I tried several things none have worked. Why does virus and spyware not detect this malware? How can I remove it?http://forums.spybot.info/images/smilies/confused1.gif
I tried several things none have worked. Why does virus and spyware not detect this malware? How can I remove it?http://forums.spybot.info/images/smilies/confused1.gif
Please read Before You Post
While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.
Until we deem your system clean I am going to ask you not to install or uninstall any software or hardware except for the programs we may run.
Running programs with Vista or Windows 7 , Right Click and select RUN AS ADMINISTATOR
Download DDS from one of the links below to your desktop
Link 1
Link 2
- Double click the tool to run it.
- A black Screen will open, just read the contents and do nothing.
- When the tool finishes, it will open 2 reports, DDS.txt and attach.txt
- Copy/Paste the contents of 'DDS.txt' into your post.
- 'attach.txt' should be zipped using Windows native zip utility and attached to your post. Compress and uncompress files (zip files)
Information on A/V control Here
Download aswMBR.exe ( 511KB ) to your desktop.
Double click the aswMBR.exe to run it
Click the "Scan" button to start scan
On completion of the scan click save log, save it to your desktop and post in your next reply
Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014
ERROR MESSAGE 386
No KeyBoard Detected
Press F1 To Continue
Just a reminder that threads will be closed if no reply in 3 days.
I have windows 8.1 and have not been able to get it to run as Administrator in order for the DDS program to run. Can you assist?
Lets try this one instead
Please download AdwCleaner by Xplode and save to your Desktop.
- Double click on AdwCleaner.exe to run the tool.
Vista/Windows 7/8 users right-click and select Run As Administrator.- Click on the Scan button.
- AdwCleaner will begin...be patient as the scan may take some time to complete.
- After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
- The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
- Copy and paste the contents of that logfile in your next reply.
- A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014
ERROR MESSAGE 386
No KeyBoard Detected
Press F1 To Continue
Just a reminder that threads will be closed if no reply in 3 days.
Results of the executing AdwCleaner.exe
# AdwCleaner v3.016 - Report created 27/12/2013 at 14:27:19
# Updated 23/12/2013 by Xplode
# Operating System : Windows 8.1 (64 bits)
# Username : Mack - WORKPC
# Running from : C:\Users\Mack\Desktop\AdwCleaner.exe
# Option : Scan
***** [ Services ] *****
Service Found : CltMngSvc
***** [ Files / Folders ] *****
File Found : C:\Users\Public\Desktop\eBay.lnk
Folder Found C:\Program Files (x86)\Searchprotect
Folder Found C:\Users\Mack\AppData\Local\Searchprotect
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Found : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Found : HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{DCABB943-792E-44C4-9029-ECBEE6265AF9}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Key Found : HKLM\Software\SearchProtect
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.16384
-\\ Mozilla Firefox v26.0 (en-US)
[ File : C:\Users\Mack\AppData\Roaming\Mozilla\Firefox\Profiles\o13s4y14.default\prefs.js ]
-\\ Google Chrome v31.0.1650.63
[ File : C:\Users\Mack\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [1660 octets] - [27/12/2013 14:27:19]
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [1720 octets] ##########
Thanks
Good Morning,
No need to quote me as some of the logs we may ask for maybe large and with a quote may not fit into a reply.
Where you able to run aswMBR, if so run it and post that log please
Then.....
Double click on AdwCleaner.exe to run the tool again.
- Click on the Scan button.
- AdwCleaner will begin to scan your computer like it did before.
- After the scan has finished...
- This time, click on the Clean button.
- Press OK when asked to close all programs and follow the onscreen prompts.
- Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
- After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
- Copy and paste the contents of that logfile in your next reply.
- A copy of that logfile will also be saved in the C:\AdwCleaner folder.
Please download Junkware Removal Tool to your desktop.
- Shut down your protection software now to avoid potential conflicts.
- Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
- The tool will open and start scanning your system.
- Please be patient as this can take a while to complete depending on your system's specifications.
- On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
- Post the contents of JRT.txt into your next message.
OTL by OldTimer
- Download OTL to your desktop.
- Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
- When the window appears, underneath Output at the top change it to Minimal Output.
