Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Happili redirect

Started by brianh9999, Apr 25 2012 06:12 PM

happili redirect

This topic is locked
Go to first unread post

23 replies to this topic

#1
brianh9999

Posted 25 April 2012 - 06:12 PM

New Member

Members
13 posts

Firefox is being hijacked by the Happili redirect. I've tried following the directions from prior posts but having no luck getting rid of this problem. A number of other malware/adware issues have been identified and resolved but this happili thing continues to return.

Here is my DDS log and Attach.txt is attached.

.
DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.2.1
Run by bhershberger at 17:54:23 on 2012-04-25
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3539.2911 [GMT -5:00]
.
AV: Symantec Endpoint Protection *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: COMODO Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.yahoo.com
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [DellControlPoint] "c:\program files\dell\dell controlpoint\Dell.ControlPoint.exe"
mRun: [ChangeTPMAuth] c:\program files\wave systems corp\common\ChangeTPMAuth.exe /T:NTRU12
mRun: [WavXMgr] c:\program files\wave systems corp\services manager\docmgr\bin\WavXDocMgr.exe
mRun: [USCService] c:\program files\dell\dell controlpoint\security manager\BcmDeviceAndTaskStatusService.exe
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [AESTFltr] "c:\windows\system32\AESTFltr.exe" /NoDlg
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
mRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
mRun: [Anvi Smart Defender] c:\program files\anvisoft\anvi smart defender\ASDTray.exe
dRunOnce: [RunNarrator] Narrator.exe
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: prmia.org\smweb
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} - hxxp://srtest-cdn.systemrequirementslab.com.s3.amazonaws.com/bin/sysreqlabdetect.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1259696327182
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://zone.msn.com/bingame/popcaploader_v10.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://zmfs.webex.com/client/T27L/sales/ieatgpc.cab
TCP: DhcpNameServer = 10.1.100.200
TCP: Interfaces\{211DBFCA-464A-43D9-B010-4F99BC718F5D} : NameServer = 10.1.100.200
TCP: Interfaces\{211DBFCA-464A-43D9-B010-4F99BC718F5D} : DhcpNameServer = 10.1.100.200
TCP: Interfaces\{A7541705-6C9B-4A97-BD45-A8B23253D65D} : DhcpNameServer = 192.168.0.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: GoToAssist Express Customer - c:\program files\citrix\gotoassist express customer\274\g2ax_winlogon.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\windows\system32\guard32.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Authentication Packages = msv1_0 wvauth
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\bhershberger.csc\application data\mozilla\firefox\profiles\kmptt6fy.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\bhershberger.csc\application data\mozilla\plugins\npatgpc.dll
FF - plugin: c:\documents and settings\bhershberger\application data\move networks\plugins\npqmp071705000014.dll
FF - plugin: c:\program files\adobe\acrobat 9.0\acrobat\air\nppdf32.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\new_plugin\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\oracle\javafx 2.0 runtime\bin\new_plugin\npjp2.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\virtual earth 3d\npVE3D.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_233.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
.
============= SERVICES / DRIVERS ===============
.
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2012-3-11 31704]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2010-6-28 108392]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2010-6-28 108392]
R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2010-6-28 1831024]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2012-3-11 494968]
S1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
S2 asdsrv;Anvi Smart Defender Realtime Guard Service;c:\program files\anvisoft\anvi smart defender\ASDSrv.exe [2012-4-19 643880]
S2 ATService;AuthenTec Fingerprint Service;c:\program files\fingerprint sensor\AtService.exe [2009-5-15 1803512]
S2 avhips;AntiMalware Host-based Intrusion Prevention System;c:\windows\system32\drivers\avhips.sys [2012-4-25 23848]
S2 buttonsvc32;Dell ControlPoint Button Service;c:\program files\dell\dell controlpoint\DCPButtonSvc.exe [2009-4-27 293968]
S2 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\comodo internet security\cmdagent.exe [2012-3-11 1983232]
S2 dcpsysmgrsvc;Dell ControlPoint System Manager;c:\program files\dell\dell controlpoint\system manager\DCPSysMgrSvc.exe [2009-7-16 376096]
S2 DragonUpdater;COMODO Dragon Update Service;c:\program files\comodo\dragon\dragon_updater.exe [2012-4-13 409232]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-9-23 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-4 253088]
S3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2009-11-3 112512]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2009-10-28 23888]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-2-21 106104]
S3 GoToAssist Express Customer;GoToAssist Express Customer;c:\program files\citrix\gotoassist express customer\274\g2ax_service.exe [2011-3-1 161144]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-9-23 136176]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2009-11-3 109568]
S3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20120425.002\NAVENG.SYS [2012-4-25 86136]
S3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20120425.002\NAVEX15.SYS [2012-4-25 1576312]
S3 NvtSp50;NvtSp50 NDIS Protocol Driver;c:\windows\system32\drivers\nvtsp50.sys --> c:\windows\system32\drivers\NvtSp50.sys [?]
S3 SRS_PremiumSound_Service;SRS Labs Premium Sound;c:\windows\system32\drivers\SRS_PremiumSound_i386.sys [2009-11-2 232744]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2008-8-15 47128]
S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [2008-7-10 242712]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2008-8-15 369688]
.
=============== Created Last 30 ================
.
2012-04-25 22:38:54 98816 ----a-w- c:\windows\sed.exe
2012-04-25 22:38:54 518144 ----a-w- c:\windows\SWREG.exe
2012-04-25 22:38:54 256000 ----a-w- c:\windows\PEV.exe
2012-04-25 22:38:54 208896 ----a-w- c:\windows\MBR.exe
2012-04-25 22:12:44 -------- d-----w- c:\documents and settings\bhershberger.csc\application data\Anvisoft
2012-04-25 22:08:06 23848 ----a-w- c:\windows\system32\drivers\avhips.sys
2012-04-25 22:08:06 17704 ----a-w- c:\windows\system32\drivers\avfsmn.sys
2012-04-25 22:07:45 -------- d-----w- c:\program files\Anvisoft
2012-04-25 14:42:55 -------- d-----w- c:\documents and settings\bhershberger.csc\application data\SUPERAntiSpyware.com
2012-04-25 14:42:15 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-04-25 14:42:15 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2012-04-25 00:30:58 -------- d-sha-r- C:\cmdcons
2012-04-25 00:20:40 -------- d-----w- c:\windows\setup.pss
2012-04-25 00:20:17 -------- d-----w- c:\windows\setupupd
2012-04-25 00:06:36 -------- d-----w- c:\documents and settings\all users\application data\CPA_VA
2012-04-24 23:59:18 -------- d-----w- c:\documents and settings\all users\application data\Comodo
2012-04-24 23:59:04 -------- d-----w- c:\documents and settings\bhershberger.csc\local settings\application data\COMODO
2012-04-24 23:59:02 42760 ----a-w- c:\windows\system32\certsentry.dll
2012-04-24 23:58:56 -------- d-----w- c:\program files\Comodo
2012-04-24 23:51:10 -------- d-----w- c:\program files\SpywareBlaster
2012-04-24 19:07:46 -------- d-----w- c:\documents and settings\bhershberger.csc\local settings\application data\{70C385F0-8E41-11E1-826D-B8AC6F996F26}
2012-04-18 13:46:13 103864 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
2012-04-13 17:56:05 4139680 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2012-04-12 00:26:33 -------- d-----w- c:\documents and settings\bhershberger.csc\application data\com.digitaldm.editions.10016940
2012-04-12 00:26:19 -------- d-----w- c:\program files\DigitalDM
2012-04-04 14:08:24 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
.
==================== Find3M ====================
.
2012-04-13 18:56:07 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-04 20:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-12 02:13:46 494968 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2012-03-12 02:13:46 31704 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2012-03-12 02:13:44 18056 ----a-w- c:\windows\system32\drivers\cmderd.sys
2012-03-12 02:13:20 33984 ----a-w- c:\windows\system32\cmdcsr.dll
2012-03-12 02:13:20 301224 ----a-w- c:\windows\system32\guard32.dll
2012-03-01 11:01:32 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01:32 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01:32 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10:16 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10:16 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17:40 385024 ----a-w- c:\windows\system32\html.iec
2012-02-03 09:26:17 1869184 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 17:54:41.20 ===============

Attached Files

attach.txt 26.56K 17 downloads

#2
Elise

Posted 26 April 2012 - 01:28 AM

Forum Deity

Experts
8,720 posts

Gender:Female
Location:Romania

Hello and

It looks like you also ran Combofix. Can you please post me the log at c:\combofix.txt?

regards, Elise

If I am helping you and I haven't replied within 24 hours, please feel free to send me a PM.

#3
brianh9999

Posted 26 April 2012 - 07:02 AM

New Member

Members
13 posts

I've run ComboFix twice, it appeared to take care of everything the first time but then the redirect started again and endpoint protection started catching trojan.Dowiex!inf corrupted files in the temp directory. The first time the recurring virus was bloodhound.MALpe.

Here is the combofix log...

ComboFix 12-04-25.02 - bhershberger 04/25/2012 17:40:34.2.2 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3539.2935 [GMT -5:00]
Running from: c:\documents and settings\bhershberger.CSC\Desktop\ComboFix.exe
AV: Symantec Endpoint Protection *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: COMODO Firewall *Enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\bhershberger.CSC\Application Data\Mozilla\Firefox\Profiles\kmptt6fy.default\weave\toFetch
c:\documents and settings\bhershberger.CSC\Local Settings\Application Data\assembly\tmp
c:\windows\Downloaded Program Files\popcaploader.dll
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\EventSystem.log
.
.
((((((((((((((((((((((((( Files Created from 2012-03-25 to 2012-04-25 )))))))))))))))))))))))))))))))
.
.
2012-04-25 22:12 . 2012-04-25 22:12 -------- d-----w- c:\documents and settings\bhershberger.CSC\Application Data\Anvisoft
2012-04-25 22:08 . 2012-01-09 08:26 23848 ----a-w- c:\windows\system32\drivers\avhips.sys
2012-04-25 22:08 . 2012-01-09 08:26 17704 ----a-w- c:\windows\system32\drivers\avfsmn.sys
2012-04-25 22:07 . 2012-04-25 22:07 -------- d-----w- c:\program files\Anvisoft
2012-04-25 15:11 . 2012-04-25 15:11 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\COMODO
2012-04-25 14:42 . 2012-04-25 14:42 -------- d-----w- c:\documents and settings\bhershberger.CSC\Application Data\SUPERAntiSpyware.com
2012-04-25 14:42 . 2012-04-25 14:42 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-04-25 14:42 . 2012-04-25 14:42 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2012-04-25 00:06 . 2012-04-25 01:52 -------- d-----w- c:\documents and settings\All Users\Application Data\CPA_VA
2012-04-24 23:59 . 2012-04-25 00:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Comodo
2012-04-24 23:59 . 2012-04-24 23:59 -------- d-----w- c:\documents and settings\bhershberger.CSC\Local Settings\Application Data\COMODO
2012-04-24 23:59 . 2012-04-24 23:59 42760 ----a-w- c:\windows\system32\certsentry.dll
2012-04-24 23:58 . 2012-04-25 01:52 -------- d-----w- c:\program files\Comodo
2012-04-24 23:51 . 2012-04-24 23:56 -------- d-----w- c:\program files\SpywareBlaster
2012-04-24 19:07 . 2012-04-24 19:07 -------- d-----w- c:\documents and settings\bhershberger.CSC\Local Settings\Application Data\{70C385F0-8E41-11E1-826D-B8AC6F996F26}
2012-04-18 13:46 . 2012-03-26 13:41 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2012-04-13 17:56 . 2012-04-13 18:56 4139680 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2012-04-12 00:26 . 2012-04-12 00:26 -------- d-----w- c:\documents and settings\bhershberger.CSC\Application Data\com.digitaldm.editions.10016940
2012-04-12 00:26 . 2012-04-12 00:26 -------- d-----w- c:\program files\Common Files\Adobe AIR
2012-04-12 00:26 . 2012-04-12 00:26 -------- d-----w- c:\program files\DigitalDM
2012-04-04 14:08 . 2012-04-13 18:56 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-25 17:20 . 2011-01-31 02:12 0 ----a-w- c:\documents and settings\bhershberger.CSC\Local Settings\Application Data\WavXMapDrive.bat
2012-04-13 18:56 . 2011-05-18 13:37 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-04 20:56 . 2011-09-02 14:04 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-12 02:13 . 2012-03-12 02:13 97760 ----a-w- c:\windows\system32\drivers\inspect.sys
2012-03-12 02:13 . 2012-03-12 02:13 494968 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2012-03-12 02:13 . 2012-03-12 02:13 31704 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2012-03-12 02:13 . 2012-03-12 02:13 18056 ----a-w- c:\windows\system32\drivers\cmderd.sys
2012-03-12 02:13 . 2012-03-12 02:13 33984 ----a-w- c:\windows\system32\cmdcsr.dll
2012-03-12 02:13 . 2012-03-12 02:13 301224 ----a-w- c:\windows\system32\guard32.dll
2012-03-01 11:01 . 2008-04-25 16:16 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01 . 2008-04-25 16:16 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01 . 2008-04-25 16:16 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10 . 2008-04-25 16:16 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2008-04-25 16:16 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17 . 2008-04-25 16:16 385024 ----a-w- c:\windows\system32\html.iec
2012-02-03 09:26 . 2008-04-25 16:16 1869184 ----a-w- c:\windows\system32\win32k.sys
2012-03-20 13:37 . 2012-01-09 14:41 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]
@="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"
[HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]
2009-06-12 00:41 49152 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]
@="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"
[HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]
2009-06-12 00:41 49152 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-03-07 3905920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-02-22 200704]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-03-17 483420]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-02-26 134656]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-02-26 166912]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-02-26 134656]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-02-11 186904]
"DellControlPoint"="c:\program files\Dell\Dell ControlPoint\Dell.ControlPoint.exe" [2009-06-12 656384]
"ChangeTPMAuth"="c:\program files\Wave Systems Corp\Common\ChangeTPMAuth.exe" [2009-06-03 184320]
"WavXMgr"="c:\program files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe" [2009-05-18 145920]
"USCService"="c:\program files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe" [2009-07-05 15872]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2012-03-27 40376]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2010-06-28 115560]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-11 49152]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-07-20 202256]
"Synchronization Manager"="c:\windows\system32\mobsync.exe" [2008-04-14 143360]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-09-30 252296]
"AESTFltr"="c:\windows\system32\AESTFltr.exe" [2009-03-17 729088]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-03-12 6749512]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2011-07-27 434080]
"Anvi Smart Defender"="c:\program files\Anvisoft\Anvi Smart Defender\ASDTray.exe" [2012-04-20 625024]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist Express Customer]
2011-03-01 16:09 147832 ----a-w- c:\program files\Citrix\GoToAssist Express Customer\274\g2ax_winlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 wvauth
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\srv15EC]
@="service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Microsoft Office\\Live Meeting 8\\Console\\PWConsole.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"58837:TCP"= 58837:TCP:Pando Media Booster
"58837:UDP"= 58837:UDP:Pando Media Booster
.
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [3/11/2012 9:13 PM 31704]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 6:38 PM 116608]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [3/11/2012 9:13 PM 494968]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 11:27 AM 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 4:55 PM 67664]
S2 asdsrv;Anvi Smart Defender Realtime Guard Service;c:\program files\Anvisoft\Anvi Smart Defender\ASDSrv.exe [4/19/2012 10:23 PM 643880]
S2 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\AtService.exe [5/15/2009 6:33 PM 1803512]
S2 avhips;AntiMalware Host-based Intrusion Prevention System;c:\windows\system32\drivers\avhips.sys [4/25/2012 5:08 PM 23848]
S2 buttonsvc32;Dell ControlPoint Button Service;c:\program files\Dell\Dell ControlPoint\DCPButtonSvc.exe [4/27/2009 2:40 PM 293968]
S2 dcpsysmgrsvc;Dell ControlPoint System Manager;c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe [7/16/2009 1:04 PM 376096]
S2 DragonUpdater;COMODO Dragon Update Service;c:\program files\Comodo\Dragon\dragon_updater.exe [4/13/2012 7:59 AM 409232]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [9/23/2010 2:33 PM 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/4/2012 9:08 AM 253088]
S3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [11/3/2009 12:18 AM 112512]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [10/28/2009 11:52 AM 23888]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2/21/2012 9:48 AM 106104]
S3 GoToAssist Express Customer;GoToAssist Express Customer;c:\program files\Citrix\GoToAssist Express Customer\274\g2ax_service.exe [3/1/2011 11:09 AM 161144]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [9/23/2010 2:33 PM 136176]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [11/3/2009 12:19 AM 109568]
S3 NvtSp50;NvtSp50 NDIS Protocol Driver;c:\windows\system32\Drivers\NvtSp50.sys --> c:\windows\system32\Drivers\NvtSp50.sys [?]
S3 SRS_PremiumSound_Service;SRS Labs Premium Sound;c:\windows\system32\drivers\SRS_PremiumSound_i386.sys [11/2/2009 10:57 PM 232744]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [8/15/2008 2:47 PM 47128]
S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [7/10/2008 2:49 AM 242712]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [8/15/2008 2:47 PM 369688]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ASDSRV
*NewlyCreated* - AVHIPS
*NewlyCreated* - SRTSPL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
srv15EC
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 18:56]
.
2012-04-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cc08f6ec31d842.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-23 19:33]
.
2012-04-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA1cc08f6ec402688.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-23 19:33]
.
2012-04-25 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2719337179-821044013-2112406857-1012.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 08:02]
.
2012-04-25 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-453876738-3065766259-2469240769-1116.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 08:02]
.
2012-04-25 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-823518204-1770027372-839522115-3159.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 08:02]
.
2011-11-04 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2719337179-821044013-2112406857-1012.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 08:02]
.
2012-04-25 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-453876738-3065766259-2469240769-1116.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 08:02]
.
2011-01-30 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-823518204-1770027372-839522115-3159.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 08:02]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.yahoo.com
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: prmia.org\smweb
TCP: DhcpNameServer = 10.1.100.200
TCP: Interfaces\{211DBFCA-464A-43D9-B010-4F99BC718F5D}: NameServer = 10.1.100.200
FF - ProfilePath - c:\documents and settings\bhershberger.CSC\Application Data\Mozilla\Firefox\Profiles\kmptt6fy.default\
FF - prefs.js: browser.startup.homepage - www.google.com
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-25 17:44
Windows 5.1.2600 Service Pack 3 NTFS
.
detected NTDLL code modification:
ZwClose
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(856)
c:\windows\system32\guard32.dll
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\program files\Citrix\GoToAssist Express Customer\274\g2ax_winlogon.dll
c:\windows\system32\NetProvCredMan.dll
.
- - - - - - - > 'lsass.exe'(912)
c:\windows\system32\guard32.dll
c:\windows\system32\wvauth.dll
c:\windows\system32\WININET.dll
.
Completion time: 2012-04-25 17:46:35
ComboFix-quarantined-files.txt 2012-04-25 22:46
ComboFix2.txt 2012-04-25 00:42
.
Pre-Run: 86,503,170,048 bytes free
Post-Run: 86,497,017,856 bytes free
.
- - End Of File - - 1B88B601F688DEF8603BCC98B852686F

