Need help with a redirect window that comes as pop up in IE

Author	All Replies
artesian79 join:2001-10-16 West Chester, OH Reviews: ·RoadRunner Cable	Need help with a redirect window that comes as pop up in IE I Need help with a redirect pop up window that doesn’t let me go anywhere in IE. The pop-up blocker is on. I’m using Teamviewer to get to the PC of a family member and cannot get a screen print of the issue. The window, however, says: “Congratulations You are the Georgia winner for February 28 Please select a prize and enter…….” I have been able to ftp the files in to perform the scans and the results are below. I've checked the hosts file and it was fine. In addition to the results below, I’ve also run Trojan Hunter, Spybot Search & Destroy, Panda Active Scan, f-secure, Ad-aware, Super Antispyware, and Hijackthis. I’ve also scanned daily with Norton 360 in the event this is “new” and had been added to signature files while I was gathering all the information for this post. I ftp’d Firefox in and found that I can get anywhere I want with it. I’ve searched and found some info about things that sounded like this but haven’t been able to fix it. The system is running Windows 7 with Norton 360. This is a new PC and the AV has been running since before the first internet connection. The ISP’s router contains an NAT firewall, but Windows firewall is also running. Step 2 contents of the MBAM log (Step 2) Malwarebytes Anti-Malware 1.60.1.1000 www.malwarebytes.org Database version: v2012.02.28.03 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 xxx-LAPTOP [administrator] 2/28/2012 9:11:59 AM mbam-log-2012-02-28 (09-11-59).txt Scan type: Full scan Scan options enabled: Memory \| Startup \| Registry \| File System \| Heuristics/Extra \| Heuristics/Shuriken \| PUP \| PUM Scan options disabled: P2P Objects scanned: 324275 Time elapsed: 47 minute(s), 21 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) Step 3 contents of Extras.txt (Step 3) OTL Extras logfile created on: 2/28/2012 10:20:22 AM - Run 1 OTL by OldTimer - Version 3.2.33.2 Folder = C:\Users\Gay\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 \| Country: United States \| Language: ENU \| Date Format: M/d/yyyy 5.90 Gb Total Physical Memory \| 3.99 Gb Available Physical Memory \| 67.64% Memory free 11.79 Gb Paging File \| 9.84 Gb Available in Paging File \| 83.46% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: \| %SystemRoot% = C:\Windows \| %ProgramFiles% = C:\Program Files (x86) Drive C: \| 576.54 Gb Total Space \| 535.41 Gb Free Space \| 92.87% Space Free \| Partition Type: NTFS Drive F: \| 465.73 Gb Total Space \| 397.12 Gb Free Space \| 85.27% Space Free \| Partition Type: NTFS Computer Name: GAY-LAPTOP \| User Name: Gay \| Logged in as Administrator. Boot Mode: Normal \| Scan Mode: Current user \| Include 64bit Scans Company Name Whitelist: Off \| Skip Microsoft Files: Off \| No Company Name Whitelist: On \| File Age = 30 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [color=#E56717]========== Shell Spawning ==========[/color] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [color=#E56717]========== Authorized Applications List ==========[/color] [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0090A87C-3E0E-43D4-AA71-A71B06563A4A}" = Dell Support Center "{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant "{23B47A34-0517-48DA-8B76-015DA8546893}" = WD SmartWare "{25FBDA9A-E868-4B3B-B9FF-D923818511A1}" = Intel(R) PROSet/Wireless WiFi Software "{26A24AE4-039D-4CA4-87B4-2F86416027FF}" = Java(TM) 6 Update 27 (64-bit) "{26A24AE4-039D-4CA4-87B4-2F86417002FF}" = Java(TM) 7 Update 2 (64-bit) "{28EF7372-9087-4AC3-9B9F-D9751FCDF830}" = Intel(R) Wireless Display "{48C0866E-57EB-444C-8371-8E4321066BC3}" = Network64 "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup "{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources "{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64 "{7CE8BE79-ABC3-4B2C-9543-28ED2B0A9EA8}" = Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources "{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64 "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended "{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{9D6DFAD6-09E5-445E-A4B5-A388FEEBD90D}" = RBVirtualFolder64Inst "{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}" = Intel(R) Turbo Boost Technology Monitor 2.0 "{CCD42CCF-9AFF-4BC5-862A-38CCD3C8E8F8}" = HP Photosmart Premium C309g-m All-in-One Driver Software 14.0 Rel. 6 "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer "66A129BB411C95940270753202E51BC35C0DB0D2" = Windows Driver Package - Intel(R) Corporation (IntcDAud) MEDIA (08/23/2011 6.14.00.3086) "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit "CCleaner" = CCleaner "Dell Support Center" = Dell Support Center "E4E831CA68D1B79AB3BD6C134D0B12D6ECFC01B4" = Windows Driver Package - Realtek Semiconductor Corp. HD Audio Driver (12/13/2011 6.0.1.6526) "HP Imaging Device Functions" = HP Imaging Device Functions 14.0 "HP Print Projects" = HP Print Projects 1.0 "HP Smart Web Printing" = HP Smart Web Printing 4.60 "HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0 "HPExtendedCapabilities" = HP Customer Participation Program 14.0 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "ProInst" = Intel PROSet Wireless "Shop for HP Supplies" = Shop for HP Supplies "SynTPDeinstKey" = Dell Touchpad [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{007B37D9-0C45-4202-834B-DD5FAAE99D63}" = ArcSoft Print Creations - Slimline Card "{03703CBB-563D-45CE-8B35-CB04CAB258BE}" = Intel(R) WiDi "{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan "{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0D98F04D-11A1-4B64-A406-43292B9EEE90}" = Dell PhotoStage "{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup "{0EEBAFB5-CB0F-4E1A-A33F-4ECAF15CE2F9}" = Dell Digital Delivery "{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery "{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD "{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{26A24AE4-039D-4CA4-87B4-2F83216027FF}" = Java(TM) 6 Update 30 "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections "{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox "{2A0F2CC5-3065-492C-8380-B03AA7106B1A}" = Dell Product Registration "{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger "{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt "{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update "{2FB9EA69-51D4-4913-9AD5-762C034DE811}" = Status "{3250260C-7A95-4632-893B-89657EB5545B}" = PhotoShowExpress "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery "{39D06E77-8921-4056-8901-36D0035BAECA}" = Dell Stage "{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore "{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001 "{56589DFE-0C29-4DFE-8E42-887B771ECD23}" = ArcSoft Print Creations - Photo Book "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack "{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack "{5DCF0E4B-F8EA-4229-A0BD-5CA6D4AFB749}" = SolutionCenter "{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA "{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3 "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}" = Roxio Creator Starter "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7746BFAA-2B5D-4FFD-A0E8-4558F4668105}" = Roxio Burn "{77DDEEB4-CBF4-4B4C-8366-07E8CC03692B}" = Acronis True Image Home 2012 "{77DDEEB4-CBF4-4B4C-8366-07E8CC03692B}Visible" = Acronis True Image Home 2012 "{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide "{7EC66A95-AC2D-4127-940B-0445A526AB2F}" = Dell DataSafe Online "{820B6609-4C97-3A2B-B644-573B06A0F0CC}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini "{8E9976D2-E563-43DE-A51F-5AEBC38D1F08}" = Ad-Aware "{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg "{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting "{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003 "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui "{91AF2672-F5BC-42CF-8037-A9D2F92BBCC0}" = Dell MusicStage "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010 "{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector "{9591C049-5CAE-4E89-A8D9-191F1899628B}" = ArcSoft Print Creations - Funhouse "{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars "{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL "{9A00EC4E-27E1-42C4-98DD-662F32AC8870}" = Sonic CinePlayer Decoder Pack "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh "{A121EEDE-C68F-461D-91AA-D48BA226AF1C}" = Roxio Activation Module "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A8B88634-7F90-402F-B66A-86429755F6A5}" = eBay "{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AA31EA7B-7917-4000-949B-38E91F848A25}" = Internet Explorer "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer "{AB2FDE4F-6BED-4E9E-B676-3DCCEBB1FBFE}" = Dell Home Systems Service Agreement "{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.2) "{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK "{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime "{B0D83FCD-9D42-43ED-8315-250326AADA02}" = ArcSoft Print Creations - Scrapbook "{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore "{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2 "{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations "{C16A92EF-017B-4839-9C75-FBADB5A1FA27}" = TrustedID "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail "{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects "{CA9ED5E4-1548-485B-A293-417840060158}" = ArcSoft Print Creations - Photo Calendar "{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget "{CAE8A0F1-B498-4C23-95FA-55047E730C8F}" = ArcSoft Print Creations "{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{CF67ED0C-F85D-4791-AED3-3FE882EDB45D}" = Dell Marketplace Webslice IE8 "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software "{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR "{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh "{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E4335E82-17B3-460F-9E70-39D9BC269DB3}" = Dell PhotoStage "{E517094C-06B6-419F-8FFD-EF4F57972130}" = QuickTransfer "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger "{E6319C60-D4DF-4D4D-A077-9F46D656E4FB}" = C309g-m "{E6B4117F-AC59-4B13-9274-EB136E8897EE}" = ArcSoft Print Creations - Album Page "{EA1F3D6C-A6F5-4CDC-B0D3-9C56C06B4D29}" = Cozi "{EE177519-70E3-4A94-B8DB-FD0B78D1A47E}" = PS_AIO_06_C309g-m_SW_Min "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8 "{EF56258E-0326-48C5-A86C-3BAC26FC15DF}" = Roxio Creator Starter "{F04F9557-81A9-4293-BC49-2C216FA325A7}" = ArcSoft Print Creations - Greeting Card "{F06B5C4C-8D2E-4B24-9D43-7A45EEC6C878}" = Roxio Creator Starter "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center "{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS "{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm "{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials "ActiveScan 2.0" = Panda ActiveScan 2.0 "Advanced Audio FX Engine" = Advanced Audio FX Engine "Belarc Advisor" = Belarc Advisor 8.2 "Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows "Dell Webcam Central" = Dell Webcam Central "ESET Online Scanner" = ESET Online Scanner v3 "FileHippo.com" = FileHippo.com Update Checker "HP Photo Creations" = HP Photo Creations "Info Center_is1" = Info Center 1.0.0.10 "InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000 "Mozilla Firefox 10.0.2 (x86 en-US)" = Mozilla Firefox 10.0.2 (x86 en-US) "N360" = Norton 360 "PC Matic_is1" = PC Matic 1.1.0.45 "ProInst" = Intel PROSet Wireless "TeamViewer 7" = TeamViewer 7 "TrojanHunter_is1" = TrojanHunter 5.5 "WinLiveSuite" = Windows Live Essentials [color=#E56717]========== Last 10 Event Log Errors ==========[/color] [ Application Events ] Error - 2/3/2012 9:30:50 AM \| Computer Name = Gay-Laptop \| Source = SideBySide \| ID = 16842832 Description = Activation context generation failed for "c:\Program Files (x86)\Cozi Express\CoziExpress.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error - 2/3/2012 5:53:10 PM \| Computer Name = Gay-Laptop \| Source = WinMgmt \| ID = 10 Description = Error - 2/4/2012 11:23:37 AM \| Computer Name = Gay-Laptop \| Source = SideBySide \| ID = 16842832 Description = Activation context generation failed for "c:\Program Files (x86)\Cozi Express\CoziExpress.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error - 2/5/2012 11:12:09 AM \| Computer Name = Gay-Laptop \| Source = WinMgmt \| ID = 10 Description = Error - 2/5/2012 1:04:41 PM \| Computer Name = Gay-Laptop \| Source = SideBySide \| ID = 16842832 Description = Activation context generation failed for "c:\Program Files (x86)\Cozi Express\CoziExpress.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error - 2/6/2012 10:10:56 AM \| Computer Name = Gay-Laptop \| Source = SideBySide \| ID = 16842832 Description = Activation context generation failed for "c:\Program Files (x86)\Cozi Express\CoziExpress.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error - 2/7/2012 11:34:34 AM \| Computer Name = Gay-Laptop \| Source = SideBySide \| ID = 16842832 Description = Activation context generation failed for "c:\Program Files (x86)\Cozi Express\CoziExpress.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error - 2/9/2012 2:34:14 PM \| Computer Name = Gay-Laptop \| Source = WinMgmt \| ID = 10 Description = Error - 2/9/2012 3:50:01 PM \| Computer Name = Gay-Laptop \| Source = SideBySide \| ID = 16842832 Description = Activation context generation failed for "c:\Program Files (x86)\Cozi Express\CoziExpress.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error - 2/10/2012 8:38:10 AM \| Computer Name = Gay-Laptop \| Source = WinMgmt \| ID = 10 Description = [ System Events ] Error - 2/21/2012 9:16:05 PM \| Computer Name = Gay-Laptop \| Source = Service Control Manager \| ID = 7001 Description = The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error - 2/21/2012 9:16:59 PM \| Computer Name = Gay-Laptop \| Source = Service Control Manager \| ID = 7001 Description = The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error - 2/21/2012 9:16:59 PM \| Computer Name = Gay-Laptop \| Source = Service Control Manager \| ID = 7001 Description = The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error - 2/21/2012 9:16:59 PM \| Computer Name = Gay-Laptop \| Source = Service Control Manager \| ID = 7001 Description = The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error - 2/21/2012 9:18:11 PM \| Computer Name = Gay-Laptop \| Source = Service Control Manager \| ID = 7001 Description = The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error - 2/21/2012 9:18:11 PM \| Computer Name = Gay-Laptop \| Source = Service Control Manager \| ID = 7001 Description = The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error - 2/21/2012 9:18:11 PM \| Computer Name = Gay-Laptop \| Source = Service Control Manager \| ID = 7001 Description = The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error - 2/21/2012 9:22:27 PM \| Computer Name = Gay-Laptop \| Source = Service Control Manager \| ID = 7001 Description = The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error - 2/21/2012 9:22:27 PM \| Computer Name = Gay-Laptop \| Source = Service Control Manager \| ID = 7001 Description = The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error - 2/21/2012 9:22:27 PM \| Computer Name = Gay-Laptop \| Source = Service Control Manager \| ID = 7001 Description = The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Step 4 the contents of checkup.txt (Step 4) Results of screen317's Security Check version 0.99.31 Windows 7 x64 (UAC is enabled) Internet Explorer 9 `````````````````````````````` [u]Antivirus/Firewall Check:[/u] Windows Firewall Enabled! ESET Online Scanner v3 Norton 360 [size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size] ``````````````````````````````` [u]Anti-malware/Other Utilities Check:[/u] Ad-Aware Spybot - Search & Destroy Java(TM) 6 Update 30 Adobe Reader X (10.1.2) Mozilla Firefox (10.0.2) ```````````````````````````````` Process Check: [u]objlist.exe by Laurent[/u] Norton ccSvcHst.exe [color=red]Ad-Aware AAWService.exe is disabled![/color] [color=red]Ad-Aware AAWTray.exe is disabled![/color] ``````````End of Log```````````` Step 5 contents of the Online AntiVirus Scan log(Step 5) A log was not made available, and there were no infections found.
	to forum · permalink · 2012-02-28 18:17:10 ·
LoPhatPhuud Premium,VIP,MVM join:2002-01-06 Albuquerque, NM kudos:26	Please post the main OTL log.
	to forum · permalink · 2012-02-28 19:30:26 ·
artesian79 join:2001-10-16 West Chester, OH	Thanks for your response. I'm getting the message that it is too large to post. Do you want specific sections? Or do you want it broken down in multiple posts?
