Jump to content

cestmoi1337

Honorary Members
  • Posts

    65
  • Joined

  • Last visited

Everything posted by cestmoi1337

  1. Mr Carlie, I followed the instructions but no threats were found. Here is the report: 14:29:33.0653 8924 TDSS rootkit removing tool 2.7.35.0 May 16 2012 07:37:57 14:29:33.0902 8924 ============================================================ 14:29:33.0902 8924 Current date / time: 2012/05/16 14:29:33.0902 14:29:33.0902 8924 SystemInfo: 14:29:33.0902 8924 14:29:33.0902 8924 OS Version: 6.1.7600 ServicePack: 0.0 14:29:33.0902 8924 Product type: Workstation 14:29:33.0902 8924 ComputerName: TRMDU2 14:29:33.0903 8924 UserName: GRevolorio 14:29:33.0903 8924 Windows directory: C:\Windows 14:29:33.0903 8924 System windows directory: C:\Windows 14:29:33.0903 8924 Running under WOW64 14:29:33.0903 8924 Processor architecture: Intel x64 14:29:33.0903 8924 Number of processors: 8 14:29:33.0903 8924 Page size: 0x1000 14:29:33.0903 8924 Boot type: Normal boot 14:29:33.0903 8924 ============================================================ 14:29:35.0845 8924 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 14:29:35.0866 8924 Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 14:29:35.0879 8924 Drive \Device\Harddisk2\DR0 - Size: 0x80700000 (2.01 Gb), SectorSize: 0x200, Cylinders: 0x2AD, SectorsPerTrack: 0x20, TracksPerCylinder: 0xC0, Type 'W' 14:29:35.0880 8924 Drive \Device\Harddisk3\DR2 - Size: 0xE8E0DB5E00 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1D9264F, SectorsPerTrack: 0x3F, TracksPerCylinder: 0x1, Type 'W' 14:29:35.0906 8924 ============================================================ 14:29:35.0906 8924 \Device\Harddisk0\DR0: 14:29:35.0906 8924 MBR partitions: 14:29:35.0906 8924 \Device\Harddisk1\DR1: 14:29:35.0906 8924 MBR partitions: 14:29:35.0906 8924 \Device\Harddisk2\DR0: 14:29:35.0906 8924 MBR partitions: 14:29:35.0906 8924 \Device\Harddisk2\DR0\Partition0: MBR, Type 0xB, StartLBA 0x20, BlocksNum 0x4037E0 14:29:35.0906 8924 \Device\Harddisk3\DR2: 14:29:35.0912 8924 MBR partitions: 14:29:35.0912 8924 \Device\Harddisk3\DR2\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x747059C1 14:29:35.0912 8924 ============================================================ 14:29:35.0913 8924 D: <-> \Device\Harddisk2\DR0\Partition0 14:29:35.0925 8924 I: <-> \Device\Harddisk3\DR2\Partition0 14:29:35.0925 8924 ============================================================ 14:29:35.0925 8924 Initialize success 14:29:35.0925 8924 ============================================================ 14:30:28.0171 7984 ============================================================ 14:30:28.0172 7984 Scan started 14:30:28.0172 7984 Mode: Manual; SigCheck; TDLFS; 14:30:28.0172 7984 ============================================================ 14:30:28.0362 7984 !SASCORE - ok 14:30:28.0392 7984 1394ohci - ok 14:30:28.0395 7984 Acceler - ok 14:30:28.0397 7984 ACPI - ok 14:30:28.0400 7984 AcpiPmi - ok 14:30:28.0413 7984 adfs - ok 14:30:28.0417 7984 Adobe Version Cue CS4 - ok 14:30:28.0422 7984 AdobeARMservice - ok 14:30:28.0433 7984 AdobeFlashPlayerUpdateSvc - ok 14:30:28.0436 7984 adp94xx - ok 14:30:28.0439 7984 adpahci - ok 14:30:28.0442 7984 adpu320 - ok 14:30:28.0446 7984 AeLookupSvc - ok 14:30:28.0457 7984 AERTFilters - ok 14:30:28.0460 7984 AFD - ok 14:30:28.0463 7984 agp440 - ok 14:30:28.0466 7984 ALG - ok 14:30:28.0468 7984 aliide - ok 14:30:28.0471 7984 amdide - ok 14:30:28.0474 7984 AmdK8 - ok 14:30:28.0477 7984 AmdPPM - ok 14:30:28.0480 7984 amdsata - ok 14:30:28.0483 7984 amdsbs - ok 14:30:28.0485 7984 amdxata - ok 14:30:28.0488 7984 AppID - ok 14:30:28.0491 7984 AppIDSvc - ok 14:30:28.0494 7984 Appinfo - ok 14:30:28.0497 7984 Apple Mobile Device - ok 14:30:28.0500 7984 applebmt - ok 14:30:28.0503 7984 AppMgmt - ok 14:30:28.0505 7984 arc - ok 14:30:28.0508 7984 arcsas - ok 14:30:28.0514 7984 aspnet_state - ok 14:30:28.0516 7984 AsyncMac - ok 14:30:28.0519 7984 atapi - ok 14:30:28.0522 7984 AudioEndpointBuilder - ok 14:30:28.0525 7984 AudioSrv - ok 14:30:28.0528 7984 AxInstSV - ok 14:30:28.0531 7984 b06bdrv - ok 14:30:28.0534 7984 b57nd60a - ok 14:30:28.0538 7984 BDESVC - ok 14:30:28.0541 7984 Beep - ok 14:30:28.0544 7984 BITS - ok 14:30:28.0546 7984 blbdrive - ok 14:30:28.0563 7984 Bonjour Service - ok 14:30:28.0566 7984 bowser - ok 14:30:28.0568 7984 BrFiltLo - ok 14:30:28.0571 7984 BrFiltUp - ok 14:30:28.0574 7984 Browser - ok 14:30:28.0577 7984 Brserid - ok 14:30:28.0580 7984 BrSerWdm - ok 14:30:28.0583 7984 BrUsbMdm - ok 14:30:28.0586 7984 BrUsbSer - ok 14:30:28.0598 7984 BthEnum - ok 14:30:28.0601 7984 BTHMODEM - ok 14:30:28.0604 7984 BthPan - ok 14:30:28.0607 7984 BTHPORT - ok 14:30:28.0610 7984 bthserv - ok 14:30:28.0613 7984 BTHUSB - ok 14:30:28.0617 7984 btwaudio - ok 14:30:28.0620 7984 btwavdt - ok 14:30:28.0623 7984 btwdins - ok 14:30:28.0626 7984 btwl2cap - ok 14:30:28.0629 7984 btwrchid - ok 14:30:28.0632 7984 ccEvtMgr - ok 14:30:28.0635 7984 ccSetMgr - ok 14:30:28.0637 7984 cdfs - ok 14:30:28.0640 7984 cdrom - ok 14:30:28.0643 7984 CertPropSvc - ok 14:30:28.0646 7984 circlass - ok 14:30:28.0649 7984 CLFS - ok 14:30:28.0652 7984 clr_optimization_v2.0.50727_32 - ok 14:30:28.0655 7984 clr_optimization_v2.0.50727_64 - ok 14:30:28.0659 7984 clr_optimization_v4.0.30319_32 - ok 14:30:28.0662 7984 clr_optimization_v4.0.30319_64 - ok 14:30:28.0665 7984 CmBatt - ok 14:30:28.0668 7984 cmdide - ok 14:30:28.0670 7984 CNG - ok 14:30:28.0673 7984 Compbatt - ok 14:30:28.0676 7984 CompositeBus - ok 14:30:28.0679 7984 COMSysApp - ok 14:30:28.0682 7984 crcdisk - ok 14:30:28.0693 7984 CronService - ok 14:30:28.0698 7984 CryptSvc - ok 14:30:28.0700 7984 CSC - ok 14:30:28.0703 7984 CscService - ok 14:30:28.0707 7984 CVirtA - ok 14:30:28.0710 7984 CVPND - ok 14:30:28.0712 7984 CVPNDRVA - ok 14:30:28.0715 7984 dc3d - ok 14:30:28.0720 7984 DcomLaunch - ok 14:30:28.0722 7984 defragsvc - ok 14:30:28.0726 7984 DfsC - ok 14:30:28.0728 7984 Dhcp - ok 14:30:28.0731 7984 discache - ok 14:30:28.0734 7984 Disk - ok 14:30:28.0737 7984 DNE - ok 14:30:28.0739 7984 Dnscache - ok 14:30:28.0743 7984 dot3svc - ok 14:30:28.0745 7984 DPS - ok 14:30:28.0748 7984 drmkaud - ok 14:30:28.0752 7984 DXGKrnl - ok 14:30:28.0755 7984 EapHost - ok 14:30:28.0759 7984 ebdrv - ok 14:30:28.0761 7984 eeCtrl - ok 14:30:28.0764 7984 EFS - ok 14:30:28.0767 7984 ehRecvr - ok 14:30:28.0770 7984 ehSched - ok 14:30:28.0774 7984 ElbyCDIO - ok 14:30:28.0779 7984 elxstor - ok 14:30:28.0796 7984 EraserUtilRebootDrv - ok 14:30:28.0800 7984 ErrDev - ok 14:30:28.0809 7984 EventSystem - ok 14:30:28.0814 7984 exfat - ok 14:30:28.0817 7984 fastfat - ok 14:30:28.0821 7984 Fax - ok 14:30:28.0825 7984 fdc - ok 14:30:28.0829 7984 fdPHost - ok 14:30:28.0833 7984 FDResPub - ok 14:30:28.0837 7984 FileInfo - ok 14:30:28.0840 7984 Filetrace - ok 14:30:28.0844 7984 FLEXnet Licensing Service - ok 14:30:28.0847 7984 FLEXnet Licensing Service 64 - ok 14:30:28.0850 7984 flpydisk - ok 14:30:28.0854 7984 FltMgr - ok 14:30:28.0858 7984 FontCache - ok 14:30:28.0862 7984 FontCache3.0.0.0 - ok 14:30:28.0865 7984 FsDepends - ok 14:30:28.0869 7984 Fs_Rec - ok 14:30:28.0878 7984 fvevol - ok 14:30:28.0882 7984 gagp30kx - ok 14:30:28.0886 7984 GEARAspiWDM - ok 14:30:28.0890 7984 glavcam - ok 14:30:28.0894 7984 GoogleDesktopManager-051210-111108 - ok 14:30:28.0899 7984 gpsvc - ok 14:30:28.0904 7984 gupdate - ok 14:30:28.0908 7984 gupdatem - ok 14:30:28.0912 7984 hcmon - ok 14:30:28.0916 7984 hcw85cir - ok 14:30:28.0920 7984 HdAudAddService - ok 14:30:28.0925 7984 HDAudBus - ok 14:30:28.0929 7984 HidBatt - ok 14:30:28.0934 7984 HidBth - ok 14:30:28.0937 7984 HidIr - ok 14:30:28.0941 7984 hidserv - ok 14:30:28.0944 7984 HidUsb - ok 14:30:28.0947 7984 hkmsvc - ok 14:30:28.0951 7984 HomeGroupListener - ok 14:30:28.0955 7984 HomeGroupProvider - ok 14:30:28.0959 7984 HpSAMD - ok 14:30:28.0963 7984 HTTP - ok 14:30:28.0967 7984 hwpolicy - ok 14:30:28.0971 7984 i8042prt - ok 14:30:28.0975 7984 iaStorV - ok 14:30:28.0979 7984 idsvc - ok 14:30:28.0982 7984 iirsp - ok 14:30:28.0986 7984 IKEEXT - ok 14:30:28.0995 7984 IntcAzAudAddService - ok 14:30:28.0999 7984 intelide - ok 14:30:29.0003 7984 intelppm - ok 14:30:29.0007 7984 IPBusEnum - ok 14:30:29.0011 7984 IpFilterDriver - ok 14:30:29.0015 7984 IPMIDRV - ok 14:30:29.0018 7984 IPNAT - ok 14:30:29.0024 7984 iPod Service - ok 14:30:29.0028 7984 IRENUM - ok 14:30:29.0033 7984 isapnp - ok 14:30:29.0038 7984 iScsiPrt - ok 14:30:29.0042 7984 JMCR - ok 14:30:29.0046 7984 kbdclass - ok 14:30:29.0050 7984 kbdhid - ok 14:30:29.0053 7984 KeyIso - ok 14:30:29.0057 7984 KSecDD - ok 14:30:29.0061 7984 KSecPkg - ok 14:30:29.0065 7984 ksthunk - ok 14:30:29.0068 7984 KtmRm - ok 14:30:29.0072 7984 LanmanServer - ok 14:30:29.0076 7984 LanmanWorkstation - ok 14:30:29.0084 7984 LiveUpdate - ok 14:30:29.0089 7984 lltdio - ok 14:30:29.0094 7984 lltdsvc - ok 14:30:29.0100 7984 lmhosts - ok 14:30:29.0105 7984 LMIGuardianSvc - ok 14:30:29.0111 7984 LMIInfo - ok 14:30:29.0117 7984 LMIMaint - ok 14:30:29.0123 7984 lmimirr - ok 14:30:29.0128 7984 LMIRfsClientNP - ok 14:30:29.0132 7984 LMIRfsDriver - ok 14:30:29.0137 7984 LogMeIn - ok 14:30:29.0142 7984 LSI_FC - ok 14:30:29.0146 7984 LSI_SAS - ok 14:30:29.0150 7984 LSI_SAS2 - ok 14:30:29.0154 7984 LSI_SCSI - ok 14:30:29.0159 7984 luafv - ok 14:30:29.0163 7984 Mcx2Svc - ok 14:30:29.0167 7984 megasas - ok 14:30:29.0171 7984 MegaSR - ok 14:30:29.0175 7984 MMCSS - ok 14:30:29.0179 7984 Modem - ok 14:30:29.0183 7984 monitor - ok 14:30:29.0187 7984 motandroidusb - ok 14:30:29.0211 7984 MotoHelper - ok 14:30:29.0215 7984 mouclass - ok 14:30:29.0218 7984 mouhid - ok 14:30:29.0222 7984 mountmgr - ok 14:30:29.0229 7984 MouseWithoutBordersSvc - ok 14:30:29.0233 7984 mpio - ok 14:30:29.0237 7984 mpsdrv - ok 14:30:29.0241 7984 MRxDAV - ok 14:30:29.0245 7984 mrxsmb - ok 14:30:29.0249 7984 mrxsmb10 - ok 14:30:29.0253 7984 mrxsmb20 - ok 14:30:29.0257 7984 msahci - ok 14:30:29.0260 7984 msdsm - ok 14:30:29.0265 7984 MSDTC - ok 14:30:29.0272 7984 Msfs - ok 14:30:29.0275 7984 mshidkmdf - ok 14:30:29.0279 7984 msisadrv - ok 14:30:29.0283 7984 MSiSCSI - ok 14:30:29.0287 7984 msiserver - ok 14:30:29.0291 7984 MSKSSRV - ok 14:30:29.0294 7984 MSPCLOCK - ok 14:30:29.0298 7984 MSPQM - ok 14:30:29.0302 7984 MsRPC - ok 14:30:29.0307 7984 mssmbios - ok 14:30:29.0311 7984 MSTEE - ok 14:30:29.0315 7984 msvsmon80 - ok 14:30:29.0318 7984 MTConfig - ok 14:30:29.0322 7984 Mup - ok 14:30:29.0325 7984 napagent - ok 14:30:29.0329 7984 NativeWifiP - ok 14:30:29.0333 7984 NAUpdate - ok 14:30:29.0337 7984 NAVENG - ok 14:30:29.0340 7984 NAVEX15 - ok 14:30:29.0344 7984 NBVol - ok 14:30:29.0348 7984 NBVolUp - ok 14:30:29.0351 7984 NDIS - ok 14:30:29.0355 7984 NdisCap - ok 14:30:29.0360 7984 NdisTapi - ok 14:30:29.0365 7984 Ndisuio - ok 14:30:29.0369 7984 NdisWan - ok 14:30:29.0374 7984 NDProxy - ok 14:30:29.0377 7984 Netaapl - ok 14:30:29.0381 7984 NetBIOS - ok 14:30:29.0385 7984 NetBT - ok 14:30:29.0389 7984 Netlogon - ok 14:30:29.0396 7984 Netman - ok 14:30:29.0405 7984 NetMsmqActivator - ok 14:30:29.0410 7984 NetPipeActivator - ok 14:30:29.0414 7984 netprofm - ok 14:30:29.0417 7984 NetTcpActivator - ok 14:30:29.0421 7984 NetTcpPortSharing - ok 14:30:29.0425 7984 NETw5s64 - ok 14:30:29.0428 7984 nfrd960 - ok 14:30:29.0432 7984 NlaSvc - ok 14:30:29.0436 7984 nlsX86cc - ok 14:30:29.0439 7984 Npfs - ok 14:30:29.0443 7984 nsi - ok 14:30:29.0446 7984 nsiproxy - ok 14:30:29.0451 7984 Ntfs - ok 14:30:29.0455 7984 NuidFltr - ok 14:30:29.0458 7984 Null - ok 14:30:29.0462 7984 nusb3hub - ok 14:30:29.0465 7984 nusb3xhc - ok 14:30:29.0468 7984 NVHDA - ok 14:30:29.0472 7984 nvlddmkm - ok 14:30:29.0476 7984 nvraid - ok 14:30:29.0479 7984 nvstor - ok 14:30:29.0483 7984 nvsvc - ok 14:30:29.0487 7984 nv_agp - ok 14:30:29.0490 7984 odserv - ok 14:30:29.0494 7984 ohci1394 - ok 14:30:29.0497 7984 ose - ok 14:30:29.0505 7984 osppsvc - ok 14:30:29.0510 7984 p2pimsvc - ok 14:30:29.0514 7984 p2psvc - ok 14:30:29.0517 7984 Parport - ok 14:30:29.0521 7984 partmgr - ok 14:30:29.0524 7984 PcaSvc - ok 14:30:29.0528 7984 pci - ok 14:30:29.0531 7984 pciide - ok 14:30:29.0535 7984 pcmcia - ok 14:30:29.0539 7984 PCTCore - ok 14:30:29.0543 7984 pctDS - ok 14:30:29.0547 7984 pctEFA - ok 14:30:29.0550 7984 