#4
Elise

Posted 26 April 2012 - 08:06 AM

Forum Deity

Experts
8,720 posts

Gender:Female
Location:Romania

Hi again,
Lets first do an additional rootkit scan too.

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!

Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
Vista/Windows 7 users right-click and select Run As Administrator.
If TDSSKiller does not run, try renaming it.
To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
Click the Start Scan button.
Do not use the computer during the scan
If the scan completes with nothing found, click Close to exit.
If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
Copy and paste the contents of that file in your next reply.

regards, Elise

If I am helping you and I haven't replied within 24 hours, please feel free to send me a PM.

#5
brianh9999

Posted 26 April 2012 - 10:04 AM

New Member

Members
13 posts

The TDSS log...

09:56:21.0125 3292 TDSS rootkit removing tool 2.7.33.0 Apr 24 2012 18:43:43
09:56:21.0406 3292 ============================================================
09:56:21.0406 3292 Current date / time: 2012/04/26 09:56:21.0406
09:56:21.0406 3292 SystemInfo:
09:56:21.0406 3292
09:56:21.0406 3292 OS Version: 5.1.2600 ServicePack: 3.0
09:56:21.0406 3292 Product type: Workstation
09:56:21.0406 3292 ComputerName: DFNKC-5JQ35L1
09:56:21.0406 3292 UserName: bhershberger
09:56:21.0406 3292 Windows directory: C:\WINDOWS
09:56:21.0406 3292 System windows directory: C:\WINDOWS
09:56:21.0406 3292 Processor architecture: Intel x86
09:56:21.0406 3292 Number of processors: 2
09:56:21.0406 3292 Page size: 0x1000
09:56:21.0406 3292 Boot type: Normal boot
09:56:21.0406 3292 ============================================================
09:56:21.0687 3292 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
09:56:21.0703 3292 ============================================================
09:56:21.0703 3292 \Device\Harddisk0\DR0:
09:56:21.0703 3292 MBR partitions:
09:56:21.0703 3292 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2B24B, BlocksNum 0x129ED876
09:56:21.0703 3292 ============================================================
09:56:21.0734 3292 C: <-> \Device\Harddisk0\DR0\Partition0
09:56:21.0734 3292 ============================================================
09:56:21.0734 3292 Initialize success
09:56:21.0734 3292 ============================================================
09:56:45.0500 0692 ============================================================
09:56:45.0500 0692 Scan started
09:56:45.0500 0692 Mode: Manual;
09:56:45.0500 0692 ============================================================
09:56:45.0937 0692 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
09:56:45.0937 0692 !SASCORE - ok
09:56:46.0062 0692 Abiosdsk - ok
09:56:46.0078 0692 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
09:56:46.0093 0692 abp480n5 - ok
09:56:46.0109 0692 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
09:56:46.0109 0692 ACPI - ok
09:56:46.0109 0692 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
09:56:46.0109 0692 ACPIEC - ok
09:56:46.0187 0692 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
09:56:46.0187 0692 AdobeFlashPlayerUpdateSvc - ok
09:56:46.0218 0692 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
09:56:46.0218 0692 adpu160m - ok
09:56:46.0250 0692 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
09:56:46.0250 0692 aec - ok
09:56:46.0265 0692 AESTAud (f21d5e93a94514be9f5b6ebf74a696b2) C:\WINDOWS\system32\drivers\AESTAud.sys
09:56:46.0281 0692 AESTAud - ok
09:56:46.0312 0692 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
09:56:46.0312 0692 AFD - ok
09:56:46.0328 0692 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
09:56:46.0328 0692 agp440 - ok
09:56:46.0343 0692 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
09:56:46.0343 0692 agpCPQ - ok
09:56:46.0343 0692 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
09:56:46.0343 0692 Aha154x - ok
09:56:46.0343 0692 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
09:56:46.0359 0692 aic78u2 - ok
09:56:46.0359 0692 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
09:56:46.0359 0692 aic78xx - ok
09:56:46.0390 0692 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
09:56:46.0390 0692 Alerter - ok
09:56:46.0421 0692 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
09:56:46.0421 0692 ALG - ok
09:56:46.0437 0692 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
09:56:46.0437 0692 AliIde - ok
09:56:46.0437 0692 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
09:56:46.0437 0692 alim1541 - ok
09:56:46.0453 0692 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
09:56:46.0453 0692 amdagp - ok
09:56:46.0453 0692 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
09:56:46.0453 0692 amsint - ok
09:56:46.0500 0692 ApfiltrService (b83f9da84f7079451c1c6a4a2f140920) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
09:56:46.0500 0692 ApfiltrService - ok
09:56:46.0546 0692 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
09:56:46.0546 0692 AppMgmt - ok
09:56:46.0562 0692 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
09:56:46.0578 0692 Arp1394 - ok
09:56:46.0578 0692 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
09:56:46.0578 0692 asc - ok
09:56:46.0593 0692 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
09:56:46.0593 0692 asc3350p - ok
09:56:46.0593 0692 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
09:56:46.0593 0692 asc3550 - ok
09:56:46.0687 0692 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
09:56:46.0687 0692 aspnet_state - ok
09:56:46.0703 0692 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
09:56:46.0703 0692 AsyncMac - ok
09:56:46.0734 0692 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
09:56:46.0734 0692 atapi - ok
09:56:46.0734 0692 Atdisk - ok
09:56:46.0750 0692 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
09:56:46.0765 0692 Atmarpc - ok
09:56:47.0046 0692 ATService (f6e8ccf14b84507497d3108518dbb4cc) C:\Program Files\Fingerprint Sensor\AtService.exe
09:56:47.0062 0692 ATService - ok
09:56:47.0156 0692 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
09:56:47.0156 0692 AudioSrv - ok
09:56:47.0187 0692 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
09:56:47.0187 0692 audstub - ok
09:56:47.0234 0692 b57w2k (ea377a8e8e1000877210259750cbbf5f) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
09:56:47.0234 0692 b57w2k - ok
09:56:47.0328 0692 BcmSqlStartupSvc (6163664c7e9cd110af70180c126c3fdc) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
09:56:47.0328 0692 BcmSqlStartupSvc - ok
09:56:47.0343 0692 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
09:56:47.0343 0692 Beep - ok
09:56:47.0421 0692 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
09:56:47.0437 0692 BITS - ok
09:56:47.0468 0692 Blfp (a341cdb0beb6880f11678944f292dd16) C:\WINDOWS\system32\DRIVERS\baspxp32.sys
09:56:47.0468 0692 Blfp - ok
09:56:47.0500 0692 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
09:56:47.0500 0692 Browser - ok
09:56:47.0578 0692 buttonsvc32 (9aad3fea7c3efa529ca40057428edc9c) C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe
09:56:47.0578 0692 buttonsvc32 - ok
09:56:47.0656 0692 catchme - ok
09:56:47.0687 0692 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
09:56:47.0687 0692 cbidf - ok
09:56:47.0703 0692 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
09:56:47.0703 0692 cbidf2k - ok
09:56:47.0718 0692 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
09:56:47.0734 0692 CCDECODE - ok
09:56:47.0781 0692 ccEvtMgr (260a069f403da226d18c058ad14fd3a3) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
09:56:47.0781 0692 ccEvtMgr - ok
09:56:47.0796 0692 ccSetMgr (260a069f403da226d18c058ad14fd3a3) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
09:56:47.0796 0692 ccSetMgr - ok
09:56:47.0796 0692 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
09:56:47.0812 0692 cd20xrnt - ok
09:56:47.0828 0692 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
09:56:47.0828 0692 Cdaudio - ok
09:56:47.0843 0692 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
09:56:47.0843 0692 Cdfs - ok
09:56:47.0890 0692 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys
09:56:47.0890 0692 Cdrom - ok
09:56:47.0906 0692 Changer - ok
09:56:47.0921 0692 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
09:56:47.0921 0692 CiSvc - ok
09:56:47.0937 0692 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
09:56:47.0937 0692 ClipSrv - ok
09:56:47.0984 0692 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:56:47.0984 0692 clr_optimization_v2.0.50727_32 - ok
09:56:48.0031 0692 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
09:56:48.0031 0692 CmBatt - ok
09:56:48.0281 0692 cmdAgent (907324001ae25ac5959c91eaa34cabae) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
09:56:48.0312 0692 cmdAgent - ok
09:56:48.0453 0692 cmdGuard (bee235831f8e3f0baaca18b39d285cf5) C:\WINDOWS\system32\DRIVERS\cmdguard.sys
09:56:48.0453 0692 cmdGuard - ok
09:56:48.0484 0692 cmdHlp (de548946f36cab62fec2e6aa0149a619) C:\WINDOWS\system32\DRIVERS\cmdhlp.sys
09:56:48.0484 0692 cmdHlp - ok
09:56:48.0484 0692 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
09:56:48.0484 0692 CmdIde - ok
09:56:48.0531 0692 COH_Mon (86a22dff16e8ca67601044efe6825537) C:\WINDOWS\system32\Drivers\COH_Mon.sys
09:56:48.0531 0692 COH_Mon - ok
09:56:48.0546 0692 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
09:56:48.0546 0692 Compbatt - ok
09:56:48.0546 0692 COMSysApp - ok
09:56:48.0578 0692 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
09:56:48.0578 0692 Cpqarray - ok
09:56:48.0609 0692 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
09:56:48.0625 0692 CryptSvc - ok
09:56:48.0640 0692 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
09:56:48.0640 0692 dac2w2k - ok
09:56:48.0640 0692 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
09:56:48.0640 0692 dac960nt - ok
09:56:48.0703 0692 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
09:56:48.0718 0692 DcomLaunch - ok
09:56:48.0859 0692 dcpsysmgrsvc (0324175c7c824a69d3240484d492b11b) c:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe
09:56:48.0875 0692 dcpsysmgrsvc - ok
09:56:48.0890 0692 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
09:56:48.0890 0692 Dhcp - ok
09:56:48.0921 0692 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
09:56:48.0921 0692 Disk - ok
09:56:48.0937 0692 dmadmin - ok
09:56:49.0000 0692 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
09:56:49.0015 0692 dmboot - ok
09:56:49.0031 0692 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
09:56:49.0031 0692 dmio - ok
09:56:49.0046 0692 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
09:56:49.0046 0692 dmload - ok
09:56:49.0062 0692 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
09:56:49.0062 0692 dmserver - ok
09:56:49.0093 0692 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
09:56:49.0109 0692 DMusic - ok
09:56:49.0125 0692 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
09:56:49.0125 0692 Dnscache - ok
09:56:49.0156 0692 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
09:56:49.0156 0692 Dot3svc - ok
09:56:49.0171 0692 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
09:56:49.0171 0692 dpti2o - ok
09:56:49.0234 0692 DragonUpdater (0036e686ca66bd1b005776ac8064640b) C:\Program Files\Comodo\Dragon\dragon_updater.exe
09:56:49.0234 0692 DragonUpdater - ok
09:56:49.0234 0692 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
09:56:49.0234 0692 drmkaud - ok
09:56:49.0265 0692 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
09:56:49.0265 0692 EapHost - ok
09:56:49.0343 0692 eeCtrl (579a6b6135d32b857faf0e3a974535d8) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
09:56:49.0359 0692 eeCtrl - ok
09:56:49.0390 0692 EraserUtilRebootDrv (028d50f059bd0d2ccb209e9011b9a9a4) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
09:56:49.0390 0692 EraserUtilRebootDrv - ok
09:56:49.0406 0692 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
09:56:49.0406 0692 ERSvc - ok
09:56:49.0453 0692 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
09:56:49.0453 0692 Eventlog - ok
09:56:49.0515 0692 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
09:56:49.0515 0692 EventSystem - ok
09:56:49.0671 0692 EvtEng (87a32636c84555525700e623662e34d9) c:\Program Files\Intel\WiFi\bin\EvtEng.exe
09:56:49.0687 0692 EvtEng - ok
09:56:49.0781 0692 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
09:56:49.0781 0692 Fastfat - ok
09:56:49.0812 0692 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
09:56:49.0812 0692 FastUserSwitchingCompatibility - ok
09:56:49.0875 0692 Fax (e97d6a8684466df94ff3bc24fb787a07) C:\WINDOWS\system32\fxssvc.exe
09:56:49.0890 0692 Fax - ok
09:56:49.0906 0692 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
09:56:49.0906 0692 Fdc - ok
09:56:49.0937 0692 FilterService (1edc0df2da14e04504dd3bac21aa32cd) C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys
09:56:49.0937 0692 FilterService - ok
09:56:49.0953 0692 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
09:56:49.0953 0692 Fips - ok
09:56:50.0062 0692 FLEXnet Licensing Service (f76d04f7413b07daa029f6520b64b4e8) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
09:56:50.0078 0692 FLEXnet Licensing Service - ok
09:56:50.0187 0692 FlipShare Service (e6ba1ceb107ad2663554942a3b090b43) C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
09:56:50.0187 0692 FlipShare Service - ok
09:56:50.0203 0692 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
09:56:50.0218 0692 Flpydisk - ok
09:56:50.0250 0692 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
09:56:50.0250 0692 FltMgr - ok
09:56:50.0328 0692 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
09:56:50.0328 0692 FontCache3.0.0.0 - ok
09:56:50.0359 0692 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
09:56:50.0359 0692 Fs_Rec - ok
09:56:50.0406 0692 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
09:56:50.0406 0692 Ftdisk - ok
09:56:50.0437 0692 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
09:56:50.0437 0692 GEARAspiWDM - ok
09:56:50.0515 0692 GoToAssist Express Customer (d080a3d550ed79f8ea1ec79d47131478) C:\Program Files\Citrix\GoToAssist Express Customer\274\g2ax_service.exe
09:56:50.0531 0692 GoToAssist Express Customer - ok
09:56:50.0546 0692 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
09:56:50.0546 0692 Gpc - ok
09:56:50.0609 0692 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
09:56:50.0609 0692 gupdate - ok
09:56:50.0609 0692 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
09:56:50.0625 0692 gupdatem - ok
09:56:50.0671 0692 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
09:56:50.0671 0692 HDAudBus - ok
09:56:50.0734 0692 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
09:56:50.0734 0692 helpsvc - ok
09:56:50.0765 0692 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
09:56:50.0765 0692 HidServ - ok
09:56:50.0796 0692 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
09:56:50.0796 0692 hidusb - ok
09:56:50.0828 0692 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
09:56:50.0843 0692 hkmsvc - ok
09:56:50.0859 0692 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
09:56:50.0859 0692 hpn - ok
09:56:50.0984 0692 hpqcxs08 (af81f7ba6a09119006fe041a2f2f3ece) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
09:56:50.0984 0692 hpqcxs08 - ok
09:56:51.0015 0692 hpqddsvc (7244f63db8ea883b3dc8e730c645d073) C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
09:56:51.0015 0692 hpqddsvc - ok
09:56:51.0062 0692 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
09:56:51.0062 0692 HPZid412 - ok
09:56:51.0093 0692 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
09:56:51.0093 0692 HPZipr12 - ok
09:56:51.0125 0692 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
09:56:51.0125 0692 HPZius12 - ok
09:56:51.0203 0692 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
09:56:51.0203 0692 HTTP - ok
09:56:51.0234 0692 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
09:56:51.0250 0692 HTTPFilter - ok
09:56:51.0281 0692 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
09:56:51.0281 0692 i2omgmt - ok
09:56:51.0296 0692 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
09:56:51.0296 0692 i2omp - ok
09:56:51.0328 0692 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
09:56:51.0328 0692 i8042prt - ok
09:56:51.0437 0692 IAANTMON (52e8a3cc8269adb27d25182284c5e650) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
09:56:51.0453 0692 IAANTMON - ok
09:56:51.0937 0692 ialm (3b743262b6456167888d15f1121b3bf7) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
09:56:51.0984 0692 ialm - ok
09:56:52.0156 0692 iaStor (71ecc07bc7c5e24c3dd01d8a29a24054) C:\WINDOWS\system32\drivers\iaStor.sys
09:56:52.0156 0692 iaStor - ok
09:56:52.0359 0692 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
09:56:52.0359 0692 idsvc - ok
09:56:52.0390 0692 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
09:56:52.0390 0692 Imapi - ok
09:56:52.0437 0692 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
09:56:52.0437 0692 ImapiService - ok
09:56:52.0468 0692 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
09:56:52.0468 0692 ini910u - ok
09:56:52.0500 0692 Inspect (f89849cf13805ef49da64a8a63193af7) C:\WINDOWS\system32\DRIVERS\inspect.sys
09:56:52.0500 0692 Inspect - ok
09:56:52.0546 0692 IntcHdmiAddService (f32a62c765885bd8e4352a1565f702a6) C:\WINDOWS\system32\drivers\IntcHdmi.sys
09:56:52.0546 0692 IntcHdmiAddService - ok
09:56:52.0562 0692 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
09:56:52.0562 0692 IntelIde - ok
09:56:52.0593 0692 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
09:56:52.0593 0692 intelppm - ok
09:56:52.0625 0692 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
09:56:52.0625 0692 Ip6Fw - ok
09:56:52.0656 0692 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
09:56:52.0656 0692 IpFilterDriver - ok
09:56:52.0687 0692 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
09:56:52.0687 0692 IpInIp - ok
09:56:52.0718 0692 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
09:56:52.0718 0692 IpNat - ok
09:56:52.0734 0692 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
09:56:52.0734 0692 IPSec - ok
09:56:52.0765 0692 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
09:56:52.0765 0692 IRENUM - ok
09:56:52.0781 0692 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
09:56:52.0781 0692 isapnp - ok
09:56:52.0921 0692 JavaQuickStarterService (973db7ac74c554c546f8b0b7b98fb855) C:\Program Files\Java\jre7\bin\jqs.exe
09:56:52.0921 0692 JavaQuickStarterService - ok
09:56:52.0937 0692 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
09:56:52.0937 0692 Kbdclass - ok
09:56:52.0968 0692 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
09:56:52.0968 0692 kbdhid - ok
09:56:53.0000 0692 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
09:56:53.0000 0692 kmixer - ok
09:56:53.0031 0692 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
09:56:53.0031 0692 KSecDD - ok
09:56:53.0078 0692 LanmanServer (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
09:56:53.0078 0692 LanmanServer - ok
09:56:53.0125 0692 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
09:56:53.0140 0692 lanmanworkstation - ok
09:56:53.0140 0692 lbrtfdc - ok
09:56:53.0421 0692 LiveUpdate (6105b28f5d03c4affa7197b228768849) C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
09:56:53.0468 0692 LiveUpdate - ok
09:56:53.0609 0692 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
09:56:53.0609 0692 LmHosts - ok
09:56:53.0671 0692 LVPr2Mon (f96cfb47903854f228baaf3e2d41a0a3) C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys
09:56:53.0671 0692 LVPr2Mon - ok
09:56:53.0781 0692 LVPrcSrv (ff23862146a682fcc3dbaa002e22f958) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
09:56:53.0781 0692 LVPrcSrv - ok
09:56:53.0890 0692 LVRS (e22fd7852e74f04cceb6b8a684a51f3e) C:\WINDOWS\system32\DRIVERS\lvrs.sys
09:56:53.0906 0692 LVRS - ok
09:56:53.0937 0692 LVUSBSta (5f987fc1aad215ec2c60cf07719b1cce) C:\WINDOWS\system32\DRIVERS\LVUSBSta.sys
09:56:53.0937 0692 LVUSBSta - ok
09:56:54.0359 0692 LVUVC (e89df2b88ee659954de79827ddf46dc9) C:\WINDOWS\system32\DRIVERS\lvuvc.sys
09:56:54.0453 0692 LVUVC - ok
09:56:54.0531 0692 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
09:56:54.0531 0692 Messenger - ok
09:56:54.0578 0692 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
09:56:54.0578 0692 mnmdd - ok
09:56:54.0609 0692 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
09:56:54.0609 0692 mnmsrvc - ok
09:56:54.0640 0692 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
09:56:54.0640 0692 Modem - ok
09:56:54.0671 0692 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
09:56:54.0671 0692 Mouclass - ok
09:56:54.0687 0692 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
09:56:54.0687 0692 mouhid - ok
09:56:54.0703 0692 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
09:56:54.0703 0692 MountMgr - ok
09:56:54.0734 0692 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
09:56:54.0734 0692 mraid35x - ok
09:56:54.0750 0692 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
09:56:54.0750 0692 MRxDAV - ok
09:56:54.0812 0692 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
09:56:54.0812 0692 MRxSmb - ok
09:56:54.0828 0692 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
09:56:54.0828 0692 MSDTC - ok
09:56:54.0843 0692 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
09:56:54.0843 0692 Msfs - ok
09:56:54.0843 0692 MSIServer - ok
09:56:54.0859 0692 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
09:56:54.0859 0692 MSKSSRV - ok
09:56:54.0875 0692 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
09:56:54.0875 0692 MSPCLOCK - ok
09:56:54.0906 0692 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
