 SRTSP - ok
10:23:15.0958 9236 [ fbb8945a61e55a2345d12487c74a9d76 ] SRTSPX C:\Windows\system32\drivers\N360x64\0602010.005\SRTSPX64.SYS
10:23:15.0967 9236 SRTSPX - ok
10:23:16.0022 9236 [ 441fba48bff01fdb9d5969ebc1838f0b ] srv C:\Windows\system32\DRIVERS\srv.sys
10:23:16.0088 9236 srv - ok
10:23:16.0101 9236 [ b4adebbf5e3677cce9651e0f01f7cc28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
10:23:16.0123 9236 srv2 - ok
10:23:16.0137 9236 [ 27e461f0be5bff5fc737328f749538c3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
10:23:16.0149 9236 srvnet - ok
10:23:16.0180 9236 [ 51b52fbd583cde8aa9ba62b8b4298f33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
10:23:16.0221 9236 SSDPSRV - ok
10:23:16.0245 9236 [ ab7aebf58dad8daab7a6c45e6a8885cb ] SstpSvc C:\Windows\system32\sstpsvc.dll
10:23:16.0272 9236 SstpSvc - ok
10:23:16.0286 9236 [ f3817967ed533d08327dc73bc4d5542a ] stexstor C:\Windows\system32\drivers\stexstor.sys
10:23:16.0296 9236 stexstor - ok
10:23:16.0313 9236 [ decacb6921ded1a38642642685d77dac ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
10:23:16.0332 9236 StillCam - ok
10:23:16.0370 9236 [ 8dd52e8e6128f4b2da92ce27402871c1 ] stisvc C:\Windows\System32\wiaservc.dll
10:23:16.0392 9236 stisvc - ok
10:23:16.0408 9236 [ d01ec09b6711a5f8e7e6564a4d0fbc90 ] swenum C:\Windows\system32\drivers\swenum.sys
10:23:16.0418 9236 swenum - ok
10:23:16.0509 9236 [ f577910a133a592234ebaad3f3afa258 ] SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
10:23:16.0549 9236 SwitchBoard ( UnsignedFile.Multi.Generic ) - warning
10:23:16.0549 9236 SwitchBoard - detected UnsignedFile.Multi.Generic (1)
10:23:16.0569 9236 [ e08e46fdd841b7184194011ca1955a0b ] swprv C:\Windows\System32\swprv.dll
10:23:16.0618 9236 swprv - ok
10:23:16.0688 9236 [ 8b2430762099598da40686f754632efd ] SymDS C:\Windows\system32\drivers\N360x64\0602010.005\SYMDS64.SYS
10:23:16.0703 9236 SymDS - ok
10:23:16.0735 9236 [ f90c7a190399165d3ab2245048d34786 ] SymEFA C:\Windows\system32\drivers\N360x64\0602010.005\SYMEFA64.SYS
10:23:16.0762 9236 SymEFA - ok
10:23:16.0783 9236 [ 898bb48c797483420df523b2bbc1ecdb ] SymEvent C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
10:23:16.0793 9236 SymEvent - ok
10:23:16.0807 9236 [ 5013a76caaa1d7cf1c55214b490b4e35 ] SymIRON C:\Windows\system32\drivers\N360x64\0602010.005\Ironx64.SYS
10:23:16.0818 9236 SymIRON - ok
10:23:16.0883 9236 [ 3911bd0e68c010e5438a87706abbe9ab ] SymNetS C:\Windows\System32\Drivers\N360x64\0602010.005\SYMNETS.SYS
10:23:16.0898 9236 SymNetS - ok
10:23:16.0947 9236 [ bf9ccc0bf39b418c8d0ae8b05cf95b7d ] SysMain C:\Windows\system32\sysmain.dll
10:23:16.0993 9236 SysMain - ok
10:23:17.0013 9236 [ e3c61fd7b7c2557e1f1b0b4cec713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
10:23:17.0029 9236 TabletInputService - ok
10:23:17.0047 9236 [ 40f0849f65d13ee87b9a9ae3c1dd6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
10:23:17.0084 9236 TapiSrv - ok
10:23:17.0101 9236 [ 1be03ac720f4d302ea01d40f588162f6 ] TBS C:\Windows\System32\tbssvc.dll
10:23:17.0128 9236 TBS - ok
10:23:17.0206 9236 [ acb82bda8f46c84f465c1afa517dc4b9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
10:23:17.0246 9236 Tcpip - ok
10:23:17.0280 9236 [ acb82bda8f46c84f465c1afa517dc4b9 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
10:23:17.0309 9236 TCPIP6 - ok
10:23:17.0327 9236 [ df687e3d8836bfb04fcc0615bf15a519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
10:23:17.0364 9236 tcpipreg - ok
10:23:17.0376 9236 [ 3371d21011695b16333a3934340c4e7c ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
10:23:17.0400 9236 TDPIPE - ok
10:23:17.0449 9236 [ 51c5eceb1cdee2468a1748be550cfbc8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
10:23:17.0473 9236 TDTCP - ok
10:23:17.0499 9236 [ ddad5a7ab24d8b65f8d724f5c20fd806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
10:23:17.0525 9236 tdx - ok
10:23:17.0550 9236 [ 561e7e1f06895d78de991e01dd0fb6e5 ] TermDD C:\Windows\system32\drivers\termdd.sys
10:23:17.0560 9236 TermDD - ok
10:23:17.0584 9236 [ 2e648163254233755035b46dd7b89123 ] TermService C:\Windows\System32\termsrv.dll
10:23:17.0631 9236 TermService - ok
10:23:17.0648 9236 [ f0344071948d1a1fa732231785a0664c ] Themes C:\Windows\system32\themeservice.dll
10:23:17.0662 9236 Themes - ok
10:23:17.0688 9236 [ e40e80d0304a73e8d269f7141d77250b ] THREADORDER C:\Windows\system32\mmcss.dll
10:23:17.0713 9236 THREADORDER - ok
10:23:17.0741 9236 [ 7e7afd841694f6ac397e99d75cead49d ] TrkWks C:\Windows\System32\trkwks.dll
10:23:17.0776 9236 TrkWks - ok
10:23:17.0817 9236 [ 773212b2aaa24c1e31f10246b15b276c ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
10:23:17.0857 9236 TrustedInstaller - ok
10:23:17.0887 9236 [ ce18b2cdfc837c99e5fae9ca6cba5d30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
10:23:17.0918 9236 tssecsrv - ok
10:23:17.0945 9236 [ d11c783e3ef9a3c52c0ebe83cc5000e9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
10:23:18.0000 9236 TsUsbFlt - ok
10:23:18.0014 9236 [ 9cc2ccae8a84820eaecb886d477cbcb8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
10:23:18.0025 9236 TsUsbGD - ok
10:23:18.0044 9236 [ 3566a8daafa27af944f5d705eaa64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
10:23:18.0077 9236 tunnel - ok
10:23:18.0097 9236 [ b4dd609bd7e282bfc683cec7eaaaad67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
10:23:18.0107 9236 uagp35 - ok
10:23:18.0127 9236 [ ff4232a1a64012baa1fd97c7b67df593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
10:23:18.0163 9236 udfs - ok
10:23:18.0188 9236 [ 3cbdec8d06b9968aba702eba076364a1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
10:23:18.0200 9236 UI0Detect - ok
10:23:18.0213 9236 [ 4bfe1bc28391222894cbf1e7d0e42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
10:23:18.0224 9236 uliagpkx - ok
10:23:18.0232 9236 [ dc54a574663a895c8763af0fa1ff7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
10:23:18.0252 9236 umbus - ok
10:23:18.0269 9236 [ b2e8e8cb557b156da5493bbddcc1474d ] UmPass C:\Windows\system32\drivers\umpass.sys
10:23:18.0286 9236 UmPass - ok
10:23:18.0307 9236 [ d47ec6a8e81633dd18d2436b19baf6de ] upnphost C:\Windows\System32\upnphost.dll
10:23:18.0349 9236 upnphost - ok
10:23:18.0406 9236 [ fb251567f41bc61988b26731dec19e4b ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
10:23:18.0471 9236 USBAAPL64 - ok
10:23:18.0508 9236 [ 82e8f44688e6fac57b5b7c6fc7adbc2a ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
10:23:18.0536 9236 usbaudio - ok
10:23:18.0584 9236 [ 6f1a3157a1c89435352ceb543cdb359c ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
10:23:18.0666 9236 usbccgp - ok
10:23:18.0712 9236 [ af0892a803fdda7492f595368e3b68e7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
10:23:18.0725 9236 usbcir - ok
10:23:18.0742 9236 [ c025055fe7b87701eb042095df1a2d7b ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
10:23:18.0781 9236 usbehci - ok
10:23:18.0811 9236 [ 2c780746dc44a28fe67004dc58173f05 ] usbfilter C:\Windows\system32\drivers\usbfilter.sys
10:23:18.0820 9236 usbfilter - ok
10:23:18.0844 9236 [ 287c6c9410b111b68b52ca298f7b8c24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
10:23:18.0870 9236 usbhub - ok
10:23:18.0889 9236 [ 9840fc418b4cbd632d3d0a667a725c31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
10:23:18.0912 9236 usbohci - ok
10:23:18.0929 9236 [ 73188f58fb384e75c4063d29413cee3d ] usbprint C:\Windows\system32\drivers\usbprint.sys
10:23:18.0949 9236 usbprint - ok
10:23:18.0962 9236 [ fed648b01349a3c8395a5169db5fb7d6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:23:19.0022 9236 USBSTOR - ok
10:23:19.0080 9236 [ 62069a34518bcf9c1fd9e74b3f6db7cd ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
10:23:19.0099 9236 usbuhci - ok
10:23:19.0117 9236 [ edbb23cbcf2cdf727d64ff9b51a6070e ] UxSms C:\Windows\System32\uxsms.dll
10:23:19.0155 9236 UxSms - ok
10:23:19.0175 9236 [ c118a82cd78818c29ab228366ebf81c3 ] VaultSvc C:\Windows\system32\lsass.exe
10:23:19.0185 9236 VaultSvc - ok
10:23:19.0206 9236 [ c5c876ccfc083ff3b128f933823e87bd ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
10:23:19.0217 9236 vdrvroot - ok
10:23:19.0231 9236 [ 8d6b481601d01a456e75c3210f1830be ] vds C:\Windows\System32\vds.exe
10:23:19.0272 9236 vds - ok
10:23:19.0297 9236 [ da4da3f5e02943c2dc8c6ed875de68dd ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
10:23:19.0310 9236 vga - ok
10:23:19.0320 9236 [ 53e92a310193cb3c03bea963de7d9cfc ] VgaSave C:\Windows\System32\drivers\vga.sys
10:23:19.0354 9236 VgaSave - ok
10:23:19.0375 9236 [ 2ce2df28c83aeaf30084e1b1eb253cbb ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
10:23:19.0388 9236 vhdmp - ok
10:23:19.0405 9236 [ e5689d93ffe4e5d66c0178761240dd54 ] viaide C:\Windows\system32\drivers\viaide.sys
10:23:19.0415 9236 viaide - ok
10:23:19.0436 9236 [ d2aafd421940f640b407aefaaebd91b0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
10:23:19.0446 9236 volmgr - ok
10:23:19.0462 9236 [ a255814907c89be58b79ef2f189b843b ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