- Click the "Scan All Users" checkbox.
- Check the boxes beside LOP Check and Purity Check.
- Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.
Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014
ERROR MESSAGE 386
No KeyBoard Detected
Press F1 To Continue
Just a reminder that threads will be closed if no reply in 3 days.
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-12-28 10:49:53
-----------------------------
10:49:53.462 OS Version: Windows x64 6.2.9200
10:49:53.462 Number of processors: 2 586 0x200
10:49:53.465 ComputerName: WORKPC UserName: Mack
10:49:54.100 Initialze error 1
11:19:09.915 AVAST engine defs: 13122800
11:19:18.220 The log file has been saved successfully to "C:\Users\Mack\Desktop\aswMBR.txt"
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-12-28 10:49:53
-----------------------------
10:49:53.462 OS Version: Windows x64 6.2.9200
10:49:53.462 Number of processors: 2 586 0x200
10:49:53.465 ComputerName: WORKPC UserName: Mack
10:49:54.100 Initialze error 1
11:19:09.915 AVAST engine defs: 13122800
11:19:18.220 The log file has been saved successfully to "C:\Users\Mack\Desktop\aswMBR.txt"
11:19:41.829 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000028
11:19:41.837 Disk 0 Vendor: HGST_HTS545032A7E380 GGBOACA0 Size: 305245MB BusType: 11
11:19:41.898 Disk 0 MBR read successfully
11:19:41.905 Disk 0 MBR scan
11:19:41.932 Disk 0 unknown MBR code
11:19:41.940 Disk 0 Partition 1 00 EE GPT 2097151 MB offset 1
11:19:41.957 Disk 0 scanning C:\WINDOWS\system32\drivers
11:19:41.968 Service scanning
11:19:42.523 Modules scanning
11:19:42.541 Disk 0 trace - called modules:
11:19:42.565 ntoskrnl.exe CLASSPNP.SYS disk.sys amdxata.sys storport.sys hal.dll amdsata.sys
11:19:42.584 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xffffe000016ab5e0]
11:19:42.601 3 CLASSPNP.SYS[fffff80000646abb] -> nt!IofCallDriver -> [0xffffe000002e9b30]
11:19:42.617 5 amdxata.sys[fffff800007146b4] -> nt!IofCallDriver -> \Device\00000028[0xffffe0000139a060]
11:19:42.633 AVAST engine scan C:\WINDOWS
11:19:42.649 AVAST engine scan C:\WINDOWS\system32
11:19:42.666 AVAST engine scan C:\WINDOWS\system32\drivers
11:19:42.683 AVAST engine scan C:\Users\Mack
11:19:42.700 AVAST engine scan C:\ProgramData
11:19:42.717 Scan finished successfully
11:20:11.844 Disk 0 MBR fix error
11:20:41.924 Disk 0 MBR has been saved successfully to "C:\Users\Mack\Desktop\MBR.dat"
11:20:41.947 The log file has been saved successfully to "C:\Users\Mack\Desktop\aswMBR.txt"
Results after running Adwcleaner and allowing it to clean.
