TechSpot

Possible malware infection

Solved
By mwlevey
Mar 10, 2012
  1. Yesterday morning I received a message from Windows Firewall about an executable (gyroof.exe) trying access the internet.

    I blocked the executable from accessing the internet and immediately did a Live Update on my Norton360 and ran it.

    It found a Trojan Horse. Here is the info from Norton

    Full Path: c:\users\marc & elizabeth\appdata\roaming\ycsuon\gyroof.exe
    Threat: Trojan Horse
    ____________________________
    ____________________________
    On computers as of 3/8/2012 at 12:24:40 PM
    Last Used 3/9/2012 at 9:27:29 AM
    Startup Item Yes
    Launched Yes
    ____________________________
    ____________________________
    Very Few Users
    Fewer than 5 users in the Norton Community have used this file.
    ____________________________
    Very New
    This file was released less than 1 week ago.
    ____________________________
    High
    This file risk is high.
    ____________________________
    Threat Details
    Threat type: Virus. Programs that infect other programs, files, or areas of a computer by inserting themselves or attaching themselves to that medium.
    ____________________________


    Source File:
    java.exe

    File Created:
    mor.exe

    File Created:
    gyroof.exe
    ____________________________
    File Actions
    File: c:\users\marc & elizabeth\appdata\local\temp\mor.exe
    Removed
    Event: Running process: c:\users\marc & elizabeth\appdata\roaming\ycsuon\gyroof.exe
    Terminated
    Infected file: c:\users\marc & elizabeth\appdata\roaming\ycsuon\gyroof.exe
    Removed
    ____________________________
    Registry Actions
    Registry change: HKEY_USERS\S-1-5-21-1838632947-3332480520-3819470439-1000\Software\Microsoft\Windows\CurrentVersion\Run->{AE1A130D-6F92-15A3-9CE2-D46CB95E9FAA}
    Removed
    ____________________________
    File Thumbprint - SHA:
    5ffc41495056b974621f6b55875d27ef2f4ffca7c737b449e5d01990f0964c58
    ____________________________
    File Thumbprint - MD5:
    b7d545d97ca313064425a61ec1d3bf9f
    ____________________________

    After the Norton quarantine, I changed all of my passwords for online banking, paypal, etc., but I used the infected computer to do it.

    Maybe I'm being overly careful, but I just want to make sure that I am safe to use this computer.

    What steps should I take to double check?

    Any help appreciated
  2. Broni

    Broni Malware Annihilator Posts: 46,447   +252

    Welcome aboard [​IMG]

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
  3. mwlevey

    mwlevey Newcomer, in training Topic Starter Posts: 19

    Thanks, Broni. Here is the first log.

    Malwarebytes Anti-Malware (Trial) 1.60.1.1000
    www.malwarebytes.org

    Database version: v2012.03.10.05

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Marc & Elizabeth :: HP [administrator]

    Protection: Enabled

    3/10/2012 3:49:34 PM
    mbam-log-2012-03-10 (15-49-34).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 186692
    Time elapsed: 3 minute(s), 23 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
  4. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Deleting your original thread.
  5. mwlevey

    mwlevey Newcomer, in training Topic Starter Posts: 19

    I guess GMER found no modifications, so no log file.
  6. mwlevey

    mwlevey Newcomer, in training Topic Starter Posts: 19

    I downloaded and ran the DDS executable, but it didn't seem to work.

    A window opened for a split second and then closed i'm not sure if I have a "script blocking" program running. I disabled my Norton360 but it still didn't work.

    Any help appreciated.
  7. Broni

    Broni Malware Annihilator Posts: 46,447   +252

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

    =====================================================================

    Download Bootkit Remover to your desktop.

    • Unzip downloaded file to your Desktop.
    • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
    • It will show a Black screen with some data on it.
    • Right click on the screen and click Select All.
    • Press CTRL+C
    • Open a Notepad and press CTRL+V
    • Post the output back here.
  8. mwlevey

    mwlevey Newcomer, in training Topic Starter Posts: 19

    aswMBR version 0.9.9.1649 Copyright(c) 2011 AVAST Software
    Run date: 2012-03-10 16:30:18
    -----------------------------
    16:30:18.595 OS Version: Windows x64 6.1.7601 Service Pack 1
    16:30:18.595 Number of processors: 4 586 0x2505
    16:30:18.597 ComputerName: HP UserName:
    16:30:20.300 Initialize success
    16:31:04.310 AVAST engine defs: 12031002
    16:31:14.228 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
    16:31:14.233 Disk 0 Vendor: ST950032 0005 Size: 476940MB BusType: 3
    16:31:14.250 Disk 0 MBR read successfully
    16:31:14.254 Disk 0 MBR scan
    16:31:14.262 Disk 0 Windows 7 default MBR code
    16:31:14.273 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
    16:31:14.292 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 461957 MB offset 409600
    16:31:14.329 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 14679 MB offset 946497536
    16:31:14.349 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 103 MB offset 976560128
    16:31:14.403 Disk 0 scanning C:\Windows\system32\drivers
    16:31:28.167 Service scanning
    16:31:59.718 Modules scanning
    16:31:59.734 Disk 0 trace - called modules:
    16:31:59.764 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
    16:31:59.773 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800526e060]
    16:31:59.781 3 CLASSPNP.SYS[fffff88001c0143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004fcc050]
    16:32:01.289 AVAST engine scan C:\Windows
    16:32:03.766 AVAST engine scan C:\Windows\system32
    16:35:42.341 AVAST engine scan C:\Windows\system32\drivers
    16:36:07.198 AVAST engine scan C:\Users\Marc & Elizabeth
    16:40:47.905 AVAST engine scan C:\ProgramData
    16:42:31.561 Scan finished successfully
    16:52:53.342 Disk 0 MBR has been saved successfully to "C:\Users\Marc & Elizabeth\Documents\MBR.dat"
    16:52:53.347 The log file has been saved successfully to "C:\Users\Marc & Elizabeth\Documents\aswMBR.txt"
    16:53:11.328 Disk 0 MBR has been saved successfully to "C:\Users\Marc & Elizabeth\Desktop\MBR.dat"
    16:53:11.333 The log file has been saved successfully to "C:\Users\Marc & Elizabeth\Desktop\aswMBR.txt"
  9. mwlevey

    mwlevey Newcomer, in training Topic Starter Posts: 19

    Bootkit Remover
    (c) 2009 Esage Lab
    www.esagelab.com

    Program version: 1.2.0.1
    OS Version: Microsoft Windows 7 Home Premium Edition Service Pack 1 (build 7601)
    , 64-bit

    System volume is \\.\C:
    \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`0c800000

    Size Device Name MBR Status
    --------------------------------------------
    465 GB \\.\PhysicalDrive0 Controlled by rootkit!

    Boot code on some of your physical disks is hidden by a rootkit.
    To disinfect the master boot sector, use the following command:
    remover.exe fix <device_name>
    To inspect the boot code manually, dump the master boot sector:
    remover.exe dump <device_name> [output_file]