09:56:54.0906 0692 MSPQM - ok
09:56:54.0906 0692 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
09:56:54.0906 0692 mssmbios - ok
09:56:55.0015 0692 MSSQL$MSSMLBIZ - ok
09:56:55.0062 0692 MSSQL$SQLEXPRESS - ok
09:56:55.0125 0692 MSSQLServerADHelper (1d89eb4e2a99cabd4e81225f4f4c4b25) c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
09:56:55.0125 0692 MSSQLServerADHelper - ok
09:56:55.0171 0692 MSSQLServerADHelper100 (f1761c8fb2b25a32c6d63e36bb88c3ae) c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
09:56:55.0171 0692 MSSQLServerADHelper100 - ok
09:56:55.0203 0692 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
09:56:55.0203 0692 MSTEE - ok
09:56:55.0234 0692 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
09:56:55.0234 0692 Mup - ok
09:56:55.0281 0692 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
09:56:55.0281 0692 NABTSFEC - ok
09:56:55.0343 0692 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
09:56:55.0343 0692 napagent - ok
09:56:55.0437 0692 NAVENG (862f55824ac81295837b0ab63f91071f) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20120425.032\NAVENG.SYS
09:56:55.0453 0692 NAVENG - ok
09:56:55.0625 0692 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20120425.032\NAVEX15.SYS
09:56:55.0640 0692 NAVEX15 - ok
09:56:55.0843 0692 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
09:56:55.0843 0692 NDIS - ok
09:56:55.0859 0692 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
09:56:55.0859 0692 NdisIP - ok
09:56:55.0875 0692 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
09:56:55.0875 0692 NdisTapi - ok
09:56:55.0890 0692 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
09:56:55.0890 0692 Ndisuio - ok
09:56:55.0921 0692 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
09:56:55.0921 0692 NdisWan - ok
09:56:55.0953 0692 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
09:56:55.0968 0692 NDProxy - ok
09:56:56.0000 0692 Net Driver HPZ12 (51c6d8bfbd4ea5b62a1ba7f4469250d3) C:\WINDOWS\system32\HPZinw12.dll
09:56:56.0000 0692 Net Driver HPZ12 - ok
09:56:56.0015 0692 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
09:56:56.0015 0692 NetBIOS - ok
09:56:56.0062 0692 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
09:56:56.0062 0692 NetBT - ok
09:56:56.0093 0692 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
09:56:56.0093 0692 NetDDE - ok
09:56:56.0093 0692 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
09:56:56.0093 0692 NetDDEdsdm - ok
09:56:56.0125 0692 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
09:56:56.0125 0692 Netlogon - ok
09:56:56.0156 0692 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
09:56:56.0156 0692 Netman - ok
09:56:56.0265 0692 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
09:56:56.0265 0692 NetTcpPortSharing - ok
09:56:56.0515 0692 NETw5x32 (a3b69acd14051ae87ab9e1823a508b6d) C:\WINDOWS\system32\DRIVERS\NETw5x32.sys
09:56:56.0546 0692 NETw5x32 - ok
09:56:56.0687 0692 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
09:56:56.0687 0692 NIC1394 - ok
09:56:56.0750 0692 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
09:56:56.0750 0692 Nla - ok
09:56:56.0765 0692 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
09:56:56.0765 0692 Npfs - ok
09:56:56.0812 0692 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
09:56:56.0812 0692 Ntfs - ok
09:56:56.0828 0692 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
09:56:56.0828 0692 NtLmSsp - ok
09:56:56.0875 0692 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
09:56:56.0875 0692 NtmsSvc - ok
09:56:56.0890 0692 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
09:56:56.0890 0692 Null - ok
09:56:56.0890 0692 NvtSp50 - ok
09:56:56.0921 0692 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
09:56:56.0921 0692 NwlnkFlt - ok
09:56:56.0937 0692 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
09:56:56.0937 0692 NwlnkFwd - ok
09:56:57.0062 0692 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
09:56:57.0062 0692 odserv - ok
09:56:57.0093 0692 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
09:56:57.0093 0692 ohci1394 - ok
09:56:57.0140 0692 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
09:56:57.0140 0692 ose - ok
09:56:57.0171 0692 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
09:56:57.0171 0692 Parport - ok
09:56:57.0171 0692 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
09:56:57.0171 0692 PartMgr - ok
09:56:57.0187 0692 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
09:56:57.0187 0692 ParVdm - ok
09:56:57.0203 0692 PBADRV (4088c1ecd1f54281a92fa663b0fdc36f) C:\WINDOWS\system32\DRIVERS\PBADRV.sys
09:56:57.0203 0692 PBADRV - ok
09:56:57.0218 0692 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
09:56:57.0218 0692 PCI - ok
09:56:57.0218 0692 PCIDump - ok
09:56:57.0234 0692 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
09:56:57.0234 0692 PCIIde - ok
09:56:57.0250 0692 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
09:56:57.0250 0692 Pcmcia - ok
09:56:57.0250 0692 PDCOMP - ok
09:56:57.0250 0692 PDFRAME - ok
09:56:57.0265 0692 PDRELI - ok
09:56:57.0265 0692 PDRFRAME - ok
09:56:57.0265 0692 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
09:56:57.0265 0692 perc2 - ok
09:56:57.0281 0692 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
09:56:57.0296 0692 perc2hib - ok
09:56:57.0312 0692 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
09:56:57.0312 0692 PlugPlay - ok
09:56:57.0359 0692 Pml Driver HPZ12 (79834aa2fbf9fe81eebb229024f6f7fc) C:\WINDOWS\system32\HPZipm12.dll
09:56:57.0359 0692 Pml Driver HPZ12 - ok
09:56:57.0359 0692 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
09:56:57.0359 0692 PolicyAgent - ok
09:56:57.0375 0692 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
09:56:57.0375 0692 PptpMiniport - ok
09:56:57.0375 0692 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
09:56:57.0375 0692 ProtectedStorage - ok
09:56:57.0406 0692 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
09:56:57.0406 0692 PSched - ok
09:56:57.0421 0692 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
09:56:57.0421 0692 Ptilink - ok
09:56:57.0437 0692 PxHelp20 (03e0fe281823ba64b3782f5b38950e73) C:\WINDOWS\system32\Drivers\PxHelp20.sys
09:56:57.0437 0692 PxHelp20 - ok
09:56:57.0453 0692 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
09:56:57.0453 0692 ql1080 - ok
09:56:57.0468 0692 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
09:56:57.0468 0692 Ql10wnt - ok
09:56:57.0484 0692 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
09:56:57.0484 0692 ql12160 - ok
09:56:57.0484 0692 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
09:56:57.0484 0692 ql1240 - ok
09:56:57.0500 0692 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
09:56:57.0515 0692 ql1280 - ok
09:56:57.0515 0692 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
09:56:57.0515 0692 RasAcd - ok
09:56:57.0546 0692 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
09:56:57.0546 0692 RasAuto - ok
09:56:57.0562 0692 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
09:56:57.0562 0692 Rasl2tp - ok
09:56:57.0593 0692 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
09:56:57.0593 0692 RasMan - ok
09:56:57.0625 0692 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
09:56:57.0625 0692 RasPppoe - ok
09:56:57.0625 0692 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
09:56:57.0625 0692 Raspti - ok
09:56:57.0656 0692 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
09:56:57.0656 0692 Rdbss - ok
09:56:57.0671 0692 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
09:56:57.0671 0692 RDPCDD - ok
09:56:57.0687 0692 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
09:56:57.0687 0692 rdpdr - ok
09:56:57.0718 0692 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
09:56:57.0718 0692 RDPWD - ok
09:56:57.0765 0692 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
09:56:57.0765 0692 RDSessMgr - ok
09:56:57.0796 0692 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
09:56:57.0796 0692 redbook - ok
09:56:57.0921 0692 RegSrvc (d1875727d04eae948f139022dcad3d47) c:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
09:56:57.0921 0692 RegSrvc - ok
09:56:57.0953 0692 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
09:56:57.0953 0692 RemoteAccess - ok
09:56:57.0968 0692 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
09:56:57.0968 0692 RemoteRegistry - ok
09:56:58.0015 0692 rimmptsk (ea885e7a56f1be1f14c372337c42fe48) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
09:56:58.0015 0692 rimmptsk - ok
09:56:58.0046 0692 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
09:56:58.0046 0692 RpcLocator - ok
09:56:58.0078 0692 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
09:56:58.0093 0692 RpcSs - ok
09:56:58.0125 0692 RsFx0102 (fedd2710b75be3ecf078adace790c423) C:\WINDOWS\system32\DRIVERS\RsFx0102.sys
09:56:58.0125 0692 RsFx0102 - ok
09:56:58.0156 0692 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
09:56:58.0156 0692 RSVP - ok
09:56:58.0296 0692 S24EventMonitor (8b4459365c254196f498a3cbc2898dbb) c:\Program Files\Intel\WiFi\bin\S24EvMon.exe
09:56:58.0312 0692 S24EventMonitor - ok
09:56:58.0328 0692 s24trans (87940243ea2ad3ebe274f5409c5e9072) C:\WINDOWS\system32\DRIVERS\s24trans.sys
09:56:58.0328 0692 s24trans - ok
09:56:58.0343 0692 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
09:56:58.0343 0692 SamSs - ok
09:56:58.0406 0692 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
09:56:58.0406 0692 SASDIFSV - ok
09:56:58.0421 0692 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
09:56:58.0421 0692 SASKUTIL - ok
09:56:58.0453 0692 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
09:56:58.0453 0692 SCardSvr - ok
09:56:58.0500 0692 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
09:56:58.0500 0692 Schedule - ok
09:56:58.0515 0692 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
09:56:58.0515 0692 sdbus - ok
09:56:58.0531 0692 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
09:56:58.0531 0692 Secdrv - ok
09:56:58.0546 0692 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
09:56:58.0546 0692 seclogon - ok
09:56:58.0703 0692 SecureStorageService (d7f978c1b6387544fe132eb5b915ed1a) C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe
09:56:58.0703 0692 SecureStorageService - ok
09:56:58.0718 0692 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
09:56:58.0718 0692 SENS - ok
09:56:58.0734 0692 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
09:56:58.0734 0692 Serenum - ok
09:56:58.0750 0692 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
09:56:58.0750 0692 Serial - ok
09:56:58.0765 0692 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
09:56:58.0765 0692 Sfloppy - ok
09:56:58.0812 0692 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
09:56:58.0812 0692 SharedAccess - ok
09:56:58.0859 0692 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
09:56:58.0859 0692 ShellHWDetection - ok
09:56:58.0859 0692 Simbad - ok
09:56:58.0875 0692 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
09:56:58.0875 0692 sisagp - ok
09:56:58.0906 0692 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
09:56:58.0906 0692 SLIP - ok
09:56:59.0109 0692 SmcService (0dc94380be7d36ae241029c72807692e) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
09:56:59.0109 0692 SmcService - ok
09:56:59.0156 0692 SNAC (65e1ebf379856b677979802c8d5bcd87) C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE
09:56:59.0156 0692 SNAC - ok
09:56:59.0296 0692 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
09:56:59.0296 0692 Sparrow - ok
09:56:59.0343 0692 SPBBCDrv (e87cf104f12c92401c4d33c50a3d5dc8) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
09:56:59.0343 0692 SPBBCDrv - ok
09:56:59.0375 0692 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
09:56:59.0375 0692 splitter - ok
09:56:59.0406 0692 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
09:56:59.0421 0692 Spooler - ok
09:56:59.0515 0692 SQLAgent$SQLEXPRESS (eb2fd937449b7aceb39372f875eb8e78) c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE
09:56:59.0515 0692 SQLAgent$SQLEXPRESS - ok
09:56:59.0593 0692 SQLBrowser (b54b48f6d92423440c264e91225c5ff1) c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
09:56:59.0593 0692 SQLBrowser - ok
09:56:59.0625 0692 SQLWriter (637a0f23f9012358e92e6f99835494d1) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
09:56:59.0625 0692 SQLWriter - ok
09:56:59.0671 0692 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
09:56:59.0671 0692 sr - ok
09:56:59.0718 0692 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
09:56:59.0718 0692 srservice - ok
09:56:59.0765 0692 SRS_PremiumSound_Service (584477fdfa731af4635f5875c6b52531) C:\WINDOWS\system32\drivers\srs_PremiumSound_i386.sys
09:56:59.0765 0692 SRS_PremiumSound_Service - ok
09:56:59.0781 0692 SRTSP (5a293729e1f9fce3a2106d1f5dc5e98a) C:\WINDOWS\system32\Drivers\SRTSP.SYS
09:56:59.0781 0692 SRTSP - ok
09:56:59.0828 0692 SRTSPL (0ddb7fba32be09d8057063c0cee24137) C:\WINDOWS\system32\Drivers\SRTSPL.SYS
09:56:59.0828 0692 SRTSPL - ok
09:56:59.0843 0692 SRTSPX (a99719dfb61b61aa5026341bbb733c0a) C:\WINDOWS\system32\Drivers\SRTSPX.SYS
09:56:59.0843 0692 SRTSPX - ok
09:56:59.0890 0692 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
09:56:59.0890 0692 Srv - ok
09:56:59.0921 0692 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
09:56:59.0921 0692 SSDPSRV - ok
09:56:59.0968 0692 STacSV (3603f3db9fba2a8fa91829681ba25afa) c:\drivers\audio\r213367\stacsv.exe
09:56:59.0968 0692 STacSV - ok
09:57:00.0093 0692 STHDA (1b76479b80ff0f6e245ba590a64102be) C:\WINDOWS\system32\drivers\sthda.sys
09:57:00.0093 0692 STHDA - ok
09:57:00.0218 0692 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
09:57:00.0218 0692 stisvc - ok
09:57:00.0296 0692 stllssvr (e476c66713c842f58e61a95826ed1d57) c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
09:57:00.0296 0692 stllssvr - ok
09:57:00.0343 0692 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
09:57:00.0343 0692 streamip - ok
09:57:00.0375 0692 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
09:57:00.0375 0692 swenum - ok
09:57:00.0421 0692 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
09:57:00.0421 0692 swmidi - ok
09:57:00.0421 0692 SwPrv - ok
09:57:00.0593 0692 Symantec AntiVirus (f3a4ead0b3946e439f0397f7a4d09952) C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
09:57:00.0609 0692 Symantec AntiVirus - ok
09:57:00.0656 0692 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
09:57:00.0656 0692 symc810 - ok
09:57:00.0671 0692 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
09:57:00.0671 0692 symc8xx - ok
09:57:00.0718 0692 SymEvent (a54ff04bd6e75dc4d8cb6f3e352635e0) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
09:57:00.0718 0692 SymEvent - ok
09:57:00.0734 0692 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
09:57:00.0734 0692 sym_hi - ok
09:57:00.0734 0692 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
09:57:00.0734 0692 sym_u3 - ok
09:57:00.0765 0692 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
09:57:00.0765 0692 sysaudio - ok
09:57:00.0796 0692 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
09:57:00.0796 0692 SysmonLog - ok
09:57:00.0828 0692 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
09:57:00.0828 0692 TapiSrv - ok
09:57:00.0890 0692 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
09:57:00.0890 0692 Tcpip - ok
09:57:01.0015 0692 tcsd_win32.exe (69f1a38a6dbfe682491cb61a596662e3) C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
09:57:01.0015 0692 tcsd_win32.exe - ok
09:57:01.0140 0692 TdmService (a62f1de032e59c4bb35557a2219cb160) C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
09:57:01.0156 0692 TdmService - ok
09:57:01.0203 0692 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
09:57:01.0203 0692 TDPIPE - ok
09:57:01.0234 0692 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
09:57:01.0234 0692 TDTCP - ok
09:57:01.0250 0692 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
09:57:01.0250 0692 TermDD - ok
09:57:01.0281 0692 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
09:57:01.0281 0692 TermService - ok
09:57:01.0328 0692 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
09:57:01.0328 0692 Themes - ok
09:57:01.0343 0692 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
09:57:01.0343 0692 TlntSvr - ok
09:57:01.0359 0692 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
09:57:01.0359 0692 TosIde - ok
09:57:01.0390 0692 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
09:57:01.0390 0692 TrkWks - ok
09:57:01.0421 0692 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
09:57:01.0421 0692 Udfs - ok
09:57:01.0437 0692 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
09:57:01.0437 0692 ultra - ok
09:57:01.0468 0692 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
09:57:01.0468 0692 Update - ok
09:57:01.0500 0692 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
09:57:01.0500 0692 upnphost - ok
09:57:01.0515 0692 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
09:57:01.0515 0692 UPS - ok
09:57:01.0546 0692 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
09:57:01.0546 0692 usbaudio - ok
09:57:01.0578 0692 usbccgp (c18d6c74953621346df6b0a11f80c1cc) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
09:57:01.0578 0692 usbccgp - ok
09:57:01.0593 0692 usbehci (4bac8df07f1d8434fc640e677a62204e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
09:57:01.0593 0692 usbehci - ok
09:57:01.0609 0692 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
09:57:01.0609 0692 usbhub - ok
09:57:01.0656 0692 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
09:57:01.0656 0692 usbprint - ok
09:57:01.0703 0692 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
09:57:01.0703 0692 usbscan - ok
09:57:01.0718 0692 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
09:57:01.0718 0692 USBSTOR - ok
09:57:01.0750 0692 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
09:57:01.0750 0692 usbuhci - ok
09:57:01.0781 0692 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
09:57:01.0781 0692 usbvideo - ok
09:57:01.0781 0692 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
09:57:01.0781 0692 VgaSave - ok
09:57:01.0812 0692 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
09:57:01.0812 0692 viaagp - ok
09:57:01.0828 0692 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
09:57:01.0828 0692 ViaIde - ok
09:57:01.0843 0692 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
09:57:01.0843 0692 VolSnap - ok
09:57:01.0890 0692 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
09:57:01.0890 0692 VSS - ok
09:57:01.0937 0692 w32time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
09:57:01.0937 0692 w32time - ok
09:57:01.0968 0692 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
09:57:01.0968 0692 Wanarp - ok
09:57:02.0000 0692 WavxDMgr (e1369c7a53c76eb681afd0eba348b45a) C:\WINDOWS\system32\DRIVERS\WavxDMgr.sys
09:57:02.0000 0692 WavxDMgr - ok
09:57:02.0046 0692 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
09:57:02.0062 0692 Wdf01000 - ok
09:57:02.0062 0692 WDICA - ok
09:57:02.0078 0692 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
09:57:02.0078 0692 wdmaud - ok
09:57:02.0109 0692 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
09:57:02.0109 0692 WebClient - ok
09:57:02.0171 0692 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
09:57:02.0171 0692 winmgmt - ok
09:57:02.0328 0692 wlidsvc (d9250b31b353ee3322c1cad411997e38) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
09:57:02.0343 0692 wlidsvc - ok
09:57:02.0453 0692 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
09:57:02.0453 0692 WmdmPmSN - ok
09:57:02.0531 0692 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
09:57:02.0531 0692 Wmi - ok
09:57:02.0593 0692 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
09:57:02.0593 0692 WmiAcpi - ok
09:57:02.0625 0692 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
09:57:02.0625 0692 WmiApSrv - ok
09:57:02.0718 0692 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
09:57:02.0734 0692 WMPNetworkSvc - ok
09:57:02.0750 0692 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
09:57:02.0750 0692 WS2IFSL - ok
09:57:02.0781 0692 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
09:57:02.0781 0692 wscsvc - ok
09:57:02.0781 0692 WSearch - ok
09:57:02.0828 0692 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
09:57:02.0828 0692 WSTCODEC - ok
09:57:02.0843 0692 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
09:57:02.0843 0692 wuauserv - ok
09:57:02.0875 0692 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
09:57:02.0875 0692 WudfPf - ok
09:57:02.0906 0692 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
09:57:02.0906 0692 WudfRd - ok
09:57:02.0921 0692 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
09:57:02.0937 0692 WudfSvc - ok
09:57:02.0968 0692 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
09:57:02.0968 0692 WZCSVC - ok
09:57:03.0015 0692 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
09:57:03.0015 0692 xmlprov - ok
09:57:03.0109 0692 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
09:57:03.0109 0692 YahooAUService - ok
09:57:03.0156 0692 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
09:57:03.0203 0692 \Device\Harddisk0\DR0 - ok
09:57:03.0203 0692 Boot (0x1200) (8ff7ec3d9758ae9c2cec3216b369c762) \Device\Harddisk0\DR0\Partition0
09:57:03.0203 0692 \Device\Harddisk0\DR0\Partition0 - ok
09:57:03.0203 0692 ============================================================
09:57:03.0203 0692 Scan finished
09:57:03.0203 0692 ============================================================
09:57:03.0218 1464 Detected object count: 0
09:57:03.0218 1464 Actual detected object count: 0
09:57:06.0671 4624 Deinitialize success