10:23:19.0477 9236 volmgrx - ok
10:23:19.0492 9236 [ 0d08d2f3b3ff84e433346669b5e0f639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
10:23:19.0506 9236 volsnap - ok
10:23:19.0530 9236 [ 5e2016ea6ebaca03c04feac5f330d997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
10:23:19.0542 9236 vsmraid - ok
10:23:19.0575 9236 [ b60ba0bc31b0cb414593e169f6f21cc2 ] VSS C:\Windows\system32\vssvc.exe
10:23:19.0631 9236 VSS - ok
10:23:19.0654 9236 [ 36d4720b72b5c5d9cb2b9c29e9df67a1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
10:23:19.0711 9236 vwifibus - ok
10:23:19.0729 9236 [ 1c9d80cc3849b3788048078c26486e1a ] W32Time C:\Windows\system32\w32time.dll
10:23:19.0760 9236 W32Time - ok
10:23:19.0778 9236 [ 4e9440f4f152a7b944cb1663d3935a3e ] WacomPen C:\Windows\system32\drivers\wacompen.sys
10:23:19.0790 9236 WacomPen - ok
10:23:19.0808 9236 [ 356afd78a6ed4457169241ac3965230c ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
10:23:19.0842 9236 WANARP - ok
10:23:19.0846 9236 [ 356afd78a6ed4457169241ac3965230c ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
10:23:19.0872 9236 Wanarpv6 - ok
10:23:19.0937 9236 [ 3cec96de223e49eaae3651fcf8faea6c ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
10:23:19.0989 9236 WatAdminSvc - ok
10:23:20.0042 9236 [ 78f4e7f5c56cb9716238eb57da4b6a75 ] wbengine C:\Windows\system32\wbengine.exe
10:23:20.0093 9236 wbengine - ok
10:23:20.0104 9236 [ 3aa101e8edab2db4131333f4325c76a3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
10:23:20.0121 9236 WbioSrvc - ok
10:23:20.0137 9236 [ 7368a2afd46e5a4481d1de9d14848edd ] wcncsvc C:\Windows\System32\wcncsvc.dll
10:23:20.0167 9236 wcncsvc - ok
10:23:20.0179 9236 [ 20f7441334b18cee52027661df4a6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
10:23:20.0242 9236 WcsPlugInService - ok
10:23:20.0255 9236 [ 72889e16ff12ba0f235467d6091b17dc ] Wd C:\Windows\system32\drivers\wd.sys
10:23:20.0264 9236 Wd - ok
10:23:20.0296 9236 [ 441bd2d7b4f98134c3a4f9fa570fd250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
10:23:20.0316 9236 Wdf01000 - ok
10:23:20.0331 9236 [ bf1fc3f79b863c914687a737c2f3d681 ] WdiServiceHost C:\Windows\system32\wdi.dll
10:23:20.0386 9236 WdiServiceHost - ok
10:23:20.0390 9236 [ bf1fc3f79b863c914687a737c2f3d681 ] WdiSystemHost C:\Windows\system32\wdi.dll
10:23:20.0404 9236 WdiSystemHost - ok
10:23:20.0420 9236 [ 3db6d04e1c64272f8b14eb8bc4616280 ] WebClient C:\Windows\System32\webclnt.dll
10:23:20.0446 9236 WebClient - ok
10:23:20.0460 9236 [ c749025a679c5103e575e3b48e092c43 ] Wecsvc C:\Windows\system32\wecsvc.dll
10:23:20.0489 9236 Wecsvc - ok
10:23:20.0504 9236 [ 7e591867422dc788b9e5bd337a669a08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
10:23:20.0532 9236 wercplsupport - ok
10:23:20.0549 9236 [ 6d137963730144698cbd10f202e9f251 ] WerSvc C:\Windows\System32\WerSvc.dll
10:23:20.0587 9236 WerSvc - ok
10:23:20.0612 9236 [ 611b23304bf067451a9fdee01fbdd725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
10:23:20.0638 9236 WfpLwf - ok
10:23:20.0651 9236 [ 05ecaec3e4529a7153b3136ceb49f0ec ] WIMMount C:\Windows\system32\drivers\wimmount.sys
10:23:20.0660 9236 WIMMount - ok
10:23:20.0670 9236 WinDefend - ok
10:23:20.0677 9236 WinHttpAutoProxySvc - ok
10:23:20.0720 9236 [ 19b07e7e8915d701225da41cb3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
10:23:20.0760 9236 Winmgmt - ok
10:23:20.0802 9236 [ bcb1310604aa415c4508708975b3931e ] WinRM C:\Windows\system32\WsmSvc.dll
10:23:20.0855 9236 WinRM - ok
10:23:20.0939 9236 [ fe88b288356e7b47b74b13372add906d ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
10:23:20.0972 9236 WinUsb - ok
10:23:21.0007 9236 [ 4fada86e62f18a1b2f42ba18ae24e6aa ] Wlansvc C:\Windows\System32\wlansvc.dll
10:23:21.0043 9236 Wlansvc - ok
10:23:21.0090 9236 [ 06c8fa1cf39de6a735b54d906ba791c6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
10:23:21.0120 9236 wlcrasvc - ok
10:23:21.0194 9236 [ 7e47c328fc4768cb8beafbcfafa70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
10:23:21.0238 9236 wlidsvc - ok
10:23:21.0257 9236 [ f6ff8944478594d0e414d3f048f0d778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
10:23:21.0275 9236 WmiAcpi - ok
10:23:21.0301 9236 [ 38b84c94c5a8af291adfea478ae54f93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
10:23:21.0326 9236 wmiApSrv - ok
10:23:21.0350 9236 WMPNetworkSvc - ok
10:23:21.0369 9236 [ 96c6e7100d724c69fcf9e7bf590d1dca ] WPCSvc C:\Windows\System32\wpcsvc.dll
10:23:21.0429 9236 WPCSvc - ok
10:23:21.0436 9236 [ 93221146d4ebbf314c29b23cd6cc391d ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
10:23:21.0468 9236 WPDBusEnum - ok
10:23:21.0479 9236 [ 6bcc1d7d2fd2453957c5479a32364e52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
10:23:21.0505 9236 ws2ifsl - ok
10:23:21.0516 9236 [ e8b1fe6669397d1772d8196df0e57a9e ] wscsvc C:\Windows\System32\wscsvc.dll
10:23:21.0544 9236 wscsvc - ok
10:23:21.0548 9236 WSearch - ok
10:23:21.0625 9236 [ d9ef901dca379cfe914e9fa13b73b4c4 ] wuauserv C:\Windows\system32\wuaueng.dll
10:23:21.0672 9236 wuauserv - ok
10:23:21.0686 9236 [ d3381dc54c34d79b22cee0d65ba91b7c ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
10:23:21.0721 9236 WudfPf - ok
10:23:21.0748 9236 [ cf8d590be3373029d57af80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
10:23:21.0784 9236 WUDFRd - ok
10:23:21.0802 9236 [ 7a95c95b6c4cf292d689106bcae49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
10:23:21.0827 9236 wudfsvc - ok
10:23:21.0831 9236 WUSB54GSCv2.NTamd64 - ok
10:23:21.0848 9236 [ 9a3452b3c2a46c073166c5cf49fad1ae ] WwanSvc C:\Windows\System32\wwansvc.dll
10:23:21.0878 9236 WwanSvc - ok
10:23:22.0030 9236 [ dd0042f0c3b606a6a8b92d49afb18ad6 ] YahooAUService C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
10:23:22.0050 9236 YahooAUService - ok
10:23:22.0089 9236 ================ Scan global ===============================
10:23:22.0140 9236 (ba0cd8c393e8c9f83354106093832c7b) C:\Windows\system32\basesrv.dll
10:23:22.0201 9236 (eb6a48cc998e1090e44e8e7f1009a640) C:\Windows\system32\winsrv.dll
10:23:22.0212 9236 (eb6a48cc998e1090e44e8e7f1009a640) C:\Windows\system32\winsrv.dll
10:23:22.0285 9236 (d6160f9d869ba3af0b787f971db56368) C:\Windows\system32\sxssrv.dll
10:23:22.0360 9236 (24acb7e5be595468e3b9aa488b9b4fcb) C:\Windows\system32\services.exe
10:23:22.0365 9236 [Global] - ok
10:23:22.0367 9236 ================ Scan MBR ==================================
10:23:22.0391 9236 MBR (0x1B8) (98fcd121d17e9b4e92f21f168830bb27) \Device\Harddisk0\DR0
10:23:22.0856 9236 \Device\Harddisk0\DR0 - ok
10:23:22.0858 9236 ================ Scan VBR ==================================
10:23:22.0862 9236 Boot (0x1200) (00bc2736862d26bf1a75634ab49c03fd) \Device\Harddisk0\DR0\Partition1
10:23:22.0863 9236 \Device\Harddisk0\DR0\Partition1 - ok
10:23:22.0897 9236 Boot (0x1200) (8a952ae19ff4bb22ca80893d213e8eaf) \Device\Harddisk0\DR0\Partition2
10:23:22.0898 9236 \Device\Harddisk0\DR0\Partition2 - ok
10:23:22.0935 9236 Boot (0x1200) (7edfe259fa587b8ea6f2647550a6037d) \Device\Harddisk0\DR0\Partition3
10:23:22.0936 9236 \Device\Harddisk0\DR0\Partition3 - ok
10:23:22.0937 9236 ============================================================
10:23:22.0937 9236 Scan finished
10:23:22.0937 9236 ============================================================
10:23:22.0949 9908 Detected object count: 10
10:23:22.0949 9908 Actual detected object count: 10
10:24:07.0153 9908 ExpressAccountsService ( UnsignedFile.Multi.Generic ) - skipped by user
10:24:07.0154 9908 ExpressAccountsService ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:24:07.0157 9908 ExpressInvoiceService ( UnsignedFile.Multi.Generic ) - skipped by user
10:24:07.0157 9908 ExpressInvoiceService ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:24:07.0157 9908 Kodak AiO Status Monitor Service ( UnsignedFile.Multi.Generic ) - skipped by user
10:24:07.0157 9908 Kodak AiO Status Monitor Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:24:07.0158 9908 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
10:24:07.0158 9908 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:24:07.0160 9908 MREMP50 ( UnsignedFile.Multi.Generic ) - skipped by user
10:24:07.0160 9908 MREMP50 ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:24:07.0162 9908 MRESP50 ( UnsignedFile.Multi.Generic ) - skipped by user
10:24:07.0162 9908 MRESP50 ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:24:07.0164 9908 pcCMService ( UnsignedFile.Multi.Generic ) - skipped by user
10:24:07.0164 9908 pcCMService ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:24:07.0169 9908 pcCMService64 ( UnsignedFile.Multi.Generic ) - skipped by user
10:24:07.0169 9908 pcCMService64 ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:24:07.0170 9908 pcServiceHost ( UnsignedFile.Multi.Generic ) - skipped by user
10:24:07.0170 9908 pcServiceHost ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:24:07.0173 9908 SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user
10:24:07.0173 9908 SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip

[MrCharlie]

That scan was clean......

Here's what I suggest you do:

Disable these plug-ins:
npCouponPrinter<--plugin
WeCareReminder <---plugin

Uninstall all of these:

Anti-phishing Domain Advisor
Yahoo! Toolbar
Upromise TurboSaver (remove only)
Coupon Printer for Windows
Coupons.com Toolbar
Vuze
Vuze Remote Toolbar
Xfinity.com Toolbar 3.5
Inbox Toolbar

------------------------------------------------

Then...............

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

[zalloy]

Here's the ComboFix log. I've also noticed that every time I reboot, I get asked if I want to run uTorrent. I don't use uTorrent, and want it to stop trying to run. I always have to click Cancel before it will let anything else load. Also, for a while, I was getting a malicious IP blocked by MWAB 204.51.78.133. Additionally, I've been getting weird compatibility messages in MS Office. I ran the Combofix after disabling Norton, MWAB and Spybot Search & Destroy. Couldn't get the TeaTimer to disable.

ComboFix 12-08-17.03 - Laurie 08/18/2012 8:05.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3839.1890 [GMT -4:00]
Running from: c:\users\Laurie\Desktop\ComboFix.exe
AV: Norton Security Suite *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Security Suite *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Security Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\program files (x86)\version.txt
c:\programdata\Amazon.ico
c:\users\Default\AppData\Roaming\DPInst.exe
c:\users\Default\AppData\Roaming\gacutil.exe
c:\users\Default\AppData\Roaming\PnPutil.exe
c:\users\Laurie\AppData\Local\ie_runner_app.exe
c:\windows\SysWow64\URTTemp
c:\windows\SysWow64\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-07-18 to 2012-08-18 )))))))))))))))))))))))))))))))
.
.
2012-08-18 12:25 . 2012-08-18 12:25 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-16 17:39 . 2012-08-16 18:26 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-08-16 17:39 . 2012-08-16 18:05 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-08-15 08:58 . 2012-08-15 08:58 9826504 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-08-15 03:24 . 2012-06-29 04:09 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-08-12 16:21 . 2012-08-12 16:25 -------- d-----w- c:\users\Laurie\AppData\Roaming\PDF Software
2012-08-12 15:52 . 2012-08-12 15:53 -------- d-----w- c:\program files (x86)\PDF Suite 2012
2012-08-10 22:01 . 2012-08-10 22:01 -------- d-----w- c:\program files (x86)\Free YouTube Downloader
2012-07-28 22:31 . 2012-07-28 22:31 -------- d-----w- c:\users\Laurie\AppData\Local\CRE
2012-07-27 20:51 . 2012-07-27 20:51 184248 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2012-07-27 20:51 . 2012-07-27 20:51 184248 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
2012-07-27 00:37 . 2012-07-27 00:36 476976 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-07-27 00:33 . 2012-07-27 00:33 -------- d-----w- c:\programdata\McAfee
2012-07-21 16:01 . 2012-07-21 16:01 -------- d-----w- c:\windows\SysWow64\kodak
2012-07-21 15:49 . 2012-07-21 15:49 -------- d-----w- c:\users\Default\AppData\Roaming\KODAK AiO Home Center1012742297
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-15 08:58 . 2012-05-08 15:39 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-15 08:58 . 2011-07-23 21:26 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-15 03:19 . 2011-07-23 18:31 62134624 ----a-w- c:\windows\system32\MRT.exe
2012-07-27 00:36 . 2011-07-23 20:17 472880 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-07-16 21:14 . 2012-03-10 14:56 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2012-07-16 21:14 . 2003-02-21 11:42 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2012-07-03 17:46 . 2012-06-30 14:41 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-30 21:47 . 2012-02-12 15:00 175736 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2012-06-18 13:48 . 2012-06-18 13:48 122368 ----a-w- c:\windows\system32\EKaio2WiaCoInst.dll
2012-06-18 13:48 . 2012-06-18 13:48 10240 ----a-w- c:\windows\system32\EKaio2WiaCoInstRes.dll
2012-06-12 13:42 . 2012-06-12 13:42 1644544 ----a-w- c:\windows\system32\EKAiO2MON.dll
2012-06-12 13:41 . 2012-06-12 13:41 177664 ----a-w- c:\windows\system32\EKAiO2COI09.dll
2012-06-09 05:43 . 2012-07-11 10:28 14172672 ----a-w- c:\windows\system32\shell32.dll
2012-06-06 12:49 . 2012-06-06 12:49 1070152 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2012-06-06 06:06 . 2012-07-11 10:28 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 06:06 . 2012-07-11 10:28 1881600 ----a-w- c:\windows\system32\msxml3.dll
2012-06-06 06:02 . 2012-07-11 10:28 1133568 ----a-w- c:\windows\system32\cdosys.dll
2012-06-06 05:05 . 2012-07-11 10:28 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-06-06 05:05 . 2012-07-11 10:28 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-06-06 05:03 . 2012-07-11 10:28 805376 ----a-w- c:\windows\SysWow64\cdosys.dll
2012-06-02 22:19 . 2012-06-21 04:32 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 04:32 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-21 04:32 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 04:32 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 04:32 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-21 04:32 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-21 04:32 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 19:19 . 2012-06-21 04:31 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 19:15 . 2012-06-21 04:31 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 05:50 . 2012-07-11 10:28 458704 ----a-w- c:\windows\system32\drivers\cng.sys
2012-06-02 05:48 . 2012-07-11 10:28 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 05:48 . 2012-07-11 10:28 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 05:45 . 2012-07-11 10:28 340992 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 05:44 . 2012-07-11 10:28 307200 ----a-w- c:\windows\system32\ncrypt.dll
2012-06-02 04:40 . 2012-07-11 10:28 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-06-02 04:40 . 2012-07-11 10:28 225280 ----a-w- c:\windows\SysWow64\schannel.dll
2012-06-02 04:39 . 2012-07-11 10:28 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-06-02 04:34 . 2012-07-11 10:28 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{a938761b-202b-4828-87e4-f21fec37d02d}]
2012-07-31 16:32 92040 ----a-w- c:\program files (x86)\PDF Suite 2012\PDFIEHelper.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{11aa5c56-b4e2-4b8f-803a-d340415532f3}"= "c:\program files (x86)\PDF Suite 2012\PDFIEPlugin.dll" [2012-07-31 609160]
.
[HKEY_CLASSES_ROOT\clsid\{11aa5c56-b4e2-4b8f-803a-d340415532f3}]
[HKEY_CLASSES_ROOT\PDFIEPlugin.PDFIEConverter.1]
[HKEY_CLASSES_ROOT\TypeLib\{99e9d44c-f699-4ab3-8f4b-46dd12e9a9f6}]
[HKEY_CLASSES_ROOT\PDFIEPlugin.PDFIEConverter]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Laurie\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Laurie\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Laurie\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GladinetIconOverlay]
@="{3C3DC57A-7535-48AF-BB9E-C3576A4F34D0}"
[HKEY_CLASSES_ROOT\CLSID\{3C3DC57A-7535-48AF-BB9E-C3576A4F34D0}]
2011-05-09 09:10 194416 ----a-w- c:\program files (x86)\Nuance\Nuance Cloud Connector\GlOverlayIcon32.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GladinetUploading]
@="{959A18D3-9CC9-41e8-B76F-34ED9A89D4EA}"
[HKEY_CLASSES_ROOT\CLSID\{959A18D3-9CC9-41e8-B76F-34ED9A89D4EA}]
2011-05-09 09:13 194416 ----a-w- c:\program files (x86)\Nuance\Nuance Cloud Connector\GlOverlayIconU32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cdloader"="c:\users\Laurie\AppData\Roaming\mjusbsp\cdloader2.exe" [2012-02-01 50592]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"uTorrent"="c:\users\Laurie\Downloads\utorrent.exe" [2011-08-05 639864]
"ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2010-05-21 324976]
"DW7"="c:\program files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe" [2012-07-29 13003448]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"nmctxth"="c:\program files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-12-12 642856]