    Done;
    Press any key to quit...
  10. Broni

    Broni Malware Annihilator Posts: 46,447   +252

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
  11. mwlevey

    mwlevey Newcomer, in training Topic Starter Posts: 19

    17:44:37.0218 1260 TDSS rootkit removing tool 2.7.19.0 Mar 5 2012 11:23:39
    17:44:39.0221 1260 ============================================================
    17:44:39.0221 1260 Current date / time: 2012/03/10 17:44:39.0221
    17:44:39.0221 1260 SystemInfo:
    17:44:39.0221 1260
    17:44:39.0221 1260 OS Version: 6.1.7601 ServicePack: 1.0
    17:44:39.0221 1260 Product type: Workstation
    17:44:39.0221 1260 ComputerName: HP
    17:44:39.0221 1260 UserName: Marc & Elizabeth
    17:44:39.0221 1260 Windows directory: C:\Windows
    17:44:39.0221 1260 System windows directory: C:\Windows
    17:44:39.0221 1260 Running under WOW64
    17:44:39.0221 1260 Processor architecture: Intel x64
    17:44:39.0221 1260 Number of processors: 4
    17:44:39.0221 1260 Page size: 0x1000
    17:44:39.0221 1260 Boot type: Normal boot
    17:44:39.0221 1260 ============================================================
    17:44:40.0150 1260 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    17:44:40.0205 1260 \Device\Harddisk0\DR0:
    17:44:40.0214 1260 MBR used
    17:44:40.0214 1260 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
    17:44:40.0214 1260 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x38642800
    17:44:40.0214 1260 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x386A6800, BlocksNum 0x1CAB800
    17:44:40.0214 1260 \Device\Harddisk0\DR0\Partition3: MBR, Type 0xC, StartLBA 0x3A352000, BlocksNum 0x33830
    17:44:40.0452 1260 Initialize success
    17:44:40.0452 1260 ============================================================
    17:44:51.0545 5880 ============================================================
    17:44:51.0545 5880 Scan started
    17:44:51.0545 5880 Mode: Manual;
    17:44:51.0545 5880 ============================================================
    17:44:52.0601 5880 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
    17:44:52.0678 5880 1394ohci - ok
    17:44:52.0940 5880 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
    17:44:52.0984 5880 ACPI - ok
    17:44:53.0234 5880 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
    17:44:53.0245 5880 AcpiPmi - ok
    17:44:53.0370 5880 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
    17:44:53.0392 5880 adp94xx - ok
    17:44:53.0453 5880 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
    17:44:53.0470 5880 adpahci - ok
    17:44:53.0576 5880 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
    17:44:53.0581 5880 adpu320 - ok
    17:44:53.0698 5880 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
    17:44:53.0708 5880 AFD - ok
    17:44:53.0799 5880 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
    17:44:53.0804 5880 agp440 - ok
    17:44:53.0942 5880 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
    17:44:53.0962 5880 aliide - ok
    17:44:54.0063 5880 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
    17:44:54.0065 5880 amdide - ok
    17:44:54.0130 5880 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
    17:44:54.0149 5880 AmdK8 - ok
    17:44:54.0250 5880 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
    17:44:54.0253 5880 AmdPPM - ok
    17:44:54.0325 5880 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
    17:44:54.0328 5880 amdsata - ok
    17:44:54.0403 5880 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
    17:44:54.0417 5880 amdsbs - ok
    17:44:54.0501 5880 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
    17:44:54.0504 5880 amdxata - ok
    17:44:54.0609 5880 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
    17:44:54.0611 5880 AppID - ok
    17:44:54.0767 5880 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
    17:44:54.0770 5880 arc - ok
    17:44:54.0789 5880 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
    17:44:54.0792 5880 arcsas - ok
    17:44:54.0879 5880 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
    17:44:54.0881 5880 AsyncMac - ok
    17:44:54.0960 5880 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
    17:44:54.0982 5880 atapi - ok
    17:44:55.0132 5880 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
    17:44:55.0151 5880 b06bdrv - ok
    17:44:55.0215 5880 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
    17:44:55.0222 5880 b57nd60a - ok
    17:44:55.0308 5880 BCM43XX (9e84a931dbee0292e38ed672f6293a99) C:\Windows\system32\DRIVERS\bcmwl664.sys
    17:44:55.0342 5880 BCM43XX - ok
    17:44:55.0411 5880 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
    17:44:55.0414 5880 Beep - ok
    17:44:55.0621 5880 BHDrvx64 (6c64fa457c200874faa87d74152e0d84) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\BASHDefs\20120302.001\BHDrvx64.sys
    17:44:55.0662 5880 BHDrvx64 - ok
    17:44:55.0757 5880 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys
    17:44:55.0759 5880 blbdrive - ok
    17:44:55.0856 5880 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
    17:44:55.0870 5880 bowser - ok
    17:44:55.0966 5880 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
    17:44:55.0968 5880 BrFiltLo - ok
    17:44:55.0986 5880 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
    17:44:55.0989 5880 BrFiltUp - ok
    17:44:56.0041 5880 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
    17:44:56.0049 5880 Brserid - ok
    17:44:56.0130 5880 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
    17:44:56.0133 5880 BrSerWdm - ok
    17:44:56.0177 5880 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
    17:44:56.0180 5880 BrUsbMdm - ok
    17:44:56.0257 5880 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
    17:44:56.0259 5880 BrUsbSer - ok
    17:44:56.0337 5880 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
    17:44:56.0340 5880 BTHMODEM - ok
    17:44:56.0452 5880 ccSet_N360 (0e1737a63aec0f6de231bb59836c0a11) C:\Windows\system32\drivers\N360x64\0601010.008\ccSetx64.sys
    17:44:56.0469 5880 ccSet_N360 - ok
    17:44:56.0541 5880 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
    17:44:56.0560 5880 cdfs - ok
    17:44:56.0608 5880 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
    17:44:56.0614 5880 cdrom - ok
    17:44:56.0718 5880 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
    17:44:56.0722 5880 circlass - ok
    17:44:56.0769 5880 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
    17:44:56.0776 5880 CLFS - ok
    17:44:56.0881 5880 clwvd (50f92c943f18b070f166d019dfab3d9a) C:\Windows\system32\DRIVERS\clwvd.sys
    17:44:56.0898 5880 clwvd - ok
    17:44:56.0992 5880 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
    17:44:56.0994 5880 CmBatt - ok
    17:44:57.0024 5880 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
    17:44:57.0026 5880 cmdide - ok
    17:44:57.0105 5880 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
    17:44:57.0125 5880 CNG - ok
    17:44:57.0250 5880 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
    17:44:57.0252 5880 Compbatt - ok
    17:44:57.0300 5880 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
    17:44:57.0314 5880 CompositeBus - ok
    17:44:57.0418 5880 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
    17:44:57.0420 5880 crcdisk - ok
    17:44:57.0552 5880 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
    17:44:57.0574 5880 DfsC - ok
    17:44:57.0670 5880 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
    17:44:57.0672 5880 discache - ok
    17:44:57.0714 5880 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
    17:44:57.0717 5880 Disk - ok
    17:44:57.0812 5880 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
    17:44:57.0814 5880 drmkaud - ok
    17:44:57.0867 5880 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
    17:44:57.0925 5880 DXGKrnl - ok
    17:44:58.0078 5880 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
    17:44:58.0176 5880 ebdrv - ok
    17:44:58.0272 5880 eeCtrl (0c3f9eff8ddd9f9eb56d754b4620155f) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
    17:44:58.0282 5880 eeCtrl - ok
    17:44:58.0406 5880 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
    17:44:58.0428 5880 elxstor - ok
    17:44:58.0540 5880 EraserUtilRebootDrv (8c0f9b877bc0b7ffd327ef55f9efb642) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
    17:44:58.0545 5880 EraserUtilRebootDrv - ok
    17:44:58.0620 5880 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
    17:44:58.0623 5880 ErrDev - ok
    17:44:58.0795 5880 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
    17:44:58.0800 5880 exfat - ok
    17:44:58.0834 5880 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
    17:44:58.0839 5880 fastfat - ok
    17:44:58.0883 5880 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
    17:44:58.0885 5880 fdc - ok
    17:44:58.0928 5880 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
    17:44:58.0931 5880 FileInfo - ok
    17:44:58.0945 5880 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
    17:44:58.0948 5880 Filetrace - ok
    17:44:58.0981 5880 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
    17:44:58.0984 5880 flpydisk - ok
    17:44:59.0008 5880 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
    17:44:59.0025 5880 FltMgr - ok
    17:44:59.0057 5880 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
    17:44:59.0059 5880 FsDepends - ok
    17:44:59.0078 5880 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
    17:44:59.0081 5880 Fs_Rec - ok
    17:44:59.0129 5880 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
    17:44:59.0134 5880 fvevol - ok
    17:44:59.0207 5880 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
    17:44:59.0228 5880 gagp30kx - ok
    17:44:59.0277 5880 GEARAspiWDM (af4dee5531395dee72b35b36c9671fd0) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    17:44:59.0292 5880 GEARAspiWDM - ok
    17:44:59.0390 5880 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
    17:44:59.0393 5880 hcw85cir - ok
    17:44:59.0438 5880 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
    17:44:59.0447 5880 HdAudAddService - ok
    17:44:59.0550 5880 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
    17:44:59.0554 5880 HDAudBus - ok
    17:44:59.0598 5880 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
    17:44:59.0610 5880 HECIx64 - ok
    17:44:59.0705 5880 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
    17:44:59.0707 5880 HidBatt - ok
    17:44:59.0785 5880 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
    17:44:59.0788 5880 HidBth - ok
    17:44:59.0841 5880 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
    17:44:59.0844 5880 HidIr - ok
    17:44:59.0891 5880 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
    17:44:59.0894 5880 HidUsb - ok
    17:45:00.0059 5880 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
    17:45:00.0062 5880 HpSAMD - ok
    17:45:00.0197 5880 HTCAND64 (f47cec45fb85791d4ab237563ad0fa8f) C:\Windows\system32\Drivers\ANDROIDUSB.sys
    17:45:00.0212 5880 HTCAND64 - ok
    17:45:00.0265 5880 htcnprot (b8b1b284362e1d8135112573395d5da5) C:\Windows\system32\DRIVERS\htcnprot.sys
    17:45:00.0267 5880 htcnprot - ok
    17:45:00.0335 5880 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
    17:45:00.0382 5880 HTTP - ok
    17:45:00.0472 5880 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
    17:45:00.0474 5880 hwpolicy - ok
    17:45:00.0590 5880 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
    17:45:00.0593 5880 i8042prt - ok
    17:45:00.0716 5880 iaStor (26cf4275034214ecedd8ec17b0a18a99) C:\Windows\system32\DRIVERS\iaStor.sys
    17:45:00.0722 5880 iaStor - ok
    17:45:00.0848 5880 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
    17:45:00.0870 5880 iaStorV - ok
    17:45:01.0100 5880 IDSVia64 (18c40c3f368323b203ace403cb430db1) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\IPSDefs\20120309.002\IDSvia64.sys
    17:45:01.0109 5880 IDSVia64 - ok
    17:45:01.0444 5880 igfx (33faa40b288002c89529dbd14f3ab72c) C:\Windows\system32\DRIVERS\igdkmd64.sys
    17:45:01.0744 5880 igfx - ok
    17:45:01.0869 5880 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
    17:45:01.0872 5880 iirsp - ok
    17:45:01.0922 5880 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\DRIVERS\Impcd.sys
    17:45:01.0938 5880 Impcd - ok
    17:45:02.0042 5880 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys
    17:45:02.0050 5880 IntcDAud - ok
    17:45:02.0079 5880 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
    17:45:02.0082 5880 intelide - ok
    17:45:02.0129 5880 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
    17:45:02.0132 5880 intelppm - ok
    17:45:02.0182 5880 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    17:45:02.0185 5880 IpFilterDriver - ok
    17:45:02.0220 5880 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
    17:45:02.0224 5880 IPMIDRV - ok
    17:45:02.0254 5880 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
    17:45:02.0258 5880 IPNAT - ok
    17:45:02.0339 5880 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
    17:45:02.0342 5880 IRENUM - ok
    17:45:02.0398 5880 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
    17:45:02.0400 5880 isapnp - ok
    17:45:02.0449 5880 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
    17:45:02.0465 5880 iScsiPrt - ok
    17:45:02.0545 5880 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
    17:45:02.0548 5880 kbdclass - ok
    17:45:02.0590 5880 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
    17:45:02.0593 5880 kbdhid - ok
    17:45:02.0680 5880 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
    17:45:02.0684 5880 KSecDD - ok
    17:45:02.0723 5880 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
    17:45:02.0727 5880 KSecPkg - ok
    17:45:02.0763 5880 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
    17:45:02.0765 5880 ksthunk - ok
    17:45:03.0006 5880 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
    17:45:03.0009 5880 lltdio - ok
    17:45:03.0111 5880 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
    17:45:03.0115 5880 LSI_FC - ok
    17:45:03.0152 5880 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
    17:45:03.0165 5880 LSI_SAS - ok
    17:45:03.0197 5880 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
    17:45:03.0200 5880 LSI_SAS2 - ok
    17:45:03.0237 5880 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
    17:45:03.0241 5880 LSI_SCSI - ok
    17:45:03.0277 5880 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
    17:45:03.0280 5880 luafv - ok
    17:45:03.0419 5880 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
    17:45:03.0425 5880 MBAMProtector - ok
    17:45:03.0542 5880 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
    17:45:03.0544 5880 megasas - ok
    17:45:03.0575 5880 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
    17:45:03.0581 5880 MegaSR - ok
    17:45:03.0619 5880 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
    17:45:03.0621 5880 Modem - ok
    17:45:03.0692 5880 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
    17:45:03.0694 5880 monitor - ok
    17:45:03.0807 5880 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
    17:45:03.0829 5880 mouclass - ok
    17:45:03.0945 5880 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\drivers\mouhid.sys
    17:45:03.0947 5880 mouhid - ok
    17:45:03.0996 5880 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
    17:45:04.0009 5880 mountmgr - ok
    17:45:04.0109 5880 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
    17:45:04.0113 5880 mpio - ok
    17:45:04.0152 5880 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
    17:45:04.0155 5880 mpsdrv - ok
    17:45:04.0243 5880 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
    17:45:04.0248 5880 MRxDAV - ok
    17:45:04.0288 5880 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
    17:45:04.0309 5880 mrxsmb - ok
    17:45:04.0398 5880 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    17:45:04.0405 5880 mrxsmb10 - ok
    17:45:04.0447 5880 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    17:45:04.0464 5880 mrxsmb20 - ok
    17:45:04.0557 5880 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
    17:45:04.0560 5880 msahci - ok
    17:45:04.0597 5880 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
    17:45:04.0602 5880 msdsm - ok
    17:45:04.0788 5880 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
    17:45:04.0791 5880 Msfs - ok
    17:45:04.0829 5880 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
    17:45:04.0831 5880 mshidkmdf - ok
    17:45:04.0880 5880 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
    17:45:04.0882 5880 msisadrv - ok
    17:45:04.0955 5880 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
    17:45:04.0975 5880 MSKSSRV - ok
    17:45:04.0996 5880 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
    17:45:04.0999 5880 MSPCLOCK - ok
    17:45:05.0026 5880 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
    17:45:05.0029 5880 MSPQM - ok
    17:45:05.0063 5880 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
    17:45:05.0070 5880 MsRPC - ok
    17:45:05.0107 5880 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
    17:45:05.0128 5880 mssmbios - ok
    17:45:05.0179 5880 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
    17:45:05.0182 5880 MSTEE - ok