pcw - ok 14:30:29.0553 7984 PEAUTH - ok 14:30:29.0556 7984 PeerDistSvc - ok 14:30:29.0561 7984 PerfHost - ok 14:30:29.0570 7984 pla - ok 14:30:29.0581 7984 PlugPlay - ok 14:30:29.0584 7984 PNRPAutoReg - ok 14:30:29.0587 7984 PNRPsvc - ok 14:30:29.0590 7984 Point64 - ok 14:30:29.0593 7984 PolicyAgent - ok 14:30:29.0597 7984 Power - ok 14:30:29.0600 7984 PptpMiniport - ok 14:30:29.0603 7984 Processor - ok 14:30:29.0608 7984 ProfSvc - ok 14:30:29.0611 7984 ProtectedStorage - ok 14:30:29.0614 7984 Psched - ok 14:30:29.0616 7984 PSI_SVC_2 - ok 14:30:29.0620 7984 PxHlpa64 - ok 14:30:29.0623 7984 qicflt - ok 14:30:29.0627 7984 ql2300 - ok 14:30:29.0630 7984 ql40xx - ok 14:30:29.0634 7984 QWAVE - ok 14:30:29.0637 7984 QWAVEdrv - ok 14:30:29.0640 7984 RAMDiskVE - ok 14:30:29.0643 7984 RasAcd - ok 14:30:29.0646 7984 RasAgileVpn - ok 14:30:29.0649 7984 RasAuto - ok 14:30:29.0652 7984 Rasl2tp - ok 14:30:29.0654 7984 RasMan - ok 14:30:29.0657 7984 RasPppoe - ok 14:30:29.0660 7984 RasSstp - ok 14:30:29.0663 7984 rdbss - ok 14:30:29.0666 7984 rdpbus - ok 14:30:29.0669 7984 RDPCDD - ok 14:30:29.0673 7984 RDPDR - ok 14:30:29.0677 7984 RDPENCDD - ok 14:30:29.0682 7984 RDPREFMP - ok 14:30:29.0687 7984 RDPWD - ok 14:30:29.0690 7984 rdyboost - ok 14:30:29.0695 7984 RemoteAccess - ok 14:30:29.0699 7984 RemoteRegistry - ok 14:30:29.0703 7984 Revoflt - ok 14:30:29.0707 7984 RFCOMM - ok 14:30:29.0710 7984 RpcEptMapper - ok 14:30:29.0715 7984 RpcLocator - ok 14:30:29.0718 7984 RpcSs - ok 14:30:29.0722 7984 rspndr - ok 14:30:29.0725 7984 RTL8167 - ok 14:30:29.0728 7984 s3cap - ok 14:30:29.0731 7984 SamSs - ok 14:30:29.0734 7984 SASDIFSV - ok 14:30:29.0737 7984 SASKUTIL - ok 14:30:29.0740 7984 sbp2port - ok 14:30:29.0745 7984 SCardSvr - ok 14:30:29.0748 7984 scfilter - ok 14:30:29.0751 7984 Schedule - ok 14:30:29.0754 7984 SCPolicySvc - ok 14:30:29.0758 7984 sdAuxService - ok 14:30:29.0761 7984 sdCoreService - ok 14:30:29.0765 7984 SDRSVC - ok 14:30:29.0767 7984 SeagateDashboardService - ok 14:30:29.0770 7984 secdrv - ok 14:30:29.0773 7984 seclogon - ok 14:30:29.0777 7984 SENS - ok 14:30:29.0780 7984 SensrSvc - ok 14:30:29.0784 7984 Serenum - ok 14:30:29.0787 7984 Serial - ok 14:30:29.0790 7984 sermouse - ok 14:30:29.0798 7984 SessionEnv - ok 14:30:29.0801 7984 sffdisk - ok 14:30:29.0804 7984 sffp_mmc - ok 14:30:29.0807 7984 sffp_sd - ok 14:30:29.0810 7984 sfloppy - ok 14:30:29.0815 7984 ShellHWDetection - ok 14:30:29.0818 7984 SiSRaid2 - ok 14:30:29.0821 7984 SiSRaid4 - ok 14:30:29.0826 7984 SmartDefragDriver - ok 14:30:29.0830 7984 Smb - ok 14:30:29.0834 7984 SmcService - ok 14:30:29.0841 7984 SNAC - ok 14:30:29.0845 7984 SNMPTRAP - ok 14:30:29.0848 7984 spldr - ok 14:30:29.0851 7984 Spooler - ok 14:30:29.0853 7984 sppsvc - ok 14:30:29.0856 7984 sppuinotify - ok 14:30:29.0859 7984 SRTSP - ok 14:30:29.0862 7984 SRTSPL - ok 14:30:29.0865 7984 SRTSPX - ok 14:30:29.0868 7984 srv - ok 14:30:29.0870 7984 srv2 - ok 14:30:29.0873 7984 srvnet - ok 14:30:29.0876 7984 SSDPSRV - ok 14:30:29.0880 7984 SstpSvc - ok 14:30:29.0883 7984 stdcfltn - ok 14:30:29.0893 7984 Stereo Service - ok 14:30:29.0897 7984 stexstor - ok 14:30:29.0900 7984 stisvc - ok 14:30:29.0903 7984 storflt - ok 14:30:29.0906 7984 StorSvc - ok 14:30:29.0909 7984 storvsc - ok 14:30:29.0912 7984 swenum - ok 14:30:29.0915 7984 swprv - ok 14:30:29.0917 7984 Symantec AntiVirus - ok 14:30:29.0920 7984 SymEvent - ok 14:30:29.0923 7984 SysMain - ok 14:30:29.0927 7984 TabletInputService - ok 14:30:29.0939 7984 TabletServicePen - ok 14:30:29.0943 7984 TapiSrv - ok 14:30:29.0946 7984 TBS - ok 14:30:29.0949 7984 Tcpip - ok 14:30:29.0951 7984 TCPIP6 - ok 14:30:29.0956 7984 tcpipreg - ok 14:30:29.0961 7984 TDPIPE - ok 14:30:29.0963 7984 TDTCP - ok 14:30:29.0966 7984 tdx - ok 14:30:29.0969 7984 TeamViewer7 - ok 14:30:29.0973 7984 TermDD - ok 14:30:29.0977 7984 TermService - ok 14:30:29.0980 7984 Themes - ok 14:30:29.0983 7984 THREADORDER - ok 14:30:29.0986 7984 TouchServicePen - ok 14:30:29.0988 7984 TrkWks - ok 14:30:29.0991 7984 TrustedInstaller - ok 14:30:29.0996 7984 tssecsrv - ok 14:30:29.0999 7984 tunnel - ok 14:30:30.0002 7984 TurboB - ok 14:30:30.0005 7984 TurboBoost - ok 14:30:30.0008 7984 uagp35 - ok 14:30:30.0011 7984 udfs - ok 14:30:30.0014 7984 ufad-ws60 - ok 14:30:30.0020 7984 UI0Detect - ok 14:30:30.0023 7984 uliagpkx - ok 14:30:30.0026 7984 umbus - ok 14:30:30.0029 7984 UmPass - ok 14:30:30.0033 7984 UmRdpService - ok 14:30:30.0037 7984 UnlockerDriver5 - ok 14:30:30.0040 7984 upnphost - ok 14:30:30.0044 7984 USBAAPL64 - ok 14:30:30.0048 7984 usbccgp - ok 14:30:30.0051 7984 usbcir - ok 14:30:30.0055 7984 usbehci - ok 14:30:30.0058 7984 usbhub - ok 14:30:30.0061 7984 usbohci - ok 14:30:30.0064 7984 usbprint - ok 14:30:30.0067 7984 USBSTOR - ok 14:30:30.0069 7984 usbuhci - ok 14:30:30.0072 7984 usbvideo - ok 14:30:30.0075 7984 UxSms - ok 14:30:30.0078 7984 VaultSvc - ok 14:30:30.0081 7984 VBoxDrv - ok 14:30:30.0084 7984 VBoxNetAdp - ok 14:30:30.0086 7984 VBoxNetFlt - ok 14:30:30.0089 7984 VBoxUSBMon - ok 14:30:30.0093 7984 VClone - ok 14:30:30.0095 7984 vdrvroot - ok 14:30:30.0098 7984 vds - ok 14:30:30.0101 7984 vga - ok 14:30:30.0104 7984 VgaSave - ok 14:30:30.0107 7984 vhdmp - ok 14:30:30.0110 7984 viaide - ok 14:30:30.0113 7984 VMAuthdService - ok 14:30:30.0116 7984 vmbus - ok 14:30:30.0119 7984 VMBusHID - ok 14:30:30.0122 7984 vmci - ok 14:30:30.0125 7984 vmkbd - ok 14:30:30.0128 7984 vmm - ok 14:30:30.0131 7984 VMnetAdapter - ok 14:30:30.0135 7984 VMnetBridge - ok 14:30:30.0139 7984 VMnetDHCP - ok 14:30:30.0143 7984 VMnetuserif - ok 14:30:30.0146 7984 vmusb - ok 14:30:30.0149 7984 VMUSBArbService - ok 14:30:30.0154 7984 VMware NAT Service - ok 14:30:30.0158 7984 vmx86 - ok 14:30:30.0161 7984 volmgr - ok 14:30:30.0163 7984 volmgrx - ok 14:30:30.0166 7984 volsnap - ok 14:30:30.0169 7984 VPCNetS2 - ok 14:30:30.0172 7984 vsmraid - ok 14:30:30.0175 7984 VSS - ok 14:30:30.0178 7984 vstor2-ws60 - ok 14:30:30.0181 7984 vwifibus - ok 14:30:30.0184 7984 vwififlt - ok 14:30:30.0187 7984 vwifimp - ok 14:30:30.0199 7984 W32Time - ok 14:30:30.0203 7984 wacmoumonitor - ok 14:30:30.0206 7984 wacommousefilter - ok 14:30:30.0209 7984 WacomPen - ok 14:30:30.0212 7984 wacomvhid - ok 14:30:30.0215 7984 WANARP - ok 14:30:30.0218 7984 Wanarpv6 - ok 14:30:30.0222 7984 WatAdminSvc - ok 14:30:30.0225 7984 wbengine - ok 14:30:30.0228 7984 WbioSrvc - ok 14:30:30.0231 7984 wcncsvc - ok 14:30:30.0234 7984 WcsPlugInService - ok 14:30:30.0237 7984 Wd - ok 14:30:30.0240 7984 WDC_SAM - ok 14:30:30.0243 7984 Wdf01000 - ok 14:30:30.0246 7984 WdiServiceHost - ok 14:30:30.0249 7984 WdiSystemHost - ok 14:30:30.0252 7984 WebClient - ok 14:30:30.0255 7984 Wecsvc - ok 14:30:30.0258 7984 wercplsupport - ok 14:30:30.0261 7984 WerSvc - ok 14:30:30.0264 7984 WfpLwf - ok 14:30:30.0267 7984 WGX - ok 14:30:30.0270 7984 WIMMount - ok 14:30:30.0276 7984 WinHttpAutoProxySvc - ok 14:30:30.0279 7984 Winmgmt - ok 14:30:30.0282 7984 WinRM - ok 14:30:30.0288 7984 WinUsb - ok 14:30:30.0292 7984 Wlansvc - ok 14:30:30.0295 7984 wlcrasvc - ok 14:30:30.0298 7984 wlidsvc - ok 14:30:30.0302 7984 WmiAcpi - ok 14:30:30.0306 7984 wmiApSrv - ok 14:30:30.0309 7984 WMPNetworkSvc - ok 14:30:30.0313 7984 WPCSvc - ok 14:30:30.0316 7984 WPDBusEnum - ok 14:30:30.0319 7984 ws2ifsl - ok 14:30:30.0323 7984 WSearch - ok 14:30:30.0327 7984 wuauserv - ok 14:30:30.0330 7984 WudfPf - ok 14:30:30.0334 7984 WUDFRd - ok 14:30:30.0337 7984 wudfsvc - ok 14:30:30.0340 7984 WwanSvc - ok 14:30:30.0359 7984 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0 14:30:30.0781 7984 \Device\Harddisk0\DR0 - ok 14:30:30.0783 7984 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1 14:30:31.0461 7984 \Device\Harddisk1\DR1 - ok 14:30:31.0466 7984 MBR (0x1B8) (f06a21302510bdf961217702b21b1bbc) \Device\Harddisk2\DR0 14:30:31.0513 7984 \Device\Harddisk2\DR0 - ok 14:30:31.0515 7984 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk3\DR2 14:30:31.0649 7984 \Device\Harddisk3\DR2 - ok 14:30:31.0652 7984 Boot (0x1200) (44588e89264bd22cd4a46d3c6d3982e8) \Device\Harddisk2\DR0\Partition0 14:30:31.0652 7984 \Device\Harddisk2\DR0\Partition0 - ok 14:30:31.0656 7984 Boot (0x1200) (fff57aa4b02c6ca325b81aaa04be2657) \Device\Harddisk3\DR2\Partition0 14:30:31.0657 7984 \Device\Harddisk3\DR2\Partition0 - ok 14:30:31.0658 7984 ============================================================ 14:30:31.0658 7984 Scan finished 14:30:31.0658 7984 ============================================================ 14:30:31.0668 4324 Detected object count: 0 14:30:31.0668 4324 Actual detected object count: 0
  2. I have removed utorrent. Please proceed. Thanks again, Gus
  3. Hi all, This morning my computer started acting slow and when I try to use google chrome, it takes me to random sites. I ran MalwareBytes quick scan but it didn't find anything. I ran Spybot and SuperAntispyware but they come out clean as well. This is the DDS log: . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.0.0 Run by GRevolorio at 11:00:32 on 2012-05-16 Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.16316.10512 [GMT -4:00] . SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Program Files\Tablet\Pen\Pen_TouchService.exe C:\Windows\system32\WUDFHost.exe C:\Windows\SYSTEM32\WISPTIS.EXE C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe C:\Windows\System32\spoolsv.exe C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe C:\Windows\SysWOW64\nlssrv32.exe C:\Program Files (x86)\Microsoft Garage\Mouse without Borders\MouseWithoutBorders.exe c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe C:\Program Files (x86)\Microsoft Garage\Mouse without Borders\MouseWithoutBorders.exe C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe C:\Program Files\Tablet\Pen\Pen_Tablet.exe C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe C:\Windows\SysWOW64\vmnat.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\SYSTEM32\WISPTIS.EXE C:\Windows\system32\taskhost.exe C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe C:\Windows\SysWOW64\vmnetdhcp.exe C:\Program Files\Tablet\Pen\Pen_TabletUser.exe C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe C:\Program Files\Tablet\Pen\Pen_TouchUser.exe C:\Program Files\Tablet\Pen\Pen_Tablet.exe C:\Windows\system32\svchost.exe -k bthsvcs C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe C:\Program Files (x86)\TeamViewer\Version7\tv_x64.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SmcGui.exe C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe C:\Program Files\Microsoft IntelliType Pro\itype.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe C:\Users\grevolorio\AppData\Roaming\googleoez.exe C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe C:\Windows\system32\conhost.exe C:\Program Files (x86)\Microsoft Garage\Mouse without Borders\DDHelper.exe C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe C:\Users\grevolorio\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe C:\Program Files (x86)\Launchy\Launchy.exe C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe C:\Program Files (x86)\MyLifeOrganized.net\MLO\mlo.exe C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files (x86)\iTunes\iTunes.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe C:\Windows\system32\conhost.exe C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe C:\Windows\system32\wuauclt.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\ATH.exe C:\Windows\system32\conhost.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe C:\Windows\system32\conhost.exe C:\Program Files (x86)\Nero\Update\NASvc.exe C:\Windows\system32\svchost.exe -k SDRSVC C:\Program Files\xplorer2\xplorer2_64.exe C:\Users\grevolorio\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\grevolorio\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\grevolorio\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\grevolorio\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\grevolorio\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\grevolorio\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\grevolorio\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\grevolorio\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\grevolorio\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\grevolorio\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\grevolorio\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\SysWOW64\ping.exe C:\Windows\system32\conhost.exe C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE C:\Users\grevolorio\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\grevolorio\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\SysWOW64\ping.