	to forum · permalink · 2012-02-28 19:38:18 ·
artesian79 join:2001-10-16 West Chester, OH Reviews: ·RoadRunner Cable	Part 1: OTL logfile created on: 2/28/2012 10:20:22 AM - Run 1 OTL by OldTimer - Version 3.2.33.2 Folder = C:\Users\Gay\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 \| Country: United States \| Language: ENU \| Date Format: M/d/yyyy 5.90 Gb Total Physical Memory \| 3.99 Gb Available Physical Memory \| 67.64% Memory free 11.79 Gb Paging File \| 9.84 Gb Available in Paging File \| 83.46% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: \| %SystemRoot% = C:\Windows \| %ProgramFiles% = C:\Program Files (x86) Drive C: \| 576.54 Gb Total Space \| 535.41 Gb Free Space \| 92.87% Space Free \| Partition Type: NTFS Drive F: \| 465.73 Gb Total Space \| 397.12 Gb Free Space \| 85.27% Space Free \| Partition Type: NTFS Computer Name: GAY-LAPTOP \| User Name: Gay \| Logged in as Administrator. Boot Mode: Normal \| Scan Mode: Current user \| Include 64bit Scans Company Name Whitelist: Off \| Skip Microsoft Files: Off \| No Company Name Whitelist: On \| File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2012/02/28 09:25:22 \| 000,583,680 \| ---- \| M] (OldTimer Tools) -- C:\Users\Gay\Desktop\OTL.exe PRC - [2012/02/12 19:02:56 \| 003,450,832 \| ---- \| M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe PRC - [2012/01/31 17:10:10 \| 000,026,264 \| ---- \| M] (PC Pitstop LLC) -- C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe PRC - [2012/01/19 06:47:20 \| 003,027,840 \| ---- \| M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe PRC - [2012/01/19 06:47:20 \| 002,698,624 \| ---- \| M] (TeamViewer GmbH) -- c:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Desktop.exe PRC - [2012/01/19 06:47:19 \| 011,171,712 \| ---- \| M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe PRC - [2012/01/19 06:26:19 \| 000,116,608 \| ---- \| M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe PRC - [2011/12/16 14:35:42 \| 005,881,952 \| ---- \| M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe PRC - [2011/12/16 14:33:14 \| 000,403,096 \| ---- \| M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe PRC - [2011/12/16 14:32:04 \| 005,953,992 \| ---- \| M] (Acronis) -- C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe PRC - [2011/05/30 10:30:00 \| 000,885,760 \| ---- \| M] () -- C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe PRC - [2011/05/19 01:16:48 \| 000,995,392 \| ---- \| M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe PRC - [2011/05/19 01:16:46 \| 001,335,360 \| ---- \| M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe PRC - [2011/05/19 01:16:36 \| 000,921,664 \| ---- \| M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe PRC - [2011/05/19 01:16:34 \| 000,839,744 \| ---- \| M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe PRC - [2011/04/16 19:45:11 \| 000,130,008 \| R--- \| M] (Symantec Corporation) -- C:\Program Files (x86)\Norton 360\Engine\5.2.0.13\ccsvchst.exe PRC - [2010/11/17 10:35:34 \| 000,514,544 \| ---- \| M] () -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2012/02/18 15:08:27 \| 012,433,408 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6c51e152e7404188914c9fa4d8503ff9\System.Windows.Forms.ni.dll MOD - [2012/02/18 15:08:21 \| 001,587,200 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ab87129c2b603f218e4aa5300c9b1bdd\System.Drawing.ni.dll MOD - [2012/02/18 15:08:14 \| 005,453,312 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll MOD - [2012/02/18 15:08:09 \| 000,971,264 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll MOD - [2012/02/18 15:07:53 \| 007,967,232 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll MOD - [2012/01/10 08:34:18 \| 011,490,304 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll MOD - [2011/05/30 10:30:00 \| 000,885,760 \| ---- \| M] () -- C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe MOD - [2011/05/30 10:25:10 \| 007,938,048 \| ---- \| M] () -- C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\QtGui4.dll MOD - [2011/05/30 10:25:10 \| 002,225,664 \| ---- \| M] () -- C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\QtCore4.dll MOD - [2010/11/24 22:44:02 \| 000,375,280 \| ---- \| M] () -- c:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\SQLite352.dll MOD - [2010/11/17 10:35:34 \| 000,514,544 \| ---- \| M] () -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV:64bit: - [2011/08/08 07:39:18 \| 001,166,848 \| ---- \| M] (Intel Corporation) [On_Demand \| Stopped] -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3) SRV:64bit: - [2011/08/01 10:12:52 \| 001,338,256 \| ---- \| M] (Western Digital ) [On_Demand \| Running] -- C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe -- (WDRulesService) SRV:64bit: - [2011/08/01 10:12:50 \| 001,978,256 \| ---- \| M] (Western Digital ) [On_Demand \| Running] -- C:\Program Files\Western Digital\WD SmartWare\WDFME.exe -- (WDFMEService) SRV:64bit: - [2011/08/01 10:12:46 \| 000,317,328 \| ---- \| M] (WDC) [Auto \| Running] -- C:\Program Files\Western Digital\WD SmartWare\WDDMService.exe -- (WDDMService) SRV:64bit: - [2011/07/27 21:04:48 \| 001,517,328 \| ---- \| M] (Intel(R) Corporation) [Auto \| Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) SRV:64bit: - [2011/07/27 20:48:34 \| 000,340,240 \| ---- \| M] () [On_Demand \| Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS) SRV:64bit: - [2011/07/27 20:44:18 \| 000,844,560 \| ---- \| M] (Intel(R) Corporation) [Auto \| Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) SRV:64bit: - [2011/06/03 12:51:38 \| 000,134,928 \| ---- \| M] (Intel(R) Corporation) [On_Demand \| Stopped] -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr) SRV:64bit: - [2010/11/29 15:00:56 \| 000,149,504 \| ---- \| M] (Intel(R) Corporation) [On_Demand \| Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost) SRV:64bit: - [2010/09/22 18:10:10 \| 000,057,184 \| ---- \| M] (Microsoft Corporation) [Disabled \| Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV:64bit: - [2009/11/17 21:14:26 \| 000,098,208 \| ---- \| M] (Andrea Electronics Corporation) [On_Demand \| Stopped] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters) SRV:64bit: - [2009/07/13 20:41:27 \| 001,011,712 \| ---- \| M] (Microsoft Corporation) [On_Demand \| Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2012/02/22 16:19:10 \| 002,152,152 \| ---- \| M] (Lavasoft Limited) [On_Demand \| Stopped] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service) SRV - [2012/02/12 19:02:56 \| 003,450,832 \| ---- \| M] (Acronis) [Auto \| Running] -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv) SRV - [2012/01/31 17:15:56 \| 000,091,816 \| ---- \| M] (PC Pitstop LLC) [On_Demand \| Stopped] -- C:\Program Files (x86)\PCPitstop\PCPitstopScheduleService.exe -- (PCPitstop Scheduling) SRV - [2012/01/31 15:09:34 \| 000,158,856 \| R--- \| M] (Skype Technologies) [On_Demand \| Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012/01/19 06:47:20 \| 003,027,840 \| ---- \| M] (TeamViewer GmbH) [Auto \| Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7) SRV - [2012/01/03 08:10:42 \| 000,063,928 \| ---- \| M] (Adobe Systems Incorporated) [On_Demand \| Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011/12/16 14:35:42 \| 005,881,952 \| ---- \| M] (Acronis) [Auto \| Running] -- C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe -- (syncagentsrv) SRV - [2011/12/16 14:35:00 \| 001,124,096 \| ---- \| M] (Acronis) [Auto \| Running] -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc) SRV - [2011/08/18 11:05:46 \| 001,692,480 \| ---- \| M] (SoftThinks SAS) [On_Demand \| Stopped] -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE -- (SftService) SRV - [2011/05/19 01:16:48 \| 000,995,392 \| ---- \| M] (Intel Corporation) [Auto \| Running] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service) SRV - [2011/05/19 01:16:46 \| 001,335,360 \| ---- \| M] (Intel Corporation) [On_Demand \| Running] -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe -- (Bluetooth Media Service) SRV - [2011/05/19 01:16:36 \| 000,921,664 \| ---- \| M] (Intel Corporation) [On_Demand \| Running] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor) SRV - [2011/04/16 19:45:11 \| 000,130,008 \| R--- \| M] (Symantec Corporation) [Unknown \| Running] -- C:\Program Files (x86)\Norton 360\Engine\5.2.0.13\ccSvcHst.exe -- (N360) SRV - [2011/03/24 08:08:04 \| 000,148,360 \| ---- \| M] (Dell Products, LP.) [Auto \| Stopped] -- c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe -- (DellDigitalDelivery) SRV - [2010/12/20 18:24:38 \| 002,656,280 \| ---- \| M] (Intel Corporation) [On_Demand \| Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R) SRV - [2010/12/20 18:24:36 \| 000,325,656 \| ---- \| M] (Intel Corporation) [On_Demand \| Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R) SRV - [2010/11/25 05:34:18 \| 000,219,632 \| ---- \| M] (Sonic Solutions) [On_Demand \| Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe -- (RoxWatch12) SRV - [2010/11/25 05:33:18 \| 001,116,656 \| ---- \| M] (Sonic Solutions) [On_Demand \| Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe -- (RoxMediaDB12OEM) SRV - [2010/10/22 13:08:18 \| 001,039,360 \| ---- \| M] (Hewlett-Packard Co.) [Auto \| Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC) SRV - [2010/08/25 20:28:54 \| 002,823,000 \| ---- \| M] (Dell, Inc.) [Auto \| Running] -- C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe -- (NOBU) SRV - [2010/03/18 16:16:28 \| 000,130,384 \| ---- \| M] (Microsoft Corporation) [Auto \| Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010/03/18 11:19:26 \| 000,113,152 \| ---- \| M] (ArcSoft Inc.) [On_Demand \| Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon) SRV - [2009/06/10 16:23:09 \| 000,066,384 \| ---- \| M] (Microsoft Corporation) [Disabled \| Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV:64bit: - [2012/02/12 19:02:57 \| 000,367,200 \| ---- \| M] (Acronis) [File_System \| On_Demand \| Running] -- C:\Windows\SysNative\drivers\afcdp.sys -- (afcdp) DRV:64bit: - [2012/02/12 19:02:53 \| 001,285,216 \| ---- \| M] (Acronis) [Kernel \| Boot \| Running] -- C:\Windows\SysNative\drivers\tdrpman.sys -- (tdrpman) DRV:64bit: - [2012/02/12 19:02:51 \| 000,986,208 \| ---- \| M] (Acronis) [Kernel \| Boot \| Running] -- C:\Windows\SysNative\drivers\timntr.sys -- (timounter) DRV:64bit: - [2012/02/12 19:02:49 \| 000,211,040 \| ---- \| M] (Acronis) [Kernel \| Boot \| Running] -- C:\Windows\SysNative\drivers\vididr.sys -- (vididr) DRV:64bit: - [2012/02/12 19:02:48 \| 000,142,944 \| ---- \| M] (Acronis) [Kernel \| Boot \| Running] -- C:\Windows\SysNative\drivers\vsflt61.sys -- (vidsflt61) Acronis Disk Storage Filter (61) DRV:64bit: - [2012/02/12 19:02:46 \| 000,310,368 \| ---- \| M] (Acronis) [Kernel \| Boot \| Running] -- C:\Windows\SysNative\drivers\snapman.sys -- (snapman) DRV:64bit: - [2012/02/12 19:02:44 \| 000,133,728 \| ---- \| M] (Acronis) [Kernel \| Boot \| Running] -- C:\Windows\SysNative\drivers\fltsrv.sys -- (fltsrv) DRV:64bit: - [2012/01/09 19:57:35 \| 000,174,200 \| ---- \| M] (Symantec Corporation) [Kernel \| On_Demand \| Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent) DRV:64bit: - [2011/12/23 07:12:12 \| 000,069,376 \| ---- \| M] (Lavasoft AB) [File_System \| Boot \| Running] -- C:\Windows\SysNative\drivers\Lbd.sys -- (Lbd) DRV:64bit: - [2011/12/09 19:45:00 \| 000,060,416 \| ---- \| M] (Intel Corporation) [Kernel \| On_Demand \| Running] -- C:\Windows\SysNative\drivers\iBtFltCoex.sys -- (iBtFltCoex) DRV:64bit: - [2011/11/15 01:13:00 \| 000,327,168 \| ---- \| M] (Intel Corporation) [Kernel \| On_Demand \| Running] -- C:\Windows\SysNative\drivers\btmhsf.sys -- (btmhsf) DRV:64bit: - [2011/09/30 15:29:32 \| 000,107,904 \| ---- \| M] (Advanced Micro Devices) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/09/30 15:29:32 \| 000,027,008 \| ---- \| M] (Advanced Micro Devices) [Kernel \| Boot \| Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011/08/23 05:12:58 \| 000,317,440 \| ---- \| M] (Intel(R) Corporation) [Kernel \| On_Demand \| Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R) DRV:64bit: - [2011/08/08 07:32:08 \| 000,299,008 \| ---- \| M] (Windows (R) Win 7 DDK provider) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPALP) DRV:64bit: - [2011/08/08 07:32:08 \| 000,299,008 \| ---- \| M] (Windows (R) Win 7 DDK provider) [Kernel \| On_Demand \| Running] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPAL) DRV:64bit: - [2011/08/03 20:28:32 \| 008,604,672 \| ---- \| M] (Intel Corporation) [Kernel \| On_Demand \| Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) ___ Intel(R) DRV:64bit: - [2011/07/06 12:44:00 \| 000,034,288 \| ---- \| M] (GEAR Software Inc.) [Kernel \| On_Demand \| Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2011/06/10 06:34:52 \| 000,539,240 \| ---- \| M] (Realtek ) [Kernel \| On_Demand \| Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011/05/19 01:17:04 \| 000,053,248 \| ---- \| M] (Intel Corporation) [Kernel \| On_Demand \| Running] -- C:\Windows\SysNative\drivers\btmaux.sys -- (btmaux) DRV:64bit: - [2011/05/19 01:17:02 \| 000,051,712 \| ---- \| M] (Intel Corporation) [Kernel \| On_Demand \| Running] -- C:\Windows\SysNative\drivers\btmaud.sys -- (btmaudio) DRV:64bit: - [2011/04/26 11:04:22 \| 000,025,496 \| ---- \| M] (Intel Corporation) [Kernel \| On_Demand \| Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus) DRV:64bit: - [2011/04/26 11:04:20 \| 000,034,200 \| ---- \| M] (Intel Corporation) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible) DRV:64bit: - [2011/04/22 21:24:38 \| 001,438,768 \| ---- \| M] (Synaptics Incorporated) [Kernel \| On_Demand \| Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2011/04/20 20:37:49 \| 000,386,168 \| ---- \| M] (Symantec Corporation) [Kernel \| System \| Running] -- C:\Windows\SysNative\drivers\N360x64\0502000.00D\symnets.sys -- (SymNetS) DRV:64bit: - [2011/03/30 22:00:09 \| 000,744,568 \| ---- \| M] (Symantec Corporation) [File_System \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\N360x64\0502000.00D\srtsp64.sys -- (SRTSP) DRV:64bit: - [2011/03/30 22:00:09 \| 000,040,568 \| ---- \| M] (Symantec Corporation) [Kernel \| System \| Running] -- C:\Windows\SysNative\drivers\N360x64\0502000.00D\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL) DRV:64bit: - [2011/03/26 19:19:48 \| 012,222,080 \| ---- \| M] (Intel Corporation) [Kernel \| On_Demand \| Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2011/03/14 21:31:23 \| 000,912,504 \| ---- \| M] (Symantec Corporation) [File_System \| Boot \| Running] -- C:\Windows\SysNative\drivers\N360x64\0502000.00D\symefa64.sys -- (SymEFA) DRV:64bit: - [2011/02/10 17:52:34 \| 000,181,760 \| ---- \| M] (Renesas Electronics Corporation) [Kernel \| On_Demand \| Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc) DRV:64bit: - [2011/02/10 17:52:34 \| 000,082,432 \| ---- \| M] (Renesas Electronics Corporation) [Kernel \| On_Demand \| Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub) DRV:64bit: - [2011/01/27 01:47:10 \| 000,450,680 \| ---- \| M] (Symantec Corporation) [Kernel \| Boot \| Running] -- C:\Windows\SysNative\drivers\N360x64\0502000.00D\symds64.sys -- (SymDS) DRV:64bit: - [2011/01/20 11:20:46 \| 000,176,096 \| ---- \| M] (Creative Technology Ltd.) [Kernel \| On_Demand \| Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt) DRV:64bit: - [2011/01/12 20:51:44 \| 000,439,320 \| ---- \| M] (Intel Corporation) [Kernel \| Boot \| Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2010/12/01 11:12:06 \| 000,250,984 \| ---- \| M] (Realtek Semiconductor Corp.) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV:64bit: - [2010/11/29 15:00:04 \| 000,016,120 \| ---- \| M] (Intel(R) Corporation) [Kernel \| Auto \| Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB) DRV:64bit: - [2010/11/20 22:24:33 \| 000,059,392 \| ---- \| M] (Microsoft Corporation) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010/11/20 22:23:47 \| 000,078,720 \| ---- \| M] (Hewlett-Packard Company) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/11/20 22:23:47 \| 000,031,232 \| ---- \| M] (Microsoft Corporation) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010/11/15 19:45:33 \| 000,171,128 \| R--- \| M] (Symantec Corporation) [Kernel \| System \| Running] -- C:\Windows\SysNative\drivers\N360x64\0502000.00D\ironx64.sys -- (SymIRON) DRV:64bit: - [2010/10/19 19:34:26 \| 000,056,344 \| ---- \| M] (Intel Corporation) [Kernel \| On_Demand \| Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R) DRV:64bit: - [2010/03/19 03:00:00 \| 000,055,856 \| ---- \| M] (Sonic Solutions) [Kernel \| Boot \| Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64) DRV:64bit: - [2010/02/26 19:32:12 \| 000,158,976 \| ---- \| M] (Intel Corporation) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd) DRV:64bit: - [2009/07/13 20:52:20 \| 000,194,128 \| ---- \| M] (AMD Technologies Inc.) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/13 20:48:04 \| 000,065,600 \| ---- \| M] (LSI Corporation) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/13 20:45:55 \| 000,024,656 \| ---- \| M] (Promise Technology) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/07/13 19:35:32 \| 000,012,288 \| ---- \| M] (Microsoft Corporation) [Kernel \| On_Demand \| Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam) DRV:64bit: - [2009/06/30 10:37:16 \| 000,033,800 \| ---- \| M] (Panda Security, S.L.) [File_System \| Boot \| Running] -- C:\Windows\SysNative\drivers\pavboot64.sys -- (pavboot) DRV:64bit: - [2009/06/10 15:34:33 \| 003,286,016 \| ---- \| M] (Broadcom Corporation) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 15:34:28 \| 000,468,480 \| ---- \| M] (Broadcom Corporation) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 15:34:23 \| 000,270,848 \| ---- \| M] (Broadcom Corporation) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 15:31:59 \| 000,031,232 \| ---- \| M] (Hauppauge Computer Works, Inc.) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2008/05/06 16:06:00 \| 000,014,464 \| ---- \| M] (Western Digital Technologies) [Kernel \| On_Demand \| Running] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM) DRV:64bit: - [2006/11/01 12:51:00 \| 000,151,656 \| ---- \| M] (Microsoft Corporation) [File_System \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr) DRV - [2012/02/04 09:33:57 \| 000,482,936 \| ---- \| M] (Symantec Corporation) [Kernel \| System \| Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl) DRV - [2012/02/04 09:33:57 \| 000,138,360 \| ---- \| M] (Symantec Corporation) [Kernel \| On_Demand \| Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2012/01/09 19:57:17 \| 002,048,632 \| ---- \| M] (Symantec Corporation) [Kernel \| On_Demand \| Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\VirusDefs\20120227.034\EX64.SYS -- (NAVEX15) DRV - [2012/01/09 19:57:17 \| 000,117,880 \| ---- \| M] (Symantec Corporation) [Kernel \| On_Demand \| Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\VirusDefs\20120227.034\ENG64.SYS -- (NAVENG) DRV - [2011/12/23 22:17:32 \| 001,157,240 \| ---- \| M] (Symantec Corporation) [Kernel \| System \| Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\BASHDefs\20120215.001\BHDrvx64.sys -- (BHDrvx64) DRV - [2011/12/15 18:33:20 \| 000,488,568 \| ---- \| M] (Symantec Corporation) [Kernel \| System \| Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\IPSDefs\20120225.003\IDSviA64.sys -- (IDSVia64) DRV - [2009/07/13 20:19:10 \| 000,019,008 \| ---- \| M] (Microsoft Corporation) [File_System \| On_Demand \| Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
	to forum · permalink · 2012-02-28 20:19:10 ·
artesian79 join:2001-10-16 West Chester, OH Reviews: ·RoadRunner Cable	Part 2 color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = »g.msn.com/USCON/1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = »wimdstream.net/ IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: C:\Program Files (x86)\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security, S.L.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\IPSFFPlgn\ [2012/02/01 13:54:10 \| 000,000,000 \| ---D \| M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\coFFPlgn_2011_7_5_2 [2012/02/28 06:19:25 \| 000,000,000 \| ---D \| M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/01/31 14:23:44 \| 000,000,000 \| ---D \| M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/02/22 18:26:15 \| 000,000,000 \| ---D \| M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/01/31 14:23:44 \| 000,000,000 \| ---D \| M] [2012/02/22 18:26:26 \| 000,000,000 \| ---D \| M] (No name found) -- C:\Users\Gay\AppData\Roaming\Mozilla\Extensions [2012/02/22 18:26:15 \| 000,000,000 \| ---D \| M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2012/02/16 09:40:42 \| 000,134,104 \| ---- \| M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012/02/16 05:42:53 \| 000,002,252 \| ---- \| M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012/02/16 05:42:53 \| 000,002,040 \| ---- \| M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml O1 HOSTS File: ([2012/02/23 14:56:09 \| 000,000,698 \| ---- \| M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\5.2.0.13\coieplg.dll (Symantec Corporation) O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\5.2.0.13\ips\ipsbho.dll (Symantec Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\5.2.0.13\coieplg.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\5.2.0.13\coieplg.dll (Symantec Corporation) O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis) O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation) O4:64bit: - HKLM..\Run: [DellStage] C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe () O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IntelPAN] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation) O4:64bit: - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.) O4:64bit: - HKLM..\Run: [QuickSet] c:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.) O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [AccuWeatherWidget] C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe () O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe (Dell, Inc.) O4 - HKLM..\Run: [Dell Registration] C:\Program Files (x86)\System Registration\prodreg.exe (Dell, Inc.) O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd) O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe () O4 - HKLM..\Run: [Info Center] C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe (PC Pitstop LLC) O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe (Sonic Solutions) O4 - HKLM..\Run: [THGuard] C:\Program Files (x86)\TrojanHunter 5.5\THGuard.exe (Mischel Internet Security) O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} »java.sun.com/update/1.7.0/jinsta···i586.cab (Java Plug-in 10.2.0) O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} »java.sun.com/update/1.6.0/jinsta···i586.cab (Java Plug-in 1.6.0_27) O16 - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} »java.sun.com/update/1.7.0/jinsta···i586.cab (Java Plug-in 1.7.0_02) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} »java.sun.com/update/1.7.0/jinsta···i586.cab (Java Plug-in 1.7.0_02) O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} »utilities.pcpitstop.com/Nirvana/···atic.cab (PCPitstop Utility) O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} »ccfiles.creative.com/Web/softwar···UEng.cab (Creative Software AutoUpdate) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} »download.eset.com/special/eos/On···nner.cab (OnlineScanner Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} »java.sun.com/update/1.6.0/jinsta···i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} »acs.pandasoftware.com/activescan···ubie.cab (ActiveScan 2.0 Installer Class) O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} »java.sun.com/update/1.6.0/jinsta···i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} »java.sun.com/update/1.6.0/jinsta···i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} »ccfiles.creative.com/Web/softwar···DPDE.cab (Creative Software AutoUpdate Support Package 2) O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} »ccfiles.creative.com/Web/softwar···TPID.cab (Creative Software AutoUpdate Support Package) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.254.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2DF00B8A-6018-49AB-B737-0BD8A4F20FD0}: DhcpNameServer = 192.168.254.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6AF7882A-5326-4AFB-9694-7071A8BCE745}: DhcpNameServer = 192.168.254.254 O18:64bit: - Protocol\Handler\belarc - No CLSID value found O18:64bit: - Protocol\Handler\cozi - No CLSID value found O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.) O18 - Protocol\Handler\cozi {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Filter\text/xml - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{8f00b9ba-3a19-11e1-9f15-ac7289c88bb9}\Shell - "" = AutoRun O33 - MountPoints2\{8f00b9ba-3a19-11e1-9f15-ac7289c88bb9}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a O33 - MountPoints2\{ae2ef37c-500b-11e1-bd01-ac7289c88bb9}\Shell - "" = AutoRun O33 - MountPoints2\{ae2ef37c-500b-11e1-bd01-ac7289c88bb9}\Shell\AutoRun\command - "" = E:\unlock.exe autoplay=true O34 - HKLM BootExecute: (autocheck autochk ) O34 - HKLM BootExecute: (lsdelete) O35:64bit:* - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %*
	to forum · permalink · 2012-02-28 20:20:20 ·
artesian79 join:2001-10-16 West Chester, OH Reviews: ·RoadRunner Cable	Part 3 [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2012/02/28 09:27:32 \| 000,583,680 \| ---- \| C] (OldTimer Tools) -- C:\Users\Gay\Desktop\OTL.exe [2012/02/27 23:33:15 \| 000,446,464 \| ---- \| C] (OldTimer Tools) -- C:\Users\Gay\Desktop\TFC.exe [2012/02/23 15:54:28 \| 000,000,000 \| ---D \| C] -- C:\Program Files (x86)\ESET [2012/02/23 15:14:47 \| 000,000,000 \| ---D \| C] -- C:\Users\Gay\AppData\Roaming\f-secure [2012/02/23 15:14:29 \| 000,000,000 \| ---D \| C] -- C:\ProgramData\F-Secure [2012/02/23 14:49:33 \| 000,000,000 \| ---D \| C] -- C:\Users\Gay\Desktop\Gay Laptop Belarc Advisor Computer Profile_files [2012/02/22 20:36:54 \| 000,033,800 \| ---- \| C] (Panda Security, S.L.) -- C:\Windows\SysNative\drivers\pavboot64.sys [2012/02/22 20:36:53 \| 000,000,000 \| ---D \| C] -- C:\Program Files (x86)\Panda Security [2012/02/22 18:26:20 \| 000,000,000 \| ---D \| C] -- C:\Users\Gay\AppData\Local\Mozilla [2012/02/22 18:26:15 \| 000,000,000 \| ---D \| C] -- C:\Program Files (x86)\Mozilla Firefox [2012/02/22 18:09:01 \| 015,792,320 \| ---- \| C] (Mozilla) -- C:\Users\Gay\Desktop\Firefox Setup 10.0.2.exe [2012/02/22 16:19:31 \| 000,055,384 \| ---- \| C] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys [2012/02/22 16:14:04 \| 000,069,376 \| ---- \| C] (Lavasoft AB) -- C:\Windows\SysNative\drivers\Lbd.sys [2012/02/22 16:14:00 \| 000,000,000 \| ---D \| C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft [2012/02/22 16:14:00 \| 000,000,000 \| ---D \| C] -- C:\ProgramData\Lavasoft [2012/02/22 16:14:00 \| 000,000,000 \| ---D \| C] -- C:\Program Files (x86)\Lavasoft [2012/02/22 16:08:17 \| 000,000,000 \| ---D \| C] -- C:\Users\Gay\Desktop\HostsXpert [2012/02/22 16:07:39 \| 000,000,000 \| ---D \| C] -- C:\Users\Gay\AppData\Roaming\TrojanHunter [2012/02/22 14:50:11 \| 000,000,000 \| ---D \| C] -- C:\ProgramData\TrojanHunter [2012/02/22 14:50:11 \| 000,000,000 \| ---D \| C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TrojanHunter [2012/02/22 14:50:10 \| 000,000,000 \| ---D \| C] -- C:\Program Files (x86)\TrojanHunter 5.5 [2012/02/22 14:41:35 \| 046,165,200 \| ---- \| C] (Mischel Internet Security ) -- C:\Users\Gay\Desktop\TrojanHunterSetup.exe [2012/02/22 10:21:28 \| 000,000,000 \| ---D \| C] -- C:\Program Files (x86)\Trend Micro [2012/02/22 10:13:38 \| 000,000,000 \| ---D \| C] -- C:\Users\Gay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis [2012/02/22 08:45:48 \| 000,000,000 \| ---D \| C] -- C:\ProgramData\Spybot - Search & Destroy [2012/02/22 08:45:48 \| 000,000,000 \| ---D \| C] -- C:\Program Files (x86)\Spybot - Search & Destroy [2012/02/22 08:41:07 \| 016,409,960 \| ---- \| C] (Safer Networking Limited ) -- C:\Users\Gay\Desktop\spybotsd162.exe [2012/02/21 16:40:02 \| 014,882,944 \| ---- \| C] (SUPERAntiSpyware.com) -- C:\Users\Gay\Desktop\SUPERAntiSpyware.exe [2012/02/21 16:22:54 \| 000,000,000 \| ---D \| C] -- C:\Users\Gay\AppData\Local\{286303CB-99A6-479E-B47C-148C5B65904D} [2012/02/21 16:22:43 \| 000,000,000 \| ---D \| C] -- C:\Users\Gay\AppData\Local\{78A3E6DA-A99D-4ED1-8998-3B7C3EA5C9CD} [2012/02/21 11:52:46 \| 000,000,000 \| ---D \| C] -- C:\Users\Gay\AppData\Roaming\Malwarebytes [2012/02/21 11:52:42 \| 000,000,000 \| ---D \| C] -- C:\ProgramData\Malwarebytes [2012/02/21 11:52:41 \| 000,023,152 \| ---- \| C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012/02/21 11:52:41 \| 000,000,000 \| ---D \| C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012/02/21 08:26:01 \| 000,000,000 \| ---D \| C] -- C:\Windows\SysNative\Macromed [2012/02/18 15:08:50 \| 000,000,000 \| ---D \| C] -- C:\Users\Gay\AppData\Local\{1B6C2CD8-4B09-4562-A4CD-5FB2D32892A3} [2012/02/18 15:08:40 \| 000,000,000 \| ---D \| C] -- C:\Users\Gay\AppData\Local\{D0663C57-7DBA-4A16-BD29-DCC8632C0C10} [2012/02/18 15:08:40 \| 000,000,000 \| ---D \| C] -- C:\Users\Gay\AppData\Local\{A06B65EA-8AB8-44B7-9121-57F1FE9B6C1E} [2012/02/18 15:08:24 \| 000,000,000 \| ---D \| C] -- C:\Users\Gay\AppData\Roaming\Windows Live Writer [2012/02/18 15:08:24 \| 000,000,000 \| ---D \| C] -- C:\Users\Gay\AppData\Local\Windows Live Writer [2012/02/17 19:18:16 \| 000,096,256 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012/02/17 19:18:16 \| 000,072,704 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012/02/17 19:18:15 \| 002,308,096 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012/02/17 19:18:15 \| 000,237,056 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012/02/17 19:18:15 \| 000,231,936 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012/02/17 19:18:15 \| 000,176,640 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012/02/17 19:18:14 \| 000,818,688 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012/02/17 19:18:14 \| 000,716,800 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012/02/17 19:18:14 \| 000,248,320 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012/02/17 19:18:13 \| 001,493,504 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012/02/17 19:18:13 \| 001,427,456 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012/02/17 