    17:45:05.0210 5880 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
    17:45:05.0213 5880 MTConfig - ok
    17:45:05.0235 5880 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
    17:45:05.0238 5880 Mup - ok
    17:45:05.0366 5880 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
    17:45:05.0381 5880 NativeWifiP - ok
    17:45:05.0570 5880 NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\VirusDefs\20120309.034\ENG64.SYS
    17:45:05.0574 5880 NAVENG - ok
    17:45:05.0800 5880 NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\VirusDefs\20120309.034\EX64.SYS
    17:45:05.0881 5880 NAVEX15 - ok
    17:45:06.0011 5880 NBVol (7b2d90bbbbed11c8dfba441d34ae901e) C:\Windows\system32\DRIVERS\NBVol.sys
    17:45:06.0027 5880 NBVol - ok
    17:45:06.0154 5880 NBVolUp (4fe7b5757279d82c4d171e9f7fd52a75) C:\Windows\system32\DRIVERS\NBVolUp.sys
    17:45:06.0157 5880 NBVolUp - ok
    17:45:06.0212 5880 NDIS (c38b8ae57f78915905064a9a24dc1586) C:\Windows\system32\drivers\ndis.sys
    17:45:06.0268 5880 NDIS - ok
    17:45:06.0316 5880 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
    17:45:06.0318 5880 NdisCap - ok
    17:45:06.0361 5880 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
    17:45:06.0363 5880 NdisTapi - ok
    17:45:06.0387 5880 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
    17:45:06.0390 5880 Ndisuio - ok
    17:45:06.0413 5880 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
    17:45:06.0418 5880 NdisWan - ok
    17:45:06.0450 5880 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
    17:45:06.0452 5880 NDProxy - ok
    17:45:06.0486 5880 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
    17:45:06.0500 5880 NetBIOS - ok
    17:45:06.0545 5880 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
    17:45:06.0550 5880 NetBT - ok
    17:45:06.0677 5880 netr28x (24cf1304d899124336f67f88f3c15e21) C:\Windows\system32\DRIVERS\netr28x.sys
    17:45:06.0711 5880 netr28x - ok
    17:45:06.0804 5880 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
    17:45:06.0808 5880 nfrd960 - ok
    17:45:06.0914 5880 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
    17:45:06.0916 5880 Npfs - ok
    17:45:06.0944 5880 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
    17:45:06.0947 5880 nsiproxy - ok
    17:45:07.0025 5880 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
    17:45:07.0069 5880 Ntfs - ok
    17:45:07.0118 5880 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
    17:45:07.0121 5880 Null - ok
    17:45:07.0191 5880 NVENETFD (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys
    17:45:07.0200 5880 NVENETFD - ok
    17:45:07.0257 5880 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
    17:45:07.0262 5880 nvraid - ok
    17:45:07.0300 5880 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
    17:45:07.0319 5880 nvstor - ok
    17:45:07.0369 5880 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
    17:45:07.0373 5880 nv_agp - ok
    17:45:07.0410 5880 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
    17:45:07.0413 5880 ohci1394 - ok
    17:45:07.0472 5880 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
    17:45:07.0475 5880 Parport - ok
    17:45:07.0514 5880 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
    17:45:07.0517 5880 partmgr - ok
    17:45:07.0580 5880 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
    17:45:07.0598 5880 pci - ok
    17:45:07.0655 5880 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
    17:45:07.0658 5880 pciide - ok
    17:45:07.0689 5880 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
    17:45:07.0695 5880 pcmcia - ok
    17:45:07.0728 5880 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
    17:45:07.0731 5880 pcw - ok
    17:45:07.0769 5880 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
    17:45:07.0792 5880 PEAUTH - ok
    17:45:07.0919 5880 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
    17:45:07.0932 5880 PptpMiniport - ok
    17:45:07.0964 5880 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
    17:45:07.0967 5880 Processor - ok
    17:45:08.0004 5880 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
    17:45:08.0007 5880 Psched - ok
    17:45:08.0070 5880 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
    17:45:08.0129 5880 ql2300 - ok
    17:45:08.0165 5880 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
    17:45:08.0169 5880 ql40xx - ok
    17:45:08.0221 5880 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
    17:45:08.0224 5880 QWAVEdrv - ok
    17:45:08.0263 5880 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
    17:45:08.0265 5880 RasAcd - ok
    17:45:08.0323 5880 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
    17:45:08.0344 5880 RasAgileVpn - ok
    17:45:08.0406 5880 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
    17:45:08.0409 5880 Rasl2tp - ok
    17:45:08.0432 5880 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
    17:45:08.0435 5880 RasPppoe - ok
    17:45:08.0474 5880 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
    17:45:08.0477 5880 RasSstp - ok
    17:45:08.0506 5880 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
    17:45:08.0513 5880 rdbss - ok
    17:45:08.0543 5880 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
    17:45:08.0545 5880 rdpbus - ok
    17:45:08.0579 5880 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
    17:45:08.0581 5880 RDPCDD - ok
    17:45:08.0605 5880 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
    17:45:08.0610 5880 RDPENCDD - ok
    17:45:08.0708 5880 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
    17:45:08.0711 5880 RDPREFMP - ok
    17:45:08.0734 5880 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
    17:45:08.0739 5880 RDPWD - ok
    17:45:08.0842 5880 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
    17:45:08.0848 5880 rdyboost - ok
    17:45:08.0982 5880 RSPCIESTOR (546d7f426776090b90ef5f195b6ae662) C:\Windows\system32\DRIVERS\RtsPStor.sys
    17:45:08.0999 5880 RSPCIESTOR - ok
    17:45:09.0114 5880 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
    17:45:09.0129 5880 rspndr - ok
    17:45:09.0248 5880 RTL8167 (ee082e06a82ff630351d1e0ebbd3d8d0) C:\Windows\system32\DRIVERS\Rt64win7.sys
    17:45:09.0270 5880 RTL8167 - ok
    17:45:09.0366 5880 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
    17:45:09.0370 5880 sbp2port - ok
    17:45:09.0410 5880 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
    17:45:09.0413 5880 scfilter - ok
    17:45:09.0513 5880 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\DRIVERS\sdbus.sys
    17:45:09.0517 5880 sdbus - ok
    17:45:09.0624 5880 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
    17:45:09.0630 5880 secdrv - ok
    17:45:09.0780 5880 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
    17:45:09.0782 5880 Serenum - ok
    17:45:09.0826 5880 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
    17:45:09.0830 5880 Serial - ok
    17:45:09.0898 5880 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
    17:45:09.0902 5880 sermouse - ok
    17:45:09.0954 5880 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
    17:45:09.0957 5880 sffdisk - ok
    17:45:09.0986 5880 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
    17:45:09.0993 5880 sffp_mmc - ok
    17:45:10.0024 5880 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
    17:45:10.0026 5880 sffp_sd - ok
    17:45:10.0121 5880 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
    17:45:10.0123 5880 sfloppy - ok
    17:45:10.0188 5880 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\Windows\system32\DRIVERS\Sftfslh.sys
    17:45:10.0214 5880 Sftfs - ok
    17:45:10.0280 5880 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\Windows\system32\DRIVERS\Sftplaylh.sys
    17:45:10.0286 5880 Sftplay - ok
    17:45:10.0321 5880 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\Windows\system32\DRIVERS\Sftredirlh.sys
    17:45:10.0333 5880 Sftredir - ok
    17:45:10.0373 5880 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\Windows\system32\DRIVERS\Sftvollh.sys
    17:45:10.0376 5880 Sftvol - ok
    17:45:10.0465 5880 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
    17:45:10.0468 5880 SiSRaid2 - ok
    17:45:10.0500 5880 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
    17:45:10.0504 5880 SiSRaid4 - ok
    17:45:10.0546 5880 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
    17:45:10.0549 5880 Smb - ok
    17:45:10.0591 5880 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
    17:45:10.0593 5880 spldr - ok
    17:45:10.0761 5880 SRTSP (4d56f175f76c685a06471800a03219b2) C:\Windows\System32\Drivers\N360x64\0601010.008\SRTSP64.SYS
    17:45:10.0784 5880 SRTSP - ok
    17:45:10.0934 5880 SRTSPX (7b02f64dc80c0ec7300af302ed5d1cb3) C:\Windows\system32\drivers\N360x64\0601010.008\SRTSPX64.SYS
    17:45:10.0937 5880 SRTSPX - ok
    17:45:11.0056 5880 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
    17:45:11.0123 5880 srv - ok
    17:45:11.0207 5880 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
    17:45:11.0217 5880 srv2 - ok
    17:45:11.0267 5880 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
    17:45:11.0273 5880 SrvHsfHDA - ok
    17:45:11.0333 5880 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
    17:45:11.0382 5880 SrvHsfV92 - ok
    17:45:11.0423 5880 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
    17:45:11.0446 5880 SrvHsfWinac - ok
    17:45:11.0492 5880 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
    17:45:11.0497 5880 srvnet - ok
    17:45:11.0562 5880 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
    17:45:11.0565 5880 stexstor - ok
    17:45:11.0636 5880 STHDA (ebc1a5e076a9be314d3d9e8ed19abb0a) C:\Windows\system32\DRIVERS\stwrt64.sys
    17:45:11.0646 5880 STHDA - ok
    17:45:11.0744 5880 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
    17:45:11.0746 5880 swenum - ok
    17:45:11.0919 5880 SymDS (8b2430762099598da40686f754632efd) C:\Windows\system32\drivers\N360x64\0601010.008\SYMDS64.SYS
    17:45:11.0928 5880 SymDS - ok
    17:45:12.0087 5880 SymEFA (f90c7a190399165d3ab2245048d34786) C:\Windows\system32\drivers\N360x64\0601010.008\SYMEFA64.SYS
    17:45:12.0120 5880 SymEFA - ok
    17:45:12.0227 5880 SymEvent (894579207e39c465737e850a252ce4f2) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
    17:45:12.0245 5880 SymEvent - ok
    17:45:12.0392 5880 SymIRON (5013a76caaa1d7cf1c55214b490b4e35) C:\Windows\system32\drivers\N360x64\0601010.008\Ironx64.SYS
    17:45:12.0398 5880 SymIRON - ok
    17:45:12.0452 5880 SymNetS (3911bd0e68c010e5438a87706abbe9ab) C:\Windows\System32\Drivers\N360x64\0601010.008\SYMNETS.SYS
    17:45:12.0460 5880 SymNetS - ok
    17:45:12.0595 5880 SynTP (c447977ed2a4ae9346fe3a0579a34d7c) C:\Windows\system32\DRIVERS\SynTP.sys
    17:45:12.0663 5880 SynTP - ok
    17:45:12.0943 5880 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
    17:45:13.0027 5880 Tcpip - ok
    17:45:13.0168 5880 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
    17:45:13.0186 5880 TCPIP6 - ok
    17:45:13.0226 5880 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
    17:45:13.0241 5880 tcpipreg - ok
    17:45:13.0268 5880 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
    17:45:13.0271 5880 TDPIPE - ok
    17:45:13.0300 5880 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
    17:45:13.0302 5880 TDTCP - ok
    17:45:13.0336 5880 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
    17:45:13.0339 5880 tdx - ok
    17:45:13.0410 5880 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
    17:45:13.0414 5880 TermDD - ok
    17:45:13.0485 5880 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
    17:45:13.0488 5880 tssecsrv - ok
    17:45:13.0544 5880 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
    17:45:13.0547 5880 TsUsbFlt - ok
    17:45:13.0582 5880 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
    17:45:13.0584 5880 TsUsbGD - ok
    17:45:13.0670 5880 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
    17:45:13.0674 5880 tunnel - ok
    17:45:13.0709 5880 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
    17:45:13.0713 5880 uagp35 - ok
    17:45:13.0748 5880 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
    17:45:13.0755 5880 udfs - ok
    17:45:13.0862 5880 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
    17:45:13.0865 5880 uliagpkx - ok
    17:45:13.0900 5880 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
    17:45:13.0903 5880 umbus - ok
    17:45:13.0930 5880 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
    17:45:13.0933 5880 UmPass - ok
    17:45:13.0987 5880 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
    17:45:14.0006 5880 usbaudio - ok
    17:45:14.0040 5880 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
    17:45:14.0060 5880 usbccgp - ok
    17:45:14.0143 5880 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
    17:45:14.0146 5880 usbcir - ok
    17:45:14.0181 5880 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
    17:45:14.0201 5880 usbehci - ok
    17:45:14.0261 5880 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
    17:45:14.0281 5880 usbhub - ok
    17:45:14.0355 5880 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
    17:45:14.0358 5880 usbohci - ok
    17:45:14.0394 5880 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
    17:45:14.0396 5880 usbprint - ok
    17:45:14.0429 5880 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    17:45:14.0432 5880 USBSTOR - ok
    17:45:14.0457 5880 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
    17:45:14.0460 5880 usbuhci - ok
    17:45:14.0509 5880 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
    17:45:14.0530 5880 usbvideo - ok
    17:45:14.0626 5880 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
    17:45:14.0629 5880 vdrvroot - ok
    17:45:14.0720 5880 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
    17:45:14.0722 5880 vga - ok
    17:45:14.0750 5880 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
    17:45:14.0752 5880 VgaSave - ok
    17:45:14.0796 5880 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
    17:45:14.0802 5880 vhdmp - ok
    17:45:14.0835 5880 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
    17:45:14.0838 5880 viaide - ok
    17:45:14.0878 5880 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
    17:45:14.0898 5880 volmgr - ok
    17:45:14.0981 5880 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
    17:45:14.0989 5880 volmgrx - ok
    17:45:15.0028 5880 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
    17:45:15.0035 5880 volsnap - ok
    17:45:15.0110 5880 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
    17:45:15.0115 5880 vsmraid - ok
    17:45:15.0169 5880 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
    17:45:15.0172 5880 vwifibus - ok
    17:45:15.0193 5880 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
    17:45:15.0196 5880 vwififlt - ok
    17:45:15.0296 5880 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
    17:45:15.0316 5880 vwifimp - ok
    17:45:15.0417 5880 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
    17:45:15.0420 5880 WacomPen - ok
    17:45:15.0485 5880 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
    17:45:15.0489 5880 WANARP - ok
    17:45:15.0504 5880 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
    17:45:15.0506 5880 Wanarpv6 - ok
    17:45:15.0666 5880 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
    17:45:15.0669 5880 Wd - ok
    17:45:15.0721 5880 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
    17:45:15.0744 5880 Wdf01000 - ok
    17:45:15.0857 5880 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
    17:45:15.0859 5880 WfpLwf - ok
    17:45:15.0881 5880 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
    17:45:15.0884 5880 WIMMount - ok
    17:45:16.0004 5880 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
    17:45:16.0007 5880 WinUsb - ok
    17:45:16.0081 5880 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
    17:45:16.0084 5880 WmiAcpi - ok
    17:45:16.0187 5880 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
    17:45:16.0201 5880 ws2ifsl - ok
    17:45:16.0271 5880 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
    17:45:16.0276 5880 WudfPf - ok
    17:45:16.0364 5880 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
    17:45:16.0369 5880 WUDFRd - ok
    17:45:16.0424 5880 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
    17:45:16.0492 5880 \Device\Harddisk0\DR0 - ok
    17:45:16.0503 5880 Boot (0x1200) (f4ac2e9d5d3dffc95e7b5e376b4d6494) \Device\Harddisk0\DR0\Partition0
    17:45:16.0505 5880 \Device\Harddisk0\DR0\Partition0 - ok
    17:45:16.0522 5880 Boot (0x1200) (107cd996d0945eb7a502d12835b0aba4) \Device\Harddisk0\DR0\Partition1
    17:45:16.0524 5880 \Device\Harddisk0\DR0\Partition1 - ok
    17:45:16.0559 5880 Boot (0x1200) (fa223323f8d2376cfb8eef8c11444a00) \Device\Harddisk0\DR0\Partition2
    17:45:16.0562 5880 \Device\Harddisk0\DR0\Partition2 - ok
    17:45:16.0579 5880 Boot (0x1200) (25019cadb4d23ca711345778b409e941) \Device\Harddisk0\DR0\Partition3
    17:45:16.0582 5880 \Device\Harddisk0\DR0\Partition3 - ok
    17:45:16.0583 5880 ============================================================
    17:45:16.0583 5880 Scan finished
    17:45:16.0583 5880 ============================================================
    17:45:16.0597 3576 Detected object count: 0
    17:45:16.0597 3576 Actual detected object count: 0
     