#6
brianh9999

Posted 26 April 2012 - 10:24 AM

New Member

Members
13 posts

Used the following code on recommendation of a coworker who had a similar problem:

================
Copy and paste these lines in Note pad.

@Echo on
pushd\windows\system32\drivers\etc
attrib -h -s -r hosts
echo 127.0.0.1 localhost>HOSTS
attrib +r +h +s hosts
popd
ipconfig /release
ipconfig /renew
ipconfig /flushdns
netsh winsock reset all
netsh int ip reset all
shutdown -r -t 1
del %0

Save as flush.bat to your desktop.

===========================

Can't get the redirect to occur now. Not sure I've taken care of any underlying problems that may be on my computer but at least firefox isn't redirecting my searches (for now).

That said, I'll keep running scans if you think I should.

#7
Elise

Posted 26 April 2012 - 01:29 PM

Forum Deity

Experts
8,720 posts

Gender:Female
Location:Romania

That resets most common internet components, some of which can indeed be involved in a redirect.

Please let me know if you have any problems left and/or the redirect reoccurs.

regards, Elise

If I am helping you and I haven't replied within 24 hours, please feel free to send me a PM.

#8
brianh9999

Posted 26 April 2012 - 02:30 PM

New Member

Members
13 posts

Thanks for your help on this. I will certainly seek out qualified assistance first if I get any reoccurences as opposed to blindly installing and running utilities for multiple days hoping for a solution. My lack of patience and frustration got the best of me this time.

#9
Elise

Posted 26 April 2012 - 02:35 PM

Forum Deity

Experts
8,720 posts

Gender:Female
Location:Romania

To be sure everything is okay, lets also run one last scan.

ESET ONLINE SCANNER
----------------------------
I'd like us to scan your machine with ESET OnlineScan

Hold down Control and click on this link to open ESET OnlineScan in a new window.
Click the button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
- Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
- Double click on the
  icon on your desktop.
Check "YES, I accept the Terms of Use."
Click the Start button.
Accept any security warnings from your browser.
Under scan settings, check "Scan Archives" and "Remove found threats"
Click Advanced settings and select the following:
- Scan potentially unwanted applications
- Scan for potentially unsafe applications
- Enable Anti-Stealth technology
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
When the scan completes, click List Threats
Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
Click the Back button.
Click the Finish button.

regards, Elise

If I am helping you and I haven't replied within 24 hours, please feel free to send me a PM.

#10
brianh9999

Posted 27 April 2012 - 09:51 AM

New Member

Members
13 posts

Scanning now. ESET found 5 problems and is only half way finished. I'll post the log when it is done.

Did a quick test to see if the redirect would occur again, and it did. If I search for "happili" using google and firefox it redirects the first security site link I click on. I tried the exact same thing in IE and the redirect doesn't occur. I could use the flush.bat again but it seems like the problem is tied to firefox. What if I uninstall those the program and try a fresh install?

Looks like I have more work to do on this.

#11
Elise

Posted 27 April 2012 - 11:01 AM

Forum Deity

Experts
8,720 posts

Gender:Female
Location:Romania

The following scan should reveal the entries that cause the redirect.

OTL
-----
Please download OTL from one of the following mirrors:

This is THE Mirror

Save it to your desktop.
Double click on the icon on your desktop.
Click the "Scan All Users" checkbox.
Push the button.
Two reports will open, copy and paste them in a reply here:
- OTL.txt <-- Will be opened
- Extra.txt <-- Will be minimized

regards, Elise

If I am helping you and I haven't replied within 24 hours, please feel free to send me a PM.