"ddoctorv2"="c:\program files (x86)\Comcast\Desktop Doctor\bin\sprtcmd.exe" [2008-04-24 202560]
"NielsenOnline"="c:\program files (x86)\NetRatingsNetSight\NetSight\NielsenOnline.exe" [2010-11-17 47424]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"NBAgent"="c:\program files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe" [2011-09-20 1493288]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-07-13 336384]
"GIDDesktop"="c:\program files (x86)\SFT\GuardedID\gidd.exe" [2011-07-05 395528]
"PDF7 Registry Controller"="c:\program files (x86)\Nuance\PDF Create 7\RegistryController.exe" [2011-04-29 138528]
"DNS7reminder"="c:\program files (x86)\Nuance\NaturallySpeaking11\Ereg\Ereg.exe" [2007-04-16 259624]
"ISUSPM"="c:\programdata\FLEXnet\Connect\11\isuspm.exe" [2010-05-21 324976]
"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]
"OmniPage Preload"="c:\program files (x86)\Nuance\OmniPage18\OmniPage18.exe" [2011-05-10 2983200]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"PDFHook"="c:\program files (x86)\Nuance\PDF Create 7\pdfcreate7hook.exe" [2011-04-29 606496]
"Nuance OmniPage 18-reminder"="c:\program files (x86)\Nuance\OmniPage18\Ereg\Ereg.exe" [2010-10-27 333088]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2012-07-16 296096]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"DeleteEngineAfterUpdate"="reg DELETE HKCU\Software\AppDataLow\Software\ConduitEngine" [X]
"KodakHomeCenter"="c:\program files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe" [2012-06-19 2234840]
.
c:\users\Laurie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Laurie\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
magicJack.lnk - c:\users\Laurie\AppData\Roaming\mjusbsp\magicJackLoader.exe [2012-2-1 804672]
OpenOffice.org 3.4.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2012-4-19 1199104]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Constant Guard.lnk - c:\program files (x86)\Constant Guard Protection Suite\IDVault.exe [2012-7-18 6536304]
Nuance Cloud Connector.lnk - c:\program files (x86)\Nuance\Nuance Cloud Connector\GladLauncher.exe [2011-5-9 87920]
PhraseExpress.lnk - c:\program files (x86)\PhraseExpress\phraseexpress.exe [2012-2-22 7344336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"HP Software Update"=c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
.
R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe [2012-02-10 193816]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-17 136176]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-15 250056]
R3 AODDriver4.0;AODDriver4.0;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2011-06-24 55424]
R3 ExpressAccountsService;Express Accounts;c:\program files (x86)\NCH Software\ExpressAccounts\expressaccounts.exe [2011-09-25 2654724]
R3 ExpressInvoiceService;Express Invoice;c:\program files (x86)\NCH Software\ExpressInvoice\expressinvoice.exe [2011-09-25 1781252]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-17 136176]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-17 113120]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-07-24 1255736]
R3 WUSB54GSCv2.NTamd64;Compact Wireless-G USB Network Adapter with SpeedBooster Service;c:\windows\system32\DRIVERS\WUSB54GSCV2_AMD64.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 amd_sata;amd_sata;c:\windows\system32\drivers\amd_sata.sys [2010-11-04 75904]
S0 amd_xata;amd_xata;c:\windows\system32\drivers\amd_xata.sys [2010-11-04 38016]
S0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\DRIVERS\NBVol.sys [2011-07-13 72240]
S0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\DRIVERS\NBVolUp.sys [2011-07-13 15920]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0602010.005\SYMDS64.SYS [2011-08-16 451192]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0602010.005\SYMEFA64.SYS [2011-11-24 1092728]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\BASHDefs\20120811.003\BHDrvx64.sys [2012-08-11 1385120]
S1 ccSet_N360;Norton Security Suite Settings Manager;c:\windows\system32\drivers\N360x64\0602010.005\ccSetx64.sys [2011-11-04 167048]
S1 GIDv2;GIDv2; [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\IPSDefs\20120817.001\IDSvia64.sys [2012-06-29 509088]
S1 nnfwdk;Nielsen WFP Driver;c:\program files (x86)\NetRatingsNetSight\NetSight\meter9\nnfwdk64.sys [2012-03-20 25648]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0602010.005\Ironx64.SYS [2011-11-17 190072]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\0602010.005\SYMNETS.SYS [2011-11-17 405624]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-06-30 204288]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-07-13 361984]
S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2011-06-24 55424]
S2 DragonSvc;Dragon Service;c:\program files (x86)\Common Files\Nuance\dgnsvc.exe [2010-07-23 296808]
S2 GladFileMonSvc;GladFileMonSvc;c:\program files (x86)\Nuance\Nuance Cloud Connector\GladFileMonSvc.exe [2011-05-09 29552]
S2 HPAuto;HP Auto;c:\program files\Hewlett-Packard\HP Auto\HPAuto.exe [2011-02-17 682040]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 IDVaultSvc;CGPS Service;c:\program files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe [2012-07-18 66160]
S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [2012-06-19 394712]
S2 Kodak AiO Status Monitor Service;Kodak AiO Status Monitor Service;c:\program files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe [2012-06-19 777728]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
S2 N360;Norton Security Suite;c:\program files (x86)\Norton Security Suite\Engine\6.2.1.5\ccSvcHst.exe [2012-03-27 138232]
S2 NielsenUpdate;Nielsen Update;c:\program files (x86)\NetRatingsNetSight\NetSight\NielsenUpdate.exe [2012-02-24 825664]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files (x86)\Norton PC Checkup\Engine\2.0.12.27\SymcPCCULaunchSvc.exe [2011-12-01 135608]
S2 pcCMService;pcCMService;c:\program files (x86)\Common Files\Motive\pcCMService.exe [2012-06-12 368640]
S2 pcCMService64;pcCMService64;c:\program files\Common Files\Motive\pcCMService.exe [2012-06-12 460288]
S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.12.27\ccSvcHst.exe [2011-05-03 126392]
S2 pcServiceHost;pcServiceHost;c:\program files (x86)\Common Files\Motive\pcServiceHost.exe [2012-06-11 342016]
S2 PDF Suite 2012 Helper Service;PDF Suite 2012 Helper Service;c:\program files (x86)\PDF Suite 2012\HelperService.exe [2012-07-31 815496]
S2 PDF Suite 2012 Service;PDF Suite 2012 Service;c:\program files (x86)\PDF Suite 2012\ConversionService.exe [2012-07-31 724360]
S2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-06-30 9371136]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-06-30 309760]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-02-05 231440]
S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe [2012-02-10 240408]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-08-13 138912]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-12-28 412776]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [2009-12-22 38456]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2011-06-20 19:05 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{9191979D-821C-4EA8-B021-2DA1D859A7C5}-3Reg]
2011-07-05 15:26 435976 ----a-w- c:\program files (x86)\SFT\GuardedID\GIDI.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-08 08:58]
.
2012-08-18 c:\windows\Tasks\AutoKMS.job
- c:\windows\AutoKMS\AutoKMS.exe [2011-09-19 23:09]
.
2012-08-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-17 15:54]
.
2012-08-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-17 15:54]
.
2012-08-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3877766120-1356258156-1109172098-1001Core.job
- c:\users\Laurie\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-23 18:30]
.
2012-08-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3877766120-1356258156-1109172098-1001UA.job
- c:\users\Laurie\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-23 18:30]
.