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\ping.exe C:\Windows\system32\conhost.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ uSearch Bar = Preserve uInternet Settings,ProxyOverride = localhost; 127.0.0.1; <local> BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: LastPass Browser Helper Object: {95d9ecf5-2a4d-4550-be49-70d42f71296e} - C:\Program Files (x86)\LastPass\LPBar.dll BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL BHO: CutePDF Form Filler Helper: {d41289f2-69c6-417b-897e-c653d677cbaf} - C:\Program Files (x86)\Acro Software\CutePDF Pro\CPFillerCo.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar.dll TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll uRun: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" uRun: [WinSnap] "C:\Program Files\WinSnap\WinSnap.exe" /startup uRun: [Google] C:\Users\grevolorio\AppData\Roaming\googleoez.exe mRun: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe" mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" mRun: [Google Desktop Search] "C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe" /startup mRun: [unlockerAssistant] "C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe" mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [<NO NAME>] mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" StartupFolder: C:\Users\GREVOL~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\BHODEM~1.LNK - C:\Program Files (x86)\BHODemon 2\BHODemon.exe StartupFolder: C:\Users\GREVOL~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\grevolorio\AppData\Roaming\Dropbox\bin\Dropbox.exe StartupFolder: C:\Users\GREVOL~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EVERNO~1.LNK - C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe StartupFolder: C:\Users\GREVOL~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Launchy.lnk - C:\Program Files (x86)\Launchy\Launchy.exe StartupFolder: C:\Users\GREVOL~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MYLIFE~1.LNK - C:\Program Files (x86)\MyLifeOrganized.net\MLO\mlo.exe StartupFolder: C:\Users\GREVOL~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~2.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE StartupFolder: C:\Users\GREVOL~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\VPNGUI~1.LNK - C:\Windows\Installer\{467D5E81-8349-4892-9E81-C3674ED8E451}\Icon09DB8A851.exe uPolicies-system: HideLogonScripts = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: PromptOnSecureDesktop = 0 (0x0) mPolicies-system: EnableLinkedConnections = 1 (0x1) mPolicies-system: DisableCAD = 1 (0x1) dPolicies-system: HideLegacyLogonScripts = 1 (0x1) dPolicies-system: HideLogonScripts = 1 (0x1) dPolicies-system: HideLogoffScripts = 1 (0x1) IE: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 IE: LastPass - file://C:\Program Files (x86)\LastPass\context.html?cmd=lastpass IE: LastPass Fill Forms - file://C:\Program Files (x86)\LastPass\context.html?cmd=fillforms IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html IE: {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm IE: {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files (x86)\Fiddler2\Fiddler.exe" IE: {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Program Files (x86)\PlotSoft\PDFill\DownloadPDF.exe IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL LSP: mswsock.dll LSP: C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll Trusted Zone: calshr01 Trusted Zone: emmarx.com\reports DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab DPF: {CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/1.4/jinstall-14_07-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100 TCP: DhcpNameServer = 10.1.2.20 10.1.2.19 TCP: Interfaces\{1CC5E133-5EFA-45B6-95E6-3BEBD35BCB03} : NameServer = 208.67.222.222,208.67.220.220 TCP: Interfaces\{1CC5E133-5EFA-45B6-95E6-3BEBD35BCB03} : DhcpNameServer = 10.1.2.20 10.1.2.19 TCP: Interfaces\{29AFB5A5-9D29-441F-A64B-D2DC0F50AA0C} : DhcpNameServer = 172.16.206.215 172.16.206.215 Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL AppInit_DLLs: C:\PROGRA~2\Google\GOOGLE~2\GO36F4~1.DLL mASetup: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache BHO-X64: ContributeBHO Class: {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll BHO-X64: RoboForm - No File BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: LastPass Browser Helper Object: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar.dll BHO-X64: LastPass Browser Helper Object - No File BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll BHO-X64: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO-X64: SkypeIEPluginBHO - No File BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL BHO-X64: URLRedirectionBHO - No File BHO-X64: CutePDF Form Filler Helper: {D41289F2-69C6-417B-897E-C653D677CBAF} - C:\Program Files (x86)\Acro Software\CutePDF Pro\CPFillerCo.dll BHO-X64: CutePDF Form Filler - No File BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll BHO-X64: SmartSelect - No File TB-X64: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar.dll TB-X64: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll TB-X64: Contribute Toolbar: {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll mRun-x64: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe" mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" mRun-x64: [Google Desktop Search] "C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe" /startup mRun-x64: [unlockerAssistant] "C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe" mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun-x64: [(Default)] mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" IE-X64: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html IE-X64: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html IE-X64: {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html IE-X64: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm IE-X64: {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files (x86)\Fiddler2\Fiddler.exe" IE-X64: {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Program Files (x86)\PlotSoft\PDFill\DownloadPDF.exe AppInit_DLLs-X64: C:\PROGRA~2\Google\GOOGLE~2\GO36F4~1.DLL Hosts: 127.0.0.1 www.spywareinfo.com . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\grevolorio\AppData\Roaming\Mozilla\Firefox\Profiles\5nju9yau.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - about:home FF - prefs.js: network.proxy.http - 127.0.0.1 FF - prefs.js: network.proxy.http_port - 8118 FF - prefs.js: network.proxy.type - 0 FF - component: C:\Users\grevolorio\AppData\Roaming\Mozilla\Firefox\Profiles\5nju9yau.default\extensions\support@lastpass.com\platform\WINNT_x86-msvc\components\lpxpcom.dll FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll FF - plugin: C:\Program Files (x86)\TabletPlugins\npwacom.dll FF - plugin: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll FF - plugin: C:\Users\grevolorio\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll FF - plugin: C:\Users\grevolorio\AppData\Roaming\Mozilla\Firefox\Profiles\5nju9yau.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}\plugins\npietab2.dll FF - plugin: C:\Users\grevolorio\AppData\Roaming\Mozilla\Firefox\Profiles\5nju9yau.default\extensions\LogMeInClient@logmein.com\plugins\npRACtrl.dll . ============= SERVICES / DRIVERS =============== . R0 NBVol;Nero Backup Volume Filter Driver;C:\Windows\system32\DRIVERS\NBVol.sys --> C:\Windows\system32\DRIVERS\NBVol.sys [?] R0 NBVolUp;Nero Backup Volume Upper Filter Driver;C:\Windows\system32\DRIVERS\NBVolUp.sys --> C:\Windows\system32\DRIVERS\NBVolUp.sys [?] R0 PCTCore;PCTools KDS;C:\Windows\system32\drivers\PCTCore64.sys --> C:\Windows\system32\drivers\PCTCore64.sys [?] R0 pctDS;PC Tools Data Store;C:\Windows\system32\drivers\pctDS64.sys --> C:\Windows\system32\drivers\pctDS64.sys [?] R0 pctEFA;PC Tools Extended File Attributes;C:\Windows\system32\drivers\pctEFA64.sys --> C:\Windows\system32\drivers\pctEFA64.sys [?] R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?] R0 SmartDefragDriver;SmartDefragDriver;C:\Windows\system32\Drivers\SmartDefragDriver.sys --> C:\Windows\system32\Drivers\SmartDefragDriver.sys [?] R0 stdcfltn;Disk Class Filter Driver for Accelerometer;C:\Windows\system32\DRIVERS\stdcfltn.sys --> C:\Windows\system32\DRIVERS\stdcfltn.sys [?] R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928] R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?] R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2011-7-18 140672] R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928] R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2010-12-8 375176] R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2010-9-17 15928] R2 LMIRfsDriver;LogMeIn Remote File System Driver;\??\C:\Windows\system32\drivers\LMIRfsDriver.sys --> C:\Windows\system32\drivers\LMIRfsDriver.sys [?] R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-11-25 687400] R2 nlsX86cc;Nalpeiron Licensing Service;C:\Windows\System32\nlssrv32.exe [2011-1-21 64512] R2 SeagateDashboardService;Seagate Dashboard Service;C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe [2011-6-1 14088] R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-8-25 235624] R2 Symantec AntiVirus;Symantec Endpoint Protection;C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe [2009-4-1 2440120] R2 TabletServicePen;TabletServicePen;C:\Program Files\Tablet\Pen\Pen_Tablet.exe [2012-2-23 6583160] R2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-3-19 2666880] R2 TouchServicePen;Wacom Consumer Touch Service;C:\Program Files\Tablet\Pen\Pen_TouchService.exe [2012-2-23 528760] R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?] R2 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe [2010-11-11 539248] R3 Acceler;Accelerometer Service;C:\Windows\system32\DRIVERS\Accelern.sys --> C:\Windows\system32\DRIVERS\Accelern.sys [?] R3 applebmt;Apple Wireless Mouse;C:\Windows\system32\DRIVERS\applebmt.sys --> C:\Windows\system32\DRIVERS\applebmt.sys [?] R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-1-26 132656] R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETw5s64.sys --> C:\Windows\system32\DRIVERS\NETw5s64.sys [?] R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?] R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?] R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?] R3 qicflt;upper Device Filter Driver;C:\Windows\system32\DRIVERS\qicflt.sys --> C:\Windows\system32\DRIVERS\qicflt.sys [?] R3 RAMDiskVE;RAMDiskVE;C:\Windows\system32\Drivers\RAMDiskVE.sys --> C:\Windows\system32\Drivers\RAMDiskVE.sys [?] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?] R3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?] R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?] R3 wacmoumonitor;Wacom Mode Helper;C:\Windows\system32\DRIVERS\wacmoumonitor.sys --> C:\Windows\system32\DRIVERS\wacmoumonitor.