#12
brianh9999

Posted 27 April 2012 - 11:26 AM

New Member

Members
13 posts

ESET scan

C:\Documents and Settings\bhershberger.CSC\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\19\33c334d3-5ef9f19e Java/Exploit.CVE-2012-0507.Y trojan cleaned by deleting - quarantined
C:\Documents and Settings\bhershberger.CSC\My Documents\Downloads\cnet_FCTBSetup_exe.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\Documents and Settings\bhershberger.CSC\My Documents\Downloads\FCTBSetup.exe Win32/OpenCandy application deleted - quarantined
C:\Documents and Settings\bhershberger.CSC\My Documents\Downloads\winzip155.exe Win32/OpenCandy application deleted - quarantined
C:\Documents and Settings\bhershberger.CSC\My Documents\Downloads\winzip160.exe Win32/OpenCandy application deleted - quarantined

#13
Elise

Posted 27 April 2012 - 11:30 AM

Forum Deity

Experts
8,720 posts

Gender:Female
Location:Romania

Please see my previous post.

regards, Elise

If I am helping you and I haven't replied within 24 hours, please feel free to send me a PM.

#14
brianh9999

Posted 27 April 2012 - 11:41 AM

New Member

Members
13 posts

Installed the BrowserProtect add-on for firefox which is supposed to prevent hijacks at the browser level. After numerous attempts to recreate the redirect the add-on seems to be working but like yesterday I'm probably not addressing the underlying problem.

OTL log...

OTL logfile created on: 4/27/2012 11:16:58 AM - Run 1
OTL by OldTimer - Version 3.2.42.1 Folder = C:\Documents and Settings\bhershberger.CSC\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.46 Gb Total Physical Memory | 2.20 Gb Available Physical Memory | 63.71% Memory free
5.29 Gb Paging File | 3.85 Gb Available in Paging File | 72.76% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 148.96 Gb Total Space | 75.68 Gb Free Space | 50.81% Space Free | Partition Type: NTFS
Drive V: | 40.00 Gb Total Space | 10.12 Gb Free Space | 25.30% Space Free | Partition Type: NTFS
Drive W: | 40.00 Gb Total Space | 4.43 Gb Free Space | 11.07% Space Free | Partition Type: NTFS
Drive X: | 836.62 Gb Total Space | 783.00 Gb Free Space | 93.59% Space Free | Partition Type: NTFS
Drive Y: | 793.58 Gb Total Space | 492.10 Gb Free Space | 62.01% Space Free | Partition Type: NTFS
Drive Z: | 836.62 Gb Total Space | 783.00 Gb Free Space | 93.59% Space Free | Partition Type: NTFS

Computer Name: DFNKC-5JQ35L1 | User Name: bhershberger | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/27 11:15:39 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\bhershberger.CSC\Desktop\OTL(1).exe
PRC - [2012/04/15 16:04:44 | 000,374,368 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
PRC - [2012/04/13 07:59:46 | 000,409,232 | ---- | M] () -- C:\Program Files\Comodo\Dragon\dragon_updater.exe
PRC - [2012/03/20 08:37:33 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/03/11 21:13:22 | 001,983,232 | ---- | M] (COMODO) -- C:\Program Files\Comodo\COMODO Internet Security\cmdagent.exe
PRC - [2012/03/11 21:13:02 | 006,749,512 | ---- | M] (COMODO) -- C:\Program Files\Comodo\COMODO Internet Security\cfp.exe
PRC - [2012/03/07 16:27:25 | 003,905,920 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2012/01/20 10:44:35 | 000,161,664 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2011/09/30 09:28:08 | 000,546,464 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Online Scanner\OnlineScannerApp.exe
PRC - [2011/09/30 09:28:06 | 000,884,304 | ---- | M] () -- C:\Program Files\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
PRC - [2011/08/11 18:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2010/06/28 10:17:16 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2010/06/28 10:17:12 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2010/06/28 10:16:45 | 001,459,528 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
PRC - [2010/06/28 10:16:44 | 001,881,368 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
PRC - [2010/06/28 10:16:39 | 001,831,024 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2009/07/16 13:04:56 | 000,376,096 | ---- | M] (Dell Inc.) -- c:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe
PRC - [2009/07/05 17:56:34 | 000,015,872 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
PRC - [2009/06/11 22:46:46 | 000,656,384 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe
PRC - [2009/06/11 19:43:08 | 001,622,016 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
PRC - [2009/05/18 09:36:00 | 000,145,920 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe
PRC - [2009/05/15 18:33:40 | 001,803,512 | ---- | M] (AuthenTec, Inc.) -- C:\Program Files\Fingerprint Sensor\AtService.exe
PRC - [2009/04/27 14:40:26 | 000,293,968 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe
PRC - [2009/03/16 20:57:38 | 000,483,420 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2009/03/16 20:57:26 | 000,254,034 | ---- | M] (IDT, Inc.) -- c:\drivers\audio\R213367\stacsv.exe
PRC - [2009/03/16 20:57:14 | 000,729,088 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\system32\AESTFltr.exe
PRC - [2009/02/22 16:51:40 | 000,049,250 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
PRC - [2009/02/22 16:51:24 | 000,200,704 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2009/02/22 16:51:22 | 000,050,472 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2009/02/22 16:51:22 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
PRC - [2009/02/11 18:38:40 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009/02/11 18:38:38 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008/10/02 12:26:42 | 000,860,160 | ---- | M] (Intel® Corporation) -- c:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2008/10/02 12:06:56 | 000,905,216 | ---- | M] (Intel® Corporation) -- c:\Program Files\Intel\WiFi\bin\S24EvMon.exe
PRC - [2008/10/02 11:56:44 | 000,466,944 | ---- | M] (Intel® Corporation) -- c:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2008/04/14 07:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/11 18:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe

========== Modules (No Company Name) ==========

MOD - [2012/04/27 08:32:02 | 000,065,024 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
MOD - [2012/04/27 08:32:02 | 000,052,736 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
MOD - [2012/04/25 09:43:07 | 000,117,760 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
MOD - [2012/04/25 09:43:07 | 000,052,224 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
MOD - [2012/04/13 07:59:46 | 000,409,232 | ---- | M] () -- C:\Program Files\Comodo\Dragon\dragon_updater.exe
MOD - [2012/04/11 16:09:30 | 002,359,808 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.BusinessS#\fb15ea43309da95f2ad525edd0b2b258\Microsoft.BusinessSolutions.eCRM.OutlookAddIn.ni.dll
MOD - [2012/04/11 16:09:25 | 004,466,688 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.BusinessS#\f9b9607d3dcc58ce953aa6217a607a92\Microsoft.BusinessSolutions.eCRM.OutlookAddIn.CSUtils.ni.dll
MOD - [2012/04/11 16:09:22 | 001,712,128 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\3ec4a3f74cb80c9b9581d778e8645b2c\Microsoft.VisualBasic.ni.dll
MOD - [2012/04/11 16:09:19 | 000,391,168 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Iris.Mapi.MessageSt#\266a0723d8e88a12ff4dba5c0607be7a\Iris.Mapi.MessageStore.ni.dll
MOD - [2012/04/11 16:09:18 | 000,462,336 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.BusinessS#\e0ebc8cc3e2541c2c24c8d1d83521359\Microsoft.BusinessSolutions.eCRM.DataSync.ni.dll
MOD - [2012/04/11 16:09:15 | 003,826,176 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\BusinessLayer\0e1da55e310125471d0f726ba4f338b4\BusinessLayer.ni.dll
MOD - [2012/04/11 16:09:09 | 001,039,872 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Interop.M#\99c5f05fec424a6f34f19eda882a2f6d\Microsoft.Interop.Mapi.Impl.ni.dll
MOD - [2012/04/11 16:09:08 | 001,526,272 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\BCMRes\5887ad6ee72e304efdfcccb62cefc9c7\BCMRes.ni.dll
MOD - [2012/04/11 15:07:22 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\56e433394df8d44e43690a855e403555\System.ServiceProcess.ni.dll
MOD - [2012/04/11 15:06:20 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d96906db18e87ffe2e08f6cda7e2be0f\System.Windows.Forms.ni.dll
MOD - [2012/04/11 15:06:10 | 001,591,808 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\8d886cdc2ca5f0ff97cd1afe8773bb6e\System.Drawing.ni.dll
MOD - [2012/04/11 15:04:59 | 000,069,120 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
MOD - [2012/04/11 15:04:56 | 000,372,736 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
MOD - [2012/03/26 08:39:03 | 002,666,496 | ---- | M] () -- C:\Program Files\Adobe\Acrobat 9.0\PDFMaker\Common\AdobePDFMakerX.dll
MOD - [2012/03/20 08:37:32 | 001,969,080 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/02/21 09:47:45 | 000,484,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\BCMCommon\d15f9a0db4361af008e88b6439902c1c\BCMCommon.ni.dll
MOD - [2012/02/21 09:47:39 | 000,998,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\a2a14380e8c9149d5b212d0100ef588a\System.Management.ni.dll
MOD - [2012/02/21 09:44:30 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\77e1279cbf4eecfb0284b63316fe43fe\System.Xml.ni.dll
MOD - [2012/02/21 09:44:23 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\94a40f415bfa947e251888bbe88bb973\System.Configuration.ni.dll
MOD - [2012/02/21 09:44:11 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\9e3803cd2a11f056291862e306a8e2b2\System.ni.dll
MOD - [2011/10/13 11:24:50 | 000,220,672 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\3e6deccf191ab943d3a0812a38ab5c97\CustomMarshalers.ni.dll
MOD - [2011/10/13 10:13:23 | 000,014,336 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Extensibility\8e52c5321a132fde4236c5f17929a733\Extensibility.ni.dll
MOD - [2011/10/13 10:13:02 | 002,267,648 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.In#\a9942828767c5549849c82accbdbcedc\Microsoft.Office.Interop.Outlook.ni.dll
MOD - [2011/10/13 10:13:00 | 000,177,664 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Interop.M#\07021d10c3bc8a0ea378435a258f7b1b\Microsoft.Interop.Mapi.PropTags.ni.dll
MOD - [2011/10/13 10:12:58 | 000,963,072 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\office\e004a967869320dece615cb985e09ea5\office.ni.dll
MOD - [2011/10/13 10:12:58 | 000,044,032 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\stdole\f7080b25913a525c5a0c561c57864d17\stdole.ni.dll
MOD - [2011/10/13 10:12:57 | 000,152,064 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Interop.M#\daa68c80020eb582452ec3173450505d\Microsoft.Interop.Mapi.Interfaces.ni.dll
MOD - [2011/10/13 10:12:57 | 000,062,976 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Interop.e#\00cc95b92fb21663d07f94e15cab3be0\Microsoft.Interop.eCRM.Ole.ni.dll
MOD - [2011/10/12 18:25:26 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MOD - [2011/10/05 04:52:30 | 000,756,048 | ---- | M] () -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL
MOD - [2011/09/30 09:28:06 | 000,884,304 | ---- | M] () -- C:\Program Files\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
MOD - [2011/06/22 12:46:12 | 000,434,016 | ---- | M] () -- C:\Program Files\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll
MOD - [2011/04/14 20:01:33 | 000,548,854 | ---- | M] () -- C:\Program Files\BillP Studios\WinPatrol\sqlite3.dll
MOD - [2009/12/01 16:48:45 | 000,310,720 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\BCMCommon\3.0.0.0__31bf3856ad364e35\BCMCommon.dll
MOD - [2009/12/01 15:16:38 | 000,591,976 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\Microsoft.Interop.Mapi.Impl\3.0.0.0__31bf3856ad364e35\Microsoft.Interop.Mapi.Impl.dll
MOD - [2009/11/02 23:04:04 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Status Lib\1.6.320.13950__f25c74fcad379103\Status Lib.dll
MOD - [2009/11/02 23:04:04 | 000,008,192 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\StatusInterfaces\1.6.320.13949__4ca2a925deedf37d\StatusInterfaces.dll
MOD - [2009/06/03 13:07:50 | 000,010,752 | ---- | M] () -- C:\WINDOWS\system32\Wavx_ESC_Logging.dll
MOD - [2009/05/18 09:34:04 | 000,249,856 | ---- | M] () -- C:\WINDOWS\system32\wxvault.dll
MOD - [2009/02/26 14:46:56 | 000,064,344 | ---- | M] () -- C:\Program Files\Microsoft Office\Office12\ADDINS\ColleagueImport.dll
MOD - [2008/11/12 14:24:40 | 000,004,608 | ---- | M] () -- C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\TspPopup_ENU.dll
MOD - [2008/10/02 11:59:30 | 000,200,704 | ---- | M] () -- c:\Program Files\Intel\WiFi\bin\iWMSProv.dll
MOD - [2008/01/11 18:50:32 | 000,529,512 | ---- | M] () -- C:\Program Files\Microsoft Small Business\Business Contact Manager\en-US\BCMRes.resources.dll