2012-08-18 c:\windows\Tasks\HPCeeScheduleForLaurie.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
2012-08-13 c:\windows\Tasks\HPCeeScheduleForZINCS-HP$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Laurie\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Laurie\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Laurie\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Laurie\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GladinetIconOverlay]
@="{3C3DC57A-7535-48AF-BB9E-C3576A4F34D0}"
[HKEY_CLASSES_ROOT\CLSID\{3C3DC57A-7535-48AF-BB9E-C3576A4F34D0}]
2011-05-09 09:11 192368 ----a-w- c:\program files (x86)\Nuance\Nuance Cloud Connector\GlOverlayIcon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GladinetUploading]
@="{959A18D3-9CC9-41e8-B76F-34ED9A89D4EA}"
[HKEY_CLASSES_ROOT\CLSID\{959A18D3-9CC9-41e8-B76F-34ED9A89D4EA}]
2011-05-09 09:13 195440 ----a-w- c:\program files (x86)\Nuance\Nuance Cloud Connector\GlOverlayIconU.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-09-16 497648]
"Comcast_McciTrayApp"="c:\program files\Comcast\pcTrayApp.exe" [2012-06-12 2767360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://xfinity.comcast.net/?cid=cgps02122012
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
FF - ProfilePath - c:\users\Laurie\AppData\Roaming\Mozilla\Firefox\Profiles\6hkwwsku.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2801948&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2801948&SearchSource=13
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(yahoo.ytff.general.dontshowhpoffer, true
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{37153479-1976-43c3-a1ee-557513977b64} - (no file)
URLSearchHooks-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
URLSearchHooks-{26525ca7-f3ff-47c2-b829-09083718bee1} - (no file)
URLSearchHooks-{ba14329e-9550-4989-b3f2-9732e92d17cc} - (no file)
URLSearchHooks-{37483b40-c254-4a72-bda4-22ee90182c1e} - (no file)
URLSearchHooks-{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file)
Wow6432Node-HKCU-Run-Typing Assistant (English) - c:\program files (x86)\Typing Assistant (English) 5.4\Typing Assistant (English).exe
Wow6432Node-HKCU-Run-SpeechInk Transcription Alerter - c:\program files (x86)\SpeechInk Alerter\rss.exe
Wow6432Node-HKCU-Run-DW6 - c:\program files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe
Wow6432Node-HKLM-Run-Conime - c:\windows\system32\conime.exe
WebBrowser-{37153479-1976-43C3-A1EE-557513977B64} - (no file)
WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
WebBrowser-{26525CA7-F3FF-47C2-B829-09083718BEE1} - (no file)
WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)
WebBrowser-{37483B40-C254-4A72-BDA4-22EE90182C1E} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-The Weather Channel Desktop 6 - c:\program files (x86)\The Weather Channel FW\Desktop\TheWeatherChannelCustomUninstall.exe
AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton Security Suite\Engine\6.2.1.5\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton Security Suite\Engine\6.2.1.5\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCCUJobMgr]
"ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.12.27\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.12.27\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{8DCB7100-DF86-4384-8842-8FA844297B3F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,72,d8,
89,b4,91,ea,06,f7,54,cc,e8,41,77,3f,2b
"{5911488E-9D1E-40EC-8CBB-06B231CC153F}"=hex:51,66,7a,6c,4c,1d,38,12,e0,4b,02,
5d,2c,d3,82,05,f3,ad,45,f2,34,92,51,2b
"{2E5E800E-6AC0-411E-940A-369530A35E43}"=hex:51,66,7a,6c,4c,1d,38,12,60,83,4d,
2a,f2,24,70,04,eb,1c,75,d5,35,fd,1a,57
"{DCC70A83-E184-40A3-906B-779AF5E941C4}"=hex:51,66,7a,6c,4c,1d,38,12,ed,09,d4,
d8,b6,af,cd,05,ef,7d,34,da,f0,b7,05,d0
"{311B58DC-A4DC-4B04-B1B5-60299AD3D803}"=hex:51,66,7a,6c,4c,1d,38,12,b2,5b,08,
35,ee,ea,6a,0e,ce,a3,23,69,9f,8d,9c,17
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"=hex:51,66,7a,6c,4c,1d,38,12,8d,ec,f8,
7b,2b,25,27,06,e7,c4,bc,f0,98,15,0d,de
"{37153479-1976-43C3-A1EE-557513977B64}"=hex:51,66,7a,6c,4c,1d,38,12,17,37,06,
33,44,57,ad,06,de,f8,16,35,16,c9,3f,70
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}"=hex:51,66,7a,6c,4c,1d,38,12,57,36,90,
43,f7,9e,4b,04,e0,be,4b,59,e7,b4,e8,87
"{06E58E5E-F8CB-4049-991E-A41C03BD419E}"=hex:51,66,7a,6c,4c,1d,38,12,30,8d,f6,
02,f9,b6,27,05,e6,08,e7,5c,06,e3,05,8a
"{C3947F4E-8894-4C04-98E0-DF182C706DDF}"=hex:51,66,7a,6c,4c,1d,38,12,20,7c,87,
c7,a6,c6,6a,09,e7,f6,9c,58,29,2e,29,cb
"{26525CA7-F3FF-47C2-B829-09083718BEE1}"=hex:51,66,7a,6c,4c,1d,38,12,c9,5f,41,
22,cd,bd,ac,02,c7,3f,4a,48,32,46,fa,f5
"{30F9B915-B755-4826-820B-08FBA6BD249D}"=hex:51,66,7a,6c,4c,1d,38,12,7b,ba,ea,
34,67,f9,48,0d,fd,1d,4b,bb,a3,e3,60,89
"{47980628-3844-42AA-A0DD-E2D86BBA9600}"=hex:51,66,7a,6c,4c,1d,38,12,46,05,8b,
43,76,76,c4,07,df,cb,a1,98,6e,e4,d2,14
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{2AAE80CE-5D5E-4AD2-B722-E9E0A506CE52}"=hex:51,66,7a,6c,4c,1d,38,12,a0,83,bd,
2e,6c,13,bc,0f,c8,34,aa,a0,a0,58,8a,46
"{3049C3E9-B461-4BC5-8870-4C09146192CA}"=hex:51,66,7a,6c,4c,1d,38,12,87,c0,5a,
34,53,fa,ab,0e,f7,66,0f,49,11,3f,d6,de
"{3FDBA1BA-AE28-4045-9048-4ED2F3865629}"=hex:51,66,7a,6c,4c,1d,38,12,d4,a2,c8,
3b,1a,e0,2b,05,ef,5e,0d,92,f6,d8,12,3d
"{4BE60886-F6AA-4714-8109-EA6D8247DD57}"=hex:51,66,7a,6c,4c,1d,38,12,e8,0b,f5,
4f,98,b8,7a,02,fe,1f,a9,2d,87,19,99,43
"{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}"=hex:51,66,7a,6c,4c,1d,38,12,60,d8,39,
64,cd,04,79,07,f5,b7,d6,9a,c1,81,e0,1c
"{66516A07-F617-488A-90CF-4E690CFB3C5F}"=hex:51,66,7a,6c,4c,1d,38,12,69,69,42,
62,25,b8,e4,0d,ef,d9,0d,29,09,a5,78,4b
"{6D53EC84-6AAE-4787-AEEE-F4628F01010C}"=hex:51,66,7a,6c,4c,1d,38,12,ea,ef,40,
69,9c,24,e9,02,d1,f8,b7,22,8a,5f,45,18
"{6E13D095-45C3-4271-9475-F3B48227DD9F}"=hex:51,66,7a,6c,4c,1d,38,12,fb,d3,00,
6a,f1,0b,1f,07,eb,63,b0,f4,87,79,99,8b
"{6EBF7485-159F-4BFF-A14F-B9E3AAC4465B}"=hex:51,66,7a,6c,4c,1d,38,12,eb,77,ac,
6a,ad,5b,91,0e,de,59,fa,a3,af,9a,02,4f
"{6FFB615D-E8CE-4ADD-8D9F-31C4BE9C26E4}"=hex:51,66,7a,6c,4c,1d,38,12,33,62,e8,
6b,fc,a6,b3,0f,f2,89,72,84,bb,c2,62,f0
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{AE7CD045-E861-484F-8273-0445EE161910}"=hex:51,66,7a,6c,4c,1d,38,12,2b,d3,6f,
aa,53,a6,21,0d,fd,65,47,05,eb,48,5d,04
"{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}"=hex:51,66,7a,6c,4c,1d,38,12,92,9a,85,
b0,57,58,7a,01,de,dd,87,e2,a1,ff,7a,f8
"{B84CDBE7-1B46-494B-A188-01D4C52DEB61}"=hex:51,66,7a,6c,4c,1d,38,12,89,d8,5f,
bc,74,55,25,0c,de,9e,42,94,c0,73,af,75
"{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,3d,dd,
d6,78,b7,2e,02,e7,98,40,9c,2a,66,87,5b
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{E6D0B79E-ECAC-411B-8BF6-7A574981AF30}"=hex:51,66,7a,6c,4c,1d,38,12,f0,b4,c3,
e2,9e,a2,75,04,f4,e0,39,17,4c,df,eb,24
"{EDC0F17F-F4B7-47E4-B73E-887FAEB376FA}"=hex:51,66,7a,6c,4c,1d,38,12,11,f2,d3,
e9,85,ba,8a,02,c8,28,cb,3f,ab,ed,32,ee
"{F4971EE7-DAA0-4053-9964-665D8EE6A077}"=hex:51,66,7a,6c,4c,1d,38,12,89,1d,84,
f0,92,94,3d,05,e6,72,25,1d,8b,b8,e4,63
"{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}"=hex:51,66,7a,6c,4c,1d,38,12,70,05,61,
f9,ec,d1,23,0d,da,9c,48,eb,44,0f,8e,cc
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:6a,d9,b4,e3,e8,59,cc,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f2,08,ef,22,41,ed,e0,48,b0,e9,d4,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f2,08,ef,22,41,ed,e0,48,b0,e9,d4,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\NetRatingsNetSight]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\08\02\09\01\15;S"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Comcast\Desktop Doctor\bin\sprtsvc.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
c:\program files (x86)\SFT\GuardedID\gidd.exe
.
**************************************************************************
.
Completion time: 2012-08-18 08:57:54 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-18 12:57
.
Pre-Run: 322,107,662,336 bytes free
Post-Run: 322,068,819,968 bytes free
.
- - End Of File - - E6CE2B524AB69E806CD407F6C459C18C