# AdwCleaner v3.016 - Report created 28/12/2013 at 11:30:15
# Updated 23/12/2013 by Xplode
# Operating System : Windows 8.1 (64 bits)
# Username : Mack - WORKPC
# Running from : C:\Users\Mack\Desktop\AdwCleaner.exe
# Option : Clean
***** [ Services ] *****
[#] Service Deleted : CltMngSvc
***** [ Files / Folders ] *****
Folder Deleted : C:\Program Files (x86)\Searchprotect
Folder Deleted : C:\Users\Mack\AppData\Local\Searchprotect
File Deleted : C:\Users\Public\Desktop\eBay.lnk
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DCABB943-792E-44C4-9029-ECBEE6265AF9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Key Deleted : HKLM\Software\SearchProtect
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.16384
-\\ Mozilla Firefox v26.0 (en-US)
[ File : C:\Users\Mack\AppData\Roaming\Mozilla\Firefox\Profiles\o13s4y14.default\prefs.js ]
-\\ Google Chrome v31.0.1650.63
[ File : C:\Users\Mack\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [1808 octets] - [27/12/2013 14:27:19]
AdwCleaner[R1].txt - [1868 octets] - [28/12/2013 11:28:37]
AdwCleaner[S0].txt - [1704 octets] - [28/12/2013 11:30:15]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1764 octets] ##########
Results from running JRT
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 8.1 x64
Ran by Mack on Sat 12/28/2013 at 11:50:36.02
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 12/28/2013 at 12:06:37.60
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
OTL logfile created on: 12/28/2013 12:13:39 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Mack\Desktop
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16476)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.60 Gb Total Physical Memory | 2.51 Gb Available Physical Memory | 69.75% Memory free
4.22 Gb Paging File | 2.95 Gb Available in Paging File | 69.89% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 275.02 Gb Total Space | 238.23 Gb Free Space | 86.62% Space Free | Partition Type: NTFS
Drive D: | 21.96 Gb Total Space | 2.18 Gb Free Space | 9.93% Space Free | Partition Type: NTFS
Computer Name: WORKPC | User Name: Mack | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013/12/28 10:43:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mack\Desktop\OTL.exe
PRC - [2013/12/09 09:40:07 | 000,223,112 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe
PRC - [2013/12/06 15:47:44 | 020,203,904 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe
PRC - [2013/10/15 12:27:38 | 003,921,880 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
PRC - [2013/09/20 10:57:26 | 001,042,272 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
PRC - [2013/09/13 10:38:30 | 000,171,416 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
PRC - [2013/09/05 08:04:00 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/07/25 11:19:26 | 005,624,784 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
PRC - [2013/05/20 22:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccsvchst.exe
PRC - [2013/02/25 13:39:26 | 001,045,304 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
PRC - [2013/02/01 17:00:28 | 001,039,160 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
PRC - [2012/07/13 16:50:00 | 000,093,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
PRC - [2012/06/07 21:34:06 | 000,111,120 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
========== Modules (No Company Name) ==========
MOD - [2013/12/28 11:42:20 | 001,153,024 | ---- | M] () -- C:\Users\Mack\AppData\Local\Temp\_MEI43922\_ssl.pyd
MOD - [2013/12/28 11:42:20 | 000,805,888 | ---- | M] () -- C:\Users\Mack\AppData\Local\Temp\_MEI43922\wx._gdi_.pyd
MOD - [2013/12/28 11:42:20 | 000,711,680 | ---- | M] () -- C:\Users\Mack\AppData\Local\Temp\_MEI43922\_hashlib.pyd
MOD - [2013/12/28 11:42:20 | 000,110,080 | ---- | M] () -- C:\Users\Mack\AppData\Local\Temp\_MEI43922\pywintypes27.dll
MOD - [2013/12/28 11:42:20 | 000,026,624 | ---- | M] () -- C:\Users\Mack\AppData\Local\Temp\_MEI43922\_multiprocessing.pyd
MOD - [2013/12/28 11:42:19 | 001,175,040 | ---- | M] () -- C:\Users\Mack\AppData\Local\Temp\_MEI43922\wx._core_.pyd
MOD - [2013/12/28 11:42:19 | 001,062,400 | ---- | M] () -- C:\Users\Mack\AppData\Local\Temp\_MEI43922\wx._controls_.pyd
MOD - [2013/12/28 11:42:19 | 000,811,008 | ---- | M] () -- C:\Users\Mack\AppData\Local\Temp\_MEI43922\wx._windows_.pyd
MOD - [2013/12/28 11:42:19 | 000,735,232 | ---- | M] () -- C:\Users\Mack\AppData\Local\Temp\_MEI43922\wx._misc_.pyd