  12. Broni

    Broni Malware Annihilator Posts: 46,447   +252

    Download the FixTDSS.exe

    Save the file to your Windows desktop.
    Close all running programs.
    If you are running Windows XP, turn off System Restore. How to turn off or turn on Windows XP System Restore
    Double-click the FixTDSS.exe file to start the removal tool.
    Click Start to begin the process, and then allow the tool to run.
    OK any security prompts.
    Restart the computer when prompted by the tool.
    After the computer has started, the tool will inform you of the state of infection (make sure to let me know what it said)
    If you are running Windows XP, re-enable System Restore.
  13. mwlevey

    mwlevey Newcomer, in training Topic Starter Posts: 19

    Fix TDSS Tool said "No infections were found."
  14. Broni

    Broni Malware Annihilator Posts: 46,447   +252

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
    There are 4 different versions. If one of them won't run then download and try to run the other one.
    Vista and Win7 users need to right click Rkill and choose Run as Administrator
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    * Rkill.com
    * Rkill.scr
    * Rkill.exe
    • Double-click on the Rkill icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.
    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
  15. mwlevey

    mwlevey Newcomer, in training Topic Starter Posts: 19

    Here is the combofix log. I had to start in safe mode to get it to run. Although Norton was disabled, it kept giving me a warning that it was running. Thanks for all your help.

    ComboFix 12-03-10.02 - Marc & Elizabeth 03/11/2012 10:34:46.3.4 - x64 MINIMAL
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3894.2823 [GMT -7:00]
    Running from: c:\users\Marc & Elizabeth\Desktop\ComboFix.exe
    AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
    FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
    SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-02-11 to 2012-03-11 )))))))))))))))))))))))))))))))
    .
    .
    2012-03-11 17:39 . 2012-03-11 17:39 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-03-10 17:49 . 2012-03-10 17:49 -------- d-----w- c:\users\Marc & Elizabeth\AppData\Roaming\Malwarebytes
    2012-03-10 17:49 . 2012-03-10 17:49 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-03-10 17:49 . 2012-03-10 17:49 -------- d-----w- c:\programdata\Malwarebytes
    2012-03-10 17:49 . 2011-12-10 23:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-03-10 16:22 . 2012-03-10 16:43 -------- d-----w- c:\programdata\SecTaskMan
    2012-03-09 20:01 . 2012-03-09 20:01 -------- d-----w- c:\programdata\McAfee
    2012-03-09 18:11 . 2012-03-09 18:16 -------- d-----w- c:\users\Marc & Elizabeth\AppData\Local\NPE
    2012-03-09 04:17 . 2012-03-09 17:01 -------- d-----w- c:\windows\system32\drivers\N360x64\0601010.008
    2012-03-08 20:24 . 2012-03-09 17:26 -------- d-----w- c:\users\Marc & Elizabeth\AppData\Roaming\Ycsuon
    2012-03-08 20:24 . 2012-03-09 17:17 -------- d-----w- c:\users\Marc & Elizabeth\AppData\Roaming\Caymsao
    2012-03-07 17:48 . 2012-03-07 17:48 -------- d-----w- c:\users\Marc & Elizabeth\AppData\Roaming\TaxCut
    2012-03-07 17:45 . 2012-03-07 17:45 -------- d-----w- c:\program files (x86)\HRBlock2011
    2012-03-07 17:45 . 2012-03-07 17:45 -------- d-----w- c:\program files (x86)\PDF995
    2012-03-07 17:43 . 2012-03-07 17:43 -------- d-----w- c:\programdata\TaxCut
    2012-03-04 23:15 . 2012-03-04 23:15 -------- d-----w- c:\users\Marc & Elizabeth\AppData\Roaming\Stata10
    2012-03-04 23:13 . 2012-03-04 23:13 -------- d-----w- c:\program files\stats
    2012-03-02 16:47 . 2012-03-02 16:47 -------- d-----w- c:\users\Marc & Elizabeth\AppData\Roaming\Collaborate
    2012-03-02 16:47 . 2012-03-02 18:00 -------- d-----w- c:\users\Marc & Elizabeth\AppData\Roaming\Blackboard
    2012-02-25 17:56 . 2012-03-11 16:42 -------- d-----r- c:\users\Marc & Elizabeth\Dropbox
    2012-02-25 17:55 . 2012-03-11 16:42 -------- d-----w- c:\users\Marc & Elizabeth\AppData\Roaming\Dropbox
    2012-02-21 22:53 . 2012-02-26 00:23 -------- d-----w- c:\users\Marc & Elizabeth\AppData\Local\CrashDumps
    2012-02-16 04:08 . 2012-01-04 10:44 509952 ----a-w- c:\windows\system32\ntshrui.dll
    2012-02-16 04:08 . 2012-01-04 08:58 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
    2012-02-16 04:08 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl
    2012-02-16 04:08 . 2011-12-30 05:27 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
    2012-02-16 04:08 . 2012-01-14 04:06 3145728 ----a-w- c:\windows\system32\win32k.sys
    2012-02-16 04:08 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys
    2012-02-16 04:08 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll
    2012-02-16 04:08 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-03-09 04:18 . 2011-09-17 15:47 175736 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
    2012-02-22 05:34 . 2011-12-06 18:59 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2011-12-13 01:46 . 2011-12-13 01:46 9014784 ----a-w- c:\windows\system32\igfxress.dll
    2011-12-13 01:46 . 2011-12-13 01:46 90112 ----a-w- c:\windows\system32\igfxCoIn_v2476.dll
    2011-12-13 01:46 . 2011-12-13 01:46 510232 ----a-w- c:\windows\system32\igfxsrvc.exe
    2011-12-13 01:46 . 2011-12-13 01:46 378368 ----a-w- c:\windows\system32\igfxTMM.dll
    2011-12-13 01:46 . 2011-12-13 01:46 287232 ----a-w- c:\windows\system32\igfxrfra.lrc
    2011-12-13 01:46 . 2011-12-13 01:46 286720 ----a-w- c:\windows\system32\igfxrsky.lrc
    2011-12-13 01:46 . 2011-12-13 01:46 286720 ----a-w- c:\windows\system32\igfxrrus.lrc
    2011-12-13 01:46 . 2011-12-13 01:46 286720 ----a-w- c:\windows\system32\igfxrrom.lrc
    2011-12-13 01:46 . 2011-12-13 01:46 286720 ----a-w- c:\windows\system32\igfxrptg.lrc
    2011-12-13 01:46 . 2011-12-13 01:46 286720 ----a-w- c:\windows\system32\igfxrplk.lrc
    2011-12-13 01:46 . 2011-12-13 01:46 286720 ----a-w- c:\windows\system32\igfxrnld.lrc
    2011-12-13 01:46 . 2011-12-13 01:46 286720 ----a-w- c:\windows\system32\igfxrita.lrc
    2011-12-13 01:46 . 2011-12-13 01:46 286720 ----a-w- c:\windows\system32\igfxrhrv.lrc
    2011-12-13 01:46 . 2011-12-13 01:46 286208 ----a-w- c:\windows\system32\igfxrtrk.lrc
    2011-12-13 01:46 . 2011-12-13 01:46 286208 ----a-w- c:\windows\system32\igfxrsve.lrc
    2011-12-13 01:46 . 2011-12-13 01:46 286208 ----a-w- c:\windows\system32\igfxrslv.lrc
    2011-12-13 01:46 . 2011-12-13 01:46 286208 ----a-w- c:\windows\system32\igfxrptb.lrc
    2011-12-13 01:46 . 2011-12-13 01:46 286208 ----a-w- c:\windows\system32\igfxrnor.lrc
    2011-12-13 01:46 . 2011-12-13 01:46 286208 ----a-w- c:\windows\system32\igfxrhun.lrc
    2011-12-13 01:46 . 2011-12-13 01:46 286208 ----a-w- c:\windows\system32\igfxrfin.lrc
    2011-12-13 01:46 . 2011-12-13 01:46 285696 ----a-w- c:\windows\system32\igfxrtha.lrc
    2011-12-13 01:46 . 2011-12-13 01:46 285184 ----a-w- c:\windows\system32\igfxrheb.lrc
    2011-12-13 01:46 . 2011-12-13 01:46 283648 ----a-w- c:\windows\system32\igfxrjpn.lrc
    2011-12-13 01:46 . 2011-12-13 01:46 283136 ----a-w- c:\windows\system32\igfxrkor.lrc
    2011-12-13 01:46 . 2011-12-13 01:46 167704 ----a-w- c:\windows\system32\igfxtray.exe
    2011-12-13 01:46 . 2011-01-08 01:10 62464 ----a-w- c:\windows\system32\igfxsrvc.dll
    2011-12-13 01:46 . 2011-12-13 01:46 287232 ----a-w- c:\windows\system32\igfxresn.lrc
    2011-12-13 01:46 . 2011-12-13 01:46 287232 ----a-w- c:\windows\system32\igfxrell.lrc
    2011-12-13 01:46 . 2011-12-13 01:46 285696 ----a-w- c:\windows\system32\igfxrenu.lrc
    2011-12-13 01:46 . 2011-12-13 01:46 286720 ----a-w- c:\windows\system32\igfxrdeu.lrc
    2011-12-13 01:46 . 2011-12-13 01:46 285696 ----a-w- c:\windows\system32\igfxrdan.lrc
    2011-12-13 01:46 . 2011-12-13 01:46 286720 ----a-w- c:\windows\system32\igfxrcsy.lrc
    2011-12-13 01:46 . 2011-12-13 01:46 282624 ----a-w- c:\windows\system32\igfxrcht.lrc
    2011-12-13 01:46 . 2011-12-13 01:46 416024 ----a-w- c:\windows\system32\igfxpers.exe
    2011-12-13 01:46 . 2011-12-13 01:46 285184 ----a-w- c:\windows\system32\igfxrara.lrc
    2011-12-13 01:46 . 2011-12-13 01:46 282624 ----a-w- c:\windows\system32\igfxrchs.lrc
    2011-12-13 01:46 . 2011-12-13 01:46 239896 ----a-w- c:\windows\system32\igfxext.exe
    2011-12-13 01:46 . 2011-12-13 01:46 294400 ----a-w- c:\windows\SysWow64\igfxdv32.dll
    2011-12-13 01:46 . 2011-12-13 01:46 28672 ----a-w- c:\windows\system32\igfxexps.dll
    2011-12-13 01:46 . 2011-12-13 01:46 24576 ----a-w- c:\windows\SysWow64\igfxexps32.dll
    2011-12-13 01:46 . 2011-12-13 01:46 142336 ----a-w- c:\windows\system32\igfxdo.dll
    2011-12-13 01:46 . 2011-12-13 01:46 4096 ----a-w- c:\windows\system32\IGFXDEVLib.dll
    2011-12-13 01:46 . 2011-12-13 01:46 390144 ----a-w- c:\windows\system32\igfxdev.dll
    2011-12-13 01:46 . 2011-12-13 01:46 162816 ----a-w- c:\windows\SysWow64\igfxcmrt32.dll
    2011-12-13 01:46 . 2011-12-13 01:46 140288 ----a-w- c:\windows\system32\igfxcmrt64.dll
    2011-12-13 01:46 . 2011-12-13 01:46 126976 ----a-w- c:\windows\system32\igfxcpl.cpl
    2011-12-13 01:46 . 2011-12-13 01:46 12289472 ----a-w- c:\windows\system32\drivers\igdkmd64.sys
    2011-12-13 01:46 . 2011-08-17 16:37 375808 ----a-w- c:\windows\system32\igfxpph.dll
    2011-12-13 01:46 . 2011-01-08 01:42 8311808 ----a-w- c:\windows\system32\igdumd64.dll
    2011-12-13 01:46 . 2011-01-08 01:36 6322688 ----a-w- c:\windows\SysWow64\igdumd32.dll
    2011-12-13 01:46 . 2011-01-08 01:34 581120 ----a-w- c:\windows\SysWow64\igdumdx32.dll
    2011-12-13 01:46 . 2011-01-08 01:32 14598144 ----a-w- c:\windows\system32\igd10umd64.dll
    2011-12-13 01:46 . 2011-01-08 01:29 12339712 ----a-w- c:\windows\SysWow64\igd10umd32.dll
    2011-12-13 01:46 . 2011-12-13 01:46 18640384 ----a-w- c:\windows\system32\ig4icd64.dll
    2011-12-13 01:46 . 2011-12-13 01:46 13903872 ----a-w- c:\windows\SysWow64\ig4icd32.dll
    2011-12-13 01:46 . 2011-12-13 01:46 4378392 ----a-w- c:\windows\system32\GfxUI.exe
    2011-12-13 01:46 . 2011-12-13 01:46 392472 ----a-w- c:\windows\system32\hkcmd.exe
    2011-12-13 01:46 . 2011-12-13 01:46 179992 ----a-w- c:\windows\system32\difx64.exe
    2011-12-13 01:46 . 2011-12-13 01:46 146432 ----a-w- c:\windows\system32\gfxSrvc.dll
    2011-12-13 01:46 . 2011-01-08 01:09 110080 ----a-w- c:\windows\system32\hccutils.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-14 22:58 94208 ----a-w- c:\users\Marc & Elizabeth\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-14 22:58 94208 ----a-w- c:\users\Marc & Elizabeth\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-14 22:58 94208 ----a-w- c:\users\Marc & Elizabeth\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Akamai NetSession Interface"="c:\users\Marc & Elizabeth\AppData\Local\Akamai\netsession_win.exe" [2012-02-02 3329824]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-04-30 284440]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-01-03 35736]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
    "Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2011-03-16 61112]
    "HPConnectionManager"="c:\program files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe" [2011-05-23 103992]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
    "HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-08-19 379960]
    "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
    "AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
    "HTC Sync Loader"="c:\program files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2011-12-20 634880]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-17 421736]
    "HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2012-02-15 577408]
    "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
    .
    c:\users\Marc & Elizabeth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dropbox.lnk - c:\users\Marc & Elizabeth\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-14 24246216]
    OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVH.EXE [2012-1-4 3208032]
    Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2012-1-8 107720]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "EnableShellExecuteHooks"= 1 (0x1)
    .
    [hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-10 86072]
    R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-02 183560]
    R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
    R3 hpCMSrv;HP Connection Manager 4 Service;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-05-23 1098296]
    R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x]
    R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [x]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
    R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [x]
    R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
    R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
    R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
    R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
    S0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\DRIVERS\NBVol.sys [x]
    S0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\DRIVERS\NBVolUp.sys [x]
    S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0601010.008\SYMDS64.SYS [x]
    S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0601010.008\SYMEFA64.SYS [x]
    S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\BASHDefs\20120302.001\BHDrvx64.sys [2012-03-02 1157240]
    S1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\N360x64\0601010.008\ccSetx64.sys [x]
    S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\IPSDefs\20120309.002\IDSvia64.sys [2012-03-07 488568]
    S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0601010.008\Ironx64.SYS [x]
    S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\0601010.008\SYMNETS.SYS [x]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
    S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
    S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
    S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
    S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-09-02 227896]
    S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-02-15 34872]
    S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-04-30 13592]
    S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-03-08 2375168]
    S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
    S2 N360;Norton 360;c:\program files (x86)\Norton 360\Engine\6.1.1.8\ccSvcHst.exe [2012-01-17 138232]
    S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2011-09-15 88576]
    S2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344]
    S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
    S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-09-16 2538520]
    S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]
    S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-02-04 138360]
    S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
    S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
    S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
    S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [x]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
    S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
    S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
    S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
    S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
    S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - WS2IFSL
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    Akamai REG_MULTI_SZ Akamai
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    2011-06-20 23:05 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-03-06 c:\windows\Tasks\HPCeeScheduleForMarc & Elizabeth.job
    - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-14 22:58 97792 ----a-w- c:\users\Marc & Elizabeth\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-14 22:58 97792 ----a-w- c:\users\Marc & Elizabeth\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-14 22:58 97792 ----a-w- c:\users\Marc & Elizabeth\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-14 22:58 97792 ----a-w- c:\users\Marc & Elizabeth\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-12-06 1424896]
    "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-16 499608]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-12-13 167704]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-12-13 392472]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2011-12-13 416024]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;
    IE: {{A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204
    TCP: DhcpNameServer = 192.168.2.1
    FF - ProfilePath - c:\users\Marc & Elizabeth\AppData\Roaming\Mozilla\Firefox\Profiles\zooyqvkn.default\
    FF - prefs.js: browser.startup.homepage - www.yahoo.com
    FF - user.js: network.cookie.cookieBehavior - 0
    FF - user.js: privacy.clearOnShutdown.cookies - false
    FF - user.js: security.warn_viewing_mixed - false
    FF - user.js: security.warn_viewing_mixed.show_once - false
    FF - user.js: security.warn_submit_insecure - false
    FF - user.js: security.warn_submit_insecure.show_once - false
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Wow6432Node-HKCU-Run-AdobeBridge - (no file)
    Wow6432Node-HKCU-Run-RocketDock - c:\program files (x86)\RocketDock\RocketDock.exe
    HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
    AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
    AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe
    AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
    AddRemove-782050793.fuse.fender.com - c:\program files (x86)\Microsoft Silverlight\4.0.60531.0\Silverlight.Configuration.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]
    "ImagePath"="\"c:\program files (x86)\Norton 360\Engine\6.1.1.8\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\6.1.1.8\diMaster.dll\" /prefetch:1"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
    "ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_7de0ed9.dll"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Hewlett-Packard\HP Software Framework\{F7A31DE6-534B-4564-808A-7D170A9F74A1}\DeviceDbcc\?\›,”~êš*]
    @="\\\\?\\????"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\windows\SysWOW64\ezSharedSvcHost.exe
    c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
    c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
    c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe
    c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    .
    **************************************************************************
    .
    Completion time: 2012-03-11 10:44:57 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-03-11 17:44
    .
    Pre-Run: 422,774,910,976 bytes free
    Post-Run: 422,349,012,992 bytes free
    .
    - - End Of File - - 9F890F0BD4F710FAB6E14019DD370EB1
  16. Broni