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-8-4 136176] S2 MouseWithoutBordersSvc;Mouse without Borders Service;C:\Program Files (x86)\Microsoft Garage\Mouse without Borders\MouseWithoutBordersSvc.exe [2011-9-19 17920] S3 Adobe Version Cue CS4;Adobe Version Cue CS4;C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-8-15 284016] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-13 253088] S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-8-17 1038088] S3 glavcam;BW Microscope;C:\Windows\System32\drivers\glavcam.sys [2011-3-2 80000] S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [2011-8-23 30192] S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-8-4 136176] S3 JMCR;JMCR;C:\Windows\system32\DRIVERS\jmcr.sys --> C:\Windows\system32\DRIVERS\jmcr.sys [?] S3 motandroidusb;Mot ADB Interface Driver;C:\Windows\system32\Drivers\motoandroid.sys --> C:\Windows\system32\Drivers\motoandroid.sys [?] S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\system32\DRIVERS\netaapl64.sys --> C:\Windows\system32\DRIVERS\netaapl64.sys [?] S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184] S3 Revoflt;Revoflt;C:\Windows\system32\DRIVERS\revoflt.sys --> C:\Windows\system32\DRIVERS\revoflt.sys [?] S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992] S3 TurboBoost;TurboBoost;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2009-11-2 126352] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?] S4 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2011-5-27 98208] S4 CronService;Cron Service for Prey;C:\Prey\platform\windows\cronsvc.exe [2011-2-15 19968] S4 MotoHelper;MotoHelper Service;C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2011-12-6 214896] S4 msvsmon80;Visual Studio 2005 Remote Debugger;C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x64\msvsmon.exe [2005-9-23 4476096] S4 sdAuxService;PC Tools Auxiliary Service;C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe [2011-4-26 366840] S4 sdCoreService;PC Tools Security Service;C:\Program Files (x86)\PC Tools Security\pctsSvc.exe [2011-4-26 1150936] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] . =============== File Associations =============== . .txt=SigilTXT . =============== Created Last 30 ================ . 2012-05-16 14:51:51 -------- d-----w- C:\Program Files (x86)\BHODemon 2 2012-05-15 20:17:46 102400 ------w- C:\Users\grevolorio\AppData\Roaming\googleoez.exe 2012-05-10 18:32:56 75632 ----a-w- C:\Windows\System32\drivers\partmgr.sys 2012-05-10 18:32:53 1895280 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2012-05-10 18:32:51 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll 2012-05-10 18:32:51 1732096 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL 2012-05-10 18:32:51 1367552 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll 2012-05-10 18:32:50 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll 2012-05-10 18:32:50 1393664 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll 2012-05-08 20:36:19 -------- d-----w- C:\Users\grevolorio\AppData\Roaming\SUPERAntiSpyware.com 2012-05-08 20:35:57 -------- d-----w- C:\ProgramData\!SASCORE 2012-05-07 16:35:59 -------- d-----w- C:\Users\grevolorio\AppData\Local\Nero_AG 2012-05-07 12:33:21 8917360 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{366E680E-86A9-4541-9805-3C4E03346FB7}\mpengine.dll 2012-05-02 18:11:38 -------- d-----w- C:\Program Files (x86)\Loaris 2012-05-02 17:42:44 -------- d-----w- C:\Program Files (x86)\Startup Optimizer 2012-05-01 13:50:56 -------- d-----w- C:\Users\grevolorio\AppData\Roaming\Digiarty 2012-05-01 12:36:35 -------- d-----w- C:\Users\grevolorio\AppData\Local\Nero 2012-04-30 21:18:45 -------- d-----w- C:\ProgramData\Nero 2012-04-30 21:11:25 15920 ----a-w- C:\Windows\System32\drivers\NBVolUp.sys 2012-04-30 21:11:03 72240 ----a-w- C:\Windows\System32\drivers\NBVol.sys 2012-04-30 21:11:03 -------- d-----w- C:\Program Files (x86)\Nero 2012-04-30 21:10:22 470880 ----a-w- C:\Windows\SysWow64\d3dx10_43.dll 2012-04-30 21:10:22 248672 ----a-w- C:\Windows\SysWow64\d3dx11_43.dll 2012-04-30 21:10:22 1868128 ----a-w- C:\Windows\SysWow64\d3dcsx_43.dll 2012-04-30 21:09:04 1974616 ----a-w- C:\Windows\SysWow64\D3DCompiler_42.dll 2012-04-30 21:07:49 1892184 ----a-w- C:\Windows\SysWow64\D3DX9_42.dll 2012-04-30 21:06:34 4379984 ----a-w- C:\Windows\SysWow64\D3DX9_40.dll 2012-04-30 21:05:14 3727720 ----a-w- C:\Windows\SysWow64\d3dx9_35.dll 2012-04-30 21:03:51 3497832 ----a-w- C:\Windows\SysWow64\d3dx9_34.dll 2012-04-30 19:17:29 -------- d-----w- C:\Program Files (x86)\Trend Micro 2012-04-30 18:26:03 -------- d-----w- C:\ProgramData\boost_interprocess 2012-04-30 18:26:00 40960 ----a-w- C:\Windows\SysWow64\SSubTmr6.dll 2012-04-30 18:26:00 15360 ----a-w- C:\Windows\SysWow64\inetfr.DLL 2012-04-30 18:26:00 119568 ----a-w- C:\Windows\SysWow64\VB6FR.DLL 2012-04-30 18:26:00 115920 ----a-w- C:\Windows\SysWow64\msinet.OCX 2012-04-30 18:25:59 32768 ----a-w- C:\Windows\SysWow64\CMDLGFR.DLL 2012-04-30 18:25:59 141312 ----a-w- C:\Windows\SysWow64\MSCMCFR.DLL 2012-04-30 18:25:59 -------- d-----w- C:\Users\grevolorio\AppData\Roaming\FreeBurner 2012-04-30 16:56:36 175616 ----a-w- C:\Windows\SysWow64\unrar.dll 2012-04-30 16:56:33 -------- d-----w- C:\Program Files (x86)\K-Lite Codec Pack 2012-04-30 15:40:38 -------- d-----w- C:\DVDTemp 2012-04-25 15:40:13 -------- d-----w- C:\Users\grevolorio\AppData\Roaming\VTC Preferences Folder 2012-04-17 12:56:54 -------- d-----w- C:\Users\grevolorio\AppData\Roaming\Foxit Software . ==================== Find3M ==================== . 2012-04-30 18:11:41 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-04-30 18:11:41 418464 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-04-04 19:56:40 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-04-02 05:34:04 5504880 ----a-w- C:\Windows\System32\ntoskrnl.exe 2012-04-02 04:46:44 3958128 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2012-04-02 04:46:44 3902320 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2012-04-02 03:01:19 3143680 ----a-w- C:\Windows\System32\win32k.sys 2012-03-03 06:29:57 1541120 ----a-w- C:\Windows\System32\DWrite.dll 2012-03-03 06:29:42 320512 ----a-w- C:\Windows\System32\d3d10_1core.dll 2012-03-03 06:29:42 197120 ----a-w- C:\Windows\System32\d3d10_1.dll 2012-03-03 06:29:42 1837568 ----a-w- C:\Windows\System32\d3d10warp.dll 2012-03-03 06:29:41 902656 ----a-w- C:\Windows\System32\d2d1.dll 2012-03-03 05:40:21 1074176 ----a-w- C:\Windows\SysWow64\DWrite.dll 2012-03-03 05:40:10 1170944 ----a-w- C:\Windows\SysWow64\d3d10warp.dll 2012-03-03 05:40:09 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll 2012-03-03 05:40:09 218624 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll 2012-03-03 05:40:09 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll 2012-03-01 06:54:38 22896 ----a-w- C:\Windows\System32\drivers\fs_rec.sys 2012-03-01 06:45:41 220672 ----a-w- C:\Windows\System32\wintrust.dll 2012-03-01 06:40:14 80896 ----a-w- C:\Windows\System32\imagehlp.dll 2012-03-01 06:35:16 5120 ----a-w- C:\Windows\System32\wmi.dll 2012-03-01 05:49:05 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll 2012-03-01 05:45:05 158720 ----a-w- C:\Windows\SysWow64\imagehlp.dll 2012-03-01 05:40:44 5120 ----a-w- C:\Windows\SysWow64\wmi.dll 2012-02-28 06:56:48 2311168 ----a-w- C:\Windows\System32\jscript9.dll 2012-02-28 06:49:56 1390080 ----a-w- C:\Windows\System32\wininet.dll 2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl 2012-02-28 06:42:55 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll 2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-02-28 01:03:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-02-23 14:18:36 279656 ------w- C:\Windows\System32\MpSigStub.exe 2012-01-30 13:55:36 14534176 ----a-w- C:\Program Files (x86)\Common Files\lpuninstall.exe 2006-05-03 16:06:54 163328 --sha-r- C:\Windows\SysWOW64\flvDX.dll 2007-02-21 17:47:16 31232 --sha-r- C:\Windows\SysWOW64\msfDX.dll 2008-03-16 19:30:52 216064 --sha-r- C:\Windows\SysWOW64\nbDX.dll . ============= FINISH: 11:02:50.60 =============== This is the Attach.txt: . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows 7 Professional Boot Device: \Device\HarddiskVolume1 Install Date: 1/11/2011 6:56:15 AM System Uptime: 5/16/2012 10:04:00 AM (1 hours ago) . Motherboard: Dell Inc. | | 0T105W Processor: Intel® Core i7 CPU Q 740 @ 1.73GHz | U2E1 | 1734/133mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 100 GiB total, 9.182 GiB free. D: is FIXED (FAT32) - 2 GiB total, 2.003 GiB free. E: is CDROM () F: is FIXED (NTFS) - 731 GiB total, 213.528 GiB free. G: is NetworkDisk (NTFS) - 931 GiB total, 393.004 GiB free. H: is CDROM () I: is FIXED (NTFS) - 932 GiB total, 897.553 GiB free. S: is NetworkDisk (NTFS) - 547 GiB total, 126.417 GiB free. U: is NetworkDisk (NTFS) - 547 GiB total, 126.417 GiB free. . ==== Disabled Device Manager Items ============= . Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318} Description: Cisco Systems VPN Adapter for 64-bit Windows Device ID: ROOT\NET\0000 Manufacturer: Cisco Systems Name: Cisco Systems VPN Adapter for 64-bit Windows PNP Device ID: ROOT\NET\0000 Service: CVirtA . Class GUID: Description: Bluetooth Peripheral Device Device ID: BTHENUM\{936DA01F-9ABD-4D9D-80C7-02AF85C822A8}_VID&0002000A_PID&0000\9&22CA339C&0&40FC89822827_C00000000 Manufacturer: Name: Bluetooth Peripheral Device PNP Device ID: BTHENUM\{936DA01F-9ABD-4D9D-80C7-02AF85C822A8}_VID&0002000A_PID&0000\9&22CA339C&0&40FC89822827_C00000000 Service: . Class GUID: Description: Bluetooth Peripheral Device Device ID: BTHENUM\{453994D5-D58B-96F9-6616-B37F586BA2EC}_VID&0002000A_PID&0000\9&22CA339C&0&40FC89822827_C00000000 Manufacturer: Name: Bluetooth Peripheral Device PNP Device ID: BTHENUM\{453994D5-D58B-96F9-6616-B37F586BA2EC}_VID&0002000A_PID&0000\9&22CA339C&0&40FC89822827_C00000000 Service: . ==== System Restore Points =================== . No restore point in system. . ==== Installed Programs ====================== . Update for Microsoft Office 2007 (KB2508958) µTorrent AccelerometerP11 Acrobat.com Adobe Acrobat X Pro - English, Français, Deutsch Adobe After Effects CS4 Adobe After Effects CS4 Presets Adobe After Effects CS4 Third Party Content Adobe AIR Adobe Anchor Service CS4 Adobe Asset Services CS4 Adobe Bridge CS4 Adobe CMaps CS4 Adobe Color - Photoshop Specific CS4 Adobe Color EU Extra Settings CS4 Adobe Color JA Extra Settings CS4 Adobe Color NA Recommended Settings CS4 Adobe Color Video Profiles AE CS4 Adobe Color Video Profiles CS CS4 Adobe Contribute CS4 Adobe Creative Suite 4 Master Collection Adobe CS4 American English Speech Analysis Models Adobe CSI CS4 Adobe Default Language CS4 Adobe Device Central CS4 Adobe Digital Editions Adobe Dreamweaver CS4 Adobe Drive CS4 Adobe Dynamiclink Support Adobe Encore CS4 Adobe Encore CS4 Codecs Adobe ExtendScript Toolkit CS4 Adobe Extension Manager CS4 Adobe Fireworks CS4 Adobe Flash CS4 Adobe Flash CS4 Extension - Flash Lite STI en Adobe Flash CS4 STI-en Adobe Flash Player 10 Plugin Adobe Fonts All Adobe Illustrator CS4 Adobe InDesign CS4 Adobe InDesign CS4 Application Feature Set Files (Roman) Adobe InDesign CS4 Common Base Files Adobe InDesign CS4 Icon Handler Adobe Linguistics CS4 Adobe LiveCycle Designer 7.1 Adobe Media Encoder CS4 Adobe Media Encoder CS4 Additional Exporter Adobe Media Encoder CS4 Dolby Adobe Media Encoder CS4 Exporter Adobe Media Encoder CS4 Importer Adobe Media Player Adobe MotionPicture Color Files CS4 Adobe OnLocation CS4 Adobe Output Module Adobe PDF Library Files CS4 Adobe Photoshop CS4 Adobe Photoshop CS4 Support Adobe Premiere Pro CS4 Adobe Premiere Pro CS4 Functional Content Adobe Premiere Pro CS4 Third Party Content Adobe Reader X (10.1.2) Adobe Search for Help Adobe Service Manager Extension Adobe Setup Adobe SGM CS4 Adobe SING CS4 Adobe Soundbooth CS4 Adobe Soundbooth CS4 Codecs Adobe Type Support CS4 Adobe Update Manager CS4 Adobe Version Cue CS4 Server Adobe WinSoft Linguistics Plugin Adobe XMP Panels CS4 AdobeColorCommonSetCMYK AdobeColorCommonSetRGB AI RoboForm Amazon Kindle Android SDK Tools Apple Application Support Apple Software Update Axiom 2012 Axosoft OnTime 2010 Windows Bamboo Dock BHODemon 2.0.0.23 BitTyrant BW Microscope calibre CDBurnerXP ClipX Color Picker Connect Content Corel Painter 11 Corel Painter 11 - ICA Corel Painter 11 - IPM CutePDF Professional 3.3 D3DX10 Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition DiskAid 5.01 Dropbox eMedia Piano and Keyboard Method eReader Evernote v. 4.5.6 ExtraPutty 0.22 Fiddler2 FlowBreeze Standard 2.5.0.68 Foxit Reader 5.1 Google Chrome Google Desktop Google Earth Google Earth Plug-in Google Update Helper High-Definition Video Playback huey 1.0.5 iConcur Axiom for Word IconHandler 32 bit IETester v0.4.10 (remove only) iExplorer 2.2.1.3 Inkscape 0.48.1 iPhoneBrowser Java 2 Runtime Environment, SE v1.4.1_07 Java Auto Updater Java Web Start Java 6 Update 22 Java 6 Update 31 Java 7 Java SE Development Kit 7 JMicron Flash Media Controller Driver K-Lite Codec Pack 8.6.0 (Full) kuler Langauge LastPass (uninstall only) Launchy 2.5 LiveUpdate 3.3 (Symantec Corporation) Loaris Trojan Remover 1.2 LogMeIn Magic ISO Maker v5.5 (build 0265) Malwarebytes Anti-Malware