MOD - [2013/12/28 11:42:19 | 000,686,080 | ---- | M] () -- C:\Users\Mack\AppData\Local\Temp\_MEI43922\unicodedata.pyd
MOD - [2013/12/28 11:42:19 | 000,557,056 | ---- | M] () -- C:\Users\Mack\AppData\Local\Temp\_MEI43922\pysqlite2._sqlite.pyd
MOD - [2013/12/28 11:42:19 | 000,521,680 | ---- | M] () -- C:\Users\Mack\AppData\Local\Temp\_MEI43922\windows._lib_cacheinvalidation.pyd
MOD - [2013/12/28 11:42:19 | 000,364,544 | ---- | M] () -- C:\Users\Mack\AppData\Local\Temp\_MEI43922\pythoncom27.dll
MOD - [2013/12/28 11:42:19 | 000,320,512 | ---- | M] () -- C:\Users\Mack\AppData\Local\Temp\_MEI43922\win32com.shell.shell.pyd
MOD - [2013/12/28 11:42:19 | 000,128,512 | ---- | M] () -- C:\Users\Mack\AppData\Local\Temp\_MEI43922\_elementtree.pyd
MOD - [2013/12/28 11:42:19 | 000,127,488 | ---- | M] () -- C:\Users\Mack\AppData\Local\Temp\_MEI43922\pyexpat.pyd
MOD - [2013/12/28 11:42:19 | 000,122,368 | ---- | M] () -- C:\Users\Mack\AppData\Local\Temp\_MEI43922\wx._wizard.pyd
MOD - [2013/12/28 11:42:19 | 000,119,808 | ---- | M] () -- C:\Users\Mack\AppData\Local\Temp\_MEI43922\win32file.pyd
MOD - [2013/12/28 11:42:19 | 000,108,544 | ---- | M] () -- C:\Users\Mack\AppData\Local\Temp\_MEI43922\win32security.pyd
MOD - [2013/12/28 11:42:19 | 000,098,816 | ---- | M] () -- C:\Users\Mack\AppData\Local\Temp\_MEI43922\win32api.pyd
MOD - [2013/12/28 11:42:19 | 000,087,040 | ---- | M] () -- C:\Users\Mack\AppData\Local\Temp\_MEI43922\_ctypes.pyd
MOD - [2013/12/28 11:42:19 | 000,070,656 | ---- | M] () -- C:\Users\Mack\AppData\Local\Temp\_MEI43922\wx._html2.pyd
MOD - [2013/12/28 11:42:19 | 000,044,032 | ---- | M] () -- C:\Users\Mack\AppData\Local\Temp\_MEI43922\_socket.pyd
MOD - [2013/12/28 11:42:19 | 000,038,912 | ---- | M] () -- C:\Users\Mack\AppData\Local\Temp\_MEI43922\win32inet.pyd
MOD - [2013/12/28 11:42:19 | 000,035,840 | ---- | M] () -- C:\Users\Mack\AppData\Local\Temp\_MEI43922\win32process.pyd
MOD - [2013/12/28 11:42:19 | 000,025,600 | ---- | M] () -- C:\Users\Mack\AppData\Local\Temp\_MEI43922\win32pdh.pyd
MOD - [2013/12/28 11:42:19 | 000,024,064 | ---- | M] () -- C:\Users\Mack\AppData\Local\Temp\_MEI43922\win32pipe.pyd
MOD - [2013/12/28 11:42:19 | 000,022,528 | ---- | M] () -- C:\Users\Mack\AppData\Local\Temp\_MEI43922\win32ts.pyd
MOD - [2013/12/28 11:42:19 | 000,018,432 | ---- | M] () -- C:\Users\Mack\AppData\Local\Temp\_MEI43922\win32event.pyd
MOD - [2013/12/28 11:42:19 | 000,017,408 | ---- | M] () -- C:\Users\Mack\AppData\Local\Temp\_MEI43922\win32profile.pyd
MOD - [2013/12/28 11:42:19 | 000,011,264 | ---- | M] () -- C:\Users\Mack\AppData\Local\Temp\_MEI43922\win32crypt.pyd
MOD - [2013/12/28 11:42:19 | 000,010,240 | ---- | M] () -- C:\Users\Mack\AppData\Local\Temp\_MEI43922\select.pyd
MOD - [2013/05/16 10:55:26 | 000,113,496 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
MOD - [2013/05/16 10:55:24 | 000,416,600 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
MOD - [2012/06/08 12:34:06 | 000,016,400 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
MOD - [2012/06/07 21:34:06 | 000,627,216 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
MOD - [2012/05/30 00:51:08 | 000,699,280 | R--- | M] () -- C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\wincfi39.dll
========== Services (SafeList) ==========
SRV:64bit: - [2013/12/25 16:31:42 | 001,302,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\AppXDeploymentServer.dll -- (AppXSvc)
SRV:64bit: - [2013/12/25 16:25:30 | 000,076,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\inetsrv\w3logsvc.dll -- (w3logsvc)
SRV:64bit: - [2013/12/13 10:23:32 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2013/12/13 00:57:52 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV:64bit: - [2013/11/14 01:29:02 | 001,584,128 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\workfolderssvc.dll -- (workfolderssvc)
SRV:64bit: - [2013/11/14 01:29:02 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/11/14 01:29:01 | 000,533,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppReadiness.dll -- (AppReadiness)
SRV:64bit: - [2013/11/14 01:28:59 | 003,395,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2013/11/14 01:25:27 | 001,555,456 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2013/11/14 01:25:27 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2013/11/14 01:25:26 | 000,491,520 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\GeofenceMonitorService.dll -- (lfsvc)