========== Win32 Services (SafeList) ==========

SRV - [2012/04/13 13:56:07 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/04/13 07:59:46 | 000,409,232 | ---- | M] () [Auto | Running] -- C:\Program Files\Comodo\Dragon\dragon_updater.exe -- (DragonUpdater)
SRV - [2012/03/11 21:13:22 | 001,983,232 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\Comodo\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2012/01/20 10:44:35 | 000,161,664 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2011/08/11 18:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2011/03/01 11:09:14 | 000,161,144 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist Express Customer\274\g2ax_service.exe -- (GoToAssist Express Customer)
SRV - [2010/06/28 10:17:16 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2010/06/28 10:17:16 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2010/06/28 10:16:44 | 001,881,368 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2010/06/28 10:16:40 | 000,349,512 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -- (SNAC)
SRV - [2010/06/28 10:16:39 | 001,831,024 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2010/02/17 10:53:18 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2009/11/02 23:10:36 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/08/19 10:09:40 | 000,451,904 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe -- (FlipShare Service)
SRV - [2009/07/16 13:04:56 | 000,376,096 | ---- | M] (Dell Inc.) [Auto | Running] -- c:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe -- (dcpsysmgrsvc)
SRV - [2009/06/11 19:43:08 | 001,622,016 | ---- | M] (Wave Systems Corp.) [Auto | Running] -- C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe -- (TdmService)
SRV - [2009/06/03 13:15:24 | 001,019,904 | ---- | M] (Wave Systems Corp.) [On_Demand | Stopped] -- C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe -- (SecureStorageService)
SRV - [2009/05/15 18:33:40 | 001,803,512 | ---- | M] (AuthenTec, Inc.) [Auto | Running] -- C:\Program Files\Fingerprint Sensor\AtService.exe -- (ATService)
SRV - [2009/04/27 14:40:26 | 000,293,968 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe -- (buttonsvc32)
SRV - [2009/03/16 20:57:26 | 000,254,034 | ---- | M] (IDT, Inc.) [Auto | Running] -- c:\drivers\audio\R213367\stacsv.exe -- (STacSV)
SRV - [2009/02/11 18:38:40 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2008/12/16 22:59:50 | 000,150,040 | ---- | M] (Logitech Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2008/11/12 14:25:48 | 001,273,856 | ---- | M] () [Auto | Stopped] -- C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe -- (tcsd_win32.exe)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Disabled | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/10/02 12:26:42 | 000,860,160 | ---- | M] (Intel® Corporation) [Auto | Running] -- c:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2008/10/02 12:06:56 | 000,905,216 | ---- | M] (Intel® Corporation) [Auto | Running] -- c:\Program Files\Intel\WiFi\bin\S24EvMon.exe -- (S24EventMonitor)
SRV - [2008/10/02 11:56:44 | 000,466,944 | ---- | M] (Intel® Corporation) [Auto | Running] -- c:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2008/01/11 18:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\NvtSp50.sys -- (NvtSp50)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\BHERSH~1.CSC\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2012/04/23 08:51:05 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20120426.032\NAVEX15.SYS -- (NAVEX15)
DRV - [2012/04/23 08:51:05 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20120426.032\NAVENG.SYS -- (NAVENG)
DRV - [2012/03/11 21:13:48 | 000,097,760 | ---- | M] (COMODO) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\inspect.sys -- (Inspect)
DRV - [2012/03/11 21:13:46 | 000,494,968 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\cmdGuard.sys -- (cmdGuard)
DRV - [2012/03/11 21:13:46 | 000,031,704 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cmdhlp.sys -- (cmdHlp)
DRV - [2012/02/21 09:48:17 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012/02/21 09:48:17 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/07/22 11:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 16:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/06/28 10:21:02 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/06/28 10:17:18 | 000,320,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2010/06/28 10:17:18 | 000,283,184 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\srtsp.sys -- (SRTSP)
DRV - [2010/06/28 10:17:18 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2010/06/28 10:16:28 | 000,421,424 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2009/10/28 11:52:14 | 000,023,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\COH_Mon.sys -- (COH_Mon)
DRV - [2009/06/12 16:51:00 | 000,208,824 | ---- | M] (Wave Systems Corp.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\WavxDMgr.sys -- (WavxDMgr)
DRV - [2009/04/02 23:25:50 | 000,048,128 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2009/03/31 23:22:34 | 000,187,392 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2009/03/24 16:33:38 | 000,232,744 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SRS_PremiumSound_i386.sys -- (SRS_PremiumSound_Service)
DRV - [2009/03/16 20:57:30 | 001,545,795 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2009/03/16 20:57:12 | 000,112,512 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AESTAud.sys -- (AESTAud)
DRV - [2009/02/26 16:08:52 | 000,109,568 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®
DRV - [2009/02/22 16:51:20 | 000,170,032 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2008/12/17 01:02:08 | 000,023,832 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
DRV - [2008/12/17 01:01:44 | 006,364,440 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) Logitech QuickCam Pro 9000(UVC)
DRV - [2008/12/17 01:01:22 | 000,041,752 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2008/12/17 01:00:14 | 000,768,024 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2008/12/16 22:58:54 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2008/10/28 16:39:44 | 000,089,600 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\baspxp32.sys -- (Blfp)
DRV - [2008/09/25 08:22:02 | 003,634,688 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) Intel®
DRV - [2008/08/04 12:32:26 | 000,011,904 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2008/07/10 02:49:14 | 000,242,712 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\RsFx0102.sys -- (RsFx0102)
DRV - [2008/06/04 15:14:00 | 000,026,608 | ---- | M] (Dell Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PBADRV.sys -- (PBADRV)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://g.msn.com/USREL/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://g.msn.com/USREL/1
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USREL/1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USREL/1
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2719337179-821044013-2112406857-1012\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USREL/1
IE - HKU\S-1-5-21-2719337179-821044013-2112406857-1012\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/sphome.aspx
IE - HKU\S-1-5-21-2719337179-821044013-2112406857-1012\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.live.com
IE - HKU\S-1-5-21-2719337179-821044013-2112406857-1012\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USREL/1
IE - HKU\S-1-5-21-2719337179-821044013-2112406857-1012\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2719337179-821044013-2112406857-1012\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKU\S-1-5-21-2719337179-821044013-2112406857-1012\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-453876738-3065766259-2469240769-1116\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-453876738-3065766259-2469240769-1116\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-453876738-3065766259-2469240769-1116\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-453876738-3065766259-2469240769-1116\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.5
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: testpilot@labs.mozilla.com:1.1.3
FF - prefs.js..extensions.enabledItems: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.15.1
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.9
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.2.1: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.2.1: C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files\Virtual Earth 3D\ [2009/11/23 18:10:38 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\bhershberger\Application Data\Move Networks\plugins\npqmp071705000014.dll File not found
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.775: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.775: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=1.0.0.0: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.775: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/07/20 13:52:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/20 08:37:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/04/18 08:46:14 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{70C385F0-8E41-11E1-826D-B8AC6F996F26}: C:\Documents and Settings\bhershberger.CSC\Local Settings\Application Data\{70C385F0-8E41-11E1-826D-B8AC6F996F26}\ [2012/04/24 14:07:46 | 000,000,000 | ---D | M]

[2011/02/04 09:50:21 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\bhershberger.CSC\Application Data\Mozilla\Extensions
[2012/04/27 10:18:33 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\bhershberger.CSC\Application Data\Mozilla\Firefox\Profiles\kmptt6fy.default\extensions
[2011/03/03 13:25:57 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\bhershberger.CSC\Application Data\Mozilla\Firefox\Profiles\kmptt6fy.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/09/22 08:52:28 | 000,000,000 | ---D | M] (Flashblock) -- C:\Documents and Settings\bhershberger.CSC\Application Data\Mozilla\Firefox\Profiles\kmptt6fy.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2012/03/05 12:41:17 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\bhershberger.CSC\Application Data\Mozilla\Firefox\Profiles\kmptt6fy.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2012/02/15 09:17:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
() (No name found) -- C:\DOCUMENTS AND SETTINGS\BHERSHBERGER.CSC\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMPTT6FY.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\BHERSHBERGER.CSC\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KMPTT6FY.DEFAULT\EXTENSIONS\BROWSERPROTECT@BROWSERPROTECT.COM.XPI
[2012/04/24 14:07:46 | 000,000,000 | ---D | M] (Mozilla Safe Browsing) -- C:\DOCUMENTS AND SETTINGS\BHERSHBERGER.CSC\LOCAL SETTINGS\APPLICATION DATA\{70C385F0-8E41-11E1-826D-B8AC6F996F26}
[2012/03/20 08:37:33 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/01/09 09:40:59 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/01/09 09:40:59 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/04/26 09:05:50 | 000,000,021 | RHS- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-2719337179-821044013-2112406857-1012\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-2719337179-821044013-2112406857-1012\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-453876738-3065766259-2469240769-1116\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-453876738-3065766259-2469240769-1116\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AESTFltr] C:\WINDOWS\System32\AESTFltr.exe (Andrea Electronics Corporation)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [DellControlPoint] c:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe (Dell Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [USCService] C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe (Broadcom Corporation)
O4 - HKLM..\Run: [WavXMgr] C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe (Wave Systems Corp.)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - HKU\S-1-5-21-2719337179-821044013-2112406857-1012..\Run: [Skype] rundll32.exe "C:\Documents and Settings\bhershberger.CSC\Local Settings\Application Data\Skype\bbtpezrp.dll",DllMain File not found
O4 - HKU\S-1-5-21-453876738-3065766259-2469240769-1116..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2719337179-821044013-2112406857-1012\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2719337179-821044013-2112406857-1012\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-453876738-3065766259-2469240769-1116\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-453876738-3065766259-2469240769-1116\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-453876738-3065766259-2469240769-1116\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-453876738-3065766259-2469240769-1116\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} http://srtest-cdn.sy...eqlabdetect.cab (Reg Error: Key error.)
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bit...m/qsax/qsax.cab (Bitdefender QuickScan Control)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.syma...n/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1259696327182 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://zone.msn.com/...ploader_v10.cab (PopCapLoader Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://zmfs.webex.c...les/ieatgpc.cab (GpcContainer Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.100.200
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = csc.server.local
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{211DBFCA-464A-43D9-B010-4F99BC718F5D}: DhcpNameServer = 10.1.100.200
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A7541705-6C9B-4A97-BD45-A8B23253D65D}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (C:\WINDOWS\system32\guard32.dll) - C:\WINDOWS\system32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\GoToAssist Express Customer: DllName - (C:\Program Files\Citrix\GoToAssist Express Customer\274\g2ax_winlogon.dll) - C:\Program Files\Citrix\GoToAssist Express Customer\274\g2ax_winlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\bhershberger.CSC\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\bhershberger.CSC\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O30 - LSA: Authentication Packages - (wvauth) - C:\WINDOWS\System32\wvauth.dll (Wave Systems Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/25 16:29:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011/08/31 11:40:37 | 000,000,750 | RHS- | M] () - X:\autorun.inf2 -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/04/27 11:15:32 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\bhershberger.CSC\Desktop\OTL(1).exe
[2012/04/27 09:01:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bhershberger.CSC\Application Data\WinPatrol
[2012/04/27 09:01:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinPatrol
[2012/04/27 09:01:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\InstallMate
[2012/04/27 09:01:35 | 000,000,000 | ---D | C] -- C:\Program Files\BillP Studios
[2012/04/27 08:41:10 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/04/27 08:39:47 | 002,322,184 | ---- | C] (ESET) -- C:\Documents and Settings\bhershberger.CSC\Desktop\esetsmartinstaller_enu.exe
[2012/04/26 10:38:58 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/04/26 09:53:53 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012/04/26 07:34:36 | 000,106,928 | ---- | C] (GEAR Software Inc.) -- C:\WINDOWS\System32\GEARAspi.dll
[2012/04/26 07:34:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NBRTWizard
[2012/04/26 07:34:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NBRTWizard\0405000.022
[2012/04/26 07:34:16 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Bootable Recovery Tool Wizard
[2012/04/26 07:34:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Norton Bootable Recovery Tool Wizard
[2012/04/26 07:33:17 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2012/04/26 07:33:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2012/04/26 07:28:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bhershberger.CSC\Start Menu\Programs\Norton
[2012/04/26 07:28:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Norton
[2012/04/26 07:19:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bhershberger.CSC\Application Data\FixZeroAccess
[2012/04/25 19:13:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bhershberger.CSC\Application Data\QuickScan
[2012/04/25 18:49:33 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2012/04/25 18:49:33 | 000,000,000 | ---D | C] -- C:\rsit
[2012/04/25 18:46:46 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2012/04/25 18:46:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2012/04/25 17:46:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2012/04/25 17:12:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bhershberger.CSC\Application Data\Anvisoft
[2012/04/25 17:08:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bhershberger.CSC\Start Menu\Programs\Anvisoft
[2012/04/25 17:07:45 | 000,000,000 | ---D | C] -- C:\Program Files\Anvisoft
[2012/04/25 10:11:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\COMODO
[2012/04/25 09:42:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bhershberger.CSC\Application Data\SUPERAntiSpyware.com
[2012/04/25 09:42:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2012/04/25 09:42:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2012/04/25 09:42:15 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/04/24 19:30:58 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/04/24 19:24:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/04/24 19:20:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\setup.pss
[2012/04/24 19:20:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\setupupd
[2012/04/24 19:06:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\CPA_VA
[2012/04/24 19:04:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\COMODO
[2012/04/24 18:59:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Comodo
[2012/04/24 18:59:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Comodo
[2012/04/24 18:59:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bhershberger.CSC\Local Settings\Application Data\COMODO
[2012/04/24 18:59:02 | 000,042,760 | ---- | C] (COMODO CA Limited) -- C:\WINDOWS\System32\certsentry.dll
[2012/04/24 18:58:56 | 000,000,000 | ---D | C] -- C:\Program Files\Comodo
[2012/04/24 18:51:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SpywareBlaster
[2012/04/24 18:51:10 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2012/04/24 14:07:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bhershberger.CSC\Local Settings\Application Data\{70C385F0-8E41-11E1-826D-B8AC6F996F26}
[2012/04/19 15:44:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bhershberger.CSC\Desktop\2012_03
[2012/04/18 08:49:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office Live Add-in
[2012/04/13 17:26:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bhershberger.CSC\Desktop\MarionNationalBank
[2012/04/13 12:56:05 | 004,139,680 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerInstaller.exe
[2012/04/11 19:26:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bhershberger.CSC\Application Data\com.digitaldm.editions.10016940
[2012/04/11 19:26:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Digital Editions
[2012/04/11 19:26:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2012/04/11 19:26:19 | 000,000,000 | ---D | C] -- C:\Program Files\DigitalDM
[2012/04/04 09:08:24 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/04/27 11:15:39 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\bhershberger.CSC\Desktop\OTL(1).exe
[2012/04/27 11:08:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA1cc08f6ec402688.job
[2012/04/27 10:56:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/04/27 09:51:47 | 000,000,300 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-453876738-3065766259-2469240769-1116.job
[2012/04/27 09:51:47 | 000,000,292 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-453876738-3065766259-2469240769-1116.job
[2012/04/27 08:39:51 | 002,322,184 | ---- | M] (ESET) -- C:\Documents and Settings\bhershberger.CSC\Desktop\esetsmartinstaller_enu.exe
[2012/04/27 08:31:27 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/04/27 08:31:15 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\bhershberger.CSC\Local Settings\Application Data\WavXMapDrive.bat
[2012/04/27 08:30:31 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cc08f6ec31d842.job
[2012/04/27 08:30:31 | 000,000,292 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-823518204-1770027372-839522115-3159.job
[2012/04/27 08:30:31 | 000,000,292 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2719337179-821044013-2112406857-1012.job
[2012/04/27 08:29:57 | 000,001,024 | ---- | M] () -- C:\.rnd
[2012/04/27 08:29:51 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/04/27 08:29:30 | 3711,082,496 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/26 09:05:50 | 000,000,021 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/04/26 07:29:01 | 000,001,042 | ---- | M] () -- C:\Documents and Settings\bhershberger.CSC\Desktop\Norton Installation Files.lnk
[2012/04/25 21:43:10 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012/04/25 21:37:23 | 000,581,842 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/04/25 21:37:23 | 000,124,438 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/04/25 18:46:46 | 000,000,594 | ---- | M] () -- C:\Documents and Settings\bhershberger.CSC\Desktop\ERUNT.lnk
[2012/04/24 19:20:46 | 000,000,282 | ---- | M] () -- C:\Boot.bak
[2012/04/24 18:59:02 | 000,042,760 | ---- | M] (COMODO CA Limited) -- C:\WINDOWS\System32\certsentry.dll
[2012/04/24 18:04:22 | 000,001,919 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2012/04/23 10:37:46 | 000,001,732 | -H-- | M] () -- C:\Documents and Settings\bhershberger.CSC\My Documents\Default.rdp
[2012/04/13 13:56:07 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/04/13 13:56:07 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/04/13 13:56:05 | 004,139,680 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerInstaller.exe
[2012/04/11 15:00:48 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/04/10 16:53:05 | 000,269,617 | ---- | M] () -- C:\Documents and Settings\bhershberger.CSC\Desktop\BAF Feb Mar 2008 Risky Business.pdf
[2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/04/03 09:49:21 | 000,996,678 | ---- | M] () -- C:\Documents and Settings\bhershberger.CSC\Desktop\keen-steve-berlin-paper.pdf
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/04/27 08:29:57 | 000,001,024 | ---- | C] () -- C:\.rnd
[2012/04/26 07:34:19 | 000,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\NBRTWizard\0405000.022\isolate.ini
[2012/04/26 07:28:59 | 000,001,042 | ---- | C] () -- C:\Documents and Settings\bhershberger.CSC\Desktop\Norton Installation Files.lnk
[2012/04/25 18:46:46 | 000,000,594 | ---- | C] () -- C:\Documents and Settings\bhershberger.CSC\Desktop\ERUNT.lnk
[2012/04/25 18:12:44 | 3711,082,496 | -HS- | C] () -- C:\hiberfil.sys
[2012/04/24 19:20:45 | 000,000,282 | ---- | C] () -- C:\Boot.bak
[2012/04/24 19:20:44 | 000,260,288 | RHS- | C] () -- C:\cmldr
[2012/04/24 18:04:22 | 000,001,919 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2012/04/10 16:53:05 | 000,269,617 | ---- | C] () -- C:\Documents and Settings\bhershberger.CSC\Desktop\BAF Feb Mar 2008 Risky Business.pdf
[2012/04/04 09:08:25 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/04/03 09:49:21 | 000,996,678 | ---- | C] () -- C:\Documents and Settings\bhershberger.CSC\Desktop\keen-steve-berlin-paper.pdf
[2012/02/15 16:10:56 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/03/24 16:59:54 | 000,159,680 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/02/28 21:43:22 | 000,011,264 | ---- | C] () -- C:\WINDOWS\System32\KOAZCS_L.DLL
[2011/02/28 21:37:18 | 000,011,264 | ---- | C] () -- C:\WINDOWS\System32\KOAZCA_L.DLL
[2011/02/23 17:03:43 | 000,005,632 | ---- | C] () -- C:\Documents and Settings\bhershberger.CSC\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/02/21 10:48:53 | 000,000,139 | ---- | C] () -- C:\Documents and Settings\bhershberger.CSC\Local Settings\Application Data\fusioncache.dat
[2011/01/30 21:12:16 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\bhershberger.CSC\Local Settings\Application Data\WavXMapDrive.bat
[2010/08/31 15:51:55 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2010/06/24 14:17:30 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

< End of report >

#15
brianh9999

Posted 27 April 2012 - 11:43 AM

New Member

Members
13 posts

Extras log....