19:11:05 \| 000,509,952 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\ntshrui.dll [2012/02/17 19:11:02 \| 000,515,584 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\timedate.cpl [2012/02/17 19:11:02 \| 000,478,720 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\timedate.cpl [2012/02/17 19:10:53 \| 000,634,880 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcrt.dll [2012/02/14 14:02:51 \| 002,615,400 \| ---- \| C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtPgEx64.dll [2012/02/14 14:02:51 \| 002,604,376 \| ---- \| C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib.dll [2012/02/14 14:02:51 \| 001,560,168 \| ---- \| C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTSnMg64.cpl [2012/02/14 14:02:51 \| 000,331,880 \| ---- \| C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtlCPAPI64.dll [2012/02/14 14:02:50 \| 003,744,872 \| ---- \| C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkAPO64.dll [2012/02/14 14:02:50 \| 002,684,416 \| ---- \| C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCORES64.dat [2012/02/14 14:02:50 \| 001,969,768 \| ---- \| C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkApi64.dll [2012/02/14 14:02:50 \| 001,247,848 \| ---- \| C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTCOM64.dll [2012/02/14 14:02:50 \| 000,891,992 \| ---- \| C] (Creative Technology Ltd.) -- C:\Windows\SysNative\MBAPO64.dll [2012/02/14 14:02:50 \| 000,749,144 \| ---- \| C] (Creative Technology Ltd.) -- C:\Windows\SysWow64\MBAPO32.dll [2012/02/14 14:02:50 \| 000,626,264 \| ---- \| C] (Creative Technology Ltd.) -- C:\Windows\SysNative\MBTHX64.dll [2012/02/14 14:02:50 \| 000,561,752 \| ---- \| C] (Creative Technology Ltd.) -- C:\Windows\SysWow64\MBTHX32.dll [2012/02/14 14:02:50 \| 000,100,456 \| ---- \| C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoInstII64.dll [2012/02/14 14:02:50 \| 000,064,600 \| ---- \| C] (Creative Technology Ltd.) -- C:\Windows\SysNative\MBppld64.dll [2012/02/14 14:02:50 \| 000,014,952 \| ---- \| C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkCoLDR64.dll [2012/02/14 14:02:49 \| 003,768,152 \| ---- \| C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek.dll [2012/02/14 14:02:49 \| 002,132,824 \| ---- \| C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ.dll [2012/02/14 14:02:48 \| 002,085,440 \| ---- \| C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll [2012/02/14 14:02:48 \| 001,756,264 \| ---- \| C] (DTS) -- C:\Windows\SysNative\DTSS2SpeakerDLL64.dll [2012/02/14 14:02:48 \| 001,568,360 \| ---- \| C] (DTS) -- C:\Windows\SysNative\DTSS2HeadphoneDLL64.dll [2012/02/14 14:02:48 \| 001,486,952 \| ---- \| C] (DTS) -- C:\Windows\SysNative\DTSBoostDLL64.dll [2012/02/14 14:02:48 \| 000,728,680 \| ---- \| C] (DTS) -- C:\Windows\SysNative\DTSBassEnhancementDLL64.dll [2012/02/14 14:02:48 \| 000,712,296 \| ---- \| C] (DTS) -- C:\Windows\SysNative\DTSSymmetryDLL64.dll [2012/02/14 14:02:48 \| 000,693,352 \| ---- \| C] (DTS) -- C:\Windows\SysNative\DTSVoiceClarityDLL64.dll [2012/02/14 14:02:48 \| 000,491,112 \| ---- \| C] (DTS) -- C:\Windows\SysNative\DTSNeoPCDLL64.dll [2012/02/14 14:02:48 \| 000,432,744 \| ---- \| C] (DTS) -- C:\Windows\SysNative\DTSLimiterDLL64.dll [2012/02/14 14:02:48 \| 000,428,648 \| ---- \| C] (DTS) -- C:\Windows\SysNative\DTSGainCompensatorDLL64.dll [2012/02/14 14:02:48 \| 000,242,792 \| ---- \| C] (DTS) -- C:\Windows\SysNative\DTSLFXAPO64.dll [2012/02/14 14:02:48 \| 000,242,792 \| ---- \| C] (DTS) -- C:\Windows\SysNative\DTSGFXAPO64.dll [2012/02/14 14:02:48 \| 000,241,768 \| ---- \| C] (DTS) -- C:\Windows\SysNative\DTSGFXAPONS64.dll [2012/02/14 14:00:50 \| 000,000,000 \| ---D \| C] -- C:\Program Files\DIFX [2012/02/14 14:00:16 \| 000,317,440 \| ---- \| C] (Intel(R) Corporation) -- C:\Windows\SysNative\drivers\IntcDAud.sys [2012/02/14 14:00:16 \| 000,014,848 \| ---- \| C] (Intel(R) Corporation) -- C:\Windows\SysNative\IntcDAuC.dll [2012/02/14 13:20:59 \| 000,000,000 \| ---D \| C] -- C:\ProgramData\PCPitstopDat [2012/02/14 12:58:08 \| 000,000,000 \| ---D \| C] -- C:\Users\Gay\AppData\Local\Western_Digital [2012/02/14 12:06:07 \| 000,000,000 \| ---D \| C] -- C:\Program Files\Western Digital [2012/02/14 12:06:07 \| 000,000,000 \| ---D \| C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WD SmartWare [2012/02/14 12:06:05 \| 000,000,000 \| ---D \| C] -- C:\Users\Gay\AppData\Local\Western Digital [2012/02/14 12:05:47 \| 000,000,000 \| ---D \| C] -- C:\ProgramData\Western Digital [2012/02/14 11:49:01 \| 000,000,000 \| ---D \| C] -- C:\Users\Gay\Desktop\WDFirmwareUpdater [2012/02/14 11:44:44 \| 000,000,000 \| ---D \| C] -- C:\Users\Gay\Desktop\To Laptop [2012/02/12 19:02:57 \| 000,367,200 \| ---- \| C] (Acronis) -- C:\Windows\SysNative\drivers\afcdp.sys [2012/02/12 19:02:53 \| 001,285,216 \| ---- \| C] (Acronis) -- C:\Windows\SysNative\drivers\tdrpman.sys [2012/02/12 19:02:51 \| 000,986,208 \| ---- \| C] (Acronis) -- C:\Windows\SysNative\drivers\timntr.sys [2012/02/12 19:02:49 \| 000,211,040 \| ---- \| C] (Acronis) -- C:\Windows\SysNative\drivers\vididr.sys [2012/02/12 19:02:48 \| 000,142,944 \| ---- \| C] (Acronis) -- C:\Windows\SysNative\drivers\vsflt61.sys [2012/02/12 19:02:46 \| 000,310,368 \| ---- \| C] (Acronis) -- C:\Windows\SysNative\drivers\snapman.sys [2012/02/12 19:02:44 \| 000,133,728 \| ---- \| C] (Acronis) -- C:\Windows\SysNative\drivers\fltsrv.sys [2012/02/12 19:02:38 \| 000,000,000 \| ---D \| C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acronis [2012/02/12 19:02:32 \| 000,000,000 \| ---D \| C] -- C:\Program Files (x86)\Common Files\Acronis [2012/02/12 19:02:32 \| 000,000,000 \| ---D \| C] -- C:\Program Files (x86)\Acronis [2012/02/12 19:01:50 \| 000,000,000 \| ---D \| C] -- C:\Users\Gay\AppData\Roaming\Acronis [2012/02/12 19:01:50 \| 000,000,000 \| ---D \| C] -- C:\ProgramData\Acronis [2012/02/12 18:59:30 \| 000,000,000 \| ---D \| C] -- C:\Program Files (x86)\MSECache [2012/02/10 08:07:10 \| 000,000,000 \| R--D \| C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Support Center [2012/02/10 08:07:02 \| 000,000,000 \| ---D \| C] -- C:\Program Files\Dell Support Center [2012/02/09 15:23:57 \| 000,000,000 \| ---D \| C] -- C:\ProgramData\Creative [2012/02/07 13:35:16 \| 000,000,000 \| ---D \| C] -- C:\Users\Gay\Desktop\DEK This is Laptop [2012/02/06 10:59:23 \| 000,000,000 \| ---D \| C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2012/02/06 10:59:23 \| 000,000,000 \| ---D \| C] -- C:\Program Files (x86)\Common Files\Skype [2012/02/05 16:57:34 \| 000,000,000 \| ---D \| C] -- C:\Users\Gay\AppData\Roaming\Visan [2012/02/05 16:57:34 \| 000,000,000 \| ---D \| C] -- C:\ProgramData\Visan [2012/02/05 16:43:29 \| 000,000,000 \| ---D \| C] -- C:\Users\Gay\AppData\Roaming\Roxio Burn [2012/02/05 10:22:47 \| 000,000,000 \| ---D \| C] -- C:\Users\Gay\AppData\Roaming\KodakCredentialStore [2012/02/04 18:54:21 \| 000,000,000 \| ---D \| C] -- C:\Users\Gay\AppData\Local\KodakGallery [2012/02/04 18:54:13 \| 000,000,000 \| ---D \| C] -- C:\Users\Gay\AppData\Local\Programs [2012/02/04 18:54:06 \| 000,000,000 \| ---D \| C] -- C:\Users\Gay\AppData\Roaming\Skinux [2012/02/04 18:53:46 \| 000,000,000 \| ---D \| C] -- C:\Users\Gay\Documents\My Print Creations [2012/02/04 18:53:45 \| 000,000,000 \| ---D \| C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcSoft Print Creations [2012/02/04 18:53:45 \| 000,000,000 \| ---D \| C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcSoft Connect [2012/02/04 18:53:45 \| 000,000,000 \| ---D \| C] -- C:\Users\Gay\AppData\Roaming\Arcsoft [2012/02/04 18:53:11 \| 000,000,000 \| ---D \| C] -- C:\Program Files (x86)\Common Files\ArcSoft [2012/02/04 18:53:11 \| 000,000,000 \| ---D \| C] -- C:\Program Files (x86)\ArcSoft [2012/02/04 18:52:20 \| 000,000,000 \| ---D \| C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kodak [2012/02/04 18:52:19 \| 000,000,000 \| ---D \| C] -- C:\Program Files (x86)\Common Files\Kodak [2012/02/04 18:52:06 \| 000,000,000 \| ---D \| C] -- C:\Program Files (x86)\Common Files\MSSoap [2012/02/04 18:52:05 \| 000,000,000 \| ---D \| C] -- C:\Program Files (x86)\Kodak [2012/02/04 18:45:55 \| 000,000,000 \| ---D \| C] -- C:\ProgramData\Kodak [2012/02/03 16:51:06 \| 000,000,000 \| ---D \| C] -- C:\Windows\Hewlett-Packard [2012/02/01 14:03:28 \| 000,000,000 \| ---D \| C] -- C:\ProgramData\ArcSoft [2012/02/01 14:02:17 \| 000,000,000 \| ---D \| C] -- C:\Users\Gay\AppData\Local\Downloaded Installations [2012/01/31 19:34:14 \| 000,000,000 \| ---D \| C] -- C:\Users\Gay\AppData\Local\ArcSoft [2012/01/31 17:58:37 \| 000,000,000 \| ---D \| C] -- C:\Users\Gay\AppData\Roaming\Auslogics [2012/01/31 17:35:46 \| 000,000,000 \| ---D \| C] -- C:\ProgramData\PCPitstop [2012/01/31 17:35:46 \| 000,000,000 \| ---D \| C] -- C:\Program Files (x86)\PCPitstop [2012/01/31 17:00:40 \| 000,000,000 \| ---D \| C] -- C:\Windows\en [2012/01/31 16:55:07 \| 000,000,000 \| ---D \| C] -- C:\Users\Gay\AppData\Local\Windows Live [2012/01/31 16:09:37 \| 000,750,488 \| ---- \| C] (Oracle Corporation) -- C:\Windows\SysNative\npdeployJava1.dll [2012/01/31 16:02:16 \| 000,000,000 \| ---D \| C] -- C:\Program Files (x86)\Common Files\Adobe [2012/01/31 16:02:16 \| 000,000,000 \| ---D \| C] -- C:\Program Files (x86)\Adobe [2012/01/31 15:57:28 \| 000,000,000 \| ---D \| C] -- C:\Program Files (x86)\FileHippo.com [2012/01/31 15:50:01 \| 000,000,000 \| ---D \| C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics [2012/01/31 15:50:00 \| 000,000,000 \| ---D \| C] -- C:\Program Files (x86)\Auslogics [2012/01/31 15:48:41 \| 000,000,000 \| ---D \| C] -- C:\Program Files\CCleaner [2012/01/31 14:26:27 \| 000,000,000 \| ---D \| C] -- C:\ProgramData\WEBREG [2012/01/31 14:23:25 \| 000,000,000 \| ---D \| C] -- C:\ProgramData\HP Product Assistant [2012/01/29 17:49:32 \| 000,000,000 \| ---D \| C] -- C:\ProgramData\Driver Manager [2012/01/29 17:33:08 \| 000,000,000 \| ---D \| C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons [2012/01/29 17:33:08 \| 000,000,000 \| ---D \| C] -- C:\Program Files (x86)\Coupons [2012/01/29 17:33:04 \| 000,000,000 \| ---D \| C] -- C:\ProgramData\HP Photo Creations [2012/01/29 17:33:04 \| 000,000,000 \| ---D \| C] -- C:\Program Files (x86)\HP Photo Creations [2012/01/29 17:32:57 \| 000,000,000 \| ---D \| C] -- C:\Users\Gay\AppData\Roaming\HpUpdate [2012/01/29 17:29:36 \| 000,136,704 \| ---- \| C] (Hewlett-Packard Company) -- C:\Windows\SysNative\hpf3l101.dll [2012/01/29 17:28:24 \| 000,641,664 \| ---- \| C] (Hewlett-Packard) -- C:\Windows\SysNative\hpzids40.dll [2012/01/29 15:16:56 \| 000,000,000 \| ---D \| C] -- C:\Users\Gay\AppData\Local\ElevatedDiagnostics [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2012/02/28 09:45:00 \| 000,000,320 \| ---- \| M] () -- C:\Windows\tasks\HP Photo Creations Communicator.job [2012/02/28 09:28:17 \| 000,879,700 \| ---- \| M] () -- C:\Users\Gay\Desktop\SecurityCheck.exe [2012/02/28 09:25:22 \| 000,583,680 \| ---- \| M] (OldTimer Tools) -- C:\Users\Gay\Desktop\OTL.exe [2012/02/28 08:12:54 \| 000,021,296 \| -H-- \| M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/02/28 08:12:54 \| 000,021,296 \| -H-- \| M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/02/28 08:10:16 \| 000,778,834 \| ---- \| M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012/02/28 08:10:16 \| 000,660,318 \| ---- \| M] () -- C:\Windows\SysNative\perfh009.dat [2012/02/28 08:10:16 \| 000,121,214 \| ---- \| M] () -- C:\Windows\SysNative\perfc009.dat [2012/02/28 08:09:03 \| 000,067,584 \| --S- \| M] () -- C:\Windows\bootstat.dat [2012/02/28 06:18:38 \| 453,640,191 \| -HS- \| M] () -- C:\hiberfil.sys [2012/02/27 23:32:25 \| 000,446,464 \| ---- \| M] (OldTimer Tools) -- C:\Users\Gay\Desktop\TFC.exe [2012/02/27 23:12:40 \| 000,000,506 \| ---- \| M] () -- C:\Windows\tasks\SystemToolsDailyTest.job [2012/02/25 16:43:28 \| 000,000,064 \| ---- \| M] () -- C:\Windows\SysWow64\rp_stats.dat [2012/02/25 16:43:28 \| 000,000,044 \| ---- \| M] () -- C:\Windows\SysWow64\rp_rules.dat [2012/02/23 15:41:01 \| 000,012,838 \| ---- \| M] () -- C:\Users\Gay\Desktop\F-Secure Online Scanner - Scanning Report - Thursday, February 23, 2012 154009.html [2012/02/22 18:26:16 \| 000,001,132 \| ---- \| M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2012/02/22 18:04:56 \| 015,792,320 \| ---- \| M] (Mozilla) -- C:\Users\Gay\Desktop\Firefox Setup 10.0.2.exe [2012/02/22 18:01:23 \| 000,773,050 \| ---- \| M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012/02/22 17:59:43 \| 000,001,371 \| ---- \| M] () -- C:\Users\Gay\Desktop\Internet Explorer (64-bit).lnk [2012/02/22 17:50:37 \| 000,001,428 \| ---- \| M] () -- C:\Users\Gay\Desktop\Online Scanners.rtf [2012/02/22 16:19:31 \| 000,055,384 \| ---- \| M] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys [2012/02/22 16:19:27 \| 000,016,432 \| ---- \| M] () -- C:\Windows\SysNative\lsdelete.exe [2012/02/22 16:14:05 \| 001,465,620 \| ---- \| M] () -- C:\Windows\SysNative\drivers\N360x64\0502000.00D\Cat.DB [2012/02/22 16:14:05 \| 000,001,062 \| ---- \| M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk [2012/02/22 15:53:53 \| 012,410,880 \| ---- \| M] () -- C:\Users\Gay\Desktop\Ad-Aware96Install.msi [2012/02/22 14:50:12 \| 000,059,392 \| R--- \| M] () -- C:\Windows\SysWow64\streamhlp.dll [2012/02/22 14:50:12 \| 000,001,111 \| ---- \| M] () -- C:\Users\Gay\Application Data\Microsoft\Internet Explorer\Quick Launch\TrojanHunter Scanner.lnk [2012/02/22 14:50:12 \| 000,001,087 \| ---- \| M] () -- C:\Users\Gay\Desktop\TrojanHunter.lnk [2012/02/22 14:43:30 \| 000,357,766 \| ---- \| M] () -- C:\Users\Gay\Desktop\HostsXpert.zip [2012/02/22 14:39:12 \| 046,165,200 \| ---- \| M] (Mischel Internet Security ) -- C:\Users\Gay\Desktop\TrojanHunterSetup.exe [2012/02/22 10:21:29 \| 000,002,925 \| ---- \| M] () -- C:\Users\Gay\Desktop\HiJackThis.lnk [2012/02/22 08:45:51 \| 000,001,260 \| ---- \| M] () -- C:\Users\Gay\Desktop\Spybot - Search & Destroy.lnk [2012/02/21 23:10:11 \| 016,409,960 \| ---- \| M] (Safer Networking Limited ) -- C:\Users\Gay\Desktop\spybotsd162.exe [2012/02/21 16:38:36 \| 014,882,944 \| ---- \| M] (SUPERAntiSpyware.com) -- C:\Users\Gay\Desktop\SUPERAntiSpyware.exe [2012/02/21 11:52:42 \| 000,001,111 \| ---- \| M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/02/21 08:26:04 \| 000,414,368 \| ---- \| M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012/02/18 15:05:53 \| 000,460,712 \| ---- \| M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012/02/14 13:15:19 \| 000,002,036 \| ---- \| M] () -- C:\Users\Gay\Desktop\PC Matic.lnk [2012/02/14 12:06:14 \| 000,001,121 \| ---- \| M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WD Quick View.lnk [2012/02/12 19:02:57 \| 000,367,200 \| ---- \| M] (Acronis) -- C:\Windows\SysNative\drivers\afcdp.sys [2012/02/12 19:02:53 \| 001,285,216 \| ---- \| M] (Acronis) -- C:\Windows\SysNative\drivers\tdrpman.sys [2012/02/12 19:02:51 \| 000,986,208 \| ---- \| M] (Acronis) -- C:\Windows\SysNative\drivers\timntr.sys [2012/02/12 19:02:49 \| 000,211,040 \| ---- \| M] (Acronis) -- C:\Windows\SysNative\drivers\vididr.sys [2012/02/12 19:02:48 \| 000,142,944 \| ---- \| M] (Acronis) -- C:\Windows\SysNative\drivers\vsflt61.sys [2012/02/12 19:02:46 \| 000,310,368 \| ---- \| M] (Acronis) -- C:\Windows\SysNative\drivers\snapman.sys [2012/02/12 19:02:44 \| 000,133,728 \| ---- \| M] (Acronis) -- C:\Windows\SysNative\drivers\fltsrv.sys [2012/02/12 19:02:40 \| 000,001,141 \| ---- \| M] () -- C:\Users\Public\Desktop\Acronis True Image Home 2012.lnk [2012/02/12 10:12:31 \| 000,000,564 \| ---- \| M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job [2012/02/09 15:16:27 \| 000,002,645 \| ---- \| M] () -- C:\Users\Gay\Desktop\Microsoft Office PowerPoint 2003.lnk [2012/02/09 15:14:33 \| 000,000,882 \| ---- \| M] () -- C:\Users\Gay\Desktop\Downloads - Shortcut.lnk [2012/02/09 15:13:51 \| 000,000,865 \| ---- \| M] () -- C:\Users\Gay\Desktop\My Videos - Shortcut.lnk [2012/02/09 15:12:13 \| 000,001,075 \| ---- \| M] () -- C:\Users\Gay\Desktop\Documents - Shortcut.lnk [2012/02/07 12:21:38 \| 005,096,357 \| ---- \| M] () -- C:\Users\Gay\Desktop\WDFirmwareUpdater.zip [2012/02/06 10:53:42 \| 000,250,880 \| R--- \| M] () -- C:\Users\Public\Documents\ESBK.mbb [2012/02/06 10:53:42 \| 000,137,216 \| R--- \| M] () -- C:\Users\Public\Documents\ESBK.mb [2012/02/06 10:51:58 \| 000,002,120 \| ---- \| M] () -- C:\Users\Gay\Desktop\Kodak EasyShare software.lnk [2012/02/06 09:59:26 \| 000,001,072 \| ---- \| M] () -- C:\Users\Gay\Desktop\Pictures - Shortcut.lnk [2012/02/01 14:06:44 \| 000,001,135 \| ---- \| M] () -- C:\Users\Gay\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk [2012/01/31 20:04:20 \| 000,001,335 \| ---- \| M] () -- C:\Users\Gay\Desktop\HP Solution Center.lnk [2012/01/31 19:09:39 \| 000,002,675 \| ---- \| M] () -- C:\Users\Gay\Desktop\Microsoft Office Outlook 2003.lnk [2012/01/31 19:09:39 \| 000,002,659 \| ---- \| M] () -- C:\Users\Gay\Desktop\Microsoft Office Excel 2003.lnk [2012/01/31 19:09:39 \| 000,002,657 \| ---- \| M] () -- C:\Users\Gay\Desktop\Microsoft Office Word 2003.lnk [2012/01/31 18:47:56 \| 000,002,390 \| ---- \| M] () -- C:\Users\Public\Desktop\Norton 360.lnk [2012/01/31 16:09:33 \| 000,750,488 \| ---- \| M] (Oracle Corporation) -- C:\Windows\SysNative\npdeployJava1.dll [2012/01/31 16:09:33 \| 000,660,368 \| ---- \| M] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll [2012/01/31 16:09:33 \| 000,263,560 \| ---- \| M] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe [2012/01/31 16:09:33 \| 000,188,808 \| ---- \| M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe [2012/01/31 16:09:33 \| 000,188,808 \| ---- \| M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe [2012/01/31 15:57:28 \| 000,001,971 \| ---- \| M] () -- C:\Users\Gay\Desktop\Update Checker.lnk [2012/01/31 15:50:01 \| 000,001,248 \| ---- \| M] () -- C:\Users\Gay\Desktop\Auslogics Disk Defrag.lnk [2012/01/31 15:48:42 \| 000,000,784 \| ---- \| M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012/01/31 14:26:22 \| 000,208,493 \| ---- \| M] () -- C:\Windows\hpoins41.dat [2012/01/30 20:00:49 \| 000,175,440 \| ---- \| M] () -- C:\Windows\hpoins41.dat.temp [color=#E56717]========== Files Created - No Company Name ==========[/color] [2012/02/28 09:28:51 \| 000,879,700 \| ---- \| C] () -- C:\Users\Gay\Desktop\SecurityCheck.exe [2012/02/23 15:41:01 \| 000,012,838 \| ---- \| C] () -- C:\Users\Gay\Desktop\F-Secure Online Scanner - Scanning Report - Thursday, February 23, 2012 154009.html [2012/02/22 18:26:16 \| 000,001,132 \| ---- \| C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2012/02/22 17:59:43 \| 000,001,371 \| ---- \| C] () -- C:\Users\Gay\Desktop\Internet Explorer (64-bit).lnk [2012/02/22 17:51:02 \| 000,001,428 \| ---- \| C] () -- C:\Users\Gay\Desktop\Online Scanners.rtf [2012/02/22 17:46:45 \| 000,016,432 \| ---- \| C] () -- C:\Windows\SysNative\lsdelete.exe [2012/02/22 16:14:24 \| 000,000,064 \| ---- \| C] () -- C:\Windows\SysWow64\rp_stats.dat [2012/02/22 16:14:24 \| 000,000,044 \| ---- \| C] () -- C:\Windows\SysWow64\rp_rules.dat [2012/02/22 16:14:05 \| 000,001,062 \| ---- \| C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk [2012/02/22 16:09:25 \| 012,410,880 \| ---- \| C] () -- C:\Users\Gay\Desktop\Ad-Aware96Install.msi [2012/02/22 14:50:12 \| 000,001,111 \| ---- \| C] () -- C:\Users\Gay\Application Data\Microsoft\Internet Explorer\Quick Launch\TrojanHunter Scanner.lnk [2012/02/22 14:50:12 \| 000,001,087 \| ---- \| C] () -- C:\Users\Gay\Desktop\TrojanHunter.lnk [2012/02/22 14:50:10 \| 000,059,392 \| R--- \| C] () -- C:\Windows\SysWow64\streamhlp.dll [2012/02/22 14:49:33 \| 000,357,766 \| ---- \| C] () -- C:\Users\Gay\Desktop\HostsXpert.zip [2012/02/22 10:13:38 \| 000,002,925 \| ---- \| C] () -- C:\Users\Gay\Desktop\HiJackThis.lnk [2012/02/22 08:45:50 \| 000,001,260 \| ---- \| C] () -- C:\Users\Gay\Desktop\Spybot - Search & Destroy.lnk [2012/02/21 11:52:42 \| 000,001,111 \| ---- \| C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/02/14 14:02:50 \| 000,200,468 \| ---- \| C] () -- C:\Windows\SysNative\drivers\RTAIODAT.DAT [2012/02/14 13:15:18 \| 000,002,036 \| ---- \| C] () -- C:\Users\Gay\Desktop\PC Matic.lnk [2012/02/14 12:06:14 \| 000,001,121 \| ---- \| C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WD Quick View.lnk [2012/02/14 11:44:44 \| 005,096,357 \| ---- \| C] () -- C:\Users\Gay\Desktop\WDFirmwareUpdater.zip [2012/02/12 19:02:40 \| 000,001,141 \| ---- \| C] () -- C:\Users\Public\Desktop\Acronis True Image Home 2012.lnk [2012/02/10 08:07:17 \| 000,000,564 \| ---- \| C] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job [2012/02/10 08:07:17 \| 000,000,506 \| ---- \| C] () -- C:\Windows\tasks\SystemToolsDailyTest.job [2012/02/09 15:24:54 \| 000,007,062 \| ---- \| C] () -- C:\Windows\SysWow64\audiopid.vxd [2012/02/09 15:16:27 \| 000,002,645 \| ---- \| C] () -- C:\Users\Gay\Desktop\Microsoft Office PowerPoint 2003.lnk [2012/02/09 15:14:33 \| 000,000,882 \| ---- \| C] () -- C:\Users\Gay\Desktop\Downloads - Shortcut.lnk [2012/02/09 15:13:51 \| 000,000,865 \| ---- \| C] () -- C:\Users\Gay\Desktop\My Videos - Shortcut.lnk [2012/02/09 15:12:13 \| 000,001,075 \| ---- \| C] () -- C:\Users\Gay\Desktop\Documents - Shortcut.lnk [2012/02/06 10:51:58 \| 000,002,120 \| ---- \| C] () -- C:\Users\Gay\Desktop\Kodak EasyShare software.lnk [2012/02/06 09:59:26 \| 000,001,072 \| ---- \| C] () -- C:\Users\Gay\Desktop\Pictures - Shortcut.lnk [2012/02/05 16:55:45 \| 000,000,320 \| ---- \| C] () -- C:\Windows\tasks\HP Photo Creations Communicator.job [2012/02/04 18:54:07 \| 000,250,880 \| R--- \| C] () -- C:\Users\Public\Documents\ESBK.mbb [2012/02/04 18:54:07 \| 000,137,216 \| R--- \| C] () -- C:\Users\Public\Documents\ESBK.mb [2012/01/31 20:04:20 \| 000,001,335 \| ---- \| C] () -- C:\Users\Gay\Desktop\HP Solution Center.lnk [2012/01/31 16:02:21 \| 000,002,441 \| ---- \| C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk [2012/01/31 15:57:28 \| 000,001,971 \| ---- \| C] () -- C:\Users\Gay\Desktop\Update Checker.lnk [2012/01/31 15:52:35 \| 000,002,675 \| ---- \| C] () -- C:\Users\Gay\Desktop\Microsoft Office Outlook 2003.lnk [2012/01/31 15:52:27 \| 000,002,659 \| ---- \| C] () -- C:\Users\Gay\Desktop\Microsoft Office Excel 2003.lnk [2012/01/31 15:52:16 \| 000,002,657 \| ---- \| C] () -- C:\Users\Gay\Desktop\Microsoft Office Word 2003.lnk [2012/01/31 15:50:01 \| 000,001,248 \| ---- \| C] () -- C:\Users\Gay\Desktop\Auslogics Disk Defrag.lnk [2012/01/31 15:48:42 \| 000,000,784 \| ---- \| C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012/01/31 14:19:44 \| 000,208,493 \| ---- \| C] () -- C:\Windows\hpoins41.dat [2012/01/31 14:19:44 \| 000,001,112 \| ---- \| C] () -- C:\Windows\hpomdl41.dat [2012/01/29 17:28:37 \| 000,175,440 \| ---- \| C] () -- C:\Windows\hpoins41.dat.temp [2012/01/29 15:11:20 \| 000,001,112 \| ---- \| C] () -- C:\Windows\hpomdl41.dat.temp [2012/01/08 00:46:14 \| 000,000,376 \| ---- \| C] () -- C:\Windows\ODBC.INI [2011/09/30 15:13:55 \| 000,066,856 \| ---- \| C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll [2011/09/30 15:13:36 \| 000,963,116 \| ---- \| C] () -- C:\Windows\SysWow64\igkrng600.bin [2011/09/30 15:13:34 \| 000,214,760 \| ---- \| C] () -- C:\Windows\SysWow64\igfcg600m.bin [2011/09/30 15:13:31 \| 000,056,832 \| ---- \| C] () -- C:\Windows\SysWow64\igdde32.dll [2011/09/30 15:13:30 \| 000,145,804 \| ---- \| C] () -- C:\Windows\SysWow64\igcompkrng600.bin [2011/09/30 15:13:29 \| 013,355,008 \| ---- \| C] () -- C:\Windows\SysWow64\ig4icd32.dll [2011/02/10 11:10:51 \| 000,773,050 \| ---- \| C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
	to forum · permalink · 2012-02-28 20:21:23 ·
artesian79 join:2001-10-16 West Chester, OH Reviews: ·RoadRunner Cable	Part 4 [color=#E56717]========== LOP Check ==========[/color] [2012/02/12 19:03:36 \| 000,000,000 \| ---D \| M] -- C:\Users\Gay\AppData\Roaming\Acronis [2012/01/31 17:58:37 \| 000,000,000 \| ---D \| M] -- C:\Users\Gay\AppData\Roaming\Auslogics [2012/02/23 15:14:47 \| 000,000,000 \| ---D \| M] -- C:\Users\Gay\AppData\Roaming\f-secure [2012/01/08 00:37:48 \| 000,000,000 \| ---D \| M] -- C:\Users\Gay\AppData\Roaming\Fingertapps [2012/01/08 00:37:32 \| 000,000,000 \| ---D \| M] -- C:\Users\Gay\AppData\Roaming\Leadertech [2012/01/09 17:04:39 \| 000,000,000 \| ---D \| M] -- C:\Users\Gay\AppData\Roaming\PCDr [2012/02/04 18:54:06 \| 000,000,000 \| ---D \| M] -- C:\Users\Gay\AppData\Roaming\Skinux [2012/02/22 16:07:39 \| 000,000,000 \| ---D \| M] -- C:\Users\Gay\AppData\Roaming\TrojanHunter [2012/02/05 17:45:01 \| 000,000,000 \| ---D \| M] -- C:\Users\Gay\AppData\Roaming\Visan [2012/02/21 16:24:23 \| 000,000,000 \| ---D \| M] -- C:\Users\Gay\AppData\Roaming\Windows Live Writer [2012/02/12 10:12:31 \| 000,000,564 \| ---- \| M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job [2009/07/14 00:08:49 \| 000,019,372 \| ---- \| M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2012/02/27 23:12:40 \| 000,000,506 \| ---- \| M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job [color=#E56717]========== Purity Check ==========[/color]
	to forum · permalink · 2012-02-28 20:22:08 ·
LoPhatPhuud Premium,VIP,MVM join:2002-01-06 Albuquerque, NM kudos:26 Reviews: ·Comcast	reply to artesian79 First: Use Add/Remove Programs to uninstall cozi Express. The ARP entry should be Cozi. I get mised rviews on this program and want to be sure it is not part of the problem. Second: Download and run TDSS Killer, posting the log in this thread. Please post the log, even if nothing is detected. You'll find the link(s) and instruction(s) here: »Security Cleanup FAQ »Rootkit Detection Applications -- When angry count four; when very angry, swear. Microsoft MVP/Consumer Security 2005-2011 Gladiator Security Forum
	to forum · permalink · 2012-02-29 15:20:08 ·
artesian79 join:2001-10-16 West Chester, OH Reviews: ·RoadRunner Cable	Thank you. I have removed the Cozi program, and run TDSS. I've also confirmed the problem is still presenting itself - it is. TDSS output as follows: 16:58:48.0964 4752 TDSS rootkit removing tool 2.7.17.0 Feb 29 2012 14:02:24 16:58:49.0525 4752 ============================================================ 16:58:49.0525 4752 Current date / time: 2012/02/29 16:58:49.0525 16:58:49.0525 4752 SystemInfo: 16:58:49.0525 4752 16:58:49.0525 4752 OS Version: 6.1.7601 ServicePack: 1.0 16:58:49.0525 4752 Product type: Workstation 16:58:49.0525 4752 ComputerName: GAY-LAPTOP 16:58:49.0525 4752 UserName: Gay 16:58:49.0525 4752 Windows directory: C:\Windows 16:58:49.0525 4752 System windows directory: C:\Windows 16:58:49.0525 4752 Running under WOW64 16:58:49.0525 4752 Processor architecture: Intel x64 16:58:49.0525 4752 Number of processors: 4 16:58:49.0525 4752 Page size: 0x1000 16:58:49.0525 4752 Boot type: Normal boot 16:58:49.0525 4752 ============================================================ 16:58:52.0677 4752 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 16:58:52.0692 4752 Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W' 16:58:52.0989 4752 \Device\Harddisk0\DR0: 16:58:52.0989 4752 MBR used 16:58:52.0989 4752 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x34000, BlocksNum 0x2710000 16:58:52.0989 4752 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2744000, BlocksNum 0x48113AB0 16:58:52.0989 4752 \Device\Harddisk1\DR1: 16:58:52.0989 4752 MBR used 16:58:52.0989 4752 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A375800 16:58:53.0051 4752 Initialize success 16:58:53.0051 4752 ============================================================ 16:59:44.0874 5608 ============================================================ 16:59:44.0874 5608 Scan started 16:59:44.0874 5608 Mode: Manual; 16:59:44.0874 5608 ============================================================ 16:59:45.0654 5608 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys 16:59:45.0654 5608 1394ohci - ok 16:59:45.0779 5608 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys 16:59:45.0795 5608 ACPI - ok 16:59:45.0904 5608 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys 16:59:45.0904 5608 AcpiPmi - ok 16:59:46.0247 5608 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys 16:59:46.0247 5608 adp94xx - ok 16:59:46.0387 5608 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys 16:59:46.0403 5608 adpahci - ok 16:59:46.0450 5608 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys 16:59:46.0450 5608 adpu320 - ok 16:59:46.0590 5608 afcdp (b794dd8acc5cc76177156463dab4bebb) C:\Windows\system32\DRIVERS\afcdp.sys 16:59:46.0590 5608 afcdp - ok 16:59:46.0731 5608 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys 16:59:46.0746 5608 AFD - ok 16:59:46.0855 5608 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys 16:59:46.0855 5608 agp440 - ok 16:59:46.0933 5608 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys 16:59:46.0933 5608 aliide - ok 16:59:46.0949 5608 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys 16:59:46.0949 5608 amdide - ok 16:59:47.0011 5608 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys 16:59:47.0011 5608 AmdK8 - ok 16:59:47.0121 5608 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys 16:59:47.0136 5608 AmdPPM - ok 16:59:47.0245 5608 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys 16:59:47.0245 5608 amdsata - ok 16:59:47.0355 5608 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys 16:59:47.0355 5608 amdsbs - ok 16:59:47.0386 5608 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys 16:59:47.0386 5608 amdxata - ok 16:59:47.0495 5608 AMPPAL (7d9e301ab3247765702d0b65e2e47e50) C:\Windows\system32\DRIVERS\AMPPAL.sys 16:59:47.0495 5608 AMPPAL - ok 16:59:47.0620 5608 AMPPALP (7d9e301ab3247765702d0b65e2e47e50) C:\Windows\system32\DRIVERS\amppal.sys 16:59:47.0635 5608 AMPPALP - ok 16:59:47.0745 5608 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys 16:59:47.0745 5608 AppID - ok 16:59:47.0791 5608 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys 16:59:47.0791 5608 arc - ok 16:59:47.0823 5608 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys 16:59:47.0823 5608 arcsas - ok 16:59:47.0947 5608 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys 16:59:47.0947 5608 AsyncMac - ok 16:59:48.0057 5608 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys 16:59:48.0057 5608 atapi - ok 16:59:48.0197 5608 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys 16:59:48.0213 5608 b06bdrv - ok 16:59:48.0353 5608 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys 16:59:48.0369 5608 b57nd60a - ok 16:59:48.0415 5608 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys 16:59:48.0415 5608 Beep - ok 16:59:48.0603 5608 BHDrvx64 (1d757a7e020c577c4259a755f21b7152) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\BASHDefs\20120215.001\BHDrvx64.sys 16:59:48.0603 5608 BHDrvx64 - ok 16:59:48.0696 5608 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys 16:59:48.0712 5608 blbdrive - ok 16:59:48.0852 5608 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys 16:59:48.0852 5608 bowser - ok 16:59:48.0883 5608 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys 16:59:48.0883 5608 BrFiltLo - ok 16:59:48.0915 5608 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys 16:59:48.0915 5608 BrFiltUp - ok 16:59:48.0961 5608 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys 16:59:48.0977 5608 Brserid - ok 16:59:49.0008 5608 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys 16:59:49.0008 5608 BrSerWdm - ok 16:59:49.0055 5608 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys 16:59:49.0055 5608 BrUsbMdm - ok 16:59:49.0071 5608 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys 16:59:49.0071 5608 BrUsbSer - ok 16:59:49.0117 5608 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\DRIVERS\BthEnum.sys 16:59:49.0117 5608 BthEnum - ok 16:59:49.0180 5608 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys 16:59:49.0180 5608 BTHMODEM - ok 16:59:49.0227 5608 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys 16:59:49.0227 5608 BthPan - ok 16:59:49.0305 5608 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\system32\Drivers\BTHport.sys 16:59:49.0305 5608 BTHPORT - ok 16:59:49.0336 5608 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\system32\Drivers\BTHUSB.sys 16:59:49.0336 5608 BTHUSB - ok 16:59:49.0398 5608 btmaudio (274e47bd9c1367bdbfa9df10c2e6c544) C:\Windows\system32\drivers\btmaud.sys 16:59:49.0414 5608 btmaudio - ok 16:59:49.0414 5608 btmaux (75eab5aaf6e9f83739249ce60b4b9c39) C:\Windows\system32\DRIVERS\btmaux.sys 16:59:49.0414 5608 btmaux - ok 16:59:49.0445 5608 btmhsf (40c6fec49d1cc4d112368a2bcd2bcbb7) C:\Windows\system32\DRIVERS\btmhsf.sys 16:59:49.0461 5608 btmhsf - ok 16:59:49.0492 5608 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys 16:59:49.0507 5608 cdfs - ok 16:59:49.0554 5608 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys 16:59:49.0554 5608 cdrom - ok 16:59:49.0617 5608 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys 16:59:49.0617 5608 circlass - ok 16:59:49.0648 5608 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys 16:59:49.0648 5608 CLFS - ok 16:59:49.0757 5608 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys 16:59:49.0757 5608 CmBatt - ok 16:59:49.0788 5608 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys 16:59:49.0788 5608 cmdide - ok 16:59:49.0835 5608 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys 16:59:49.0835 5608 CNG - ok 16:59:49.0897 5608 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys 16:59:49.0897 5608 Compbatt - ok 16:59:49.0929 5608 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys 16:59:49.0929 5608 CompositeBus - ok 16:59:49.0975 5608 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys 16:59:49.0975 5608 crcdisk - ok 16:59:50.0053 5608 CtClsFlt (bc3d4f90978cd7c8eabd1baf3bf7873a) C:\Windows\system32\DRIVERS\CtClsFlt.sys 16:59:50.0053 5608 CtClsFlt - ok 16:59:50.0116 5608 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys 16:59:50.0131 5608 DfsC - ok 16:59:50.0178 5608 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys 16:59:50.0178 5608 discache - ok 16:59:50.0209 5608 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys 16:59:50.0209 5608 Disk - ok 16:59:50.0303 5608 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys 16:59:50.0303 5608 Dot4 - ok 16:59:50.0334 5608 Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\DRIVERS\Dot4Prt.sys 16:59:50.0334 5608 Dot4Print - ok 16:59:50.0365 5608 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys 16:59:50.0365 5608 dot4usb - ok 16:59:50.0412 5608 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys 16:59:50.0412 5608 drmkaud - ok 16:59:50.0459 5608 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys 16:59:50.0475 5608 DXGKrnl - ok 16:59:50.0553 5608 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys 16:59:50.0646 5608 ebdrv - ok 16:59:50.0755 5608 eeCtrl (0c3f9eff8ddd9f9eb56d754b4620155f) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys 16:59:50.0771 5608 eeCtrl - ok 16:59:50.0911 5608 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys 16:59:50.0911 5608 elxstor - ok 16:59:51.0036 5608 EraserUtilRebootDrv (8c0f9b877bc0b7ffd327ef55f9efb642) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 16:59:51.0036 5608 EraserUtilRebootDrv - ok 16:59:51.0145 5608 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys 16:59:51.0161 5608 ErrDev - ok 16:59:51.0239 5608 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys 16:59:51.0239 5608 exfat - ok 16:59:51.0270 5608 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys 16:59:51.0286 5608 fastfat - ok 16:59:51.0364 5608 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys 16:59:51.0364 5608 fdc - ok 16:59:51.0473 5608 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys 16:59:51.0473 5608 FileInfo - ok 16:59:51.0504 5608 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys 16:59:51.0504 5608 Filetrace - ok 16:59:51.0535 5608 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys 16:59:51.0535 5608 flpydisk - ok 16:59:51.0551 5608 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys 16:59:51.0567 5608 FltMgr - ok 16:59:51.0707 5608 fltsrv (e94e042bc24bb301767a8125d529b705) C:\Windows\system32\DRIVERS\fltsrv.sys 16:59:51.0707 5608 fltsrv - ok 16:59:51.0738 5608 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys 16:59:51.0754 5608 FsDepends - ok 16:59:51.0769 5608 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys 16:59:51.0785 5608 Fs_Rec - ok 16:59:51.0816 5608 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys 16:59:51.0816 5608 fvevol - ok 16:59:51.0832 5608 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys 16:59:51.0847 5608 gagp30kx - ok 16:59:51.0894 5608 GEARAspiWDM (af4dee5531395dee72b35b36c9671fd0) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 16:59:51.0894 5608 GEARAspiWDM - ok 16:59:51.0941 5608 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys 16:59:51.0941 5608 hcw85cir - ok 16:59:51.0988 5608 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys 16:59:51.0988 5608 HDAudBus - ok 16:59:52.0019 5608 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys 16:59:52.0019 5608 HidBatt - ok 16:59:52.0035 5608 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys 16:59:52.0050 5608 HidBth - ok 16:59:52.0097 5608 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys 16:59:52.0097 5608 HidIr - ok 16:59:52.0128 5608 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys 16:59:52.0128 5608 HidUsb - ok 16:59:52.0284 5608 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys 16:59:52.0284 5608 HpSAMD - ok 16:59:52.0362 5608 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys 16:59:52.0378 5608 HTTP - ok 16:59:52.0425 5608 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys 16:59:52.0425 5608 hwpolicy - ok 16:59:52.0487 5608 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys 16:59:52.0487 5608 i8042prt - ok 16:59:52.0549 5608 iaStor (d469b77687e12fe43e344806740b624d) C:\Windows\system32\drivers\iaStor.sys 16:59:52.0549 5608 iaStor - ok 16:59:52.0596 5608 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys 16:59:52.0612 5608 iaStorV - ok 16:59:52.0674 5608 iBtFltCoex (fc47f5cf561bf0fd897efd1a9604dccf) C:\Windows\system32\DRIVERS\iBtFltCoex.sys 16:59:52.0674 5608 iBtFltCoex - ok 16:59:52.0815 5608 IDSVia64 (18c40c3f368323b203ace403cb430db1) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\IPSDefs\20120225.004\IDSvia64.sys 16:59:52.0815 5608 IDSVia64 - ok 16:59:53.0158 5608 igfx (a47d902f5c0c43dcf5ee2cae02bf39a8) C:\Windows\system32\DRIVERS\igdkmd64.sys 16:59:53.0407 5608 igfx - ok 16:59:53.0470 5608 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys 16:59:53.0470 5608 iirsp - ok 16:59:53.0517 5608 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\drivers\Impcd.sys 16:59:53.0532 5608 Impcd - ok 16:59:53.0595 5608 intaud_WaveExtensible (caddf0927dac63edae48f5c35a61d87d) C:\Windows\system32\drivers\intelaud.sys 16:59:53.0595 5608 intaud_WaveExtensible - ok 16:59:53.0735 5608 IntcAzAudAddService (150ac23f21dbdbf8488408ba944b0d65) C:\Windows\system32\drivers\RTKVHD64.sys 16:59:53.0751 5608 IntcAzAudAddService - ok 16:59:53.0782 5608 IntcDAud (ae594cc17c33ac146739494615e14851) C:\Windows\system32\DRIVERS\IntcDAud.sys 16:59:53.0797 5608 IntcDAud - ok 16:59:53.0829 5608 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys 16:59:53.0829 5608 intelide - ok 16:59:53.0860 5608 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys 16:59:53.0860 5608 intelppm - ok 16:59:53.0907 5608 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys 16:59:53.0907 5608 IpFilterDriver - ok 16:59:53.0938 5608 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys 16:59:53.0938 5608 IPMIDRV - ok 16:59:53.0985 5608 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys 16:59:54.0000 5608 IPNAT - ok 16:59:54.0031 5608 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys 16:59:54.0031 5608 IRENUM - ok 16:59:54.0047 5608 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys 16:59:54.0047 5608 isapnp - ok 16:59:54.0078 5608 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys 16:59:54.0078 5608 iScsiPrt - ok 16:59:54.0125 5608 iwdbus (716f66336f10885d935b08174dc54242) C:\Windows\system32\DRIVERS\iwdbus.sys 16:59:54.0125 5608 iwdbus - ok 16:59:54.0156 5608 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys 16:59:54.0156 5608 kbdclass - ok 16:59:54.0187 5608 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys 16:59:54.0187 5608 kbdhid - ok 16:59:54.0219 5608 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys 16:59:54.0219 5608 KSecDD - ok 16:59:54.0234 5608 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys 16:59:54.0250 5608 KSecPkg - ok 16:59:54.0265 5608 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys 16:59:54.0265 5608 ksthunk - ok 16:59:54.0359 5608 Lbd (c8b3131857931ae76798a741cc52b021) C:\Windows\system32\DRIVERS\Lbd.sys 16:59:54.0359 5608 Lbd - ok 16:59:54.0421 5608 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys 16:59:54.0421 5608 lltdio - ok 16:59:54.0515 5608 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys 16:59:54.0515 5608 LSI_FC - ok 16:59:54.0531 5608 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys 16:59:54.0531 5608 LSI_SAS - ok 16:59:54.0562 5608 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys 16:59:54.0562 5608 LSI_SAS2 - ok 16:59:54.0577 5608 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys 16:59:54.0593 5608 LSI_SCSI - ok 16:59:54.0609 5608 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys 16:59:54.0609 5608 luafv - ok 16:59:54.0624 5608 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys 16:59:54.0640 5608 megasas - ok 16:59:54.0655 5608 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys 16:59:54.0671 5608 MegaSR - ok 16:59:54.0718 5608 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys 16:59:54.0718 5608 MEIx64 - ok 16:59:54.0749 5608 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys 16:59:54.0749 5608 Modem - ok 16:59:54.0796 5608 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys 16:59:54.0796 5608 monitor - ok 16:59:54.0827 5608 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys 16:59:54.0827 5608 mouclass - ok 16:59:54.0874 5608 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys 16:59:54.0874 5608 mouhid - ok 16:59:54.0889 5608 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys 16:59:54.0889 5608 mountmgr - ok 16:59:54.0921 5608 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys 16:59:54.0936 5608 mpio - ok 16:59:54.0952 5608 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys 16:59:54.0952 5608 mpsdrv - ok 16:59:54.0999 5608 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys 16:59:55.0014 5608 MRxDAV - ok 16:59:55.0045 5608 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys 16:59:55.0045 5608 mrxsmb - ok 16:59:55.0077 5608 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys 16:59:55.0077 5608 mrxsmb10 - ok 16:59:55.0108 5608 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys 16:59:55.0108 5608 mrxsmb20 - ok 16:59:55.0139 5608 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys 16:59:55.0155 5608 msahci - ok 16:59:55.0170 5608 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys 16:59:55.0186 5608 msdsm - ok 16:59:55.0201 5608 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys 16:59:55.0217 5608 Msfs - ok 16:59:55.0233 5608 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys 16:59:55.0233 5608 mshidkmdf - ok 16:59:55.0264 5608 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys 16:59:55.0264 5608 msisadrv - ok 16:59:55.0311 5608 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys 16:59:55.0311 5608 MSKSSRV - ok 16:59:55.0326 5608 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys 16:59:55.0326 5608 MSPCLOCK - ok 16:59:55.0342 5608 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys 16:59:55.0342 5608 MSPQM - ok 16:59:55.0373 5608 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys 16:59:55.0389 5608 MsRPC - ok 16:59:55.0404 5608 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys 16:59:55.0404 5608 mssmbios - ok 16:59:55.0420 5608 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys 16:59:55.0420 5608 MSTEE - ok 16:59:55.0435 5608 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys 16:59:55.0451 5608 MTConfig - ok 16:59:55.0467 5608 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys 16:59:55.0467 5608 Mup - ok 16:59:55.0560 5608 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys 16:59:55.0576 5608 NativeWifiP - ok 16:59:55.0701 5608 NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\VirusDefs\20120229.002\ENG64.SYS 16:59:55.0716 5608 NAVENG - ok 16:59:55.0779 5608 NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\VirusDefs\20120229.002\EX64.SYS 16:59:55.0825 5608 NAVEX15 - ok 16:59:55.0966 5608 NDIS (c38b8ae57f78915905064a9a24dc1586) C:\Windows\system32\drivers\ndis.sys 16:59:55.0997 5608 NDIS - ok 16:59:56.0028 5608 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys 16:59:56.0028 5608 NdisCap - ok 16:59:56.0059 5608 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys 16:59:56.0059 5608 NdisTapi - ok 16:59:56.0106 5608 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys 16:59:56.0106 5608 Ndisuio - ok 16:59:56.0122 5608 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys 16:59:56.0122 5608 NdisWan - ok 16:59:56.0153 5608 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys 16:59:56.0153 5608 NDProxy - ok 16:59:56.0231 5608 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys 16:59:56.0231 5608 NetBIOS - ok 16:59:56.0262 5608 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys 16:59:56.0262 5608 NetBT - ok 16:59:56.0481 5608 NETwNs64 (50ad7f7040c22bb7caa59a0880875a21) C:\Windows\system32\DRIVERS\NETwNs64.sys 16:59:56.0652 5608 NETwNs64 - ok 16:59:56.0683 5608 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys 16:59:56.0683 5608 nfrd960 - ok 16:59:56.0715 