[zalloy]

Also, every time I try to adjust firewall settings for selected programs, Symantec Service Framework stops working. Have to reboot when this happens, as Norton Security shuts down.

[MrCharlie]

Using ComboFix......

1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
3. Open notepad and copy/paste the text in the quotebox below into it:
4. If ComboFix wants to update.....please allow it to.

Quote

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"=-

ClearJavaCache::

Save this as CFScript.txt, in the same location as ComboFix.exe



Refering to the picture above, drag CFScript into ComboFix.exe

CAUTION: Do not mouse-click ComboFix while it is running. It may cause it to stall.

After reboot, (in case it asks to reboot)......
Please provide the contents of the ComboFix log (C:\ComboFix.txt) in your next reply.

MrC

[zalloy]

I uninstalled the software you had indicated previously, (Vuze, visicom, toolbars, etc) and added the CFScript.txt to ComboFix. It said there was a new version, and asked if I wanted to download it, so I did. Ran with all AV disabled. Also, Norton still goes belly up when I try to adjust the firewall settings. I'm not seeing any more IP blocks for 204.51.78.133. Looks like uTorrent is gone though. Here's the log:

ComboFix 12-08-18.03 - Laurie 08/18/2012 16:08:15.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3839.1604 [GMT -4:00]
Running from: c:\users\Laurie\Desktop\ComboFix.exe
Command switches used :: c:\users\Laurie\Desktop\CFScript.txt
AV: Norton Security Suite *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Security Suite *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Security Suite *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-07-18 to 2012-08-18 )))))))))))))))))))))))))))))))
.
.
2012-08-18 20:27 . 2012-08-18 20:27 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-16 17:39 . 2012-08-16 18:26 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-08-16 17:39 . 2012-08-16 18:05 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-08-15 08:58 . 2012-08-15 08:58 9826504 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-08-15 03:24 . 2012-06-29 04:09 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-08-12 16:21 . 2012-08-12 16:25 -------- d-----w- c:\users\Laurie\AppData\Roaming\PDF Software
2012-08-12 15:52 . 2012-08-12 15:53 -------- d-----w- c:\program files (x86)\PDF Suite 2012
2012-08-10 22:01 . 2012-08-10 22:01 -------- d-----w- c:\program files (x86)\Free YouTube Downloader
2012-07-28 22:31 . 2012-07-28 22:31 -------- d-----w- c:\users\Laurie\AppData\Local\CRE
2012-07-27 20:51 . 2012-07-27 20:51 184248 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2012-07-27 20:51 . 2012-07-27 20:51 184248 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
2012-07-27 00:37 . 2012-07-27 00:36 476976 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-07-27 00:33 . 2012-07-27 00:33 -------- d-----w- c:\programdata\McAfee
2012-07-21 16:01 . 2012-07-21 16:01 -------- d-----w- c:\windows\SysWow64\kodak
2012-07-21 15:49 . 2012-07-21 15:49 -------- d-----w- c:\users\Default\AppData\Roaming\KODAK AiO Home Center1012742297
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-15 08:58 . 2012-05-08 15:39 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-15 08:58 . 2011-07-23 21:26 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-15 03:19 . 2011-07-23 18:31 62134624 ----a-w- c:\windows\system32\MRT.exe
2012-07-27 00:36 . 2011-07-23 20:17 472880 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-07-16 21:14 . 2012-03-10 14:56 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2012-07-16 21:14 . 2003-02-21 11:42 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2012-07-03 17:46 . 2012-06-30 14:41 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-30 21:47 . 2012-02-12 15:00 175736 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2012-06-18 13:48 . 2012-06-18 13:48 122368 ----a-w- c:\windows\system32\EKaio2WiaCoInst.dll
2012-06-18 13:48 . 2012-06-18 13:48 10240 ----a-w- c:\windows\system32\EKaio2WiaCoInstRes.dll
2012-06-12 13:42 . 2012-06-12 13:42 1644544 ----a-w- c:\windows\system32\EKAiO2MON.dll
2012-06-12 13:41 . 2012-06-12 13:41 177664 ----a-w- c:\windows\system32\EKAiO2COI09.dll
2012-06-09 05:43 . 2012-07-11 10:28 14172672 ----a-w- c:\windows\system32\shell32.dll
2012-06-06 12:49 . 2012-06-06 12:49 1070152 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2012-06-06 06:06 . 2012-07-11 10:28 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 06:06 . 2012-07-11 10:28 1881600 ----a-w- c:\windows\system32\msxml3.dll
2012-06-06 06:02 . 2012-07-11 10:28 1133568 ----a-w- c:\windows\system32\cdosys.dll
2012-06-06 05:05 . 2012-07-11 10:28 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-06-06 05:05 . 2012-07-11 10:28 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-06-06 05:03 . 2012-07-11 10:28 805376 ----a-w- c:\windows\SysWow64\cdosys.dll
2012-06-02 22:19 . 2012-06-21 04:32 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 04:32 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-21 04:32 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 04:32 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 04:32 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-21 04:32 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-21 04:32 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 19:19 . 2012-06-21 04:31 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 19:15 . 2012-06-21 04:31 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 05:50 . 2012-07-11 10:28 458704 ----a-w- c:\windows\system32\drivers\cng.sys
2012-06-02 05:48 . 2012-07-11 10:28 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 05:48 . 2012-07-11 10:28 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 05:45 . 2012-07-11 10:28 340992 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 05:44 . 2012-07-11 10:28 307200 ----a-w- c:\windows\system32\ncrypt.dll
2012-06-02 04:40 . 2012-07-11 10:28 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-06-02 04:40 . 2012-07-11 10:28 225280 ----a-w- c:\windows\SysWow64\schannel.dll
2012-06-02 04:39 . 2012-07-11 10:28 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-06-02 04:34 . 2012-07-11 10:28 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-08-18_12.30.58 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2012-08-18 12:28 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-08-18 20:30 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-08-18 12:28 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-08-18 20:30 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-08-18 12:28 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-08-18 20:30 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-11-21 03:09 . 2012-08-18 20:33 90066 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-08-18 20:33 44634 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-07-21 22:13 . 2012-08-18 20:33 20536 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3877766120-1356258156-1109172098-1001_UserData.bin
+ 2011-02-11 19:25 . 2012-08-18 18:50 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-02-11 19:25 . 2012-08-18 12:06 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-02-11 19:25 . 2012-08-18 12:06 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-02-11 19:25 . 2012-08-18 18:50 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-08-18 18:50 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-08-18 12:06 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-07-21 21:14 . 2012-08-18 18:46 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-07-21 21:14 . 2012-08-18 11:40 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2012-08-18 12:27 . 2012-08-18 12:27 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-08-18 20:30 . 2012-08-18 20:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-08-18 12:27 . 2012-08-18 12:27 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-08-18 20:30 . 2012-08-18 20:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 05:01 . 2012-08-18 20:28 520220 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-08-18 12:26 520220 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-08-18 16:40 . 2012-08-18 20:28 3262048 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2012-08-13 19:39 . 2012-08-18 12:26 3262048 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-07-25 07:16 . 2012-08-18 20:28 5229996 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3877766120-1356258156-1109172098-1001-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{a938761b-202b-4828-87e4-f21fec37d02d}]
2012-07-31 16:32 92040 ----a-w- c:\program files (x86)\PDF Suite 2012\PDFIEHelper.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{11aa5c56-b4e2-4b8f-803a-d340415532f3}"= "c:\program files (x86)\PDF Suite 2012\PDFIEPlugin.dll" [2012-07-31 609160]
.
[HKEY_CLASSES_ROOT\clsid\{11aa5c56-b4e2-4b8f-803a-d340415532f3}]
[HKEY_CLASSES_ROOT\PDFIEPlugin.PDFIEConverter.1]
[HKEY_CLASSES_ROOT\TypeLib\{99e9d44c-f699-4ab3-8f4b-46dd12e9a9f6}]
[HKEY_CLASSES_ROOT\PDFIEPlugin.PDFIEConverter]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Laurie\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Laurie\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Laurie\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GladinetIconOverlay]
@="{3C3DC57A-7535-48AF-BB9E-C3576A4F34D0}"
[HKEY_CLASSES_ROOT\CLSID\{3C3DC57A-7535-48AF-BB9E-C3576A4F34D0}]
2011-05-09 09:10 194416 ----a-w- c:\program files (x86)\Nuance\Nuance Cloud Connector\GlOverlayIcon32.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GladinetUploading]
@="{959A18D3-9CC9-41e8-B76F-34ED9A89D4EA}"
[HKEY_CLASSES_ROOT\CLSID\{959A18D3-9CC9-41e8-B76F-34ED9A89D4EA}]
2011-05-09 09:13 194416 ----a-w- c:\program files (x86)\Nuance\Nuance Cloud Connector\GlOverlayIconU32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cdloader"="c:\users\Laurie\AppData\Roaming\mjusbsp\cdloader2.exe" [2012-02-01 50592]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2010-05-21 324976]
"DW7"="c:\program files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe" [2012-07-29 13003448]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"nmctxth"="c:\program files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-12-12 642856]
"ddoctorv2"="c:\program files (x86)\Comcast\Desktop Doctor\bin\sprtcmd.exe" [2008-04-24 202560]
"NielsenOnline"="c:\program files (x86)\NetRatingsNetSight\NetSight\NielsenOnline.exe" [2010-11-17 47424]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"NBAgent"="c:\program files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe" [2011-09-20 1493288]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-07-13 336384]
"GIDDesktop"="c:\program files (x86)\SFT\GuardedID\gidd.exe" [2011-07-05 395528]
"PDF7 Registry Controller"="c:\program files (x86)\Nuance\PDF Create 7\RegistryController.exe" [2011-04-29 138528]
"DNS7reminder"="c:\program files (x86)\Nuance\NaturallySpeaking11\Ereg\Ereg.exe" [2007-04-16 259624]
"ISUSPM"="c:\programdata\FLEXnet\Connect\11\isuspm.exe" [2010-05-21 324976]
"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]
"OmniPage Preload"="c:\program files (x86)\Nuance\OmniPage18\OmniPage18.exe" [2011-05-10 2983200]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"PDFHook"="c:\program files (x86)\Nuance\PDF Create 7\pdfcreate7hook.exe" [2011-04-29 606496]
"Nuance OmniPage 18-reminder"="c:\program files (x86)\Nuance\OmniPage18\Ereg\Ereg.exe" [2010-10-27 333088]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2012-07-16 296096]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Conime"="c:\windows\system32\conime.exe" [BU]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"DeleteEngineAfterUpdate"="reg DELETE HKCU\Software\AppDataLow\Software\ConduitEngine" [X]
"KodakHomeCenter"="c:\program files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe" [2012-06-19 2234840]
.
c:\users\Laurie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Laurie\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
magicJack.lnk - c:\users\Laurie\AppData\Roaming\mjusbsp\magicJackLoader.exe [2012-2-1 804672]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Constant Guard.lnk - c:\program files (x86)\Constant Guard Protection Suite\IDVault.exe [2012-7-18 6536304]
Nuance Cloud Connector.lnk - c:\program files (x86)\Nuance\Nuance Cloud Connector\GladLauncher.exe [2011-5-9 87920]