OTL Extras logfile created on: 4/27/2012 11:16:58 AM - Run 1
OTL by OldTimer - Version 3.2.42.1 Folder = C:\Documents and Settings\bhershberger.CSC\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.46 Gb Total Physical Memory | 2.20 Gb Available Physical Memory | 63.71% Memory free
5.29 Gb Paging File | 3.85 Gb Available in Paging File | 72.76% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 148.96 Gb Total Space | 75.68 Gb Free Space | 50.81% Space Free | Partition Type: NTFS
Drive V: | 40.00 Gb Total Space | 10.12 Gb Free Space | 25.30% Space Free | Partition Type: NTFS
Drive W: | 40.00 Gb Total Space | 4.43 Gb Free Space | 11.07% Space Free | Partition Type: NTFS
Drive X: | 836.62 Gb Total Space | 783.00 Gb Free Space | 93.59% Space Free | Partition Type: NTFS
Drive Y: | 793.58 Gb Total Space | 492.10 Gb Free Space | 62.01% Space Free | Partition Type: NTFS
Drive Z: | 836.62 Gb Total Space | 783.00 Gb Free Space | 93.59% Space Free | Partition Type: NTFS

Computer Name: DFNKC-5JQ35L1 | User Name: bhershberger | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-2719337179-821044013-2112406857-1012\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_USERS\S-1-5-21-453876738-3065766259-2469240769-1116\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"2799:UDP" = 2799:UDP:*:Disabled:Altova License Metering Port (UDP)
"2799:TCP" = 2799:TCP:*:Disabled:Altova License Metering Port (TCP)
"58837:TCP" = 58837:TCP:*:Enabled:Pando Media Booster
"58837:UDP" = 58837:UDP:*:Enabled:Pando Media Booster
"4500:UDP" = 4500:UDP:LocalSubNet:Enabled:IPsec (IKE NAT-T)
"500:UDP" = 500:UDP:LocalSubNet:Enabled:IPsec (IKE)
"135:TCP" = 135:TCP:LocalSubNet:Enabled:RPC Endpoint Mapper and DCOM infrastructure
"67:UDP" = 67:UDP:*:Enabled:DHCP Server
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"58837:TCP" = 58837:TCP:*:Enabled:Pando Media Booster
"58837:UDP" = 58837:UDP:*:Enabled:Pando Media Booster
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe" = C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe:*:Enabled:SMC Service -- (Symantec Corporation)
"C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE" = C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE:*:Enabled:SNAC Service -- (Symantec Corporation)
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe" = C:\Program Files\Common Files\Symantec Shared\ccApp.exe:*:Enabled:Symantec Email -- (Symantec Corporation)
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe" = C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe:*:Enabled:Microsoft Office Live Meeting 2007 -- (Microsoft Corporation)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console -- (Microsoft Corporation)
"C:\Program Files\Google\Google Earth\plugin\geplugin.exe" = C:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth -- (Google)
"C:\Program Files\Turbine\The Lord of the Rings Online\lotroclient.exe" = C:\Program Files\Turbine\The Lord of the Rings Online\lotroclient.exe:*:Disabled:lotroclient
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Disabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Disabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Disabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Disabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Disabled:hpzwiz01.exe -- (Hewlett-Packard Co.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe" = C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe:*:Enabled:Microsoft Office Live Meeting 2007 -- (Microsoft Corporation)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01C5A10F-AD9B-405B-853A-6659841A1242}" = Microsoft SQL Server 2008 Policies
"{044F9133-B8D7-4d11-BF39-803FA20F5C8B}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
"{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{095D1497-0E3A-4FA5-BFDC-B5B0148F0316}" = Absolute Beginner's Series VB Additional Material
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE 10.3
"{0A55CDBB-0566-4AA2-A15B-24C7F27C6FF4}" = BPD_Scan
"{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager
"{0C19D563-5F25-4621-BF10-01F741BD283F}" = Microsoft SQL Server Compact 3.5 SP1 Design Tools English
"{10A44844-4465-456E-8C97-80BDD4F68845}" = Windows Live ID Sign-in Assistant
"{1111706F-666A-4037-7777-202328764D10}" = JavaFX 2.0.2
"{14237138-900C-4C0A-AF63-1888F2671F9D}" = SO32MMWrapper
"{144AF326-87B4-438C-AE8E-AF6F227C3797}" = Absolute Beginner's Series VB Lesson 7
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{15BD29B2-B341-E88B-C9F4-CFCD48F44B76}" = Digital Edition - Sporting_Match_Day_Volume_2_Issue_4 - 1001694
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{196E77C5-F524-4B50-BD1A-2C21EEE9B8F7}" = Microsoft SQL Server 2008 Common Files
"{1E99F5D7-4262-4C7C-9135-F066E7485811}" = System Requirements Lab
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{2020045B-8DCF-4449-8D5C-EB5BA37440F1}" = Microsoft SQL Server 2008 Management Studio
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{2220CF3A-EBD6-4070-94D0-0C7337B537A7}" = All Day Battery Life Configuration
"{2222706F-666A-4037-7777-202328764D10}" = JavaFX 2.0.2 SDK
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23B9A2D6-A12F-4C7D-ADE5-D3D4FF035FDB}" = Absolute Beginner's Series VB Lesson 4
"{24A494F3-5B5F-4183-9F7D-9CE82812C1FC}" = tsp patch
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java™ 6 Update 29
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java™ 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83217002FF}" = Java™ 7 Update 2
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{2D87E961-577B-492B-AD54-1368680FB9A7}" = Bing Maps 3D
"{302A1E2E-DD58-4673-BC99-9CC10EC2637A}" = WinPatrol
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{32A3A4F4-B792-11D6-A78A-00B0D0170020}" = Java™ SE Development Kit 7 Update 2
"{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}" = SQL Server System CLR Types
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35748B06-FCFC-4700-8285-DAD41689E4FE}" = Broadcom TPM Driver Installer
"{3872C2B2-1C00-4742-83F5-D0797278E9EF}" = Dell Control Point
"{3A6BE9F4-5FC8-44BB-BE7B-32A29607FEF6}" = Preboot Manager
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C1AE512-3C37-44FA-BA42-ABB721EC5B1D}" = Symantec Endpoint Protection
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3C74D5C3-EBB9-408E-972F-B9802F13D5E4}" = 3DVIA Shape for Maps
"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{4112625F-2D38-49EF-924F-48511BC5CD34}" = Microsoft SQL Server 2008 Database Engine Services
"{45EA11B5-874D-480E-89B9-2545505BBE3E}" = Microsoft OpenType Font File Properties Extension
"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
"{4815BD99-96A4-49FE-A885-DCF06E9E4E78}" = Microsoft SQL Server 2008 Database Engine Shared
"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files
"{4AE03D1A-93E9-47A6-9F52-85AA9C4676C9}" = Absolute Beginner's Series VB Lesson 2
"{4F44B5AE-82A6-4A8A-A3E3-E24D489728E3}" = Microsoft SQL Server 2008 Native Client
"{4FB600F5-C478-4DF7-A2BC-57D3807BAC91}" = BPDSoftware_Ini
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{5104B07C-6A3D-4E7E-8BBB-960B52554BDD}" = BPD_HPSU
"{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2}" = Document Manager Lite
"{53333479-6A52-4816-8497-5C52B67ED339}" = EMBASSY Security Setup
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{59333B51-EA3C-4D7B-9AFE-96AD51B3C266}" = AuthenTec Fingerprint Software
"{5BE1E709-30E4-3D6D-A708-96CE8D5E5E8D}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{64CDE8F2-3791-46F5-BAD2-72FFF5252FAB}" = Microsoft SQL Server Compact 3.5 SP1 Query Tools English
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B307310-53C1-8F80-465E-E2A96FA5EA5D}" = FlipShare
"{6DE6837F-F3A3-40FF-9F5C-A0B95948E32D}" = Dassault Systemes Software Prerequisites x86
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{6F7F59D5-12F6-4571-9935-A2921AA17F78}" = Microsoft SQL Server 2008 Setup Support Files (English)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71F00DA5-D21D-4245-8FC1-85849BBAD00D}" = Dell ControlPoint System Manager
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{75729BD7-F978-4C18-AF98-C0A682BF17D0}" = Broadcom NetXtreme-I Netlink Driver and Management Installer
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7846A661-C268-4CA4-BCDA-21D044DB08CF}" = HighlineXL
"{79B520D5-CE72-4661-A054-804BC3412516}" = Wave Infrastructure Installer
"{7A7DC702-DEDE-42A8-8722-B3BA724D546F}" = Fax
"{7B088773-4913-46E1-813E-CD1A0FA9CB03}" = DCP32MMWrapper
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{842FAF7C-50EF-4463-9B8F-6222E1384D7D}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
"{847AA256-42FA-45D1-BC8B-5C75E6EE6352}" = Microsoft Data Access Application Block for .NET
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{868EA922-5675-4E91-BDA6-BBD0F923C5EF}" = HP Officejet Pro All-In-One Series
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8868D822-2CBA-46B2-A286-B400B6185769}" = 7500_7600_7700_Help
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update
"{8CB7F4E6-73AE-4D8F-86A2-EAE39CE72FD1}" = Intel® PROSet/Wireless WiFi API
"{8F968232-15C6-4872-84C2-9FCDAA1AEAB6}" = MPM
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{937B232D-9776-471E-92BD-D424E514EF14}" = Logitech QuickCam
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch
"{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9AE41AF3-FAD1-4A34-8976-747FDC19FE08}" = Intel® PROSet/Wireless WiFi Driver
"{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}" = Destinations
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C875FEA-B49E-49F7-AE62-0F9B91F90982}" = SRS Premium Sound
"{9EDA3DD1-130D-4EE1-A3D2-5A3D795CC8C9}" = MFCLOC
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A093D83F-429A-4AB2-A0CD-1F7E9C7B764A}" = Trusted Drive Manager
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A495D4DC-4036-4914-9CB2-0FCF6A3166EF}" = L7500
"{A607B23F-0A31-42BC-930D-0613CA78DF56}" = Absolute Beginner's Series VB Lesson 3
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{ABBA2EA4-740E-4052-902B-9CA70B081E3F}" = Dell Embassy Trust Suite by Wave Systems
"{AC76BA86-1033-F400-BA7E-000000000004}" = Adobe Acrobat 9 Standard - English, Français, Deutsch
"{AC76BA86-1033-F400-BA7E-000000000004}_951" = Adobe Acrobat 9.5.1 - CPSID_83708
"{AC76BA86-1033-F400-BA7E-000000000004}{AC76BA86-1033-F400-BA7E-000000000004}" = Adobe Acrobat 9 Standard - English, Français, Deutsch
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{AE60F600-FD60-40C4-A990-72F9BFEE475C}" = Dell Backup and Recovery Manager
"{AF7E4468-E364-4991-BC2A-6E8293E1055B}" = BioAPI Framework
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B857D868-F8B0-43EE-BC2B-D9E5ED21F237}" = Microsoft SQL Server VSS Writer
"{B8E9F8A1-9F4D-43D5-ABD6-1DF067FAA469}" = Microsoft SQL Server 2008 Database Engine Services
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BB93D30B-B395-44BB-A9ED-A0E057F07E53}" = NTRU TCG Software Stack
"{BC52E419-B185-488F-9973-049A88E5DCBE}" = Gemalto
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2E08A6B-864A-4EC5-8C7A-1906CDA5CF1B}" = ZMdesk 3.30.0430
"{C3FA63E2-AFD3-41FD-B48F-1D942CC71943}" = UPEK TouchChip Fingerprint Reader
"{C5A2C00E-DC71-47EC-BA28-89B792D5001B}" = ZMdesk 3.45.0524
"{C688457E-03FD-4941-923B-A27F4D42A7DD}" = Microsoft SQL Server 2008 Browser
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D10A96A1-C3F4-45C3-959E-D0C779DB5CEC}" = Absolute Beginner's Series VB Lesson 5
"{D6AB1F5B-FED6-49A9-9747-327BD28FB3C7}" = COMODO Internet Security
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{D8087907-E255-3A41-A46D-D0F798709C71}" = Microsoft Visual C++ 2008 Express Edition with SP1 - ENU
"{DD622B1D-A78E-3FE8-9C8C-246F5764B0D0}" = Microsoft Visual Basic 2008 Express Edition with SP1 - ENU
"{DEB9AEF7-3ADA-40a9-9C98-546D54FE9CBD}" = ProductContext
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
"{E64CB9D0-29C2-4E6E-8640-18069875E04C}" = Absolute Beginner's Series VB Lesson 6
"{E738A392-F690-4A9D-808E-7BAF80E0B398}" = ESC Home Page Plugin
"{EA710A0A-BF5D-433C-8EB5-D17DC54CC298}" = Microsoft Office Live Meeting 2007
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply
"{EC84E3E6-C2D6-4DFB-81E0-448324C8FDF4}" = Security Wizards
"{ECAD4F6A-0BF3-4028-9C81-E5D9F9606CBA}" = BPDSoftware
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE 10.3
"{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F1DC7648-8623-442F-92B7-E118DF61872E}" = Microsoft SQL Server 2008 RsFx Driver
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F4487649-7368-4217-AEA3-1E04DB3E2C5C}" = Dell ControlPoint Security Manager
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F73C08B0-5234-4D73-853C-E2CAE72CA955}" = ZMdesk 3.2.1103
"{FA9C3624-C693-4423-8A8B-2BC2B9F607AB}" = Microsoft SQL Server 2008 Management Studio
"{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp
"{FF1DDCF4-3A28-4F7F-96D8-E3F4BD1C1702}" = Dell Security Device Driver Pack
"3ivx MPEG-4 5.0.3" = 3ivx MPEG-4 5.0.3 (remove only)
"7-Zip" = 7-Zip 9.20
"9D57DE505B6D8C710EF3B74BE638DBB936EED8A3" = Windows Driver Package - Dell Inc. PBADRV System (01/07/2008 1.0.1.5)
"ActiveTouchMeetingClient" = Cisco WebEx Meetings
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Android SDK Tools" = Android SDK Tools
"BancWare Data Integration 4.1.0.25279" = BancWare Data Integration 4.1.0.25279
"Business Contact Manager" = Business Contact Manager for Outlook 2007 SP2
"com.digitaldm.editions.10016940" = Digital Edition - Sporting_Match_Day_Volume_2_Issue_4 - 10016940
"Comodo Dragon" = Comodo Dragon
"D3F88C3864C8C031A7C5D5E63A76571EC1B047DF" = Windows Driver Package - AuthenTec Inc. (ATSwpWDF) Biometric (05/13/2009 8.4.2.0)
"ERUNT_is1" = ERUNT 1.1j
"FLV Player" = FLV Player 2.0 (build 25)
"Google Chrome" = Google Chrome
"GoToAssist Express Customer" = GoToAssist Customer 1.5.0.274
"HDMI" = Intel® Graphics Media Accelerator Driver
"Highline Financial Excel Addin" = HighlineXL Excel Addin (remove only)
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPExtendedCapabilities" = HP Customer Participation Program 8.0
"HPOCR" = HP OCR Software 8.0
"ie8" = Windows Internet Explorer 8
"Insight 3.7" = Insight 3.7
"InstallShield_{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software
"InstallShield_{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager
"InstallShield_{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2}" = Document Manager Lite
"InstallShield_{53333479-6A52-4816-8497-5C52B67ED339}" = EMBASSY Security Setup
"InstallShield_{E738A392-F690-4A9D-808E-7BAF80E0B398}" = ESC Home Page Plugin
"InstallShield_{EC84E3E6-C2D6-4DFB-81E0-448324C8FDF4}" = Security Wizards
"InstallShield_{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center
"KONICA MINOLTA C652Series Installer" = KONICA MINOLTA C652Series
"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
"lvdrivers_11.90" = Logitech QuickCam Driver Package
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft SQL Server 10" = Microsoft SQL Server 2008
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Visual Basic 2008 Express Edition with SP1 - ENU" = Microsoft Visual Basic 2008 Express Edition with SP1 - ENU
"Microsoft Visual C++ 2008 Express Edition with SP1 - ENU" = Microsoft Visual C++ 2008 Express Edition with SP1 - ENU
"Mozilla Firefox 11.0 (x86 en-US)" = Mozilla Firefox 11.0 (x86 en-US)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NBRTWizard" = Norton Bootable Recovery Tool Wizard
"PROHYBRIDR" = 2007 Microsoft Office system
"ProInst" = Intel PROSet Wireless
"RealPlayer 12.0" = RealPlayer
"Revo Uninstaller" = Revo Uninstaller 1.91
"SpywareBlaster_is1" = SpywareBlaster 4.6
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"Winmail Reader_is1" = Winmail Reader 1.1.11
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-453876738-3065766259-2469240769-1116\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GoToMeeting" = GoToMeeting 4.8.0.723