5608 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys 16:59:56.0730 5608 Npfs - ok 16:59:56.0746 5608 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys 16:59:56.0746 5608 nsiproxy - ok 16:59:56.0808 5608 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys 16:59:56.0855 5608 Ntfs - ok 16:59:56.0871 5608 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys 16:59:56.0871 5608 Null - ok 16:59:56.0917 5608 nusb3hub (0ebc9d13cd96c15b1b18d8678a609e4b) C:\Windows\system32\DRIVERS\nusb3hub.sys 16:59:56.0917 5608 nusb3hub - ok 16:59:56.0949 5608 nusb3xhc (7bdec000d56d485021d9c1e63c2f81ca) C:\Windows\system32\DRIVERS\nusb3xhc.sys 16:59:56.0949 5608 nusb3xhc - ok 16:59:56.0980 5608 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys 16:59:56.0980 5608 nvraid - ok 16:59:57.0011 5608 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys 16:59:57.0027 5608 nvstor - ok 16:59:57.0027 5608 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys 16:59:57.0042 5608 nv_agp - ok 16:59:57.0058 5608 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys 16:59:57.0058 5608 ohci1394 - ok 16:59:57.0105 5608 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys 16:59:57.0105 5608 Parport - ok 16:59:57.0136 5608 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys 16:59:57.0136 5608 partmgr - ok 16:59:57.0214 5608 pavboot (8a0f8a9580d9f2fc512a35d5709088a9) C:\Windows\system32\drivers\pavboot64.sys 16:59:57.0214 5608 pavboot - ok 16:59:57.0245 5608 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys 16:59:57.0245 5608 pci - ok 16:59:57.0276 5608 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys 16:59:57.0276 5608 pciide - ok 16:59:57.0307 5608 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys 16:59:57.0307 5608 pcmcia - ok 16:59:57.0370 5608 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys 16:59:57.0370 5608 pcw - ok 16:59:57.0401 5608 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys 16:59:57.0417 5608 PEAUTH - ok 16:59:57.0526 5608 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys 16:59:57.0526 5608 PptpMiniport - ok 16:59:57.0541 5608 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys 16:59:57.0541 5608 Processor - ok 16:59:57.0604 5608 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys 16:59:57.0604 5608 Psched - ok 16:59:57.0666 5608 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys 16:59:57.0666 5608 PxHlpa64 - ok 16:59:57.0729 5608 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys 16:59:57.0760 5608 ql2300 - ok 16:59:57.0791 5608 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys 16:59:57.0791 5608 ql40xx - ok 16:59:57.0822 5608 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys 16:59:57.0822 5608 QWAVEdrv - ok 16:59:57.0853 5608 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys 16:59:57.0853 5608 RasAcd - ok 16:59:57.0885 5608 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys 16:59:57.0885 5608 RasAgileVpn - ok 16:59:57.0900 5608 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys 16:59:57.0900 5608 Rasl2tp - ok 16:59:57.0931 5608 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys 16:59:57.0931 5608 RasPppoe - ok 16:59:57.0947 5608 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys 16:59:57.0963 5608 RasSstp - ok 16:59:57.0978 5608 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys 16:59:57.0978 5608 rdbss - ok 16:59:58.0009 5608 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys 16:59:58.0009 5608 rdpbus - ok 16:59:58.0025 5608 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys 16:59:58.0025 5608 RDPCDD - ok 16:59:58.0056 5608 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys 16:59:58.0056 5608 RDPENCDD - ok 16:59:58.0087 5608 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys 16:59:58.0087 5608 RDPREFMP - ok 16:59:58.0119 5608 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys 16:59:58.0119 5608 RDPWD - ok 16:59:58.0150 5608 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys 16:59:58.0150 5608 rdyboost - ok 16:59:58.0228 5608 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys 16:59:58.0243 5608 RFCOMM - ok 16:59:58.0306 5608 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys 16:59:58.0306 5608 rspndr - ok 16:59:58.0353 5608 RSUSBSTOR (135a64530d7699ad48f29d73a658dd11) C:\Windows\system32\Drivers\RtsUStor.sys 16:59:58.0353 5608 RSUSBSTOR - ok 16:59:58.0415 5608 RTL8167 (ee082e06a82ff630351d1e0ebbd3d8d0) C:\Windows\system32\DRIVERS\Rt64win7.sys 16:59:58.0415 5608 RTL8167 - ok 16:59:58.0446 5608 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys 16:59:58.0446 5608 sbp2port - ok 16:59:58.0509 5608 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys 16:59:58.0509 5608 scfilter - ok 16:59:58.0540 5608 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys 16:59:58.0540 5608 secdrv - ok 16:59:58.0602 5608 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys 16:59:58.0602 5608 Serenum - ok 16:59:58.0618 5608 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys 16:59:58.0633 5608 Serial - ok 16:59:58.0649 5608 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys 16:59:58.0649 5608 sermouse - ok 16:59:58.0680 5608 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys 16:59:58.0680 5608 sffdisk - ok 16:59:58.0696 5608 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys 16:59:58.0711 5608 sffp_mmc - ok 16:59:58.0727 5608 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys 16:59:58.0727 5608 sffp_sd - ok 16:59:58.0758 5608 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys 16:59:58.0758 5608 sfloppy - ok 16:59:58.0821 5608 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys 16:59:58.0836 5608 SiSRaid2 - ok 16:59:58.0899 5608 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys 16:59:58.0914 5608 SiSRaid4 - ok 16:59:58.0945 5608 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys 16:59:58.0961 5608 Smb - ok 16:59:59.0023 5608 snapman (bbfb94699c8c265a6af5fd51bde26dfc) C:\Windows\system32\DRIVERS\snapman.sys 16:59:59.0039 5608 snapman - ok 16:59:59.0086 5608 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys 16:59:59.0086 5608 spldr - ok 16:59:59.0164 5608 SRTSP (90ef30c3867bcde4579c01a6d6e75a7a) C:\Windows\System32\Drivers\N360x64\0502000.00D\SRTSP64.SYS 16:59:59.0211 5608 SRTSP - ok 16:59:59.0242 5608 SRTSPX (c513e8a5e7978da49077f5484344ee1b) C:\Windows\system32\drivers\N360x64\0502000.00D\SRTSPX64.SYS 16:59:59.0242 5608 SRTSPX - ok 16:59:59.0273 5608 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys 16:59:59.0289 5608 srv - ok 16:59:59.0320 5608 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys 16:59:59.0320 5608 srv2 - ok 16:59:59.0335 5608 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys 16:59:59.0335 5608 srvnet - ok 16:59:59.0382 5608 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys 16:59:59.0382 5608 stexstor - ok 16:59:59.0445 5608 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys 16:59:59.0445 5608 StillCam - ok 16:59:59.0491 5608 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys 16:59:59.0491 5608 swenum - ok 16:59:59.0569 5608 SymDS (6160145c7a87fc7672e8e3b886888176) C:\Windows\system32\drivers\N360x64\0502000.00D\SYMDS64.SYS 16:59:59.0569 5608 SymDS - ok 16:59:59.0616 5608 SymEFA (96aeed40d4d3521568b42027687e69e0) C:\Windows\system32\drivers\N360x64\0502000.00D\SYMEFA64.SYS 16:59:59.0616 5608 SymEFA - ok 16:59:59.0647 5608 SymEvent (21a1c2d694c3cf962d31f5e873ab3d6f) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS 16:59:59.0647 5608 SymEvent - ok 16:59:59.0679 5608 SymIRON (bd0d711d8cbfcaa19ca123306eaf53a5) C:\Windows\system32\drivers\N360x64\0502000.00D\Ironx64.SYS 16:59:59.0679 5608 SymIRON - ok 16:59:59.0710 5608 SymNetS (a6adb3d83023f8daa0f7b6fda785d83b) C:\Windows\System32\Drivers\N360x64\0502000.00D\SYMNETS.SYS 16:59:59.0725 5608 SymNetS - ok 16:59:59.0803 5608 SynTP (aad83760a0887975d8f524b4d2c86060) C:\Windows\system32\DRIVERS\SynTP.sys 16:59:59.0819 5608 SynTP - ok 16:59:59.0944 5608 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys 16:59:59.0975 5608 Tcpip - ok 17:00:00.0053 5608 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys 17:00:00.0053 5608 TCPIP6 - ok 17:00:00.0084 5608 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys 17:00:00.0084 5608 tcpipreg - ok 17:00:00.0115 5608 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys 17:00:00.0115 5608 TDPIPE - ok 17:00:00.0193 5608 tdrpman (9c1a823d4e729c965167b6e71e984296) C:\Windows\system32\DRIVERS\tdrpman.sys 17:00:00.0240 5608 tdrpman - ok 17:00:00.0256 5608 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys 17:00:00.0256 5608 TDTCP - ok 17:00:00.0303 5608 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys 17:00:00.0303 5608 tdx - ok 17:00:00.0318 5608 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys 17:00:00.0318 5608 TermDD - ok 17:00:00.0381 5608 timounter (990447334615a0db84f620e1426dcfe0) C:\Windows\system32\DRIVERS\timntr.sys 17:00:00.0396 5608 timounter - ok 17:00:00.0427 5608 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys 17:00:00.0427 5608 tssecsrv - ok 17:00:00.0459 5608 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys 17:00:00.0490 5608 TsUsbFlt - ok 17:00:00.0505 5608 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys 17:00:00.0505 5608 TsUsbGD - ok 17:00:00.0552 5608 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys 17:00:00.0552 5608 tunnel - ok 17:00:00.0599 5608 TurboB (fd24f98d2898be093fe926604be7db99) C:\Windows\system32\DRIVERS\TurboB.sys 17:00:00.0599 5608 TurboB - ok 17:00:00.0630 5608 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys 17:00:00.0630 5608 uagp35 - ok 17:00:00.0661 5608 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys 17:00:00.0661 5608 udfs - ok 17:00:00.0708 5608 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys 17:00:00.0708 5608 uliagpkx - ok 17:00:00.0739 5608 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys 17:00:00.0739 5608 umbus - ok 17:00:00.0771 5608 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys 17:00:00.0771 5608 UmPass - ok 17:00:00.0802 5608 usbccgp (19ad7990c0b67e48dac5b26f99628223) C:\Windows\system32\DRIVERS\usbccgp.sys 17:00:00.0802 5608 usbccgp - ok 17:00:00.0833 5608 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys 17:00:00.0833 5608 usbcir - ok 17:00:00.0849 5608 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys 17:00:00.0849 5608 usbehci - ok 17:00:00.0911 5608 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys 17:00:00.0911 5608 usbhub - ok 17:00:00.0958 5608 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys 17:00:00.0958 5608 usbohci - ok 17:00:01.0005 5608 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys 17:00:01.0005 5608 usbprint - ok 17:00:01.0036 5608 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys 17:00:01.0036 5608 usbscan - ok 17:00:01.0067 5608 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS 17:00:01.0067 5608 USBSTOR - ok 17:00:01.0114 5608 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys 17:00:01.0114 5608 usbuhci - ok 17:00:01.0176 5608 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys 17:00:01.0192 5608 usbvideo - ok 17:00:01.0239 5608 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys 17:00:01.0239 5608 vdrvroot - ok 17:00:01.0270 5608 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys 17:00:01.0270 5608 vga - ok 17:00:01.0285 5608 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys 17:00:01.0285 5608 VgaSave - ok 17:00:01.0317 5608 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys 17:00:01.0317 5608 vhdmp - ok 17:00:01.0348 5608 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys 17:00:01.0348 5608 viaide - ok 17:00:01.0410 5608 vididr (ee12faffdd1fb13be0d6ef67cb0d1617) C:\Windows\system32\DRIVERS\vididr.sys 17:00:01.0410 5608 vididr - ok 17:00:01.0441 5608 vidsflt61 (2dfd1eb9de564460003de1605a275e8d) C:\Windows\system32\DRIVERS\vsflt61.sys 17:00:01.0441 5608 vidsflt61 - ok 17:00:01.0457 5608 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys 17:00:01.0457 5608 volmgr - ok 17:00:01.0488 5608 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys 17:00:01.0488 5608 volmgrx - ok 17:00:01.0519 5608 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys 17:00:01.0519 5608 volsnap - ok 17:00:01.0551 5608 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys 17:00:01.0551 5608 vsmraid - ok 17:00:01.0566 5608 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys 17:00:01.0566 5608 vwifibus - ok 17:00:01.0582 5608 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys 17:00:01.0582 5608 vwififlt - ok 17:00:01.0613 5608 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys 17:00:01.0613 5608 vwifimp - ok 17:00:01.0644 5608 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys 17:00:01.0644 5608 WacomPen - ok 17:00:01.0691 5608 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 17:00:01.0691 5608 WANARP - ok 17:00:01.0707 5608 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 17:00:01.0707 5608 Wanarpv6 - ok 17:00:01.0738 5608 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys 17:00:01.0738 5608 Wd - ok 17:00:01.0753 5608 WDC_SAM (a3d04ebf5227886029b4532f20d026f7) C:\Windows\system32\DRIVERS\wdcsam64.sys 17:00:01.0753 5608 WDC_SAM - ok 17:00:01.0800 5608 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys 17:00:01.0800 5608 Wdf01000 - ok 17:00:01.0847 5608 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys 17:00:01.0847 5608 WfpLwf - ok 17:00:01.0894 5608 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys 17:00:01.0909 5608 WimFltr - ok 17:00:01.0925 5608 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys 17:00:01.0925 5608 WIMMount - ok 17:00:01.0987 5608 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys 17:00:01.0987 5608 WmiAcpi - ok 17:00:02.0019 5608 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys 17:00:02.0019 5608 ws2ifsl - ok 17:00:02.0050 5608 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys 17:00:02.0050 5608 WudfPf - ok 17:00:02.0065 5608 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys 17:00:02.0065 5608 WUDFRd - ok 17:00:02.0112 5608 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0 17:00:02.0175 5608 \Device\Harddisk0\DR0 - ok 17:00:02.0471 5608 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1 17:00:02.0518 5608 \Device\Harddisk1\DR1 - ok 17:00:02.0518 5608 Boot (0x1200) (0a915e7c292a520ca8abc32f78b2988d) \Device\Harddisk0\DR0\Partition0 17:00:02.0518 5608 \Device\Harddisk0\DR0\Partition0 - ok 17:00:02.0533 5608 Boot (0x1200) (6fe66090d9e96e0d99773981cebdaf3a) \Device\Harddisk0\DR0\Partition1 17:00:02.0533 5608 \Device\Harddisk0\DR0\Partition1 - ok 17:00:02.0533 5608 Boot (0x1200) (d38ffe7d26ae0d2cc5d985e68df5a0ce) \Device\Harddisk1\DR1\Partition0 17:00:02.0533 5608 \Device\Harddisk1\DR1\Partition0 - ok 17:00:02.0533 5608 ============================================================ 17:00:02.0533 5608 Scan finished 17:00:02.0533 5608 ============================================================ 17:00:02.0549 2952 Detected object count: 0 17:00:02.0549 2952 Actual detected object count: 0
	to forum · permalink · 2012-02-29 17:12:53 ·
LoPhatPhuud Premium,VIP,MVM join:2002-01-06 Albuquerque, NM kudos:26	reply to artesian79 Did uninstalling Cozi Express make any difference??