PhraseExpress.lnk - c:\program files (x86)\PhraseExpress\phraseexpress.exe [2012-2-22 7344336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"HP Software Update"=c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
.
R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe [2012-02-10 193816]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-17 136176]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-15 250056]
R3 AODDriver4.0;AODDriver4.0;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2011-06-24 55424]
R3 ExpressAccountsService;Express Accounts;c:\program files (x86)\NCH Software\ExpressAccounts\expressaccounts.exe [2011-09-25 2654724]
R3 ExpressInvoiceService;Express Invoice;c:\program files (x86)\NCH Software\ExpressInvoice\expressinvoice.exe [2011-09-25 1781252]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-17 136176]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-17 113120]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-07-24 1255736]
R3 WUSB54GSCv2.NTamd64;Compact Wireless-G USB Network Adapter with SpeedBooster Service;c:\windows\system32\DRIVERS\WUSB54GSCV2_AMD64.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 amd_sata;amd_sata;c:\windows\system32\drivers\amd_sata.sys [2010-11-04 75904]
S0 amd_xata;amd_xata;c:\windows\system32\drivers\amd_xata.sys [2010-11-04 38016]
S0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\DRIVERS\NBVol.sys [2011-07-13 72240]
S0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\DRIVERS\NBVolUp.sys [2011-07-13 15920]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0602010.005\SYMDS64.SYS [2011-08-16 451192]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0602010.005\SYMEFA64.SYS [2011-11-24 1092728]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\BASHDefs\20120811.003\BHDrvx64.sys [2012-08-11 1385120]
S1 ccSet_N360;Norton Security Suite Settings Manager;c:\windows\system32\drivers\N360x64\0602010.005\ccSetx64.sys [2011-11-04 167048]
S1 GIDv2;GIDv2; [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\IPSDefs\20120817.001\IDSvia64.sys [2012-06-29 509088]
S1 nnfwdk;Nielsen WFP Driver;c:\program files (x86)\NetRatingsNetSight\NetSight\meter9\nnfwdk64.sys [2012-03-20 25648]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0602010.005\Ironx64.SYS [2011-11-17 190072]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\0602010.005\SYMNETS.SYS [2011-11-17 405624]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-06-30 204288]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-07-13 361984]
S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2011-06-24 55424]
S2 DragonSvc;Dragon Service;c:\program files (x86)\Common Files\Nuance\dgnsvc.exe [2010-07-23 296808]
S2 GladFileMonSvc;GladFileMonSvc;c:\program files (x86)\Nuance\Nuance Cloud Connector\GladFileMonSvc.exe [2011-05-09 29552]
S2 HPAuto;HP Auto;c:\program files\Hewlett-Packard\HP Auto\HPAuto.exe [2011-02-17 682040]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 IDVaultSvc;CGPS Service;c:\program files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe [2012-07-18 66160]
S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [2012-06-19 394712]
S2 Kodak AiO Status Monitor Service;Kodak AiO Status Monitor Service;c:\program files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe [2012-06-19 777728]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
S2 N360;Norton Security Suite;c:\program files (x86)\Norton Security Suite\Engine\6.2.1.5\ccSvcHst.exe [2012-03-27 138232]
S2 NielsenUpdate;Nielsen Update;c:\program files (x86)\NetRatingsNetSight\NetSight\NielsenUpdate.exe [2012-02-24 825664]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files (x86)\Norton PC Checkup\Engine\2.0.12.27\SymcPCCULaunchSvc.exe [2011-12-01 135608]
S2 pcCMService;pcCMService;c:\program files (x86)\Common Files\Motive\pcCMService.exe [2012-06-12 368640]
S2 pcCMService64;pcCMService64;c:\program files\Common Files\Motive\pcCMService.exe [2012-06-12 460288]
S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.12.27\ccSvcHst.exe [2011-05-03 126392]
S2 pcServiceHost;pcServiceHost;c:\program files (x86)\Common Files\Motive\pcServiceHost.exe [2012-06-11 342016]
S2 PDF Suite 2012 Helper Service;PDF Suite 2012 Helper Service;c:\program files (x86)\PDF Suite 2012\HelperService.exe [2012-07-31 815496]
S2 PDF Suite 2012 Service;PDF Suite 2012 Service;c:\program files (x86)\PDF Suite 2012\ConversionService.exe [2012-07-31 724360]
S2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-06-30 9371136]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-06-30 309760]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-02-05 231440]
S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe [2012-02-10 240408]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-08-13 138912]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-12-28 412776]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [2009-12-22 38456]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2011-06-20 19:05 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{9191979D-821C-4EA8-B021-2DA1D859A7C5}-3Reg]
2011-07-05 15:26 435976 ----a-w- c:\program files (x86)\SFT\GuardedID\GIDI.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-08 08:58]
.
2012-08-18 c:\windows\Tasks\AutoKMS.job
- c:\windows\AutoKMS\AutoKMS.exe [2011-09-19 23:09]
.
2012-08-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-17 15:54]
.
2012-08-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-17 15:54]
.
2012-08-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3877766120-1356258156-1109172098-1001Core.job
- c:\users\Laurie\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-23 18:30]
.
2012-08-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3877766120-1356258156-1109172098-1001UA.job
- c:\users\Laurie\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-23 18:30]
.
2012-08-18 c:\windows\Tasks\HPCeeScheduleForLaurie.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
2012-08-13 c:\windows\Tasks\HPCeeScheduleForZINCS-HP$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Laurie\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Laurie\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Laurie\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Laurie\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GladinetIconOverlay]
@="{3C3DC57A-7535-48AF-BB9E-C3576A4F34D0}"
[HKEY_CLASSES_ROOT\CLSID\{3C3DC57A-7535-48AF-BB9E-C3576A4F34D0}]
2011-05-09 09:11 192368 ----a-w- c:\program files (x86)\Nuance\Nuance Cloud Connector\GlOverlayIcon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GladinetUploading]
@="{959A18D3-9CC9-41e8-B76F-34ED9A89D4EA}"
[HKEY_CLASSES_ROOT\CLSID\{959A18D3-9CC9-41e8-B76F-34ED9A89D4EA}]
2011-05-09 09:13 195440 ----a-w- c:\program files (x86)\Nuance\Nuance Cloud Connector\GlOverlayIconU.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-09-16 497648]
"Comcast_McciTrayApp"="c:\program files\Comcast\pcTrayApp.exe" [2012-06-12 2767360]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://xfinity.comcast.net/?cid=cgps02122012
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
FF - ProfilePath - c:\users\Laurie\AppData\Roaming\Mozilla\Firefox\Profiles\6hkwwsku.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2801948&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2801948&SearchSource=13
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(yahoo.ytff.general.dontshowhpoffer, true
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton Security Suite\Engine\6.2.1.5\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton Security Suite\Engine\6.2.1.5\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCCUJobMgr]
"ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.12.27\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.12.27\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{8DCB7100-DF86-4384-8842-8FA844297B3F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,72,d8,
89,b4,91,ea,06,f7,54,cc,e8,41,77,3f,2b
"{5911488E-9D1E-40EC-8CBB-06B231CC153F}"=hex:51,66,7a,6c,4c,1d,38,12,e0,4b,02,
5d,2c,d3,82,05,f3,ad,45,f2,34,92,51,2b
"{2E5E800E-6AC0-411E-940A-369530A35E43}"=hex:51,66,7a,6c,4c,1d,38,12,60,83,4d,
2a,f2,24,70,04,eb,1c,75,d5,35,fd,1a,57
"{DCC70A83-E184-40A3-906B-779AF5E941C4}"=hex:51,66,7a,6c,4c,1d,38,12,ed,09,d4,
d8,b6,af,cd,05,ef,7d,34,da,f0,b7,05,d0
"{311B58DC-A4DC-4B04-B1B5-60299AD3D803}"=hex:51,66,7a,6c,4c,1d,38,12,b2,5b,08,
35,ee,ea,6a,0e,ce,a3,23,69,9f,8d,9c,17
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"=hex:51,66,7a,6c,4c,1d,38,12,8d,ec,f8,
7b,2b,25,27,06,e7,c4,bc,f0,98,15,0d,de
"{37153479-1976-43C3-A1EE-557513977B64}"=hex:51,66,7a,6c,4c,1d,38,12,17,37,06,
33,44,57,ad,06,de,f8,16,35,16,c9,3f,70
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}"=hex:51,66,7a,6c,4c,1d,38,12,57,36,90,
43,f7,9e,4b,04,e0,be,4b,59,e7,b4,e8,87
"{06E58E5E-F8CB-4049-991E-A41C03BD419E}"=hex:51,66,7a,6c,4c,1d,38,12,30,8d,f6,
02,f9,b6,27,05,e6,08,e7,5c,06,e3,05,8a
"{C3947F4E-8894-4C04-98E0-DF182C706DDF}"=hex:51,66,7a,6c,4c,1d,38,12,20,7c,87,
c7,a6,c6,6a,09,e7,f6,9c,58,29,2e,29,cb
"{26525CA7-F3FF-47C2-B829-09083718BEE1}"=hex:51,66,7a,6c,4c,1d,38,12,c9,5f,41,
22,cd,bd,ac,02,c7,3f,4a,48,32,46,fa,f5
"{30F9B915-B755-4826-820B-08FBA6BD249D}"=hex:51,66,7a,6c,4c,1d,38,12,7b,ba,ea,
34,67,f9,48,0d,fd,1d,4b,bb,a3,e3,60,89
"{47980628-3844-42AA-A0DD-E2D86BBA9600}"=hex:51,66,7a,6c,4c,1d,38,12,46,05,8b,
43,76,76,c4,07,df,cb,a1,98,6e,e4,d2,14
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{2AAE80CE-5D5E-4AD2-B722-E9E0A506CE52}"=hex:51,66,7a,6c,4c,1d,38,12,a0,83,bd,
2e,6c,13,bc,0f,c8,34,aa,a0,a0,58,8a,46
"{3049C3E9-B461-4BC5-8870-4C09146192CA}"=hex:51,66,7a,6c,4c,1d,38,12,87,c0,5a,
34,53,fa,ab,0e,f7,66,0f,49,11,3f,d6,de
"{3FDBA1BA-AE28-4045-9048-4ED2F3865629}"=hex:51,66,7a,6c,4c,1d,38,12,d4,a2,c8,
3b,1a,e0,2b,05,ef,5e,0d,92,f6,d8,12,3d
"{4BE60886-F6AA-4714-8109-EA6D8247DD57}"=hex:51,66,7a,6c,4c,1d,38,12,e8,0b,f5,
4f,98,b8,7a,02,fe,1f,a9,2d,87,19,99,43
"{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}"=hex:51,66,7a,6c,4c,1d,38,12,60,d8,39,
64,cd,04,79,07,f5,b7,d6,9a,c1,81,e0,1c
"{66516A07-F617-488A-90CF-4E690CFB3C5F}"=hex:51,66,7a,6c,4c,1d,38,12,69,69,42,
62,25,b8,e4,0d,ef,d9,0d,29,09,a5,78,4b
"{6D53EC84-6AAE-4787-AEEE-F4628F01010C}"=hex:51,66,7a,6c,4c,1d,38,12,ea,ef,40,
69,9c,24,e9,02,d1,f8,b7,22,8a,5f,45,18
"{6E13D095-45C3-4271-9475-F3B48227DD9F}"=hex:51,66,7a,6c,4c,1d,38,12,fb,d3,00,
6a,f1,0b,1f,07,eb,63,b0,f4,87,79,99,8b
"{6EBF7485-159F-4BFF-A14F-B9E3AAC4465B}"=hex:51,66,7a,6c,4c,1d,38,12,eb,77,ac,
6a,ad,5b,91,0e,de,59,fa,a3,af,9a,02,4f
"{6FFB615D-E8CE-4ADD-8D9F-31C4BE9C26E4}"=hex:51,66,7a,6c,4c,1d,38,12,33,62,e8,
6b,fc,a6,b3,0f,f2,89,72,84,bb,c2,62,f0
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{AE7CD045-E861-484F-8273-0445EE161910}"=hex:51,66,7a,6c,4c,1d,38,12,2b,d3,6f,
aa,53,a6,21,0d,fd,65,47,05,eb,48,5d,04
"{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}"=hex:51,66,7a,6c,4c,1d,38,12,92,9a,85,
b0,57,58,7a,01,de,dd,87,e2,a1,ff,7a,f8
"{B84CDBE7-1B46-494B-A188-01D4C52DEB61}"=hex:51,66,7a,6c,4c,1d,38,12,89,d8,5f,
bc,74,55,25,0c,de,9e,42,94,c0,73,af,75
"{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,3d,dd,
d6,78,b7,2e,02,e7,98,40,9c,2a,66,87,5b
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{E6D0B79E-ECAC-411B-8BF6-7A574981AF30}"=hex:51,66,7a,6c,4c,1d,38,12,f0,b4,c3,
e2,9e,a2,75,04,f4,e0,39,17,4c,df,eb,24
"{EDC0F17F-F4B7-47E4-B73E-887FAEB376FA}"=hex:51,66,7a,6c,4c,1d,38,12,11,f2,d3,
e9,85,ba,8a,02,c8,28,cb,3f,ab,ed,32,ee
"{F4971EE7-DAA0-4053-9964-665D8EE6A077}"=hex:51,66,7a,6c,4c,1d,38,12,89,1d,84,
f0,92,94,3d,05,e6,72,25,1d,8b,b8,e4,63
"{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}"=hex:51,66,7a,6c,4c,1d,38,12,70,05,61,
f9,ec,d1,23,0d,da,9c,48,eb,44,0f,8e,cc
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:6a,d9,b4,e3,e8,59,cc,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f2,08,ef,22,41,ed,e0,48,b0,e9,d4,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f2,08,ef,22,41,ed,e0,48,b0,e9,d4,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\NetRatingsNetSight]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\08\02\09\01\15;S"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Comcast\Desktop Doctor\bin\sprtsvc.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
c:\program files (x86)\SFT\GuardedID\gidd.exe
.
**************************************************************************
.
Completion time: 2012-08-18 16:59:49 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-18 20:59
ComboFix2.txt 2012-08-18 12:58
.
Pre-Run: 322,160,668,672 bytes free
Post-Run: 321,859,592,192 bytes free
.
- - End Of File - - 00059E90F46EEF531449DEFD748246A0