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/20/2012 9:59:01 AM | Computer Name = DFNKC-5JQ35L1 | Source = Wave TCG Client Services | ID = 123
Description = The NTRU TSS is not running, Wave Software is unable to communicate
to TPM

Error - 4/20/2012 3:11:52 PM | Computer Name = DFNKC-5JQ35L1 | Source = Wave TCG Client Services | ID = 123
Description = The NTRU TSS is not running, Wave Software is unable to communicate
to TPM

Error - 4/23/2012 9:43:24 AM | Computer Name = DFNKC-5JQ35L1 | Source = Wave TCG Client Services | ID = 123
Description = The NTRU TSS is not running, Wave Software is unable to communicate
to TPM

Error - 4/23/2012 12:30:46 PM | Computer Name = DFNKC-5JQ35L1 | Source = Wave TCG Client Services | ID = 123
Description = The NTRU TSS is not running, Wave Software is unable to communicate
to TPM

Error - 4/24/2012 9:42:32 AM | Computer Name = DFNKC-5JQ35L1 | Source = Wave TCG Client Services | ID = 123
Description = The NTRU TSS is not running, Wave Software is unable to communicate
to TPM

Error - 4/24/2012 3:07:18 PM | Computer Name = DFNKC-5JQ35L1 | Source = .NET Runtime 2.0 Error Reporting | ID = 5000
Description = EventType clr20r3, P1 csxomanerw.exe, P2 0.0.0.0, P3 4f8f9fe5, P4
mscorlib, P5 2.0.0.0, P6 4e154d36, P7 f4f, P8 7, P9 n3ctrye2kn3c34sgl4zqyrbfte4m13nb,
P10 NIL.

Error - 4/25/2012 10:00:43 AM | Computer Name = DFNKC-5JQ35L1 | Source = Wave TCG Client Services | ID = 123
Description = The NTRU TSS is not running, Wave Software is unable to communicate
to TPM

Error - 4/25/2012 10:03:39 AM | Computer Name = DFNKC-5JQ35L1 | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Bloodhound.MalPE in File: C:\Documents and Settings\bhershberger.CSC\Local
Settings\temp\DWH7.tmp by: Auto-Protect scan. Action: Clean failed : Quarantine
failed : Access denied. Action Description: The file was left unchanged.

Error - 4/25/2012 10:20:56 AM | Computer Name = DFNKC-5JQ35L1 | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Tracking Cookies in File: Cookie:bhershberger@yieldmanager.net/
by: Manual scan. Action: Quarantine failed : Leave Alone failed. Action Description:
The file was deleted successfully.

Error - 4/25/2012 12:04:12 PM | Computer Name = DFNKC-5JQ35L1 | Source = Symantec AntiVirus | ID = 16711753
Description = TruScan has generated an error: code 9: description: Heuristic Scan
or Load Failure

[ OSession Events ]
Error - 2/6/2012 5:18:47 PM | Computer Name = DFNKC-5JQ35L1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1435
seconds with 0 seconds of active time. This session ended with a crash.

Error - 2/7/2012 6:23:11 PM | Computer Name = DFNKC-5JQ35L1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6654.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 26540
seconds with 18060 seconds of active time. This session ended with a crash.

Error - 2/14/2012 2:06:54 PM | Computer Name = DFNKC-5JQ35L1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6654.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 10884
seconds with 7380 seconds of active time. This session ended with a crash.

Error - 2/15/2012 4:44:37 PM | Computer Name = DFNKC-5JQ35L1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6654.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 6041
seconds with 3120 seconds of active time. This session ended with a crash.

Error - 4/11/2012 7:11:01 PM | Computer Name = DFNKC-5JQ35L1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6654.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 5675
seconds with 2100 seconds of active time. This session ended with a crash.

Error - 4/16/2012 2:38:44 PM | Computer Name = DFNKC-5JQ35L1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6654.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 15061
seconds with 3840 seconds of active time. This session ended with a crash.

Error - 4/16/2012 7:02:53 PM | Computer Name = DFNKC-5JQ35L1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6654.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 13665
seconds with 4260 seconds of active time. This session ended with a crash.

Error - 4/16/2012 7:07:40 PM | Computer Name = DFNKC-5JQ35L1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6654.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 229
seconds with 120 seconds of active time. This session ended with a crash.

Error - 4/16/2012 7:16:13 PM | Computer Name = DFNKC-5JQ35L1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6654.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 372
seconds with 240 seconds of active time. This session ended with a crash.

Error - 4/25/2012 4:10:21 PM | Computer Name = DFNKC-5JQ35L1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6654.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 5523
seconds with 3900 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 4/25/2012 6:57:33 PM | Computer Name = DFNKC-5JQ35L1 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service WSearch with
arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error - 4/25/2012 6:57:33 PM | Computer Name = DFNKC-5JQ35L1 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service WSearch with
arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error - 4/25/2012 6:57:33 PM | Computer Name = DFNKC-5JQ35L1 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service WSearch with
arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error - 4/25/2012 6:57:33 PM | Computer Name = DFNKC-5JQ35L1 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service WSearch with
arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error - 4/25/2012 6:57:33 PM | Computer Name = DFNKC-5JQ35L1 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service WSearch with
arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error - 4/25/2012 6:57:33 PM | Computer Name = DFNKC-5JQ35L1 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service WSearch with
arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error - 4/25/2012 6:57:33 PM | Computer Name = DFNKC-5JQ35L1 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service WSearch with
arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error - 4/25/2012 6:57:33 PM | Computer Name = DFNKC-5JQ35L1 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service WSearch with
arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error - 4/25/2012 6:57:33 PM | Computer Name = DFNKC-5JQ35L1 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service WSearch with
arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error - 4/25/2012 10:02:17 PM | Computer Name = DFNKC-5JQ35L1 | Source = NETLOGON | ID = 5719
Description = No Domain Controller is available for domain CSC due to the following:
%%1311. Make sure that the computer is connected to the network and try again. If
the problem persists, please contact your domain administrator.

< End of report >

#16
Elise

Posted 27 April 2012 - 11:58 AM

Forum Deity

Experts
8,720 posts

Gender:Female
Location:Romania

Hi again,

OTL FIX
------------
We need to run an OTL Fix

Please reopen on your desktop.

Copy and Paste the following code into the Posted Image

textbox.

:otl
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{70C385F0-8E41-11E1-826D-B8AC6F996F26}: C:\Documents and Settings\bhershberger.CSC\Local Settings\Application Data\{70C385F0-8E41-11E1-826D-B8AC6F996F26}\ [2012/04/24 14:07:46 | 000,000,000 | ---D | M]
[2012/04/24 14:07:46 | 000,000,000 | ---D | M] (Mozilla Safe Browsing) -- C:\DOCUMENTS AND SETTINGS\BHERSHBERGER.CSC\LOCAL SETTINGS\APPLICATION DATA\{70C385F0-8E41-11E1-826D-B8AC6F996F26}

:commands
[emptytemp]

Push
OTL may ask to reboot the machine. Please do so if asked.
Click the OK button.
A report will open. Copy and Paste that report in your next reply.

Let me know how things are after the reboot.

regards, Elise

If I am helping you and I haven't replied within 24 hours, please feel free to send me a PM.

#17
brianh9999

Posted 27 April 2012 - 12:22 PM

New Member

Members
13 posts

Everything booted correctly. Disabled the anti-hijacker add-on and ran my redirect tests again. No redirects yet.

I had actually just opened that hidden folder, after scanning the OTL log, when your reply popped up. Nice little tool that OTL.

#18
brianh9999

Posted 27 April 2012 - 12:33 PM

New Member

Members
13 posts

Sorry, missed this...

All processes killed
========== OTL ==========
File HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{70C385F0-8E41-11E1-826D-B8AC6F996F26}: C:\Documents and Settings\bhershberger.CSC\Local Settings\Application Data\{70C385F0-8E41-11E1-826D-B8AC6F996F26}\ not found.
C:\DOCUMENTS AND SETTINGS\BHERSHBERGER.CSC\LOCAL SETTINGS\APPLICATION DATA\{70C385F0-8E41-11E1-826D-B8AC6F996F26} folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: bhershberger.CSC
->Temp folder emptied: 161366 bytes
->Temporary Internet Files folder emptied: 214326671 bytes
->Java cache emptied: 435020 bytes
->FireFox cache emptied: 1051302411 bytes
->Flash cache emptied: 14977116 bytes

User: bhershberger.DFNKC-5JQ35L1
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 5984764 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 57482 bytes
->Flash cache emptied: 56466 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32969 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3321 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 67 bytes
RecycleBin emptied: 2545296030 bytes

Total Files Cleaned = 3,655.00 mb

OTL by OldTimer - Version 3.2.42.1 log created on 04272012_120018

Files\Folders moved on Reboot...
C:\Documents and Settings\bhershberger.CSC\Local Settings\Temp\ExchangePerflog_8484fa31985e0f7f5b4cdef3.dat moved successfully.
File\Folder C:\Documents and Settings\bhershberger.CSC\Local Settings\Temporary Internet Files\Content.Word\~WRS{0EE30124-DAD2-4BF6-A64D-CEF1C7BDA0CF}.tmp not found!
File\Folder C:\Documents and Settings\bhershberger.CSC\Local Settings\Temporary Internet Files\Content.Word\~WRS{7184F48E-16FC-466F-9AD1-47F52D32FCA2}.tmp not found!
File\Folder C:\Documents and Settings\bhershberger.CSC\Local Settings\Temporary Internet Files\Content.Word\~WRS{7F4AF778-4695-421F-AEDB-1E80C510E88B}.tmp not found!
File\Folder C:\Documents and Settings\bhershberger.CSC\Local Settings\Temporary Internet Files\Content.Word\~WRS{BADF4985-0585-445F-BA5D-4E3F728A1CB0}.tmp not found!

Registry entries deleted on Reboot...

#19
Elise

Posted 27 April 2012 - 01:40 PM

Forum Deity

Experts
8,720 posts

Gender:Female
Location:Romania

Please give it some time (use the computer and see if you get any redirects). Launch also MBAM, update it and run a full scan. Post me the resulting log.

regards, Elise

If I am helping you and I haven't replied within 24 hours, please feel free to send me a PM.

#20
brianh9999

Posted 28 April 2012 - 08:54 AM

New Member

Members
13 posts

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.27.10

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
bhershberger :: DFNKC-5JQ35L1 [administrator]

4/27/2012 11:01:25 PM
mbam-log-2012-04-27 (23-01-25).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 363830
Time elapsed: 1 hour(s), 20 minute(s), 34 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Back to Resolved HijackThis Logs · Next Unread Topic →

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

Malwarebytes

Happili redirect

#1
brianh9999

Posted 25 April 2012 - 06:12 PM

Attached Files

#2
Elise

Posted 26 April 2012 - 01:28 AM

#3
brianh9999

Posted 26 April 2012 - 07:02 AM

#4
Elise

Posted 26 April 2012 - 08:06 AM

#5
brianh9999

Posted 26 April 2012 - 10:04 AM

#6
brianh9999

Posted 26 April 2012 - 10:24 AM

#7
Elise

Posted 26 April 2012 - 01:29 PM

#8
brianh9999

Posted 26 April 2012 - 02:30 PM

#9
Elise

Posted 26 April 2012 - 02:35 PM

#10
brianh9999

Posted 27 April 2012 - 09:51 AM

#11
Elise

Posted 27 April 2012 - 11:01 AM

#12
brianh9999

Posted 27 April 2012 - 11:26 AM

#13
Elise

Posted 27 April 2012 - 11:30 AM

#14
brianh9999

Posted 27 April 2012 - 11:41 AM

#15
brianh9999

Posted 27 April 2012 - 11:43 AM

#16
Elise

Posted 27 April 2012 - 11:58 AM

#17
brianh9999

Posted 27 April 2012 - 12:22 PM

#18
brianh9999

Posted 27 April 2012 - 12:33 PM

#19
Elise

Posted 27 April 2012 - 01:40 PM

#20
brianh9999

Posted 28 April 2012 - 08:54 AM

1 user(s) are reading this topic

Products

About

Partners

Follow Us

Malwarebytes

Happili redirect

#1 brianh9999 Posted 25 April 2012 - 06:12 PM

Attached Files

#2 Elise Posted 26 April 2012 - 01:28 AM

#3 brianh9999 Posted 26 April 2012 - 07:02 AM

#4 Elise Posted 26 April 2012 - 08:06 AM

#5 brianh9999 Posted 26 April 2012 - 10:04 AM

#6 brianh9999 Posted 26 April 2012 - 10:24 AM

#7 Elise Posted 26 April 2012 - 01:29 PM

#8 brianh9999 Posted 26 April 2012 - 02:30 PM

#9 Elise Posted 26 April 2012 - 02:35 PM

#10 brianh9999 Posted 27 April 2012 - 09:51 AM

#11 Elise Posted 27 April 2012 - 11:01 AM

#12 brianh9999 Posted 27 April 2012 - 11:26 AM

#13 Elise Posted 27 April 2012 - 11:30 AM

#14 brianh9999 Posted 27 April 2012 - 11:41 AM

#15 brianh9999 Posted 27 April 2012 - 11:43 AM

#16 Elise Posted 27 April 2012 - 11:58 AM

#17 brianh9999 Posted 27 April 2012 - 12:22 PM

#18 brianh9999 Posted 27 April 2012 - 12:33 PM

#19 Elise Posted 27 April 2012 - 01:40 PM

#20 brianh9999 Posted 28 April 2012 - 08:54 AM

1 user(s) are reading this topic

Products

About

Partners

Follow Us

#1
brianh9999

Posted 25 April 2012 - 06:12 PM

#2
Elise

Posted 26 April 2012 - 01:28 AM

#3
brianh9999

Posted 26 April 2012 - 07:02 AM

#4
Elise

Posted 26 April 2012 - 08:06 AM

#5
brianh9999

Posted 26 April 2012 - 10:04 AM

#6
brianh9999

Posted 26 April 2012 - 10:24 AM

#7
Elise

Posted 26 April 2012 - 01:29 PM

#8
brianh9999

Posted 26 April 2012 - 02:30 PM

#9
Elise

Posted 26 April 2012 - 02:35 PM

#10
brianh9999

Posted 27 April 2012 - 09:51 AM

#11
Elise

Posted 27 April 2012 - 11:01 AM

#12
brianh9999

Posted 27 April 2012 - 11:26 AM

#13
Elise

Posted 27 April 2012 - 11:30 AM

#14
brianh9999

Posted 27 April 2012 - 11:41 AM

#15
brianh9999

Posted 27 April 2012 - 11:43 AM

#16
Elise

Posted 27 April 2012 - 11:58 AM

#17
brianh9999

Posted 27 April 2012 - 12:22 PM

#18
brianh9999

Posted 27 April 2012 - 12:33 PM

#19
Elise

Posted 27 April 2012 - 01:40 PM

#20
brianh9999

Posted 28 April 2012 - 08:54 AM