	to forum · permalink · 2012-02-29 17:43:14 ·
artesian79 join:2001-10-16 West Chester, OH	No. I took Cozi off and even rebooted "just to make sure" and IE still has the same problem. I also had used a different anti root detection prgm before posting for help but forgot to mention it. It didn't find anything either.
	to forum · permalink · 2012-02-29 17:47:52 ·
LoPhatPhuud Premium,VIP,MVM join:2002-01-06 Albuquerque, NM kudos:26 Reviews: ·Comcast	reply to artesian79 The logs show no malware. I am beginning to think this may be an IE specific issue. While they may not help with the problem, I would like to confirm or deny my suspicions. 1. You mention that the Windows Firewall is on. Norton 360 also has it's own firewall. There should never be more than one firewall running. Make sure the Windows Firewall is off. 2. The logs show Firefox as being installed. Are you having the same issue with FF as well? 3. What is the URL that IE shows when the message is displayed? -- When angry count four; when very angry, swear. Microsoft MVP/Consumer Security 2005-2011 Gladiator Security Forum
	to forum · permalink · 2012-03-01 11:26:40 ·
artesian79 join:2001-10-16 West Chester, OH Reviews: ·RoadRunner Cable	1. I've turned off the Windows Firewall. 2. Firefox is working. 3. The window displaying the message says "Message from Webpage" in the outer most bright blue "frame". The IE url remains at htpp://windstream.net (the ISP). The tab for the window says windstream.net. If I "x" out of the pop up Webpage Message box, the information displayed moves to a full page of something with lots of graphics asking listing all sorts of prizes that can be chosen. The url and tab in IE still contain the previous windstream.net listing as before. Should I uninstall and reinstall IE?
	to forum · permalink · 2012-03-01 13:47:46 ·
LoPhatPhuud Premium,VIP,MVM join:2002-01-06 Albuquerque, NM kudos:26 Reviews: ·Comcast	reply to artesian79 Hold off on doing anything with IE for the moment. Let's make one more check for bots/rootkits. Download and run Sophos AntiRootkit. Post the log in this thread, even if nothing is found. You find link(s) and instructions here: »Security Cleanup FAQ »Rootkit Detection Applications -- When angry count four; when very angry, swear. Microsoft MVP/Consumer Security 2005-2011 Gladiator Security Forum
	to forum · permalink · 2012-03-01 14:19:41 ·
artesian79 join:2001-10-16 West Chester, OH Reviews: ·RoadRunner Cable 1 edit	Hello again! The scan is running now, but the option to scan running processes was grayed out. I will post here if it finishes before I leave, but I do have an appointment to go to this evening. I'll post something when I get back in a few hours. If this is a rootkit, I'll likely need to rebuild the O/S, right? The reason I hadn't done it before, other than being states away, is that I'm not sure how to prevent them since Norton 360 and Anti-Malware didn't take care of it. Suggestions?
	to forum · permalink · 2012-03-01 17:37:23 ·
LoPhatPhuud Premium,VIP,MVM join:2002-01-06 Albuquerque, NM kudos:26	reply to artesian79 Whether to reformat or not depends on the rootkit. I really don't expect to find one. I'll watch for your post with the results.
	to forum · permalink · 2012-03-01 20:51:59 ·
artesian79 join:2001-10-16 West Chester, OH Reviews: ·RoadRunner Cable	Here are the results. The were all flagged as don't remove as there wasn't enough information. They look like database files and most are related to the Western Digital Passport drive containing backups. 2 were related to Norton. Sophos Anti-Rootkit Version 1.5.20 (c) 2009 Sophos Plc Started logging on 3/1/2012 at 17:33:23 PM User "Gay" on computer "GAY-LAPTOP" Windows version 6.1 SP 1.0 Service Pack 1 build 7601 SM=0x300 PT=0x1 WOW64 Info: Starting registry scan. Info: Starting disk scan of C: (NTFS). Hidden: file C:\ProgramData\Norton\00000082\00000121\000005d7\cltLMS1.dat Hidden: file C:\ProgramData\Norton\00000082\00000121\000005d7\cltLMS2.dat Info: Starting disk scan of F: (NTFS). Hidden: file F:\WD SmartWare.swstor\D8CW17C1\Volume.180e9544.8e17.11db.b884.806d6172696f\Documents and Settings\Gay\Local Settings\Application Data\Identities\{C595CEEB-DBFB-442D-BB2D-738341C99C4A}\Microsoft\Outlook Express\Deleted Items@0427c26f32ff4ec6a4932e24a3e185a5.dbx Hidden: file F:\WD SmartWare.swstor\D8CW17C1\Volume.180e9544.8e17.11db.b884.806d6172696f\Documents and Settings\Gay\Local Settings\Application Data\Identities\{C595CEEB-DBFB-442D-BB2D-738341C99C4A}\Microsoft\Outlook Express\Deleted Items@f2502fff6a7648e0aef5259fc994dbbd.dbx Hidden: file F:\WD SmartWare.swstor\D8CW17C1\Volume.180e9544.8e17.11db.b884.806d6172696f\Documents and Settings\Gay\Local Settings\Application Data\Identities\{C595CEEB-DBFB-442D-BB2D-738341C99C4A}\Microsoft\Outlook Express\Norton AntiSpam Folder@5d39d9d44e89443aa8c9c55ea0d6bc3c.dbx Hidden: file F:\WD SmartWare.swstor\D8CW17C1\Volume.180e9544.8e17.11db.b884.806d6172696f\Documents and Settings\Gay\Local Settings\Application Data\Identities\{C595CEEB-DBFB-442D-BB2D-738341C99C4A}\Microsoft\Outlook Express\Pop3uidl@23c87aab3e7b486aa5677faefe66f836.dbx Hidden: file F:\WD SmartWare.swstor\D8CW17C1\Volume.180e9544.8e17.11db.b884.806d6172696f\Documents and Settings\Gay\Local Settings\Application Data\Identities\{C595CEEB-DBFB-442D-BB2D-738341C99C4A}\Microsoft\Outlook Express\Sent Items@d367a458697b46cbb9cf2aa696b7caf7.dbx Hidden: file F:\WD SmartWare.swstor\D8CW17C1\Volume.180e9544.8e17.11db.b884.806d6172696f\Documents and Settings\Gay\Local Settings\Application Data\Identities\{C595CEEB-DBFB-442D-BB2D-738341C99C4A}\Microsoft\Outlook Express\Sent Items@10f73e2ed517485ba2982d5ae458a97c.dbx Hidden: file F:\WD SmartWare.swstor\D8CW17C1\Volume.180e9544.8e17.11db.b884.806d6172696f\Documents and Settings\Gay\Local Settings\Application Data\Identities\{C595CEEB-DBFB-442D-BB2D-738341C99C4A}\Microsoft\Outlook Express\Pop3uidl@430a12cba2014df5914ba5201842562a.dbx Hidden: file F:\WD SmartWare.swstor\D8CW17C1\Volume.180e9544.8e17.11db.b884.806d6172696f\Documents and Settings\Gay\Local Settings\Application Data\Identities\{C595CEEB-DBFB-442D-BB2D-738341C99C4A}\Microsoft\Outlook Express\Norton AntiSpam Folder@aa6d99555b39403f9ee0876460b84448.dbx Hidden: file F:\WD SmartWare.swstor\D8CW17C1\Volume.180e9544.8e17.11db.b884.806d6172696f\Documents and Settings\Gay\Local Settings\Application Data\Identities\{C595CEEB-DBFB-442D-BB2D-738341C99C4A}\Microsoft\Outlook Express\Sent Items@a127850c20344023a46a9022a2eae235.dbx Hidden: file F:\WD SmartWare.swstor\D8CW17C1\Volume.180e9544.8e17.11db.b884.806d6172696f\Documents and Settings\Gay\Local Settings\Application Data\Identities\{C595CEEB-DBFB-442D-BB2D-738341C99C4A}\Microsoft\Outlook Express\Deleted Items@e636ed5c6fc44ed382101528d4603c34.dbx Hidden: file F:\WD SmartWare.swstor\D8CW17C1\Volume.180e9544.8e17.11db.b884.806d6172696f\Documents and Settings\Gay\Local Settings\Application Data\Identities\{C595CEEB-DBFB-442D-BB2D-738341C99C4A}\Microsoft\Outlook Express\Norton AntiSpam Folder@4c9913149ccb4c53b65141dd942adb56.dbx Hidden: file F:\WD SmartWare.swstor\D8CW17C1\Volume.180e9544.8e17.11db.b884.806d6172696f\Documents and Settings\Gay\Local Settings\Application Data\Identities\{C595CEEB-DBFB-442D-BB2D-738341C99C4A}\Microsoft\Outlook Express\Deleted Items@58fc2e42d472400b954218dcfaa8c755.dbx Hidden: file F:\WD SmartWare.swstor\D8CW17C1\Volume.180e9544.8e17.11db.b884.806d6172696f\Documents and Settings\Gay\Local Settings\Application Data\Identities\{C595CEEB-DBFB-442D-BB2D-738341C99C4A}\Microsoft\Outlook Express\Sent Items@46b3f0f2f21e4edf9f2fb3b0edfc170e.dbx Stopped logging on 3/1/2012 at 18:24:47 PM I wouldn't be able to have the WD drive unplugged until tomorrow, but I could always stop the USB port as though I were going to unplug it to see if that would make any difference tonight. Thanks again for your help.
	to forum · permalink · 2012-03-01 21:48:01 ·
artesian79 join:2001-10-16 West Chester, OH	I went ahead and used the WD's drive to "eject it", and no big shock - the problem still occurs. Since the drive isn't even seen by Disk Management I think it was a good virtual way of disconnecting the drive.
	to forum · permalink · 2012-03-01 22:22:56 ·
LoPhatPhuud Premium,VIP,MVM join:2002-01-06 Albuquerque, NM kudos:26 Reviews: ·Comcast	reply to artesian79 Thanks. I am aware of the reporting of "hidden" files by Sophos AntiRootkit. In some cases it's a permissions issue. Nothing in the log offers concern. At this point I think your suggestion to uninstall/install Internet Explorer is the next logical step. The logs keep coming back clean for malware, and there is nothing else to suggest why only IE is affected. If it were a DNS issue or router issue, then Firefox should show some affect as well. Let me know the outcome of the IE uninstall/install. The next post contains the removal instructions for the programs we have installed to date. -- When angry count four; when very angry, swear. Microsoft MVP/Consumer Security 2005-2011 Gladiator Security Forum
	to forum · permalink · 2012-03-02 12:17:59 ·
LoPhatPhuud Premium,VIP,MVM join:2002-01-06 Albuquerque, NM kudos:26 Reviews: ·Comcast	reply to artesian79 Cleaning Up: Delete TFC: Delete the TFC icon on your Desktop Delete OTL: Double click the OTL icon on your Desktop Press the 'Cleanup' button Delete Security Check: Delete the SecurityCheck icon on your Desktop Delete Malware Bytes: We recommend that you keep MalwareBytes (MBAM) and run it every week. There is no charge to keep the program however the real time protection will stop after the trial period. Be sure to update the definitions before each use. If you decide not to keep MBAM, use Add/Remove Programs to uninstall it. Delete Sophos AntiRootkit If we asked you to run Sophos AntiRootkit program, uninstall it thru Add/Remove Programs. Other Programs: If we asked you to install any other programs that are not removed by the OTL cleanup procedure, we will provide separate removal instructions. -- When angry count four; when very angry, swear. Microsoft MVP/Consumer Security 2005-2011 Gladiator Security Forum
	to forum · permalink · 2012-03-02 12:18:24 ·

Broadband Tech > Security > Security Cleanup > Need help with a redirect window that comes as pop up in IE