    Broni Malware Annihilator Posts: 46,447   +252

    1. Please open Notepad (Start>All Programs>Accessories>Notepad).

    2. Now copy/paste the entire content of the codebox below into the Notepad window:

    Code:
    Folder::
    c:\users\Marc & Elizabeth\AppData\Roaming\Ycsuon
    c:\users\Marc & Elizabeth\AppData\Roaming\Caymsao
    
    ClearJavaCache::
    

    3. Save the above as CFScript.txt

    4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

    5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    [​IMG]


    6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
    • Combofix.txt
  17. mwlevey

    mwlevey Newcomer, in training Topic Starter Posts: 19

    ComboFix 12-03-10.02 - Marc & Elizabeth 03/11/2012 11:52:10.5.4 - x64 MINIMAL
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3894.2801 [GMT -7:00]
    Running from: c:\users\Marc & Elizabeth\Desktop\ComboFix.exe
    Command switches used :: c:\users\Marc & Elizabeth\Desktop\CFScript.txt
    AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
    FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
    SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\Marc & Elizabeth\AppData\Roaming\Caymsao
    c:\users\Marc & Elizabeth\AppData\Roaming\Caymsao\uzihaco.yxe
    c:\users\Marc & Elizabeth\AppData\Roaming\Ycsuon
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-02-11 to 2012-03-11 )))))))))))))))))))))))))))))))
    .
    .
    2012-03-11 18:57 . 2012-03-11 18:57 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-03-10 17:49 . 2012-03-10 17:49 -------- d-----w- c:\users\Marc & Elizabeth\AppData\Roaming\Malwarebytes
    2012-03-10 17:49 . 2012-03-10 17:49 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-03-10 17:49 . 2012-03-10 17:49 -------- d-----w- c:\programdata\Malwarebytes
    2012-03-10 17:49 . 2011-12-10 23:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-03-10 16:22 . 2012-03-10 16:43 -------- d-----w- c:\programdata\SecTaskMan
    2012-03-09 20:01 . 2012-03-09 20:01 -------- d-----w- c:\programdata\McAfee
    2012-03-09 18:11 . 2012-03-09 18:16 -------- d-----w- c:\users\Marc & Elizabeth\AppData\Local\NPE
    2012-03-09 04:17 . 2012-03-09 17:01 -------- d-----w- c:\windows\system32\drivers\N360x64\0601010.008
    2012-03-07 17:48 . 2012-03-07 17:48 -------- d-----w- c:\users\Marc & Elizabeth\AppData\Roaming\TaxCut
    2012-03-07 17:45 . 2012-03-07 17:45 -------- d-----w- c:\program files (x86)\HRBlock2011
    2012-03-07 17:45 . 2012-03-07 17:45 -------- d-----w- c:\program files (x86)\PDF995
    2012-03-07 17:43 . 2012-03-07 17:43 -------- d-----w- c:\programdata\TaxCut
    2012-03-04 23:15 . 2012-03-04 23:15 -------- d-----w- c:\users\Marc & Elizabeth\AppData\Roaming\Stata10
    2012-03-04 23:13 . 2012-03-04 23:13 -------- d-----w- c:\program files\stats
    2012-03-02 16:47 . 2012-03-02 16:47 -------- d-----w- c:\users\Marc & Elizabeth\AppData\Roaming\Collaborate
    2012-03-02 16:47 . 2012-03-02 18:00 -------- d-----w- c:\users\Marc & Elizabeth\AppData\Roaming\Blackboard
    2012-02-25 17:56 . 2012-03-11 17:49 -------- d-----r- c:\users\Marc & Elizabeth\Dropbox
    2012-02-25 17:55 . 2012-03-11 17:49 -------- d-----w- c:\users\Marc & Elizabeth\AppData\Roaming\Dropbox
    2012-02-21 22:53 . 2012-02-26 00:23 -------- d-----w- c:\users\Marc & Elizabeth\AppData\Local\CrashDumps
    2012-02-16 04:08 . 2012-01-04 10:44 509952 ----a-w- c:\windows\system32\ntshrui.dll
    2012-02-16 04:08 . 2012-01-04 08:58 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
    2012-02-16 04:08 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl
    2012-02-16 04:08 . 2011-12-30 05:27 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
    2012-02-16 04:08 . 2012-01-14 04:06 3145728 ----a-w- c:\windows\system32\win32k.sys
    2012-02-16 04:08 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys
    2012-02-16 04:08 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll
    2012-02-16 04:08 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-03-09 04:18 . 2011-09-17 15:47 175736 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
    2012-02-22 05:34 . 2011-12-06 18:59 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2011-12-13 01:46 . 2011-12-13 01:46 9014784 ----a-w- c:\windows\system32\igfxress.dll
    2011-12-13 01:46 . 2011-12-13 01:46 90112 ----a-w- c:\windows\system32\igfxCoIn_v2476.dll
    2011-12-13 01:46 . 2011-12-13 01:46 510232 ----a-w- c:\windows\system32\igfxsrvc.exe
    2011-12-13 01:46 . 2011-12-13 01:46 378368 ----a-w- c:\windows\system32\igfxTMM.dll
    2011-12-13 01:46 . 2011-12-13 01:46 287232 ----a-w- c:\windows\system32\igfxrfra.lrc
    2011-12-13 01:46 . 2011-12-13 01:46 286720 ----a-w- c:\windows\system32\igfxrsky.lrc
    2011-12-13 01:46 . 2011-12-13 01:46 286720 ----a-w- c:\windows\system32\igfxrrus.lrc
    2011-12-13 01:46 . 2011-12-13 01:46 286720 ----a-w- c:\windows\system32\igfxrrom.lrc
    2011-12-13 01:46 . 2011-12-13 01:46 286720 ----a-w- c:\windows\system32\igfxrptg.lrc
    2011-12-13 01:46 . 2011-12-13 01:46 286720 ----a-w- c:\windows\system32\igfxrplk.lrc
    2011-12-13 01:46 . 2011-12-13 01:46 286720 ----a-w- c:\windows\system32\igfxrnld.lrc
    2011-12-13 01:46 . 2011-12-13 01:46 286720 ----a-w- c:\windows\system32\igfxrita.lrc
    2011-12-13 01:46 . 2011-12-13 01:46 286720 ----a-w- c:\windows\system32\igfxrhrv.lrc
    2011-12-13 01:46 . 2011-12-13 01:46 286208 ----a-w- c:\windows\system32\igfxrtrk.lrc
    2011-12-13 01:46 . 2011-12-13 01:46 286208 ----a-w- c:\windows\system32\igfxrsve.lrc
    2011-12-13 01:46 . 2011-12-13 01:46 286208 ----a-w- c:\windows\system32\igfxrslv.lrc
    2011-12-13 01:46 . 2011-12-13 01:46 286208 ----a-w- c:\windows\system32\igfxrptb.lrc
    2011-12-13 01:46 . 2011-12-13 01:46 286208 ----a-w- c:\windows\system32\igfxrnor.lrc
    2011-12-13 01:46 . 2011-12-13 01:46 286208 ----a-w- c:\windows\system32\igfxrhun.lrc
    2011-12-13 01:46 . 2011-12-13 01:46 286208 ----a-w- c:\windows\system32\igfxrfin.lrc
    2011-12-13 01:46 . 2011-12-13 01:46 285696 ----a-w- c:\windows\system32\igfxrtha.lrc
    2011-12-13 01:46 . 2011-12-13 01:46 285184 ----a-w- c:\windows\system32\igfxrheb.lrc
    2011-12-13 01:46 . 2011-12-13 01:46 283648 ----a-w- c:\windows\system32\igfxrjpn.lrc
    2011-12-13 01:46 . 2011-12-13 01:46 283136 ----a-w- c:\windows\system32\igfxrkor.lrc
    2011-12-13 01:46 . 2011-12-13 01:46 167704 ----a-w- c:\windows\system32\igfxtray.exe
    2011-12-13 01:46 . 2011-01-08 01:10 62464 ----a-w- c:\windows\system32\igfxsrvc.dll
    2011-12-13 01:46 . 2011-12-13 01:46 287232 ----a-w- c:\windows\system32\igfxresn.lrc
    2011-12-13 01:46 . 2011-12-13 01:46 287232 ----a-w- c:\windows\system32\igfxrell.lrc
    2011-12-13 01:46 . 2011-12-13 01:46 285696 ----a-w- c:\windows\system32\igfxrenu.lrc
    2011-12-13 01:46 . 2011-12-13 01:46 286720 ----a-w- c:\windows\system32\igfxrdeu.lrc
    2011-12-13 01:46 . 2011-12-13 01:46 285696 ----a-w- c:\windows\system32\igfxrdan.lrc
    2011-12-13 01:46 . 2011-12-13 01:46 286720 ----a-w- c:\windows\system32\igfxrcsy.lrc
    2011-12-13 01:46 . 2011-12-13 01:46 282624 ----a-w- c:\windows\system32\igfxrcht.lrc
    2011-12-13 01:46 . 2011-12-13 01:46 416024 ----a-w- c:\windows\system32\igfxpers.exe
    2011-12-13 01:46 . 2011-12-13 01:46 285184 ----a-w- c:\windows\system32\igfxrara.lrc
    2011-12-13 01:46 . 2011-12-13 01:46 282624 ----a-w- c:\windows\system32\igfxrchs.lrc
    2011-12-13 01:46 . 2011-12-13 01:46 239896 ----a-w- c:\windows\system32\igfxext.exe
    2011-12-13 01:46 . 2011-12-13 01:46 294400 ----a-w- c:\windows\SysWow64\igfxdv32.dll
    2011-12-13 01:46 . 2011-12-13 01:46 28672 ----a-w- c:\windows\system32\igfxexps.dll
    2011-12-13 01:46 . 2011-12-13 01:46 24576 ----a-w- c:\windows\SysWow64\igfxexps32.dll
    2011-12-13 01:46 . 2011-12-13 01:46 142336 ----a-w- c:\windows\system32\igfxdo.dll
    2011-12-13 01:46 . 2011-12-13 01:46 4096 ----a-w- c:\windows\system32\IGFXDEVLib.dll
    2011-12-13 01:46 . 2011-12-13 01:46 390144 ----a-w- c:\windows\system32\igfxdev.dll
    2011-12-13 01:46 . 2011-12-13 01:46 162816 ----a-w- c:\windows\SysWow64\igfxcmrt32.dll
    2011-12-13 01:46 . 2011-12-13 01:46 140288 ----a-w- c:\windows\system32\igfxcmrt64.dll
    2011-12-13 01:46 . 2011-12-13 01:46 126976 ----a-w- c:\windows\system32\igfxcpl.cpl
    2011-12-13 01:46 . 2011-12-13 01:46 12289472 ----a-w- c:\windows\system32\drivers\igdkmd64.sys
    2011-12-13 01:46 . 2011-08-17 16:37 375808 ----a-w- c:\windows\system32\igfxpph.dll
    2011-12-13 01:46 . 2011-01-08 01:42 8311808 ----a-w- c:\windows\system32\igdumd64.dll
    2011-12-13 01:46 . 2011-01-08 01:36 6322688 ----a-w- c:\windows\SysWow64\igdumd32.dll
    2011-12-13 01:46 . 2011-01-08 01:34 581120 ----a-w- c:\windows\SysWow64\igdumdx32.dll
    2011-12-13 01:46 . 2011-01-08 01:32 14598144 ----a-w- c:\windows\system32\igd10umd64.dll
    2011-12-13 01:46 . 2011-01-08 01:29 12339712 ----a-w- c:\windows\SysWow64\igd10umd32.dll
    2011-12-13 01:46 . 2011-12-13 01:46 18640384 ----a-w- c:\windows\system32\ig4icd64.dll
    2011-12-13 01:46 . 2011-12-13 01:46 13903872 ----a-w- c:\windows\SysWow64\ig4icd32.dll
    2011-12-13 01:46 . 2011-12-13 01:46 4378392 ----a-w- c:\windows\system32\GfxUI.exe
    2011-12-13 01:46 . 2011-12-13 01:46 392472 ----a-w- c:\windows\system32\hkcmd.exe
    2011-12-13 01:46 . 2011-12-13 01:46 179992 ----a-w- c:\windows\system32\difx64.exe
    2011-12-13 01:46 . 2011-12-13 01:46 146432 ----a-w- c:\windows\system32\gfxSrvc.dll
    2011-12-13 01:46 . 2011-01-08 01:09 110080 ----a-w- c:\windows\system32\hccutils.dll
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2012-03-11_17.41.23 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2010-11-21 03:09 . 2012-03-11 17:50 47092 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2009-07-14 05:10 . 2012-03-11 17:50 42060 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
    + 2011-06-26 21:13 . 2012-03-11 17:50 15774 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1838632947-3332480520-3819470439-1000_UserData.bin
    - 2012-03-11 17:40 . 2012-03-11 17:40 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2012-03-11 18:58 . 2012-03-11 18:58 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    - 2012-03-11 17:40 . 2012-03-11 17:40 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2012-03-11 18:58 . 2012-03-11 18:58 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2009-07-14 02:36 . 2012-03-11 17:53 624864 c:\windows\system32\perfh009.dat
    - 2009-07-14 02:36 . 2012-03-11 16:48 624864 c:\windows\system32\perfh009.dat
    + 2009-07-14 02:36 . 2012-03-11 17:53 106950 c:\windows\system32\perfc009.dat
    - 2009-07-14 02:36 . 2012-03-11 16:48 106950 c:\windows\system32\perfc009.dat
    - 2009-07-14 05:01 . 2012-03-11 17:31 336724 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    + 2009-07-14 05:01 . 2012-03-11 18:46 336724 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    - 2011-06-26 21:11 . 2012-03-11 17:31 38897424 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1838632947-3332480520-3819470439-1000-8192.dat
    + 2011-06-26 21:11 . 2012-03-11 18:46 38897424 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1838632947-3332480520-3819470439-1000-8192.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-14 22:58 94208 ----a-w- c:\users\Marc & Elizabeth\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-14 22:58 94208 ----a-w- c:\users\Marc & Elizabeth\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-14 22:58 94208 ----a-w- c:\users\Marc & Elizabeth\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Akamai NetSession Interface"="c:\users\Marc & Elizabeth\AppData\Local\Akamai\netsession_win.exe" [2012-02-02 3329824]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-04-30 284440]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-01-03 35736]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
    "Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2011-03-16 61112]
    "HPConnectionManager"="c:\program files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe" [2011-05-23 103992]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
    "HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-08-19 379960]
    "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
    "AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
    "HTC Sync Loader"="c:\program files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2011-12-20 634880]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-17 421736]
    "HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2012-02-15 577408]
    "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
    .
    c:\users\Marc & Elizabeth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dropbox.lnk - c:\users\Marc & Elizabeth\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-14 24246216]
    OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVH.EXE [2012-1-4 3208032]
    Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2012-1-8 107720]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "EnableShellExecuteHooks"= 1 (0x1)
    .
    [hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-10 86072]
    R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-02 183560]
    R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
    R3 hpCMSrv;HP Connection Manager 4 Service;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-05-23 1098296]
    R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x]
    R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [x]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
    R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [x]
    R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
    R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
    R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
    R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
    S0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\DRIVERS\NBVol.sys [x]
    S0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\DRIVERS\NBVolUp.sys [x]
    S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0601010.008\SYMDS64.SYS [x]
    S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0601010.008\SYMEFA64.SYS [x]
    S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\BASHDefs\20120302.001\BHDrvx64.sys [2012-03-02 1157240]
    S1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\N360x64\0601010.008\ccSetx64.sys [x]
    S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\IPSDefs\20120309.002\IDSvia64.sys [2012-03-07 488568]
    S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0601010.008\Ironx64.SYS [x]
    S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\0601010.008\SYMNETS.SYS [x]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
    S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
    S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
    S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
    S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-09-02 227896]
    S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-02-15 34872]
    S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-04-30 13592]
    S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-03-08 2375168]
    S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
    S2 N360;Norton 360;c:\program files (x86)\Norton 360\Engine\6.1.1.8\ccSvcHst.exe [2012-01-17 138232]
    S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2011-09-15 88576]
    S2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344]
    S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
    S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-09-16 2538520]
    S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]
    S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-02-04 138360]
    S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
    S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
    S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
    S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [x]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
    S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
    S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
    S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
    S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
    S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
    .
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    Akamai REG_MULTI_SZ Akamai
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    2011-06-20 23:05 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-03-06 c:\windows\Tasks\HPCeeScheduleForMarc & Elizabeth.job
    - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-14 22:58 97792 ----a-w- c:\users\Marc & Elizabeth\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-14 22:58 97792 ----a-w- c:\users\Marc & Elizabeth\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-14 22:58 97792 ----a-w- c:\users\Marc & Elizabeth\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-14 22:58 97792 ----a-w- c:\users\Marc & Elizabeth\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
    "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-12-06 1424896]
    "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-16 499608]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-12-13 167704]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-12-13 392472]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2011-12-13 416024]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;
    IE: {{A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204
    FF - ProfilePath - c:\users\Marc & Elizabeth\AppData\Roaming\Mozilla\Firefox\Profiles\zooyqvkn.default\
    FF - prefs.js: browser.startup.homepage - www.yahoo.com
    FF - user.js: network.cookie.cookieBehavior - 0
    FF - user.js: privacy.clearOnShutdown.cookies - false
    FF - user.js: security.warn_viewing_mixed - false
    FF - user.js: security.warn_viewing_mixed.show_once - false
    FF - user.js: security.warn_submit_insecure - false
    FF - user.js: security.warn_submit_insecure.show_once - false
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]
    "ImagePath"="\"c:\program files (x86)\Norton 360\Engine\6.1.1.8\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\6.1.1.8\diMaster.dll\" /prefetch:1"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
    "ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_7de0ed9.dll"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Hewlett-Packard\HP Software Framework\{F7A31DE6-534B-4564-808A-7D170A9F74A1}\DeviceDbcc\?\›,”~êš*]
    @="\\\\?\\????"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\windows\SysWOW64\ezSharedSvcHost.exe
    c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
    c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
    c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe
    c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    .
    **************************************************************************
    .
    Completion time: 2012-03-11 12:02:02 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-03-11 19:02
    .
    Pre-Run: 422,484,840,448 bytes free
    Post-Run: 422,162,493,440 bytes free
    .
    - - End Of File - - B0FAC62F9F90A89995704376CE84C8D3
  18. Broni

    Broni Malware Annihilator Posts: 46,447   +252

    Looks good.

    How is computer doing?

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\tasks\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
  19. mwlevey

    mwlevey Newcomer, in training Topic Starter Posts: 19

    Computer seems fine. I have no idea what we're doing, I'm just concerned about security of the computer and whether or not any information or passwords were compromised. Your help is greatly appreciated. Text too long for OTL file. Will break into 2 posts.

    OTL logfile created on: 3/11/2012 1:06:37 PM - Run 1
    OTL by OldTimer - Version 3.2.36.3 Folder = C:\Users\Marc & Elizabeth\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.80 Gb Total Physical Memory | 2.26 Gb Available Physical Memory | 59.44% Memory free
    7.60 Gb Paging File | 5.69 Gb Available in Paging File | 74.90% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 451.13 Gb Total Space | 393.26 Gb Free Space | 87.17% Space Free | Partition Type: NTFS
    Drive D: | 14.33 Gb Total Space | 1.60 Gb Free Space | 11.13% Space Free | Partition Type: NTFS
    Drive F: | 99.02 Mb Total Space | 84.89 Mb Free Space | 85.73% Space Free | Partition Type: FAT32

    Computer Name: HP | User Name: Marc & Elizabeth | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - File not found --
    PRC - [2012/03/11 13:03:53 | 000,594,944 | ---- | M] (OldTimer Tools) -- C:\Users\Marc & Elizabeth\Desktop\OTL.exe
    PRC - [2012/02/15 13:58:00 | 000,577,408 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    PRC - [2012/02/15 13:58:00 | 000,034,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
    PRC - [2012/02/14 16:03:14 | 024,246,216 | ---- | M] (Dropbox, Inc.) -- C:\Users\Marc & Elizabeth\AppData\Roaming\Dropbox\bin\Dropbox.exe
    PRC - [2012/02/02 03:44:30 | 003,329,824 | ---- | M] (Akamai Technologies, Inc) -- C:\Users\Marc & Elizabeth\AppData\Local\Akamai\netsession_win.exe
    PRC - [2012/01/16 23:18:36 | 000,138,232 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton 360\Engine\6.1.1.8\ccsvchst.exe
    PRC - [2012/01/13 15:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    PRC - [2012/01/03 06:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2011/12/20 14:32:00 | 000,634,880 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
    PRC - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    PRC - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    PRC - [2011/09/15 13:06:04 | 000,088,576 | ---- | M] () -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
    PRC - [2011/09/01 18:06:50 | 000,227,896 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    PRC - [2011/08/19 15:48:44 | 000,379,960 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
    PRC - [2011/07/06 20:13:48 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
    PRC - [2011/05/23 11:45:58 | 001,098,296 | ---- | M] (Hewlett-Packard Development Company L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
    PRC - [2011/04/30 00:32:54 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    PRC - [2011/04/30 00:32:50 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    PRC - [2011/03/15 18:59:32 | 000,312,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
    PRC - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
    PRC - [2010/11/26 07:09:12 | 000,399,344 | ---- | M] (Roxio) -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
    PRC - [2010/09/16 11:13:14 | 002,538,520 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    PRC - [2010/09/16 11:13:06 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    PRC - [2010/04/23 12:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe
    PRC - [2010/04/23 12:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe
    PRC - [2010/02/28 02:33:14 | 000,077,664 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE


    ========== Modules (No Company Name) ==========

    MOD - [2012/02/16 09:09:45 | 000,492,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\052deceb97582fe7bd7eefd13e0c590c\IAStorUtil.ni.dll
    MOD - [2012/02/16 08:32:39 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\42ae8760f0a74ab774e82a64368aa1f6\System.Web.ni.dll
    MOD - [2012/02/16 08:32:32 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a1c4a635721f85bef0ea4194b888b871\System.Runtime.Remoting.ni.dll
    MOD - [2012/02/16 08:32:30 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\eedf95f16a7e81ca43dd8accf11498a3\System.Data.ni.dll
    MOD - [2012/02/16 08:32:07 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6c51e152e7404188914c9fa4d8503ff9\System.Windows.Forms.ni.dll
    MOD - [2012/02/16 08:32:01 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ab87129c2b603f218e4aa5300c9b1bdd\System.Drawing.ni.dll
    MOD - [2012/02/16 08:31:49 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\47b9e7f070271ff50f988f75ea68fa3e\WindowsBase.ni.dll
    MOD - [2012/02/16 08:31:44 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll
    MOD - [2012/02/16 08:31:38 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll
    MOD - [2012/02/16 08:31:38 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll
    MOD - [2011/12/20 14:32:00 | 001,515,520 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\Maps\R66Api.dll
    MOD - [2011/12/20 14:32:00 | 000,634,880 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
    MOD - [2011/12/20 14:32:00 | 000,559,244 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\sqlite3.7.dll
    MOD - [2011/12/20 14:32:00 | 000,516,599 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\sqlite3.dll
    MOD - [2011/12/20 14:32:00 | 000,389,120 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDetect.dll
    MOD - [2011/12/20 14:32:00 | 000,172,032 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDetectLegend.dll
    MOD - [2011/12/20 14:32:00 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDisk.dll
    MOD - [2011/12/20 14:32:00 | 000,103,936 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\OutputLog.dll
    MOD - [2011/12/20 14:32:00 | 000,094,208 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\fdHttpd.dll
    MOD - [2011/10/14 08:01:28 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\33cecc66284ef59208b639ec72b0f565\IAStorCommon.ni.dll
    MOD - [2011/10/14 07:55:56 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
    MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2010/11/20 20:24:08 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
    MOD - [2010/02/28 02:33:14 | 000,077,664 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - [2011/12/06 08:59:21 | 000,305,152 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
    SRV:64bit: - [2010/10/11 02:48:14 | 000,346,168 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
    SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
    SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2012/02/15 13:58:00 | 000,034,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
    SRV - [2012/02/10 13:00:09 | 003,340,064 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_7de0ed9.dll -- (Akamai)
    SRV - [2012/01/16 23:18:36 | 000,138,232 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton 360\Engine\6.1.1.8\ccSvcHst.exe -- (N360)
    SRV - [2012/01/13 15:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2012/01/03 06:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
    SRV - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
    SRV - [2011/09/15 13:06:04 | 000,088,576 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
    SRV - [2011/09/09 18:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe -- (HP Support Assistant Service)
    SRV - [2011/09/01 18:06:50 | 000,227,896 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
    SRV - [2011/05/23 11:45:58 | 001,098,296 | ---- | M] (Hewlett-Packard Development Company L.P.) [On_Demand | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe -- (hpCMSrv)
    SRV - [2011/04/30 00:32:54 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
    SRV - [2011/03/07 17:43:30 | 002,375,168 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
    SRV - [2011/03/01 21:23:36 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
    SRV - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
    SRV - [2010/11/26 07:09:12 | 000,399,344 | ---- | M] (Roxio) [Auto | Running] -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe -- (RoxioNow Service)
    SRV - [2010/10/12 10:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
    SRV - [2010/09/16 11:13:14 | 002,538,520 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
    SRV - [2010/09/16 11:13:06 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
    SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2010/02/19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
    SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2012/03/08 21:18:03 | 000,175,736 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
    DRV:64bit: - [2011/12/12 18:46:13 | 012,289,472 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
    DRV:64bit: - [2011/12/10 16:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
    DRV:64bit: - [2011/12/06 08:59:21 | 000,535,040 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
    DRV:64bit: - [2011/11/29 10:23:31 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
    DRV:64bit: - [2011/11/23 19:23:47 | 001,092,728 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0601010.008\symefa64.sys -- (SymEFA)
    DRV:64bit: - [2011/11/23 18:50:27 | 000,738,936 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\N360x64\0601010.008\srtsp64.sys -- (SRTSP)
    DRV:64bit: - [2011/11/23 18:50:27 | 000,037,496 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0601010.008\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
    DRV:64bit: - [2011/11/16 20:37:59 | 000,405,624 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0601010.008\symnets.sys -- (SymNetS)
    DRV:64bit: - [2011/11/16 20:17:49 | 000,190,072 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0601010.008\ironx64.sys -- (SymIRON)
    DRV:64bit: - [2011/11/04 16:59:30 | 000,167,048 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0601010.008\ccsetx64.sys -- (ccSet_N360)
    DRV:64bit: - [2011/10/01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
    DRV:64bit: - [2011/10/01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
    DRV:64bit: - [2011/10/01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
    DRV:64bit: - [2011/10/01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
    DRV:64bit: - [2011/08/23 13:49:14 | 001,451,056 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
    DRV:64bit: - [2011/08/15 23:51:40 | 000,451,192 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0601010.008\symds64.sys -- (SymDS)
    DRV:64bit: - [2011/07/13 14:59:54 | 000,072,240 | ---- | M] (Nero AG) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NBVol.sys -- (NBVol)
    DRV:64bit: - [2011/07/13 14:59:54 | 000,015,920 | ---- | M] (Nero AG) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NBVolUp.sys -- (NBVolUp)
    DRV:64bit: - [2011/07/06 12:44:00 | 000,034,288 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2011/04/26 11:07:36 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
    DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2011/02/15 12:37:10 | 000,335,464 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
    DRV:64bit: - [2010/11/20 20:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010/11/20 20:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
    DRV:64bit: - [2010/11/20 20:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/20 20:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
    DRV:64bit: - [2010/11/04 20:57:54 | 001,041,760 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
    DRV:64bit: - [2010/10/15 01:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
    DRV:64bit: - [2010/07/28 09:13:50 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
    DRV:64bit: - [2010/06/25 16:08:10 | 000,036,928 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\htcnprot.sys -- (htcnprot)
    DRV:64bit: - [2010/02/26 16:32:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
    DRV:64bit: - [2009/11/01 19:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64)
    DRV:64bit: - [2009/09/17 13:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)
    DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 18:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/06/10 14:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
    DRV:64bit: - [2009/06/10 14:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
    DRV:64bit: - [2009/06/10 14:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
    DRV:64bit: - [2009/06/10 13:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
    DRV:64bit: - [2009/06/10 13:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
    DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV - [2012/03/10 08:53:43 | 002,048,632 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\VirusDefs\20120309.034\ex64.sys -- (NAVEX15)
    DRV - [2012/03/10 08:53:43 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\VirusDefs\20120309.034\eng64.sys -- (NAVENG)
    DRV - [2012/03/06 17:04:10 | 000,488,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\IPSDefs\20120309.002\IDSviA64.sys -- (IDSVia64)
    DRV - [2012/03/02 11:58:01 | 001,157,240 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\BASHDefs\20120302.001\BHDrvx64.sys -- (BHDrvx64)
    DRV - [2012/02/04 09:04:05 | 000,482,936 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
    DRV - [2012/02/04 09:04:05 | 000,138,360 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
    DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
    IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
    IE:64bit: - HKLM\..\SearchScopes\{90195ABB-0262-4D99-AA65-181863185B97}: "URL" = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
    IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
    IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
    IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
    IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
    IE - HKLM\..\SearchScopes\{90195ABB-0262-4D99-AA65-181863185B97}: "URL" = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
    IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
    IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
    IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-1838632947-3332480520-3819470439-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
    IE - HKU\S-1-5-21-1838632947-3332480520-3819470439-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKU\S-1-5-21-1838632947-3332480520-3819470439-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
    IE - HKU\S-1-5-21-1838632947-3332480520-3819470439-1000\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
    IE - HKU\S-1-5-21-1838632947-3332480520-3819470439-1000\..\SearchScopes\{90195ABB-0262-4D99-AA65-181863185B97}: "URL" = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
    IE - HKU\S-1-5-21-1838632947-3332480520-3819470439-1000\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
    IE - HKU\S-1-5-21-1838632947-3332480520-3819470439-1000\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
    IE - HKU\S-1-5-21-1838632947-3332480520-3819470439-1000\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
    IE - HKU\S-1-5-21-1838632947-3332480520-3819470439-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-1838632947-3332480520-3819470439-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "www.yahoo.com"
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
    FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:3.0
    FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:5.6


    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\IPSFFPlgn\ [2012/02/15 09:44:00 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\coFFPlgn\ [2012/03/11 12:04:32 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/02/17 09:30:05 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/01/12 15:22:10 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011/11/08 08:49:17 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins

    [2011/09/15 07:38:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marc & Elizabeth\AppData\Roaming\Mozilla\Extensions
    [2011/06/26 14:18:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marc & Elizabeth\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
    [2012/01/05 10:31:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marc & Elizabeth\AppData\Roaming\Mozilla\Firefox\Profiles\zooyqvkn.default\extensions
    [2011/12/07 17:45:42 | 000,000,000 | ---D | M] (ColorZilla) -- C:\Users\Marc & Elizabeth\AppData\Roaming\Mozilla\Firefox\Profiles\zooyqvkn.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
    [2011/09/17 09:08:29 | 000,002,469 | ---- | M] () -- C:\Users\Marc & Elizabeth\AppData\Roaming\Mozilla\Firefox\Profiles\zooyqvkn.default\searchplugins\safesearch.xml
    [2012/01/03 16:04:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2012/03/11 12:04:32 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\COFFPLGN
    [2012/02/15 09:44:00 | 000,000,000 | ---D | M] (Norton Vulnerability Protection) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\IPSFFPLGN
    () (No name found) -- C:\USERS\MARC & ELIZABETH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZOOYQVKN.DEFAULT\EXTENSIONS\{C0C9A2C7-2E5C-4447-BC53-97718BC91E1B}.XPI
    () (No name found) -- C:\USERS\MARC & ELIZABETH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZOOYQVKN.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
    () (No name found) -- C:\USERS\MARC & ELIZABETH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZOOYQVKN.DEFAULT\EXTENSIONS\ADBLOCKPOPUPS@JESSEHAKANEN.NET.XPI
    [2012/02/17 09:30:05 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2011/10/03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
    [2012/02/13 08:02:19 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
    [2012/02/13 08:02:19 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

    ========== Chrome ==========


    O1 HOSTS File: ([2012/03/11 11:58:34 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\6.1.1.8\coieplg.dll (Symantec Corporation)
    O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\6.1.1.8\ips\ipsbho.dll (Symantec Corporation)
    O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
    O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\6.1.1.8\coieplg.dll (Symantec Corporation)
    O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
    O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
    O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
    O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe (EasyBits Software AS)
    O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
    O4 - HKLM..\Run: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe (Hewlett-Packard Development Company L.P.)
    O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)
    O4 - HKLM..\Run: [HTC Sync Loader] C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()
    O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
    O4 - HKU\S-1-5-21-1838632947-3332480520-3819470439-1000..\Run: [Akamai NetSession Interface] C:\Users\Marc & Elizabeth\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
    O4 - Startup: C:\Users\Marc & Elizabeth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Marc & Elizabeth\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    O4 - Startup: C:\Users\Marc & Elizabeth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe ()
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1838632947-3332480520-3819470439-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1838632947-3332480520-3819470439-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
    O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
    O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5D8DC498-19A7-4D4E-8E4F-28DD61A56B22}: DhcpNameServer = 192.168.2.1
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
    O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.)
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*


    Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
  20. mwlevey

    mwlevey Newcomer, in training Topic Starter Posts: 19

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/03/11 13:03:52 | 000,594,944 | ---- | C] (OldTimer Tools) -- C:\Users\Marc & Elizabeth\Desktop\OTL.exe
    [2012/03/11 12:04:14 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2012/03/11 12:02:04 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2012/03/11 09:53:02 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/03/11 09:53:02 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/03/11 09:53:02 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/03/11 09:52:57 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2012/03/11 09:51:07 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/03/11 09:44:11 | 004,432,490 | R--- | C] (Swearware) -- C:\Users\Marc & Elizabeth\Desktop\ComboFix.exe
    [2012/03/10 22:47:23 | 001,932,256 | ---- | C] (Symantec Corporation) -- C:\Users\Marc & Elizabeth\Desktop\FixTDSS.exe
    [2012/03/10 18:44:15 | 000,000,000 | ---D | C] -- C:\Users\Marc & Elizabeth\Desktop\tdsskiller
    [2012/03/10 17:34:46 | 000,000,000 | ---D | C] -- C:\Users\Marc & Elizabeth\Desktop\bootkit_remover
    [2012/03/10 17:29:20 | 004,730,880 | ---- | C] (AVAST Software) -- C:\Users\Marc & Elizabeth\Desktop\aswMBR.exe
    [2012/03/10 10:49:11 | 000,000,000 | ---D | C] -- C:\Users\Marc & Elizabeth\AppData\Roaming\Malwarebytes
    [2012/03/10 10:49:03 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2012/03/10 10:49:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/03/10 10:49:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2012/03/10 10:49:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2012/03/10 09:22:48 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan
    [2012/03/09 13:01:53 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
    [2012/03/09 11:11:10 | 000,000,000 | ---D | C] -- C:\Users\Marc & Elizabeth\AppData\Local\NPE
    [2012/03/07 10:48:02 | 000,000,000 | ---D | C] -- C:\Users\Marc & Elizabeth\AppData\Roaming\TaxCut
    [2012/03/07 10:45:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\H&R Block 2011
    [2012/03/07 10:45:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDF995
    [2012/03/07 10:45:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HRBlock2011
    [2012/03/07 10:43:51 | 000,000,000 | ---D | C] -- C:\ProgramData\TaxCut
    [2012/03/04 16:15:29 | 000,000,000 | ---D | C] -- C:\Users\Marc & Elizabeth\AppData\Roaming\Stata10
    [2012/03/04 16:13:49 | 000,000,000 | ---D | C] -- C:\Program Files\stats
    [2012/03/02 09:47:22 | 000,000,000 | ---D | C] -- C:\Users\Marc & Elizabeth\AppData\Roaming\Collaborate
    [2012/03/02 09:47:08 | 000,000,000 | ---D | C] -- C:\Users\Marc & Elizabeth\AppData\Roaming\Blackboard
    [2012/02/25 10:56:59 | 000,000,000 | R--D | C] -- C:\Users\Marc & Elizabeth\Dropbox
    [2012/02/25 10:55:39 | 000,000,000 | ---D | C] -- C:\Users\Marc & Elizabeth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
    [2012/02/25 10:55:09 | 000,000,000 | ---D | C] -- C:\Users\Marc & Elizabeth\AppData\Roaming\Dropbox
    [2012/02/21 15:53:03 | 000,000,000 | ---D | C] -- C:\Users\Marc & Elizabeth\AppData\Local\CrashDumps

    ========== Files - Modified Within 30 Days ==========

    [2012/03/11 13:03:53 | 000,594,944 | ---- | M] (OldTimer Tools) -- C:\Users\Marc & Elizabeth\Desktop\OTL.exe
    [2012/03/11 12:11:53 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/03/11 12:11:53 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/03/11 12:10:08 | 000,727,334 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2012/03/11 12:10:08 | 000,624,864 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2012/03/11 12:10:08 | 000,106,950 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2012/03/11 12:03:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/03/11 12:03:53 | 3062,255,616 | -HS- | M] () -- C:\hiberfil.sys
    [2012/03/11 11:58:34 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2012/03/11 09:44:20 | 004,432,490 | R--- | M] (Swearware) -- C:\Users\Marc & Elizabeth\Desktop\ComboFix.exe
    [2012/03/10 22:47:26 | 001,932,256 | ---- | M] (Symantec Corporation) -- C:\Users\Marc & Elizabeth\Desktop\FixTDSS.exe
    [2012/03/10 19:01:47 | 000,000,758 | ---- | M] () -- C:\Users\Marc & Elizabeth\.recently-used.xbel
    [2012/03/10 18:43:49 | 002,044,980 | ---- | M] () -- C:\Users\Marc & Elizabeth\Desktop\tdsskiller.zip
    [2012/03/10 17:53:11 | 000,000,512 | ---- | M] () -- C:\Users\Marc & Elizabeth\Desktop\MBR.dat
    [2012/03/10 17:52:53 | 000,000,512 | ---- | M] () -- C:\Users\Marc & Elizabeth\Documents\MBR.dat
    [2012/03/10 17:29:28 | 004,730,880 | ---- | M] (AVAST Software) -- C:\Users\Marc & Elizabeth\Desktop\aswMBR.exe
    [2012/03/10 10:49:04 | 000,001,137 | ---- | M] () -- C:\Users\Marc & Elizabeth\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
    [2012/03/09 12:12:47 | 000,059,755 | ---- | M] () -- C:\Users\Marc & Elizabeth\Documents\Contreras Trust.xhb~
    [2012/03/09 12:12:47 | 000,059,755 | ---- | M] () -- C:\Users\Marc & Elizabeth\Documents\Contreras Trust.xhb
    [2012/03/09 10:01:30 | 001,571,222 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\0601010.008\Cat.DB
    [2012/03/09 10:01:18 | 000,004,782 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\0601010.008\VT20111023.022
    [2012/03/08 21:18:03 | 000,175,736 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
    [2012/03/08 21:18:03 | 000,007,488 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
    [2012/03/08 21:18:03 | 000,000,854 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
    [2012/03/08 07:33:56 | 004,855,624 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2012/03/06 16:47:24 | 000,317,050 | ---- | M] () -- C:\Users\Marc & Elizabeth\Documents\owgr09f2012.pdf
    [2012/03/06 08:07:13 | 000,000,376 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForMarc & Elizabeth.job
    [2012/02/25 10:55:45 | 000,000,992 | ---- | M] () -- C:\Users\Marc & Elizabeth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
    [2012/02/24 23:27:11 | 000,000,172 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\0601010.008\isolate.ini
    [2012/02/21 15:25:11 | 000,167,814 | ---- | M] () -- C:\Users\Marc & Elizabeth\Documents\Sarah.xps
    [2012/02/20 16:50:15 | 000,009,629 | ---- | M] () -- C:\Users\Marc & Elizabeth\Documents\Black Keys Brothers.std
    [2012/02/20 14:45:42 | 000,724,964 | ---- | M] () -- C:\Users\Marc & Elizabeth\Documents\flat stanley.gif
    [2012/02/20 14:45:42 | 000,000,132 | ---- | M] () -- C:\Users\Marc & Elizabeth\AppData\Roaming\Adobe GIF Format CS5 Prefs
    [2012/02/20 14:42:36 | 005,591,876 | ---- | M] () -- C:\Users\Marc & Elizabeth\Documents\flat stanley.bmp
    [2012/02/20 14:42:36 | 000,000,132 | ---- | M] () -- C:\Users\Marc & Elizabeth\AppData\Roaming\Adobe BMP Format CS5 Prefs
    [2012/02/20 14:36:15 | 002,697,724 | ---- | M] () -- C:\Users\Marc & Elizabeth\Documents\IMG_1968.JPG
    [2012/02/20 10:52:02 | 000,179,509 | ---- | M] () -- C:\Users\Marc & Elizabeth\Documents\food bank form.xps
    [2012/02/16 08:23:57 | 000,744,030 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2012/02/13 08:02:24 | 000,002,048 | ---- | M] () -- C:\Users\Marc & Elizabeth\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk

    ========== Files Created - No Company Name ==========

    [2012/03/11 09:53:02 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/03/11 09:53:02 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/03/11 09:53:02 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/03/11 09:53:02 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/03/11 09:53:02 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/03/10 19:01:47 | 000,000,758 | ---- | C] () -- C:\Users\Marc & Elizabeth\.recently-used.xbel
    [2012/03/10 18:43:47 | 002,044,980 | ---- | C] () -- C:\Users\Marc & Elizabeth\Desktop\tdsskiller.zip
    [2012/03/10 17:53:11 | 000,000,512 | ---- | C] () -- C:\Users\Marc & Elizabeth\Desktop\MBR.dat
    [2012/03/10 17:52:53 | 000,000,512 | ---- | C] () -- C:\Users\Marc & Elizabeth\Documents\MBR.dat
    [2012/03/10 10:49:04 | 000,001,137 | ---- | C] () -- C:\Users\Marc & Elizabeth\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
    [2012/03/06 16:47:24 | 000,317,050 | ---- | C] () -- C:\Users\Marc & Elizabeth\Documents\owgr09f2012.pdf
    [2012/02/25 17:32:18 | 002,697,724 | ---- | C] () -- C:\Users\Marc & Elizabeth\Documents\IMG_1968.JPG
    [2012/02/25 10:55:45 | 000,000,992 | ---- | C] () -- C:\Users\Marc & Elizabeth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
    [2012/02/21 15:25:09 | 000,167,814 | ---- | C] () -- C:\Users\Marc & Elizabeth\Documents\Sarah.xps
    [2012/02/20 16:09:25 | 000,009,629 | ---- | C] () -- C:\Users\Marc & Elizabeth\Documents\Black Keys Brothers.std
    [2012/02/20 14:45:42 | 000,000,132 | ---- | C] () -- C:\Users\Marc & Elizabeth\AppData\Roaming\Adobe GIF Format CS5 Prefs
    [2012/02/20 14:45:30 | 000,724,964 | ---- | C] () -- C:\Users\Marc & Elizabeth\Documents\flat stanley.gif
    [2012/02/20 14:42:26 | 005,591,876 | ---- | C] () -- C:\Users\Marc & Elizabeth\Documents\flat stanley.bmp
    [2012/02/20 10:52:01 | 000,179,509 | ---- | C] () -- C:\Users\Marc & Elizabeth\Documents\food bank form.xps
    [2012/01/21 15:59:49 | 000,000,132 | ---- | C] () -- C:\Users\Marc & Elizabeth\AppData\Roaming\Adobe BMP Format CS5 Prefs
    [2012/01/19 19:47:48 | 000,000,132 | ---- | C] () -- C:\Users\Marc & Elizabeth\AppData\Roaming\Adobe PNG Format CS5 Prefs
    [2011/12/12 18:46:22 | 013,903,872 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
    [2011/08/23 13:49:24 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
    [2011/08/17 09:37:32 | 000,867,020 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
    [2011/08/17 09:37:32 | 000,105,608 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
    [2011/06/26 18:31:31 | 000,744,030 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2011/06/08 18:05:35 | 000,014,051 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat
    [2011/06/08 18:01:33 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
    [2011/04/18 12:45:38 | 000,000,068 | ---- | C] () -- C:\Windows\SysWow64\ezdigsgn.dat
    [2011/03/03 21:04:58 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL
    [2011/01/07 18:40:40 | 000,128,204 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin

    ========== LOP Check ==========

    [2011/06/26 19:49:29 | 000,000,000 | ---D | M] -- C:\Users\Marc & Elizabeth\AppData\Roaming\Amazon
    [2011/06/27 07:24:41 | 000,000,000 | ---D | M] -- C:\Users\Marc & Elizabeth\AppData\Roaming\avidemux
    [2012/03/02 11:00:59 | 000,000,000 | ---D | M] -- C:\Users\Marc & Elizabeth\AppData\Roaming\Blackboard
    [2011/06/26 21:15:08 | 000,000,000 | ---D | M] -- C:\Users\Marc & Elizabeth\AppData\Roaming\Blio
    [2012/03/02 09:47:22 | 000,000,000 | ---D | M] -- C:\Users\Marc & Elizabeth\AppData\Roaming\Collaborate
    [2011/12/12 08:43:17 | 000,000,000 | ---D | M] -- C:\Users\Marc & Elizabeth\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
    [2012/03/11 12:07:07 | 000,000,000 | ---D | M] -- C:\Users\Marc & Elizabeth\AppData\Roaming\Dropbox
    [2011/06/29 13:10:41 | 000,000,000 | ---D | M] -- C:\Users\Marc & Elizabeth\AppData\Roaming\Fender
    [2012/01/29 12:36:48 | 000,000,000 | ---D | M] -- C:\Users\Marc & Elizabeth\AppData\Roaming\gtk-2.0
    [2012/03/10 19:01:47 | 000,000,000 | ---D | M] -- C:\Users\Marc & Elizabeth\AppData\Roaming\homebank
    [2012/01/21 16:22:08 | 000,000,000 | ---D | M] -- C:\Users\Marc & Elizabeth\AppData\Roaming\HTC
    [2011/06/27 10:24:38 | 000,000,000 | ---D | M] -- C:\Users\Marc & Elizabeth\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
    [2012/01/19 19:08:32 | 000,000,000 | ---D | M] -- C:\Users\Marc & Elizabeth\AppData\Roaming\Philipp Winterberg
    [2012/01/19 22:57:13 | 000,000,000 | ---D | M] -- C:\Users\Marc & Elizabeth\AppData\Roaming\Rainmeter
    [2012/03/11 11:46:45 | 000,000,000 | ---D | M] -- C:\Users\Marc & Elizabeth\AppData\Roaming\SoftGrid Client
    [2011/12/15 15:35:17 | 000,000,000 | ---D | M] -- C:\Users\Marc & Elizabeth\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
    [2012/03/04 16:15:29 | 000,000,000 | ---D | M] -- C:\Users\Marc & Elizabeth\AppData\Roaming\Stata10
    [2011/06/26 13:53:18 | 000,000,000 | ---D | M] -- C:\Users\Marc & Elizabeth\AppData\Roaming\Synaptics
    [2011/07/12 19:46:10 | 000,000,000 | ---D | M] -- C:\Users\Marc & Elizabeth\AppData\Roaming\SystemRequirementsLab
    [2012/03/07 10:48:02 | 000,000,000 | ---D | M] -- C:\Users\Marc & Elizabeth\AppData\Roaming\TaxCut
    [2011/06/26 14:18:56 | 000,000,000 | ---D | M] -- C:\Users\Marc & Elizabeth\AppData\Roaming\Thunderbird
    [2011/07/12 09:55:17 | 000,000,000 | ---D | M] -- C:\Users\Marc & Elizabeth\AppData\Roaming\Tific
    [2011/06/26 18:32:28 | 000,000,000 | ---D | M] -- C:\Users\Marc & Elizabeth\AppData\Roaming\TP
    [2012/03/09 11:12:25 | 000,032,590 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < * >
    [2010/11/20 20:23:51 | 000,383,786 | RHS- | M] () -- \bootmgr
    [2012/03/11 12:02:02 | 000,026,123 | ---- | M] () -- \ComboFix.txt
    [2012/03/11 12:03:53 | 3062,255,616 | -HS- | M] () -- \hiberfil.sys
    [2006/12/01 23:37:14 | 000,904,704 | ---- | M] () -- \msdia80.dll
    [2012/03/11 12:03:56 | 4083,007,488 | -HS- | M] () -- \pagefile.sys
    [2011/07/27 11:05:13 | 000,002,848 | ---- | M] () -- \{44A8EB3D-6B7D-437C-8257-C45B89576057}

    < %SYSTEMDRIVE%\*.* >
    [2010/11/20 20:23:51 | 000,383,786 | RHS- | M] () -- C:\bootmgr
    [2012/03/11 12:02:02 | 000,026,123 | ---- | M] () -- C:\ComboFix.txt
    [2012/03/11 12:03:53 | 3062,255,616 | -HS- | M] () -- C:\hiberfil.sys
    [2006/12/01 23:37:14 | 000,904,704 | ---- | M] (Microsoft Corporation) -- C:\msdia80.dll
    [2012/03/11 12:03:56 | 4083,007,488 | -HS- | M] () -- C:\pagefile.sys
    [2011/07/27 11:05:13 | 000,002,848 | ---- | M] () -- C:\{44A8EB3D-6B7D-437C-8257-C45B89576057}

    < %systemroot%\Fonts\*.com >
    [2009/07/13 22:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2009/07/13 22:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2009/07/13 22:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2009/07/13 22:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2009/06/10 13:49:50 | 000,000,065 | -H-- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >
    [2011/05/13 15:42:24 | 000,302,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2009/07/13 21:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2011/06/26 13:57:59 | 000,000,221 | -HS- | M] () -- C:\Users\Marc & Elizabeth\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >
    [2012/03/10 17:29:28 | 004,730,880 | ---- | M] (AVAST Software) -- C:\Users\Marc & Elizabeth\Desktop\aswMBR.exe
    [2012/03/11 09:44:20 | 004,432,490 | R--- | M] (Swearware) -- C:\Users\Marc & Elizabeth\Desktop\ComboFix.exe
    [2012/03/10 22:47:26 | 001,932,256 | ---- | M] (Symantec Corporation) -- C:\Users\Marc & Elizabeth\Desktop\FixTDSS.exe
    [2012/03/11 13:03:53 | 000,594,944 | ---- | M] (OldTimer Tools) -- C:\Users\Marc & Elizabeth\Desktop\OTL.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\tasks\*.* >
    [2012/03/06 08:07:13 | 000,000,376 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForMarc & Elizabeth.job
    [2012/03/11 12:04:02 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
    [2012/03/09 11:12:25 | 000,032,590 | ---- | M] () -- C:\Windows\tasks\SCHEDLGU.TXT

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >
    [2009/06/10 14:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\ADDINS\FXSEXT.ecf

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2012/02/16 08:32:43 | 000,000,402 | -HS- | M] () -- C:\Users\Marc & Elizabeth\Favorites\desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >


    < * >
    [2010/11/20 20:23:51 | 000,383,786 | RHS- | M] () -- \bootmgr
    [2012/03/11 12:02:02 | 000,026,123 | ---- | M] () -- \ComboFix.txt
    [2012/03/11 12:03:53 | 3062,255,616 | -HS- | M] () -- \hiberfil.sys
    [2006/12/01 23:37:14 | 000,904,704 | ---- | M] () -- \msdia80.dll
    [2012/03/11 12:03:56 | 4083,007,488 | -HS- | M] () -- \pagefile.sys
    [2011/07/27 11:05:13 | 000,002,848 | ---- | M] () -- \{44A8EB3D-6B7D-437C-8257-C45B89576057}

    < End of report >
  21. mwlevey

    mwlevey Newcomer, in training Topic Starter Posts: 19

    OTL Extras logfile created on: 3/11/2012 1:06:37 PM - Run 1
    OTL by OldTimer - Version 3.2.36.3 Folder = C:\Users\Marc & Elizabeth\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.80 Gb Total Physical Memory | 2.26 Gb Available Physical Memory | 59.44% Memory free
    7.60 Gb Paging File | 5.69 Gb Available in Paging File | 74.90% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 451.13 Gb Total Space | 393.26 Gb Free Space | 87.17% Space Free | Partition Type: NTFS
    Drive D: | 14.33 Gb Total Space | 1.60 Gb Free Space | 11.13% Space Free | Partition Type: NTFS
    Drive F: | 99.02 Mb Total Space | 84.89 Mb Free Space | 85.73% Space Free | Partition Type: FAT32

    Computer Name: HP | User Name: Marc & Elizabeth | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

    [HKEY_USERS\S-1-5-21-1838632947-3332480520-3819470439-1000\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
    "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
    "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
    "{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
    "{26A24AE4-039D-4CA4-87B4-2F86416024FF}" = Java(TM) 6 Update 24 (64-bit)
    "{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services
    "{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
    "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    "{5E11C972-1E76-45FE-8F92-14E0D1140B1B}" = iTunes
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
    "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
    "{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
    "{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
    "{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
    "{90BF0360-A1DB-4599-A643-95AB90A52C1E}" = Microsoft_VC90_MFCLOC_x86_x64
    "{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
    "{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
    "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
    "{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
    "{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
    "{D600D357-5CB9-4DE9-8FD4-14E208BD1970}" = Nero Backup Drivers
    "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
    "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
    "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "SynTPDeinstKey" = Synaptics TouchPad Driver

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{00A42832-B21A-4296-B5F4-D296D0BC4A3E}" = HP Quick Launch
    "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
    "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
    "{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
    "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{0EDEB615-1A60-425E-8306-0E10519C7B55}" = RoxioNow Player
    "{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
    "{10894714-E82E-4371-9CF7-F58E352C76EA}" = H&R Block California 2011
    "{120262A6-7A4B-4889-AE85-F5E5688D3683}" = HP MovieStore
    "{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
    "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
    "{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}" = Bing Bar
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{210A03F5-B2ED-4947-B27E-516F50CBB292}" = HP Setup
    "{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 29
    "{28FE073B-1230-4BF6-830C-7434FD0C0069}" = HP Software Framework
    "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
    "{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
    "{2FA75B40-17C9-4D22-88CA-80A5D52FAB13}" = LightScribe System Software
    "{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
    "{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
    "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
    "{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7
    "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
    "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
    "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
    "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
    "{6C453C9C-38AE-494D-BF89-7AA0DE87F3E5}" = HP Documentation
    "{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
    "{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.2.0
    "{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}" = HP Support Assistant
    "{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App (HP Games)
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{770D94F9-211A-4BC7-9921-FC946ABD82C8}_is1" = HomeBank 4.4
    "{7A3FFA58-876F-489C-B6CF-0503916224DF}" = HTC Sync
    "{7A6B4340-7090-418F-8976-EE9650B35550}" = HP Connection Manager
    "{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
    "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}" = Ralink RT5390 802.11b/g/n WiFi Adapter
    "{9008D736-35CA-40DB-A2BE-5F32D954E5AA}" = HP MovieStore
    "{90140011-0061-0409-0000-0000000FF1CE}" = Microsoft Office Home and Student 2010 - English
    "{9158FF30-78D7-40EF-B83E-451AC5334640}" = Adobe Photoshop CS5.1
    "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{9368DDD5-CE7F-4BD7-A83A-F00FABE338EC}" = Blio
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
    "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
    "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
    "{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
    "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
    "{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.2) MUI
    "{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = HP Setup Manager
    "{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
    "{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}" = Energy Star Digital Logo
    "{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
    "{C6006AED-E5A7-4F77-BAD5-95AC43DE04F3}" = H&R Block Deluxe + Efile + State 2011
    "{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
    "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
    "{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
    "{CD41B576-4787-4D5C-95EE-24A4ABD89CD3}" = System Requirements Lab for Intel
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
    "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
    "{DBCD5E64-7379-4648-9444-8A6558DCB614}" = Recovery Manager
    "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
    "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E1845F1C-068C-F8F4-D31D-D3540D47C453}" = Adobe Download Assistant
    "{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
    "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
    "{E44578C7-4667-4124-8BC2-1161BCA54978}" = HP Power Manager
    "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
    "{ED1BD69A-07E3-418C-91F1-D856582581BF}" = HP On Screen Display
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
    "{F761359C-9CED-45AE-9A51-9D6605CD55C4}" = Evernote v. 4.2.2
    "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
    "Adobe AIR" = Adobe AIR
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.6
    "Akamai" = Akamai NetSession Interface Service
    "Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.15
    "Avidemux 2.5 (64-bit)" = Avidemux 2.5
    "com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
    "EasyBits Magic Desktop" = Magic Desktop
    "Fender FUSE" = Fender FUSE 2.2.2.31
    "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
    "Mozilla Firefox 10.0.2 (x86 en-US)" = Mozilla Firefox 10.0.2 (x86 en-US)
    "Mozilla Thunderbird 10.0.2 (x86 en-US)" = Mozilla Thunderbird 10.0.2 (x86 en-US)
    "MVApplication1" = SureThing CD Labeler 4 SE
    "N360" = Norton 360
    "Office14.Click2Run" = Microsoft Office Click-to-Run 2010
    "Rainmeter" = Rainmeter
    "RarZilla Free Unrar" = RarZilla Free Unrar
    "WildTangent hp Master Uninstall" = HP Games
    "WinLiveSuite" = Windows Live Essentials
    "WT087328" = Blackhawk Striker 2
    "WT087330" = Bounce Symphony
    "WT087335" = Build-a-lot 2
    "WT087343" = Dora's World Adventure
    "WT087393" = Mah Jong Medley
    "WT087394" = Penguins!
    "WT087395" = Poker Superstars III
    "WT087396" = Polar Bowler
    "WT087397" = Polar Golfer
    "WT087415" = Wheel of Fortune 2
    "WT087536" = Diner Dash 2 Restaurant Rescue
    "WT089307" = Virtual Villagers 4 - The Tree of Life
    "WT089308" = Blasterball 3
    "WT089328" = Farm Frenzy
    "WT089359" = Cake Mania
    "WT089362" = Agatha Christie - Peril at End House
    "WT089453" = Bejeweled 2 Deluxe
    "WT089454" = Chuzzle Deluxe
    "WT089455" = Zuma Deluxe
    "WT089457" = Slingo Supreme
    "WT089458" = Plants vs. Zombies - Game of the Year
    "WT089470" = FATE - The Traitor Soul
    "WT089484" = Namco All-Stars PAC-MAN
    "WT089496" = Mystery P.I. - Stolen in San Francisco
    "WT089498" = Bejeweled 3

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-1838632947-3332480520-3819470439-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Akamai" = Akamai NetSession Interface
    "Dropbox" = Dropbox

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 3/7/2012 4:26:05 PM | Computer Name = HP | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 2074

    Error - 3/7/2012 4:26:05 PM | Computer Name = HP | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 2074

    Error - 3/7/2012 8:11:38 PM | Computer Name = HP | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 3/7/2012 8:11:38 PM | Computer Name = HP | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 1076

    Error - 3/7/2012 8:11:38 PM | Computer Name = HP | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 1076

    Error - 3/7/2012 8:11:39 PM | Computer Name = HP | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 3/7/2012 8:11:39 PM | Computer Name = HP | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 2074

    Error - 3/7/2012 8:11:39 PM | Computer Name = HP | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 2074

    Error - 3/7/2012 11:08:03 PM | Computer Name = HP | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 3/7/2012 11:08:03 PM | Computer Name = HP | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 1060

    [ Hewlett-Packard Events ]
    Error - 7/12/2011 11:33:15 AM | Computer Name = HP | Source = Hewlett-Packard | ID = 0
    Description = en-US Exception has been thrown by the target of an invocation. mscorlib

    at System.RuntimeMethodHandle._InvokeMethodFast(Object target, Object[] arguments,
    SignatureStruct& sig, MethodAttributes methodAttributes, RuntimeTypeHandle typeOwner)

    at System.RuntimeMethodHandle.InvokeMethodFast(Object target, Object[] arguments,
    Signature sig, MethodAttributes methodAttributes, RuntimeTypeHandle typeOwner)
    at System.Reflection.RuntimeMethodInfo.Invoke(Object obj, BindingFlags invokeAttr,
    Binder binder, Object[] parameters, CultureInfo culture, Boolean skipVisibilityChecks)

    at System.Delegate.DynamicInvokeImpl(Object[] args) at System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate
    callback, Object args, Boolean isSingleParameter) at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object
    source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler)
    Index
    was outside the bounds of the array.