[MrCharlie]

http://community.nor...all/td-p/589474

Seems to be a know problem, MrC

[zalloy]

Well jeez, that figures. I guess I'll have to either work that one out with the Symantec people or switch to a different program. I only use Norton because it comes free with Xfinity. You know what they say sometimes about free stuff. Anyhoo, what could you tell from the log? So far, things seem like they're running much more smoothly, outside of the Norton bug. Do you think we fixed it?

[MrCharlie]

Just run this one last scan........

Please Update and run a Quick Scan with MBAM, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how computer is running now, MrC

[zalloy]

So far, so good. I think we kicked it. Thank you so much for all your help. Here's the log:

Malwarebytes Anti-Malware (PRO) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.18.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Laurie :: ZINCS-HP [administrator]

Protection: Enabled

8/18/2012 6:00:48 PM
mbam-log-2012-08-18 (18-00-48).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 207074
Time elapsed: 5 minute(s), 30 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

[MrCharlie]

Great

A little clean up to do....

Please Uninstall ComboFix: (if you used it)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /



Then hit enter.
This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall)

---------------------------------

Please download OTL from one of the links below: (you may already have OTL on the system)
http://oldtimer.geekstogo.com/OTL.exe
http://oldtimer.geekstogo.com/OTL.com
http://www.itxassoci...T-Tools/OTL.exe

Save it to your desktop.

Run OTL and hit the CleanUp button. (This will cleanup the tools and logs used including itself)

Any other programs or logs you can manually delete.
IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST, etc....

-------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

[zalloy]

Thank you so much!

[Maurice Naggar]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!