version 1.61.0.1400 Manga Studio EX 4.0 Mesh Runtime Micro-Measure Microsoft .NET Compact Framework 1.0 SP3 Developer Microsoft .NET Compact Framework 2.0 Microsoft Device Emulator version 1.0 - ENU Microsoft Document Explorer 2005 Microsoft Garage Mouse without Borders Microsoft Office 2003 Web Components Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office 2010 Service Pack 1 (SP1) Microsoft Office Access MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office File Validation Add-In Microsoft Office InfoPath 2007 Microsoft Office InfoPath MUI (English) 2007 Microsoft Office OneNote 2007 Microsoft Office OneNote 2010 Microsoft Office OneNote MUI (English) 2007 Microsoft Office OneNote MUI (English) 2010 Microsoft Office Outlook Connector Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Professional Plus 2007 Microsoft Office Project 2007 Service Pack 3 (SP3) Microsoft Office Project MUI (English) 2007 Microsoft Office Project Professional 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2007 Microsoft Office Proof (French) 2010 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing (English) 2010 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Publisher MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft Office SharePoint Designer 2007 Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3) Microsoft Office SharePoint Designer MUI (English) 2007 Microsoft Office Visio 2007 Service Pack 3 (SP3) Microsoft Office Visio MUI (English) 2007 Microsoft Office Visio Professional 2007 Microsoft Office Word MUI (English) 2007 Microsoft OneNote 2010 Microsoft Robocopy GUI Microsoft Silverlight Microsoft SQL Server 2005 Microsoft SQL Server 2005 Books Online (English) (September 2007) Microsoft SQL Server 2005 Mobile [ENU] Developer Tools Microsoft SQL Server 2005 Tools Microsoft SQL Server Setup Support Files (English) Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Visual J# 2.0 Redistributable Package Microsoft Visual Studio 2005 Premier Partner Edition - ENU Microsoft Visual Studio 2005 Premier Partner Edition - ENU Service Pack 1 (KB926601) Microsoft Visual Studio 2005 Professional Edition - ENU Microsoft Visual Studio 2005 Professional Edition - ENU Service Pack 1 (KB926601) MotoHelper 2.1.32 Driver 5.2.0 MotoHelper MergeModules Mozilla Firefox 10.0.1 (x86 en-US) MSDN Library for Visual Studio 2005 MSVCRT MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MyLifeOrganized v. 3.6.1 MySQL Tools for 5.0 Nero 11 Nero 11 Disc Menus Basic Nero 11 Effects Basic Nero 11 Image Samples Nero 11 Kwik Themes Basic Nero 11 PiP Effects Basic Nero Audio Pack 1 Nero BackItUp 11 Nero BackItUp 11 Help (CHM) Nero Burning ROM 11 Nero Burning ROM 11 Help (CHM) Nero ControlCenter 11 Nero ControlCenter 11 Help (CHM) Nero Core Components 11 Nero CoverDesigner 11 Nero CoverDesigner 11 Help (CHM) Nero Express 11 Nero Express 11 Help (CHM) Nero Kwik Media Nero Kwik Media Help (CHM) Nero Recode 11 Nero Recode 11 Help (CHM) Nero RescueAgent 11 Nero RescueAgent 11 Help (CHM) Nero SoundTrax 11 Nero SoundTrax 11 Help (CHM) Nero Update Nero Video 11 Nero Video 11 Help (CHM) Nero WaveEditor 11 Nero WaveEditor 11 Help (CHM) nero.prerequisites.msi NewsBin Pro Notepad++ NVIDIA Stereoscopic 3D Driver Octoshape add-in for Adobe Flash Player openCanvas4.5e Plus OpenOffice.org 3.3 OutlookTools 2 Pandora ParetoLogic Data Recovery PDF Settings CS4 PDFill PDF Editor with FREE PDF Writer and Tools PDFill PDF Writer Photoshop Camera Raw Pixel Bender Toolkit Plex Polipo 1.0.4.1 Python 2.6 pycrypto-2.3 Qdabra InfoPath to SharePoint List Tool QuickTime RAMDisk Realtek Ethernet Controller Driver Realtek High Definition Audio Driver Recover My Files Renesas Electronics USB 3.0 Host Controller Driver Revo Uninstaller 1.92 Safari Saver2 Seagate Dashboard SeaTools for Windows Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Extended (KB2416472) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553091) Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition Security Update for Microsoft SharePoint Workspace 2010 (KB2566445) Security Update for Microsoft Visual Studio 2005 Professional Edition - ENU (KB937061) Security Update for Microsoft Visual Studio 2005 Professional Edition - ENU (KB971023) Security Update for Microsoft Visual Studio 2005 Professional Edition - ENU (KB971090) Security Update for Microsoft Visual Studio 2005 Professional Edition - ENU (KB973673) Send to OneNote 2007 Sharpener Pro 3.0 Skype Toolbars Skype™ 5.1 Smart Defrag 2 Spybot - Search & Destroy Spyware Doctor 8.0 Startup Optimizer 1.6 Suite Shared Configuration CS4 SysInfoMyWork TeamViewer 7 tools-freebsd tools-linux tools-netware tools-solaris tools-windows tools-winPre2k TopStyle (Version 3) Tor 0.2.1.30 TreeSize Professional 5.3.4 TuneWiki U2 PCAM Unlocker 1.9.1 Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2473228) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Extended (KB2468871) Update for Microsoft .NET Framework 4 Extended (KB2533523) Update for Microsoft .NET Framework 4 Extended (KB2600217) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2598306) 32-Bit Edition Update for Microsoft Office 2010 (KB2494150) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition Update for Microsoft Office 2010 (KB2566458) Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition Update for Microsoft Office Access 2007 Help (KB963663) Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office Infopath 2007 Help (KB963662) Update for Microsoft Office OneNote 2007 Help (KB963670) Update for Microsoft Office Outlook 2007 Help (KB963677) Update for Microsoft Office Powerpoint 2007 Help (KB963669) Update for Microsoft Office Project 2007 Help (KB963668) Update for Microsoft Office Publisher 2007 Help (KB963667) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Sharepoint Designer 2007 Help (KB963675) Update for Microsoft Office Visio 2007 Help (KB963666) Update for Microsoft Office Word 2007 Help (KB963665) Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition Update for Microsoft Visual Studio 2005 Premier Partner Edition - ENU (KB932232) Update for Microsoft Visual Studio 2005 Professional Edition - ENU (KB932232) Vector Magic Velvia Vision Vertus Fluid Mask 3 2.100.2-RC2 Vidalia 0.2.12 Video Enhancer 1.9.6 VirtualCloneDrive VLC media player 2.0.1 VMware Workstation WebTablet FB Plugin WebTablet IE Plugin WebTablet Netscape Plugin welcome Windows Live Communications Platform Windows Live Essentials Windows Live Installer Windows Live Mesh Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Media Player Firefox Plugin Windows Resource Kit Tools WinSCP 4.3.5 WinSnap WinX DVD Author 5.8 . ==== Event Viewer Messages From Past Week ======== . 5/9/2012 6:35:48 AM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit. 5/16/2012 8:57:04 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Visual Studio 2005 Service Pack 1 XML Editor (KB2251481). 5/16/2012 8:43:09 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Office 2007 suites (KB2596880). 5/16/2012 8:43:09 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition. 5/16/2012 8:42:49 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Office Excel 2007 (KB2597161). 5/16/2012 8:42:29 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Office Word 2007 (KB2596917). 5/16/2012 8:42:29 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2656405). 5/16/2012 8:41:39 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2598290). 5/16/2012 8:41:19 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2604121). 5/16/2012 8:40:30 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition. 5/16/2012 8:40:30 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Office 2007 suites (KB2596672). 5/16/2012 8:40:20 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Office 2007 suites (KB2597969). 5/16/2012 8:40:20 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Office 2007 suites (KB2597162). 5/16/2012 8:39:49 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Silverlight (KB2690729). 5/16/2012 8:39:49 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Office 2007 suites (KB2596792). 5/16/2012 10:11:56 AM, Error: Microsoft-Windows-TerminalServices-RemoteConnectionManager [1067] - The terminal server cannot register 'TERMSRV' Service Principal Name to be used for server authentication. The following error occured: The specified domain either does not exist or could not be contacted. . 5/16/2012 10:07:35 AM, Error: Microsoft-Windows-GroupPolicy [1129] - The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator. 5/16/2012 10:07:13 AM, Error: VDS Basic Provider [1] - Unexpected failure. Error code: 490@01010004 5/16/2012 10:05:39 AM, Error: Service Control Manager [7023] - The Windows Time service terminated with the following error: An attempt was made to logon, but the network logon service was not started. 5/16/2012 10:05:39 AM, Error: Microsoft-Windows-Time-Service [46] - The time service encountered an error and was forced to shut down. The error was: 0x80070700: An attempt was made to logon, but the network logon service was not started. 5/16/2012 10:05:26 AM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service. 5/16/2012 10:05:18 AM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed. 5/16/2012 10:05:13 AM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed. 5/16/2012 10:04:54 AM, Error: Microsoft-Windows-GroupPolicy [1055] - The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following: a) Name Resolution failure on the current domain controller. b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller). 5/16/2012 10:04:38 AM, Error: volmgr [45] - The system could not sucessfully load the crash dump driver. 5/16/2012 10:04:33 AM, Error: BTHUSB [5] - The Bluetooth driver expected an HCI event with a certain size but did not receive it. 5/15/2012 12:05:17 PM, Error: BROWSER [8020] - The browser was unable to promote itself to master browser. The computer that currently believes it is the master browser is unknown. 5/15/2012 1:48:46 PM, Error: BROWSER [8019] - The browser was unable to promote itself to master browser. The browser will continue to attempt to promote itself to the master browser, but will no longer log any events in the event log in Event Viewer. 5/14/2012 5:22:59 PM, Error: BROWSER [8009] - The browser was unable to promote itself to master browser. The computer that currently believes it is the master browser is CALPDC00. 5/14/2012 5:02:19 PM, Error: NetBT [4321] - The name "INRANGE :1d" could not be registered on the interface with IP address 10.1.2.112. The computer with the IP address 10.1.2.20 did not allow the name to be claimed by this computer. . ==== End Of File =========================== Please advise, thanks in advance for your help. Best, Gus
  4. Thank you so much!! I will let you know in a couple of days!!
  5. This is the OTL log: OTL logfile created on: 4/2/2012 3:09:08 PM - Run 3 OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\ccaracciolo\Desktop 64bit- Professional (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.96 Gb Total Physical Memory | 1.54 Gb Available Physical Memory | 51.89% Memory free 3.46 Gb Paging File | 2.09 Gb Available in Paging File | 60.53% Paging File free Paging file location(s): c:\pagefile.sys 512 512 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 212.88 Gb Total Space | 158.14 Gb Free Space | 74.28% Space Free | Partition Type: NTFS Drive D: | 20.00 Gb Total Space | 11.67 Gb Free Space | 58.37% Space Free | Partition Type: NTFS Computer Name: CCARACCIOLO1 | User Name: ccaracciolo | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) < End of report > and this is the MWare log: Malwarebytes Anti-Malware 1.60.1.1000 www.malwarebytes.org Database version: v2012.04.02.08 Windows 7 x64 NTFS Internet Explorer 8.0.7600.16385 ccaracciolo :: CCARACCIOLO1 [administrator] 4/2/2012 3:10:50 PM mbam-log-2012-04-02 (15-10-50).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 283483 Time elapsed: 2 minute(s), 53 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) The computer seems to be fine now, it displays google results as expected, no random ads so far and it is a lot faster than it was. Should I consider is clean?