SRV:64bit: - [2013/11/14 01:25:26 | 000,261,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2013/08/22 06:32:01 | 000,346,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\NisSrv.exe -- (WdNisSvc)
SRV:64bit: - [2013/08/22 06:32:00 | 000,023,840 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:64bit: - [2013/08/22 06:31:56 | 002,899,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2013/08/22 05:32:02 | 000,024,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wephostsvc.dll -- (WEPHOSTSVC)
SRV:64bit: - [2013/08/22 05:31:43 | 000,040,448 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2013/08/22 05:22:45 | 000,066,048 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2013/08/22 05:21:15 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2013/08/22 05:16:57 | 000,118,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2013/08/22 04:25:28 | 000,164,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2013/08/22 04:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2013/08/22 04:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2013/08/22 04:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2013/08/22 04:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2013/08/22 04:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2013/08/22 04:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV:64bit: - [2013/08/22 04:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicguestinterface)
SRV:64bit: - [2013/08/22 04:04:53 | 000,716,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2013/08/22 04:02:47 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\smphost.dll -- (smphost)
SRV:64bit: - [2013/08/22 03:59:26 | 000,832,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2013/08/22 03:58:42 | 000,280,576 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2013/08/22 03:57:25 | 000,130,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ScDeviceEnum.dll -- (ScDeviceEnum)
SRV:64bit: - [2013/08/22 03:54:59 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2013/08/22 03:50:59 | 000,245,760 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2013/08/22 03:50:00 | 000,525,312 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2013/08/22 03:45:59 | 000,151,040 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ncbservice.dll -- (NcbService)
SRV:64bit: - [2013/08/22 03:40:49 | 000,248,832 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2013/08/22 03:40:14 | 000,398,848 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2013/08/22 03:39:33 | 000,198,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2013/08/22 03:31:03 | 000,201,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2013/08/22 03:15:54 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:64bit: - [2013/03/14 00:41:22 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2013/03/04 16:28:40 | 000,239,176 | ---- | M] (Realtek Semiconductor) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE -- (RtkAudioService)
SRV:64bit: - [2009/05/04 15:47:36 | 000,809,984 | ---- | M] (OptionNV) [Auto | Running] -- C:\Program Files\Option\GlobeTrotter Connect\GtDetectSc.exe -- (GtDetectSc)
SRV - [2013/12/25 16:25:32 | 000,475,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2013/12/25 16:25:29 | 000,066,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\inetsrv\w3logsvc.dll -- (w3logsvc)
SRV - [2013/12/25 16:25:28 | 000,062,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2013/12/05 13:36:33 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/11/14 01:25:25 | 000,357,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GeofenceMonitorService.dll -- (lfsvc)
SRV - [2013/09/05 08:04:00 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/08/22 06:31:56 | 002,899,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2013/08/21 21:55:35 | 000,018,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
SRV - [2013/08/21 20:53:34 | 000,011,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\smphost.dll -- (smphost)
SRV - [2013/05/20 22:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe -- (NIS)
SRV - [2013/02/01 17:00:28 | 001,039,160 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe -- (HPWMISVC)
SRV - [2012/11/15 17:49:48 | 002,468,496 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2012/09/27 12:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2010/10/12 11:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)