    Error - 7/12/2011 11:33:16 AM | Computer Name = HP | Source = Hewlett-Packard | ID = 0
    Description = en-US Exception has been thrown by the target of an invocation. mscorlib

    at System.RuntimeMethodHandle._InvokeMethodFast(Object target, Object[] arguments,
    SignatureStruct& sig, MethodAttributes methodAttributes, RuntimeTypeHandle typeOwner)

    at System.RuntimeMethodHandle.InvokeMethodFast(Object target, Object[] arguments,
    Signature sig, MethodAttributes methodAttributes, RuntimeTypeHandle typeOwner)
    at System.Reflection.RuntimeMethodInfo.Invoke(Object obj, BindingFlags invokeAttr,
    Binder binder, Object[] parameters, CultureInfo culture, Boolean skipVisibilityChecks)

    at System.Delegate.DynamicInvokeImpl(Object[] args) at System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate
    callback, Object args, Boolean isSingleParameter) at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object
    source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler)
    Index
    was outside the bounds of the array.

    Error - 7/12/2011 11:33:18 AM | Computer Name = HP | Source = Hewlett-Packard | ID = 0
    Description = en-US Exception has been thrown by the target of an invocation. mscorlib

    at System.RuntimeMethodHandle._InvokeMethodFast(Object target, Object[] arguments,
    SignatureStruct& sig, MethodAttributes methodAttributes, RuntimeTypeHandle typeOwner)

    at System.RuntimeMethodHandle.InvokeMethodFast(Object target, Object[] arguments,
    Signature sig, MethodAttributes methodAttributes, RuntimeTypeHandle typeOwner)
    at System.Reflection.RuntimeMethodInfo.Invoke(Object obj, BindingFlags invokeAttr,
    Binder binder, Object[] parameters, CultureInfo culture, Boolean skipVisibilityChecks)

    at System.Delegate.DynamicInvokeImpl(Object[] args) at System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate
    callback, Object args, Boolean isSingleParameter) at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object
    source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler)
    Index
    was outside the bounds of the array.

    Error - 7/12/2011 11:33:19 AM | Computer Name = HP | Source = Hewlett-Packard | ID = 0
    Description = en-US Exception has been thrown by the target of an invocation. mscorlib

    at System.RuntimeMethodHandle._InvokeMethodFast(Object target, Object[] arguments,
    SignatureStruct& sig, MethodAttributes methodAttributes, RuntimeTypeHandle typeOwner)

    at System.RuntimeMethodHandle.InvokeMethodFast(Object target, Object[] arguments,
    Signature sig, MethodAttributes methodAttributes, RuntimeTypeHandle typeOwner)
    at System.Reflection.RuntimeMethodInfo.Invoke(Object obj, BindingFlags invokeAttr,
    Binder binder, Object[] parameters, CultureInfo culture, Boolean skipVisibilityChecks)

    at System.Delegate.DynamicInvokeImpl(Object[] args) at System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate
    callback, Object args, Boolean isSingleParameter) at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object
    source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler)
    Index
    was outside the bounds of the array.

    Error - 7/12/2011 11:33:21 AM | Computer Name = HP | Source = Hewlett-Packard | ID = 0
    Description = en-US Exception has been thrown by the target of an invocation. mscorlib

    at System.RuntimeMethodHandle._InvokeMethodFast(Object target, Object[] arguments,
    SignatureStruct& sig, MethodAttributes methodAttributes, RuntimeTypeHandle typeOwner)

    at System.RuntimeMethodHandle.InvokeMethodFast(Object target, Object[] arguments,
    Signature sig, MethodAttributes methodAttributes, RuntimeTypeHandle typeOwner)
    at System.Reflection.RuntimeMethodInfo.Invoke(Object obj, BindingFlags invokeAttr,
    Binder binder, Object[] parameters, CultureInfo culture, Boolean skipVisibilityChecks)

    at System.Delegate.DynamicInvokeImpl(Object[] args) at System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate
    callback, Object args, Boolean isSingleParameter) at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object
    source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler)
    Index
    was outside the bounds of the array.

    Error - 7/12/2011 11:33:22 AM | Computer Name = HP | Source = Hewlett-Packard | ID = 0
    Description = en-US Exception has been thrown by the target of an invocation. mscorlib

    at System.RuntimeMethodHandle._InvokeMethodFast(Object target, Object[] arguments,
    SignatureStruct& sig, MethodAttributes methodAttributes, RuntimeTypeHandle typeOwner)

    at System.RuntimeMethodHandle.InvokeMethodFast(Object target, Object[] arguments,
    Signature sig, MethodAttributes methodAttributes, RuntimeTypeHandle typeOwner)
    at System.Reflection.RuntimeMethodInfo.Invoke(Object obj, BindingFlags invokeAttr,
    Binder binder, Object[] parameters, CultureInfo culture, Boolean skipVisibilityChecks)

    at System.Delegate.DynamicInvokeImpl(Object[] args) at System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate
    callback, Object args, Boolean isSingleParameter) at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object
    source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler)
    Index
    was outside the bounds of the array.

    Error - 7/12/2011 1:09:34 PM | Computer Name = HP | Source = Hewlett-Packard | ID = 0
    Description = en-US Object reference not set to an instance of an object. HP.ActiveSupportLibrary

    at HP.ActiveSupportLibrary.Issues.HPSFSession.?()

    Error - 8/23/2011 5:01:51 PM | Computer Name = HP | Source = Hewlett-Packard | ID = 0
    Description = en-US Object reference not set to an instance of an object. HP.ActiveSupportLibrary

    at HP.ActiveSupportLibrary.Issues.HPSFSession.?()

    Error - 9/19/2011 8:50:47 PM | Computer Name = HP | Source = Hewlett-Packard | ID = 0
    Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\091119055044.xml
    File not created by asset agent

    Error - 11/14/2011 11:00:43 PM | Computer Name = HP | Source = hpsa_service.exe | ID = 2000
    Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
    category) at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()

    at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
    Boolean localScan) Message: Failed to perform update. StackTrace: at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
    category) at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()

    at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
    Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager InnerException.Message:
    Object '/768de442_103f_49fc_b923_720824fafc77/mpov8enkeem2x0kmo8dqivnr_5.rem' has
    been disconnected or does not exist at the server. Name: hpsa_service.exe Version:
    06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
    Format:
    en-US RAM: 3893 Ram Utilization: 30 TargetSite: Void UpdateDetail(System.String)

    [ HP Connection Manager Events ]
    Error - 3/9/2012 1:19:27 AM | Computer Name = HP | Source = hpCMSrv | ID = 5
    Description = 2012/03/08 21:19:27.523|00000C1C|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
    failed [hr:0x800706BA]

    Error - 3/9/2012 2:11:39 PM | Computer Name = HP | Source = hpCMSrv | ID = 5
    Description = 2012/03/09 10:11:39.071|00001790|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
    failed [hr:0x800706BA]

    Error - 3/9/2012 3:51:06 PM | Computer Name = HP | Source = hpCMSrv | ID = 5
    Description = 2012/03/09 11:51:06.971|000010DC|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
    failed [hr:0x800706BA]

    Error - 3/9/2012 3:51:14 PM | Computer Name = HP | Source = hpCMSrv | ID = 5
    Description = 2012/03/09 11:51:14.913|000010DC|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
    failed [hr:0x800706BA]

    Error - 3/9/2012 4:26:36 PM | Computer Name = HP | Source = hpCMSrv | ID = 5
    Description = 2012/03/09 12:26:36.425|000003C0|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
    failed [hr:0x800706BA]

    Error - 3/9/2012 4:50:59 PM | Computer Name = HP | Source = hpCMSrv | ID = 5
    Description = 2012/03/09 12:50:59.488|00000ED8|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
    failed [hr:0x800706BA]

    Error - 3/10/2012 4:05:48 PM | Computer Name = HP | Source = hpCMSrv | ID = 5
    Description = 2012/03/10 12:05:48.194|00000B0C|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
    failed [hr:0x800706BA]

    Error - 3/10/2012 10:27:08 PM | Computer Name = HP | Source = hpCMSrv | ID = 5
    Description = 2012/03/10 18:27:08.049|00001320|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
    failed [hr:0x800706BA]

    Error - 3/11/2012 1:49:04 AM | Computer Name = HP | Source = hpCMSrv | ID = 5
    Description = 2012/03/10 21:49:04.981|00001760|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
    failed [hr:0x800706BA]

    Error - 3/11/2012 4:01:53 AM | Computer Name = HP | Source = hpCMSrv | ID = 5
    Description = 2012/03/11 00:01:53.201|00001738|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
    failed [hr:0x800706BA]

    [ HP Software Framework Events ]
    Error - 3/9/2012 4:32:31 PM | Computer Name = HP | Source = CaslWmi | ID = 5
    Description = 2012/03/09 12:32:31.832|00001178|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
    0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

    Error - 3/9/2012 4:54:30 PM | Computer Name = HP | Source = CaslWmi | ID = 5
    Description = 2012/03/09 12:54:30.523|00000E50|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
    0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

    Error - 3/9/2012 5:17:33 PM | Computer Name = HP | Source = CaslWmi | ID = 5
    Description = 2012/03/09 13:17:33.531|00000428|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
    0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

    Error - 3/10/2012 11:50:11 AM | Computer Name = HP | Source = CaslWmi | ID = 5
    Description = 2012/03/10 07:50:11.664|00000814|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
    0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

    Error - 3/10/2012 7:46:47 PM | Computer Name = HP | Source = CaslWmi | ID = 5
    Description = 2012/03/10 15:46:47.139|000017E4|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
    0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

    Error - 3/11/2012 1:48:15 AM | Computer Name = HP | Source = CaslWmi | ID = 5
    Description = 2012/03/10 21:48:15.289|00001440|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
    0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

    Error - 3/11/2012 1:53:14 AM | Computer Name = HP | Source = CaslWmi | ID = 5
    Description = 2012/03/10 21:53:14.546|00001694|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
    0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

    Error - 3/11/2012 12:44:34 PM | Computer Name = HP | Source = CaslWmi | ID = 5
    Description = 2012/03/11 09:44:34.171|000007B4|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
    0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

    Error - 3/11/2012 1:50:49 PM | Computer Name = HP | Source = CaslWmi | ID = 5
    Description = 2012/03/11 10:50:49.490|00001534|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
    0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

    Error - 3/11/2012 3:06:35 PM | Computer Name = HP | Source = CaslWmi | ID = 5
    Description = 2012/03/11 12:06:35.404|000013DC|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
    0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

    [ System Events ]
    Error - 3/11/2012 2:49:14 PM | Computer Name = HP | Source = Service Control Manager | ID = 7001
    Description = The Network List Service service depends on the Network Location Awareness
    service which failed to start because of the following error: %%1068

    Error - 3/11/2012 2:49:14 PM | Computer Name = HP | Source = Service Control Manager | ID = 7001
    Description = The Network List Service service depends on the Network Location Awareness
    service which failed to start because of the following error: %%1068

    Error - 3/11/2012 2:49:14 PM | Computer Name = HP | Source = Service Control Manager | ID = 7001
    Description = The Network List Service service depends on the Network Location Awareness
    service which failed to start because of the following error: %%1068

    Error - 3/11/2012 2:49:14 PM | Computer Name = HP | Source = Service Control Manager | ID = 7001
    Description = The Network List Service service depends on the Network Location Awareness
    service which failed to start because of the following error: %%1068

    Error - 3/11/2012 2:51:34 PM | Computer Name = HP | Source = DCOM | ID = 10005
    Description =

    Error - 3/11/2012 2:55:36 PM | Computer Name = HP | Source = Service Control Manager | ID = 7030
    Description = The PEVSystemStart service is marked as an interactive service. However,
    the system is configured to not allow interactive services. This service may not
    function properly.

    Error - 3/11/2012 2:56:57 PM | Computer Name = HP | Source = Application Popup | ID = 1060
    Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility
    with this system. Please contact your software vendor for a compatible version
    of the driver.

    Error - 3/11/2012 2:57:22 PM | Computer Name = HP | Source = Service Control Manager | ID = 7030
    Description = The PEVSystemStart service is marked as an interactive service. However,
    the system is configured to not allow interactive services. This service may not
    function properly.

    Error - 3/11/2012 2:58:13 PM | Computer Name = HP | Source = Service Control Manager | ID = 7023
    Description = The Windows Defender service terminated with the following error:
    %%126

    Error - 3/11/2012 3:00:39 PM | Computer Name = HP | Source = Service Control Manager | ID = 7000
    Description = The HP Support Assistant Service service failed to start due to the
    following error: %%31


    < End of report >
  22. Broni

    Broni Malware Annihilator Posts: 46,447   +252

    OTL logs are clean.

    1. Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    2. Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it.
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.
    • Do NOT post JavaRa log.

    ====================================================================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.


    3. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    4. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
  23. mwlevey

    mwlevey Newcomer, in training Topic Starter Posts: 19

    checkup.txt was empty after running securitycheck.exe
  24. mwlevey

    mwlevey Newcomer, in training Topic Starter Posts: 19

    Farbar Service Scanner Version: 01-03-2012
    Ran by Marc & Elizabeth (administrator) on 11-03-2012 at 19:12:59
    Running from "C:\Users\Marc & Elizabeth\Desktop"
    Microsoft Windows 7 Home Premium Service Pack 1 (X64)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Yahoo IP is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Action Center:
    ============

    Windows Update:
    ============

    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => MD5 is legit
    C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\System32\dhcpcore.dll => MD5 is legit
    C:\Windows\System32\drivers\afd.sys => MD5 is legit
    C:\Windows\System32\drivers\tdx.sys => MD5 is legit
    C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\System32\dnsrslvr.dll => MD5 is legit
    C:\Windows\System32\mpssvc.dll => MD5 is legit
    C:\Windows\System32\bfe.dll => MD5 is legit
    C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\System32\SDRSVC.dll => MD5 is legit
    C:\Windows\System32\vssvc.exe => MD5 is legit
    C:\Windows\System32\wscsvc.dll => MD5 is legit
    C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\System32\wuaueng.dll => MD5 is legit
    C:\Windows\System32\qmgr.dll => MD5 is legit
    C:\Windows\System32\es.dll => MD5 is legit
    C:\Windows\System32\cryptsvc.dll => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit


    **** End of log ****
  25. Broni

    Broni Malware Annihilator Posts: 46,447   +252

    Disable Norton, download fresh copy of Security Check and try again.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.