  6. Done. This the ComboFix log: ComboFix 12-04-01.02 - ccaracciolo 04/02/2012 14:25:38.2.2 - x64 Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.3032.1706 [GMT -4:00] Running from: c:\users\ccaracciolo\Desktop\ComboFix.exe Command switches used :: c:\users\ccaracciolo\Desktop\CFScript.txt SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\ccaracciolo\Desktop\.lnk c:\windows\assembly\GAC_32\Desktop.ini c:\windows\assembly\GAC_64\Desktop.ini c:\windows\assembly\temp\@ c:\windows\assembly\temp\cfg.ini c:\windows\system32\dds_trash_log.cmd . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Service_STV680m . . ((((((((((((((((((((((((( Files Created from 2012-03-02 to 2012-04-02 ))))))))))))))))))))))))))))))) . . 2012-04-02 18:30 . 2012-04-02 18:30 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp 2012-04-02 18:30 . 2012-04-02 18:30 -------- d-----w- c:\users\delete\AppData\Local\temp 2012-04-02 18:30 . 2012-04-02 18:30 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-04-02 18:30 . 2012-04-02 18:30 -------- d-----w- c:\users\ccaracciolo - Copy\AppData\Local\temp 2012-04-02 18:30 . 2012-04-02 18:30 -------- d-----w- c:\users\administrator\AppData\Local\temp 2012-03-30 14:12 . 2012-03-30 14:12 -------- d-----w- c:\users\ccaracciolo\AppData\Roaming\STOPzilla! 2012-03-30 14:11 . 2012-03-30 14:43 -------- d-----w- c:\program files (x86)\STOPzilla! 2012-03-30 13:17 . 2012-03-30 13:17 -------- d-----w- c:\program files (x86)\VS Revo Group 2012-03-29 21:24 . 2012-03-30 14:14 -------- d-----w- c:\program files\STOPzilla! 2012-03-29 19:35 . 2012-01-12 13:28 57976 ----a-r- c:\windows\system32\drivers\SBREDrv.sys 2012-03-29 19:01 . 2012-04-02 15:11 -------- d-----w- C:\TDSSKiller_Quarantine 2012-03-29 17:57 . 2012-03-29 17:58 -------- d-----w- c:\program files\CCleaner 2012-03-29 15:10 . 2009-07-14 01:14 20480 ----a-w- c:\windows\backupsvchostbackup.exe 2012-03-29 14:11 . 2012-03-29 14:11 -------- d-----w- c:\users\ccaracciolo\AppData\Local\{A0E2C2E6-7918-11E1-826D-B8AC6F996F26} 2012-03-28 12:01 . 2012-03-28 12:01 -------- d-----w- c:\users\ccaracciolo\AppData\Local\{B0AADF8D-7847-11E1-826D-B8AC6F996F26} 2012-03-27 18:37 . 2012-03-27 18:37 -------- d-----w- c:\users\ccaracciolo\AppData\Local\{ADE27D14-783A-11E1-826D-B8AC6F996F26} 2012-03-27 18:30 . 2012-03-27 18:30 -------- d-sh--w- c:\windows\SysWow64\config\systemprofile\IETldCache 2012-03-27 18:29 . 2012-03-27 18:29 -------- d-----w- c:\programdata\F4D55F3B000435DB03318318A6014588 2012-03-27 18:27 . 2012-03-27 18:27 99328 ----a-w- c:\windows\system32\compgMgr64.dll 2012-03-27 18:27 . 2012-03-27 18:27 88064 ----a-w- c:\windows\SysWow64\compgMgr.dll 2012-03-26 21:41 . 2012-03-26 21:41 -------- d-sh--w- c:\windows\system32\%APPDATA% 2012-03-23 18:43 . 2012-03-23 18:43 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-03-23 18:43 . 2011-12-10 19:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-03-23 18:31 . 2012-03-30 13:27 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2012-03-23 18:31 . 2012-03-23 18:32 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2012-03-20 18:19 . 2012-03-20 18:19 -------- d-----w- c:\program files (x86)\Citrix 2012-03-20 18:18 . 2012-03-20 18:18 -------- d-----w- c:\users\ccaracciolo\AppData\Local\Apps 2012-03-20 18:18 . 2012-03-20 18:18 -------- d-----w- c:\users\ccaracciolo\AppData\Local\Deployment 2012-03-19 14:50 . 2012-03-19 14:50 -------- d-----w- c:\program files\iPod 2012-03-19 14:50 . 2012-03-19 14:51 -------- d-----w- c:\program files\iTunes 2012-03-19 14:50 . 2012-03-19 14:51 -------- d-----w- c:\program files (x86)\iTunes . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-02-15 15:01 . 2012-02-15 15:01 52736 ----a-w- c:\windows\system32\drivers\usbaapl64.sys 2012-02-15 15:01 . 2012-02-15 15:01 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll 2012-01-19 14:22 . 2012-01-19 14:22 45936 ----a-r- c:\windows\system32\SBBD.EXE . . ((((((((((((((((((((((((((((( SnapShot@2012-04-02_15.48.24 ))))))))))))))))))))))))))))))))))))))))) . + 2009-07-14 05:10 . 2012-04-02 15:49 33274 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2011-05-24 14:06 . 2012-04-02 15:49 16840 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1085031214-796845957-725345543-2611_UserData.bin - 2011-05-23 13:44 . 2012-04-02 15:47 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2011-05-23 13:44 . 2012-04-02 18:33 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2011-05-23 13:44 . 2012-04-02 18:33 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2011-05-23 13:44 . 2012-04-02 15:47 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-07-14 04:54 . 2012-04-02 18:33 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2009-07-14 04:54 . 2012-04-02 15:47 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2012-04-02 18:32 . 2012-04-02 18:32 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2012-04-02 15:47 . 2012-04-02 15:47 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2012-04-02 15:47 . 2012-04-02 15:47 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2012-04-02 18:32 . 2012-04-02 18:32 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2009-07-14 02:36 . 2012-04-02 15:52 627082 c:\windows\system32\perfh009.dat - 2009-07-14 02:36 . 2012-04-02 15:39 627082 c:\windows\system32\perfh009.dat - 2009-07-14 02:36 . 2012-04-02 15:39 107366 c:\windows\system32\perfc009.dat + 2009-07-14 02:36 . 2012-04-02 15:52 107366 c:\windows\system32\perfc009.dat - 2009-07-14 05:12 . 2012-04-02 15:12 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat + 2009-07-14 05:12 . 2012-04-02 16:51 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat + 2009-07-14 05:01 . 2012-04-02 18:31 395260 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat - 2009-07-14 05:01 . 2012-04-02 15:46 395260 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2012-03-29 19:40 . 2012-04-02 18:31 396028 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1085031214-796845957-725345543-2611-8192.dat - 2012-03-29 19:40 . 2012-04-02 14:44 396028 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1085031214-796845957-725345543-2611-8192.dat + 2012-04-02 18:34 . 2012-04-02 18:34 1522160 c:\windows\temp\CR_1C4A0.tmp\setup.exe - 2009-07-14 02:34 . 2012-03-30 15:00 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT + 2009-07-14 02:34 . 2012-04-02 16:53 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\users\ccaracciolo\Application Data\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\users\ccaracciolo\Application Data\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\users\ccaracciolo\Application Data\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\users\ccaracciolo\Application Data\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "ccApp"="c:\program files (x86)\Common Files\Symantec Shared\ccApp.exe" [2009-04-02 115560] "AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2012-02-23 59240] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240] . c:\users\ccaracciolo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\ccaracciolo\Application Data\Dropbox\bin\Dropbox.exe [2012-2-14 24246216] . c:\users\ccaracciolo\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\ccaracciolo\Application Data\Dropbox\bin\Dropbox.exe [2012-2-14 24246216] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "HideLogonScripts"= 1 (0x1) . [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system] "HideLegacyLogonScripts"= 1 (0x1) "HideLogonScripts"= 1 (0x1) "HideLogoffScripts"= 1 (0x1) . [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "HideSCAHealth"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1085031214-796845957-725345543-2611\Scripts\Logoff\0\0] "Script"=logoff.bat . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1085031214-796845957-725345543-2611\Scripts\Logon\0\0] "Script"=logon.bat . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus] @="Service" . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "AntiVirusDisableNotify"=dword:00000001 "AntiVirusOverride"=dword:00000001 "FirewallDisableNotify"=dword:00000001 "FirewallOverride"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-25 136176] R2 STOPzilla Local Service;STOPzilla Local Service;c:\program files (x86)\STOPzilla!\SZNTSvc.exe [x] R3 ATTRcAppSvc;AT&T RcAppSvc;c:\program files (x86)\AT&T\Communication Manager\RcAppSvc.exe [2010-07-27 121416] R3 CAATT;AT&T Con App Svc;c:\program files (x86)\AT&T\Communication Manager\ConAppsSvc.exe [2010-07-27 125512] R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-25 136176] R3 PCTINDIS5X64;PCTINDIS5X64 NDIS Protocol Driver;c:\windows\system32\PCTINDIS5X64.SYS [x] R3 Ser2rs;Radioshack USB to Serial Driver;c:\windows\system32\DRIVERS\ser2rs64.sys [x] R3 SWNC8U80;Sierra Wireless MUX NDIS Driver (UMTS80);c:\windows\system32\DRIVERS\swnc8u80.sys [x] R3 SWUMX80;Sierra Wireless USB MUX Driver (UMTS80);c:\windows\system32\DRIVERS\swumx80.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-05-16 136824] S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x] . . --- Other Services/Drivers In Memory --- . *Deregistered* - BMLoad . Contents of the 'Scheduled Tasks' folder . 2012-04-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-25 17:43] . 2012-04-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-25 17:43] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 97792 ----a-w- c:\users\ccaracciolo\Application Data\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 97792 ----a-w- c:\users\ccaracciolo\Application Data\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 97792 ----a-w- c:\users\ccaracciolo\Application Data\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 97792 ----a-w- c:\users\ccaracciolo\Application Data\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 162328] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-11 386584] "combofix"="c:\combofix\CF16690.3XE" [2009-07-14 344576] . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs STV680m . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://m.www.yahoo.com/?fr=w3i&type=W3i_SP,150,0_0,StartPage,20100312,6687,0,8,0 mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 10.1.2.20 10.1.2.19 DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB FF - ProfilePath - c:\users\ccaracciolo\Application Data\Mozilla\Firefox\Profiles\8zycntl7.default\ FF - prefs.js: network.proxy.type - 0 . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Device Manager] "ImagePath"="%SystemRoot%\System32\config\systemprofile\AppData\Roaming\devicemgrsvc.bat" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\Symantec Shared\ccSvcHst.exe c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files (x86)\Cisco Systems\VPN Client\cvpnd.exe c:\program files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe c:\program files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe c:\program files (x86)\Symantec\Symantec Endpoint Protection\SescLU.exe . ************************************************************************** . Completion time: 2012-04-02 14:39:09 - machine was rebooted ComboFix-quarantined-files.txt 2012-04-02 18:39 ComboFix2.txt 2012-04-02 15:53 . Pre-Run: 169,817,030,656 bytes free Post-Run: 169,709,436,928 bytes free . - - End Of File - - 6423E9D32E4060F6CD8F81170D4E3E3F
  7. MrC, The later, TcUsb.dll does not exist anymore.
  8. https://www.virustotal.com/file/77c3a8a545e7339fb149f20bf0864c7e5772022f4ced67236d8b78d51328dc12/analysis/1333385333/ https://www.virustotal.com/file/e2001acd44da270b8289da362d26416676301773ab22616c211f31cf2e7869aa/analysis/1333385650/
  9. After following your instructions, this is the OTL log: OTL logfile created on: 4/2/2012 12:27:09 PM - Run 1 OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\ccaracciolo\Desktop 64bit- Professional (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.96 Gb Total Physical Memory | 1.81 Gb Available Physical Memory | 61.02% Memory free 3.46 Gb Paging File | 2.34 Gb Available in Paging File | 67.62% Paging File free Paging file location(s): c:\pagefile.sys 512 512 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 212.88 Gb Total Space | 158.17 Gb Free Space | 74.30% Space Free | Partition Type: NTFS Drive D: | 20.00 Gb Total Space | 11.67 Gb Free Space | 58.37% Space Free | Partition Type: NTFS Drive F: | 5.46 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Drive G: | 7.62 Gb Total Space | 4.39 Gb Free Space | 57.62% Space Free | Partition Type: FAT32 Computer Name: CCARACCIOLO1 | User Name: ccaracciolo | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days NetSvcs:64bit: STV680m - C:\Windows\SysNative\motmodem.dll (Oak Technology Inc.) NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) < End of report >
  10. MrC, This is the content of the ComboFix.txt: ComboFix 12-04-01.02 - ccaracciolo 04/02/2012 11:38:10.1.2 - x64 Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.3032.1893 [GMT -4:00] Running from: c:\users\ccaracciolo\Desktop\ComboFix.exe SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\ccaracciolo\AppData\Local\.# c:\users\ccaracciolo\AppData\Local\.#\MBX@680@901F90.### c:\users\ccaracciolo\AppData\Local\.#\MBX@680@901FA0.### c:\users\ccaracciolo\AppData\Local\.#\MBX@680@902090.### c:\users\ccaracciolo\AppData\Local\.#\MBX@680@9020B0.### c:\users\ccaracciolo\AppData\Local\.#\MBX@CBC@1DC1F90.### c:\users\ccaracciolo\AppData\Local\.#\MBX@CBC@1DC1FA0.### c:\users\ccaracciolo\AppData\Local\.#\MBX@CBC@1DC2090.### c:\users\ccaracciolo\AppData\Local\.#\MBX@CBC@1DC20B0.### c:\users\ccaracciolo\g2mdlhlpx.exe c:\users\ccaracciolo\WINDOWS c:\windows\system32\consrv.dll c:\windows\System64 . . ((((((((((((((((((((((((( Files Created from 2012-03-02 to 2012-04-02 ))))))))))))))))))))))))))))))) . . 2012-04-02 15:44 . 2012-04-02 15:44 -------- d-----w- c:\users\delete\AppData\Local\temp 2012-04-02 15:44 . 2012-04-02 15:44 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-04-02 15:44 . 2012-04-02 15:44 -------- d-----w- c:\users\ccaracciolo - Copy\AppData\Local\temp 2012-04-02 15:44 . 2012-04-02 15:44 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp 2012-03-30 14:12 . 2012-03-30 14:12 -------- d-----w- c:\users\ccaracciolo\AppData\Roaming\STOPzilla! 2012-03-30 14:11 . 2012-03-30 14:43 -------- d-----w- c:\program files (x86)\STOPzilla! 2012-03-30 13:17 . 2012-03-30 13:17 -------- d-----w- c:\program files (x86)\VS Revo Group 2012-03-29 21:24 . 2012-03-30 14:14 -------- d-----w- c:\program files\STOPzilla! 2012-03-29 19:35 . 2012-01-12 13:28 57976 ----a-r- c:\windows\system32\drivers\SBREDrv.sys 2012-03-29 19:01 . 2012-04-02 15:11 -------- d-----w- C:\TDSSKiller_Quarantine 2012-03-29 18:51 . 2012-04-02 15:13 0 --sha-w- c:\windows\system32\dds_trash_log.cmd 2012-03-29 17:57 . 2012-03-29 17:58 -------- d-----w- c:\program files\CCleaner 2012-03-29 15:10 . 2009-07-14 01:14 20480 ----a-w- c:\windows\backupsvchostbackup.exe 2012-03-29 14:11 . 2012-03-29 14:11 -------- d-----w- c:\users\ccaracciolo\AppData\Local\{A0E2C2E6-7918-11E1-826D-B8AC6F996F26} 2012-03-28 12:01 . 2012-03-28 12:01 -------- d-----w- c:\users\ccaracciolo\AppData\Local\{B0AADF8D-7847-11E1-826D-B8AC6F996F26} 2012-03-27 18:37 . 2012-03-27 18:37 -------- d-----w- c:\users\ccaracciolo\AppData\Local\{ADE27D14-783A-11E1-826D-B8AC6F996F26} 2012-03-27 18:30 . 2012-03-27 18:30 -------- d-sh--w- c:\windows\SysWow64\config\systemprofile\IETldCache 2012-03-27 18:29 . 2012-03-27 18:29 -------- d-----w- c:\programdata\F4D55F3B000435DB03318318A6014588 2012-03-27 18:27 . 2012-03-27 18:27 99328 ----a-w- c:\windows\system32\compgMgr64.dll 2012-03-27 18:27 . 2012-03-27 18:27 88064 ----a-w- c:\windows\SysWow64\compgMgr.dll 2012-03-26 21:41 . 2012-03-26 21:41 -------- d-sh--w- c:\windows\system32\%APPDATA% 2012-03-23 18:43 . 2012-03-23 18:43 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-03-23 18:43 . 2011-12-10 19:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-03-23 18:31 . 2012-03-30 13:27 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2012-03-23 18:31 . 2012-03-23 18:32 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2012-03-20 18:19 . 2012-03-20 18:19 -------- d-----w- c:\program files (x86)\Citrix 2012-03-20 18:18 . 2012-03-20 18:18 -------- d-----w- c:\users\ccaracciolo\AppData\Local\Apps 2012-03-20 18:18 . 2012-03-20 18:18 -------- d-----w- c:\users\ccaracciolo\AppData\Local\Deployment 2012-03-19 14:50 . 2012-03-19 14:50 -------- d-----w- c:\program files\iPod 2012-03-19 14:50 . 2012-03-19 14:51 -------- d-----w- c:\program files\iTunes 2012-03-19 14:50 . 2012-03-19 14:51 -------- d-----w- c:\program files (x86)\iTunes . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-02-15 15:01 . 2012-02-15 15:01 52736 ----a-w- c:\windows\system32\drivers\usbaapl64.sys 2012-02-15 15:01 . 2012-02-15 15:01 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll 2012-01-19 14:22 . 2012-01-19 14:22 45936 ----a-r- c:\windows\system32\SBBD.EXE . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\users\ccaracciolo\Application Data\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\users\ccaracciolo\Application Data\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\users\ccaracciolo\Application Data\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\users\ccaracciolo\Application Data\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "ccApp"="c:\program files (x86)\Common Files\Symantec Shared\ccApp.exe" [2009-04-02 115560] "AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2012-02-23 59240] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240] . c:\users\ccaracciolo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\ccaracciolo\Application Data\Dropbox\bin\Dropbox.exe [2012-2-14 24246216] . c:\users\ccaracciolo\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\ccaracciolo\Application Data\Dropbox\bin\Dropbox.exe [2012-2-14 24246216] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "HideLogonScripts"= 1 (0x1) . [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system] "HideLegacyLogonScripts"= 1 (0x1) "HideLogonScripts"= 1 (0x1) "HideLogoffScripts"= 1 (0x1) . [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "HideSCAHealth"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1085031214-796845957-725345543-2611\Scripts\Logoff\0\0] "Script"=logoff.bat . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1085031214-796845957-725345543-2611\Scripts\Logon\0\0] "Script"=logon.bat . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus] @="Service" . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "AntiVirusDisableNotify"=dword:00000001 "AntiVirusOverride"=dword:00000001 "FirewallDisableNotify"=dword:00000001 "FirewallOverride"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-25 136176] R2 STOPzilla Local Service;STOPzilla Local Service;c:\program files (x86)\STOPzilla!\SZNTSvc.exe [x] R3 ATTRcAppSvc;AT&T RcAppSvc;c:\program files (x86)\AT&T\Communication Manager\RcAppSvc.exe [2010-07-27 121416] R3 CAATT;AT&T Con App Svc;c:\program files (x86)\AT&T\Communication Manager\ConAppsSvc.exe [2010-07-27 125512] R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-25 136176] R3 PCTINDIS5X64;PCTINDIS5X64 NDIS Protocol Driver;c:\windows\system32\PCTINDIS5X64.SYS [x] R3 Ser2rs;Radioshack USB to Serial Driver;c:\windows\system32\DRIVERS\ser2rs64.sys [x] R3 SWNC8U80;Sierra Wireless MUX NDIS Driver (UMTS80);c:\windows\system32\DRIVERS\swnc8u80.sys [x] R3 SWUMX80;Sierra Wireless USB MUX Driver (UMTS80);c:\windows\system32\DRIVERS\swumx80.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-05-16 136824] S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x] . . --- Other Services/Drivers In Memory --- . *Deregistered* - BMLoad . Contents of the 'Scheduled Tasks' folder . 2012-04-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-25 17:43] . 2012-04-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-25 17:43] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 97792 ----a-w- c:\users\ccaracciolo\Application Data\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 97792 ----a-w- c:\users\ccaracciolo\Application Data\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 97792 ----a-w- c:\users\ccaracciolo\Application Data\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 97792 ----a-w- c:\users\ccaracciolo\Application Data\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 162328] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-11 386584] "combofix"="c:\combofix\CF16437.3XE" [2009-07-14 344576] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs STV680m . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://m.www.yahoo.com/?fr=w3i&type=W3i_SP,150,0_0,StartPage,20100312,6687,0,8,0 mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 LSP: mswsock.dll TCP: DhcpNameServer = 10.1.2.20 10.1.2.19 DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB FF - ProfilePath - c:\users\ccaracciolo\Application Data\Mozilla\Firefox\Profiles\8zycntl7.default\ FF - prefs.js: network.proxy.type - 0 . - - - - ORPHANS REMOVED - - - - . Wow6432Node-HKU-Default-Run-4Y3Y0C3A1V0FUXUGPXMSQPMVDIRKALS - c:\rbin\0A50B4EE035.exe SafeBoot-27505487.sys SafeBoot-33413689.sys SafeBoot-34957894.sys SafeBoot-69158801.sys SafeBoot-84889259.sys SafeBoot-92893762.sys SafeBoot-Symantec Antvirus . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Device Manager] "ImagePath"="%SystemRoot%\System32\config\systemprofile\AppData\Roaming\devicemgrsvc.bat" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\Symantec Shared\ccSvcHst.exe c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files (x86)\Cisco Systems\VPN Client\cvpnd.exe c:\program files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe c:\program files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe . ************************************************************************** . Completion time: 2012-04-02 11:53:12 - machine was rebooted ComboFix-quarantined-files.txt 2012-04-02 15:53 . Pre-Run: 169,758,654,464 bytes free Post-Run: 169,748,287,488 bytes free . - - End Of File - - AA562119B65768A03010E962544E1A49
  11. MrC, I ran the tool and the report follows. I re-ran it after rebooting but I still get the same results, the thing is still there. Please advise. 11:10:16.0618 2648 TDSS rootkit removing tool 2.7.24.0 Apr 2 2012 10:31:48 11:10:16.0680 2648 ============================================================ 11:10:16.0680 2648 Current date / time: 2012/04/02 11:10:16.0680 11:10:16.0680 2648 SystemInfo: 11:10:16.0680 2648 11:10:16.0680 2648 OS Version: 6.1.7600 ServicePack: 0.0 11:10:16.0680 2648 Product type: Workstation 11:10:16.0680 2648 ComputerName: CCARACCIOLO1 11:10:16.0680 2648 UserName: ccaracciolo 11:10:16.0680 2648 Windows directory: C:\Windows 11:10:16.0680 2648 System windows directory: C:\Windows 11:10:16.0680 2648 Running under WOW64 11:10:16.0680 2648 Processor architecture: Intel x64 11:10:16.0680 2648 Number of processors: 2 11:10:16.0680 2648 Page size: 0x1000 11:10:16.0680 2648 Boot type: Normal boot 11:10:16.0680 2648 ============================================================ 11:10:16.0930 2648 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 11:10:16.0945 2648 \Device\Harddisk0\DR0: 11:10:16.0945 2648 MBR used 11:10:16.0945 2648 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x1A9C3000 11:10:16.0945 2648 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1A9C3800, BlocksNum 0x2801000 11:10:17.0023 2648 Initialize success 11:10:17.0023 2648 ============================================================ 11:10:31.0127 1784 ============================================================ 11:10:31.0127 1784 Scan started 11:10:31.0127 1784 Mode: Manual; SigCheck; TDLFS; 11:10:31.0127 1784 ============================================================ 11:10:32.0281 1784 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys 11:10:32.0343 1784 1394ohci - ok 11:10:32.0468 1784 69158801 (ccde590a195cb3a02fb0bfd787ce7ac5) C:\Windows\system32\drivers\84381709.sys 11:10:32.0749 1784 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys 11:10:32.0780 1784 ACPI - ok 11:10:33.0014 1784 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys 11:10:33.0030 1784 AcpiPmi - ok 11:10:33.0139 1784 AdobeARMservice (11a52cf7b265631deeb24c6149309eff) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 11:10:33.0155 1784 AdobeARMservice - ok 11:10:33.0295 1784 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys 11:10:33.0311 1784 adp94xx - ok 11:10:33.0435 1784 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys 11:10:33.0451 1784 adpahci - ok 11:10:33.0498 1784 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys 11:10:33.0513 1784 adpu320 - ok 11:10:33.0560 1784 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll 11:10:33.0607 1784 AeLookupSvc - ok 11:10:33.0685 1784 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys 11:10:33.0716 1784 AFD - ok 11:10:33.0857 1784 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys 11:10:33.0872 1784 agp440 - ok 11:10:33.0981 1784 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe 11:10:33.0997 1784 ALG - ok 11:10:34.0122 1784 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys 11:10:34.0122 1784 aliide - ok 11:10:34.0247 1784 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys 11:10:34.0262 1784 amdide - ok 11:10:34.0293 1784 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys 11:10:34.0309 1784 AmdK8 - ok 11:10:34.0325 1784 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys 11:10:34.0340 1784 AmdPPM - ok 11:10:34.0371 1784 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys 11:10:34.0387 1784 amdsata - ok 11:10:34.0496 1784 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys 11:10:34.0512 1784 amdsbs - ok 11:10:34.0543 1784 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys 11:10:34.0559 1784 amdxata - ok 11:10:34.0668 1784 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys 11:10:34.0683 1784 AppID - ok 11:10:34.0715 1784 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll 11:10:34.0746 1784 AppIDSvc - ok 11:10:34.0839 1784 Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll 11:10:34.0855 1784 Appinfo - ok 11:10:34.0980 1784 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 11:10:34.0995 1784 Apple Mobile Device - ok 11:10:35.0105 1784 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll 11:10:35.0136 1784 AppMgmt - ok 11:10:35.0198 1784 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys 11:10:35.0214 1784 arc - ok 11:10:35.0323 1784 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys 11:10:35.0339 1784 arcsas - ok 11:10:35.0370 1784 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys 11:10:35.0401 1784 AsyncMac - ok 11:10:35.0510 1784 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys 11:10:35.0526 1784 atapi - ok 11:10:35.0619 1784 ATTRcAppSvc (3087cca13c80fe8596baa50fa5f63a2f) C:\Program Files (x86)\AT&T\Communication Manager\RcAppSvc.exe 11:10:35.0666 1784 ATTRcAppSvc - ok 11:10:35.0775 1784 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll 11:10:35.0822 1784 AudioEndpointBuilder - ok 11:10:35.0838 1784 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll 11:10:35.0885 1784 AudioSrv - ok 11:10:35.0994 1784 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll 11:10:36.0009 1784 AxInstSV - ok 11:10:36.0087 1784 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys 11:10:36.0103 1784 b06bdrv - ok 11:10:36.0228 1784 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys 11:10:36.0259 1784 b57nd60a - ok 11:10:36.0353 1784 BCM43XX (fb4fda64f2e8552eaeb5986c3f34462c) C:\Windows\system32\DRIVERS\bcmwl664.sys 11:10:36.0415 1784 BCM43XX - ok 11:10:36.0493 1784 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll 11:10:36.0509 1784 BDESVC - ok 11:10:36.0618 1784 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys 11:10:36.0649 1784 Beep - ok 11:10:36.0696 1784 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\System32\qmgr.dll 11:10:36.0758 1784 BITS - ok 11:10:36.0805 1784 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys 11:10:36.0821 1784 blbdrive - ok 11:10:36.0945 1784 BMLoad (98ba874a59481d50916febcb472fe69f) C:\Windows\system32\drivers\BMLoad.sys 11:10:36.0977 1784 BMLoad ( UnsignedFile.Multi.Generic ) - warning 11:10:36.0977 1784 BMLoad - detected UnsignedFile.Multi.Generic (1) 11:10:37.0117 1784 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe 11:10:37.0133 1784 Bonjour Service - ok 11:10:37.0243 1784 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys 11:10:37.0258 1784 bowser - ok 11:10:37.0290 1784 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys 11:10:37.0305 1784 BrFiltLo - ok 11:10:37.0321 1784 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys 11:10:37.0336 1784 BrFiltUp - ok 11:10:37.0477 1784 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys 11:10:37.0524 1784 BridgeMP - ok 11:10:37.0555 1784 Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll 11:10:37.0602 1784 Browser - ok 11:10:37.0664 1784 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys 11:10:37.0680 1784 Brserid - ok 11:10:37.0695 1784 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys 11:10:37.0711 1784 BrSerWdm - ok 11:10:37.0742 1784 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys 11:10:37.0758 1784 BrUsbMdm - ok 11:10:37.0758 1784 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys 11:10:37.0773 1784 BrUsbSer - ok 11:10:37.0804 1784 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys 11:10:37.0820 1784 BTHMODEM - ok 11:10:37.0867 1784 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll 11:10:37.0898 1784 bthserv - ok 11:10:38.0054 1784 CAATT (2ffe4d9dc77bfc9420b424836eede965) C:\Program Files (x86)\AT&T\Communication Manager\ConAppsSvc.exe 11:10:38.0070 1784 CAATT - ok 11:10:38.0163 1784 ccEvtMgr (4aa730bb7b79b7ba70b1e30acf97d6ab) C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe 11:10:38.0163 1784 ccEvtMgr - ok 11:10:38.0179 1784 ccSetMgr (4aa730bb7b79b7ba70b1e30acf97d6ab) C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe 11:10:38.0179 1784 ccSetMgr - ok 11:10:38.0304 1784 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys 11:10:38.0335 1784 cdfs - ok 11:10:38.0460 1784 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys 11:10:38.0475 1784 cdrom - ok 11:10:38.0584 1784 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll 11:10:38.0631 1784 CertPropSvc - ok 11:10:38.0772 1784 Cinemsup (5f22132c9153639762708909f156b33d) C:\Windows\system32\TcUsb.dll 11:10:38.0772 1784 Cinemsup ( Backdoor.Multi.ZAccess.gen ) - infected 11:10:38.0772 1784 Cinemsup - detected Backdoor.Multi.ZAccess.gen (0) 11:10:38.0896 1784 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys 11:10:38.0912 1784 circlass - ok 11:10:39.0037 1784 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys 11:10:39.0052 1784 CLFS - ok 11:10:39.0162 1784 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 11:10:39.0162 1784 clr_optimization_v2.0.50727_32 - ok 11:10:39.0208 1784 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 11:10:39.0224 1784 clr_optimization_v2.0.50727_64 - ok 11:10:39.0333 1784 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 11:10:39.0349 1784 clr_optimization_v4.0.30319_32 - ok 11:10:39.0442 1784 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 11:10:39.0442 1784 clr_optimization_v4.0.30319_64 - ok 11:10:39.0536 1784 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys 11:10:39.0552 1784 CmBatt - ok 11:10:39.0567 1784 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys 11:10:39.0567 1784 cmdide - ok 11:10:39.0598 1784 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys 11:10:39.0630 1784 CNG - ok 11:10:39.0708 1784 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys 11:10:39.0723 1784 Compbatt - ok 11:10:39.0848 1784 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys 11:10:39.0864 1784 CompositeBus - ok 11:10:39.0879 1784 COMSysApp - ok 11:10:39.0910 1784 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys 11:10:39.0910 1784 crcdisk - ok 11:10:40.0004 1784 CryptSvc (8c57411b66282c01533cb776f98ad384) C:\Windows\system32\cryptsvc.dll 11:10:40.0051 1784 CryptSvc - ok 11:10:40.0098 1784 CSC (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys 11:10:40.0129 1784 CSC - ok 11:10:40.0144 1784 CscService (873fbf927c06e5cee04dec617502f8fd) C:\Windows\System32\cscsvc.dll 11:10:40.0176 1784 CscService - ok 11:10:40.0222 1784 CVirtA (44bddeb03c84a1c993c992ffb5700357) C:\Windows\system32\DRIVERS\CVirtA64.sys 11:10:40.0238 1784 CVirtA - ok 11:10:40.0363 1784 CVPND (66257cb4e4fb69887cddc71663741435) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe 11:10:40.0394 1784 CVPND - ok 11:10:40.0519 1784 CVPNDRVA (cc8e52daa9826064ba464dbe531f2bb5) C:\Windows\system32\Drivers\CVPNDRVA.sys 11:10:40.0550 1784 CVPNDRVA - ok 11:10:40.0597 1784 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll 11:10:40.0644 1784 DcomLaunch - ok 11:10:40.0675 1784 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll 11:10:40.0706 1784 defragsvc - ok 11:10:40.0831 1784 Device Manager - ok 11:10:40.0878 1784 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys 11:10:40.0924 1784 DfsC - ok 11:10:41.0049 1784 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll 11:10:41.0065 1784 Dhcp - ok 11:10:41.0127 1784 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys 11:10:41.0158 1784 discache - ok 11:10:41.0174 1784 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys 11:10:41.0190 1784 Disk - ok 11:10:41.0236 1784 DNE (05cb5910b3ca6019fc3cca815ee06ffb) C:\Windows\system32\DRIVERS\dne64x.sys 11:10:41.0252 1784 DNE - ok 11:10:41.0361 1784 Dnscache (85cf424c74a1d5ec33533e1dbff9920a) C:\Windows\System32\dnsrslvr.dll 11:10:41.0377 1784 Dnscache - ok 11:10:41.0486 1784 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll 11:10:41.0533 1784 dot3svc - ok 11:10:41.0564 1784 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll 11:10:41.0595 1784 DPS - ok 11:10:41.0642 1784 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys 11:10:41.0658 1784 drmkaud - ok 11:10:41.0782 1784 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys 11:10:41.0814 1784 DXGKrnl - ok 11:10:41.0907 1784 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll 11:10:41.0954 1784 EapHost - ok 11:10:42.0063 1784 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys 11:10:42.0110 1784 ebdrv - ok 11:10:42.0251 1784 eeCtrl (eb0883462ac43829e47929d705d40933) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys 11:10:42.0282 1784 eeCtrl - ok 11:10:42.0375 1784 EFS (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\System32\lsass.exe 11:10:42.0407 1784 EFS - ok 11:10:42.0453 1784 ehRecvr (47c071994c3f649f23d9cd075ac9304a) C:\Windows\ehome\ehRecvr.exe 11:10:42.0469 1784 ehRecvr - ok 11:10:42.0516 1784 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe 11:10:42.0531 1784 ehSched - ok 11:10:42.0594 1784 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys 11:10:42.0625 1784 elxstor - ok 11:10:42.0734 1784 EraserUtilRebootDrv (86fc0d272f6bb43e7214d4ba955a41e7) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 11:10:42.0750 1784 EraserUtilRebootDrv - ok 11:10:42.0859 1784 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys 11:10:42.0859 1784 ErrDev - ok 11:10:42.0921 1784 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll 11:10:42.0968 1784 EventSystem - ok 11:10:43.0015 1784 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys 11:10:43.0062 1784 exfat - ok 11:10:43.0077 1784 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys 11:10:43.0124 1784 fastfat - ok 11:10:43.0202 1784 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe 11:10:43.0233 1784 Fax - ok 11:10:43.0280 1784 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys 11:10:43.0296 1784 fdc - ok 11:10:43.0327 1784 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll 11:10:43.0358 1784 fdPHost - ok 11:10:43.0389 1784 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll 11:10:43.0436 1784 FDResPub - ok 11:10:43.0483 1784 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys 11:10:43.0499 1784 FileInfo - ok 11:10:43.0514 1784 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys 11:10:43.0561 1784 Filetrace - ok 11:10:43.0577 1784 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys 11:10:43.0592 1784 flpydisk - ok 11:10:43.0623 1784 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys 11:10:43.0639 1784 FltMgr - ok 11:10:43.0686 1784 FontCache (cb5e4b9c319e3c6bb363eb7e58a4a051) C:\Windows\system32\FntCache.dll 11:10:43.0717 1784 FontCache - ok 11:10:43.0795 1784 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 11:10:43.0795 1784 FontCache3.0.0.0 - ok 11:10:43.0935 1784 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys 11:10:43.0951 1784 FsDepends - ok 11:10:44.0154 1784 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys 11:10:44.0154 1784 Fs_Rec - ok 11:10:44.0263 1784 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys 11:10:44.0279 1784 fvevol - ok 11:10:44.0310 1784 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys 11:10:44.0325 1784 gagp30kx - ok 11:10:44.0372 1784 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 11:10:44.0388 1784 GEARAspiWDM - ok 11:10:44.0435 1784 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll 11:10:44.0450 1784 gpsvc - ok 11:10:44.0528 1784 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 11:10:44.0528 1784 gupdate - ok 11:10:44.0544 1784 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 11:10:44.0559 1784 gupdatem - ok 11:10:44.0653 1784 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys 11:10:44.0669 1784 hcw85cir - ok 11:10:44.0731 1784 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys 11:10:44.0747 1784 HdAudAddService - ok 11:10:44.0856 1784 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys 11:10:44.0871 1784 HDAudBus - ok 11:10:44.0903 1784 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys 11:10:44.0918 1784 HidBatt - ok 11:10:44.0934 1784 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys 11:10:44.0949 1784 HidBth - ok 11:10:44.0965 1784 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys 11:10:44.0996 1784 HidIr - ok 11:10:45.0012 1784 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll 11:10:45.0059 1784 hidserv - ok 11:10:45.0183 1784 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys 11:10:45.0199 1784 HidUsb - ok 11:10:45.0215 1784 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll 11:10:45.0261 1784 hkmsvc - ok 11:10:45.0277 1784 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll 11:10:45.0293 1784 HomeGroupListener - ok 11:10:45.0324 1784 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll 11:10:45.0355 1784 HomeGroupProvider - ok 11:10:45.0386 1784 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys 11:10:45.0402 1784 HpSAMD - ok 11:10:45.0511 1784 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys 11:10:45.0558 1784 HTTP - ok 11:10:45.0589 1784 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys 11:10:45.0605 1784 hwpolicy - ok 11:10:45.0683 1784 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys 11:10:45.0698 1784 i8042prt - ok 11:10:45.0854 1784 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys 11:10:45.0870 1784 iaStorV - ok 11:10:45.0963 1784 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 11:10:45.0979 1784 idsvc - ok 11:10:46.0229 1784 igfx (c6238c6abd6ac99f5d152da4e9439a3d) C:\Windows\system32\DRIVERS\igdkmd64.sys 11:10:46.0369 1784 igfx - ok 11:10:46.0463 1784 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys 11:10:46.0478 1784 iirsp - ok 11:10:46.0603 1784 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll 11:10:46.0665 1784 IKEEXT - ok 11:10:46.0728 1784 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys 11:10:46.0743 1784 intelide - ok 11:10:46.0837 1784 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys 11:10:46.0837 1784 intelppm - ok 11:10:46.0884 1784 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll 11:10:46.0915 1784 IPBusEnum - ok 11:10:46.0977 1784 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys 11:10:47.0024 1784 IpFilterDriver - ok 11:10:47.0165 1784 iphlpsvc (f8e058d17363ec580e4b7232778b6cb5) C:\Windows\System32\iphlpsvc.dll 11:10:47.0211 1784 iphlpsvc - ok 11:10:47.0274 1784 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys 11:10:47.0289 1784 IPMIDRV - ok 11:10:47.0336 1784 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys 11:10:47.0367 1784 IPNAT - ok 11:10:47.0477 1784 iPod Service (755e4ba6dce627a2683bb7640553c8d6) C:\Program Files\iPod\bin\iPodService.exe 11:10:47.0492 1784 iPod Service - ok 11:10:47.0601 1784 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys 11:10:47.0617 1784 IRENUM - ok 11:10:47.0633 1784 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys 11:10:47.0648 1784 isapnp - ok 11:10:47.0664 1784 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys 11:10:47.0679 1784 iScsiPrt - ok 11:10:47.0711 1784 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys 11:10:47.0726 1784 kbdclass - ok 11:10:47.0742 1784 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys 11:10:47.0757 1784 kbdhid - ok 11:10:47.0789 1784 KeyIso (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe 11:10:47.0804 1784 KeyIso - ok 11:10:47.0867 1784 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys 11:10:47.0882 1784 KSecDD - ok 11:10:47.0945 1784 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys 11:10:47.0960 1784 KSecPkg - ok 11:10:47.0976 1784 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys 11:10:48.0023 1784 ksthunk - ok 11:10:48.0054 1784 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll 11:10:48.0116 1784 KtmRm - ok 11:10:48.0225 1784 LanmanServer (81f1d04d4d0e433099365127375fd501) C:\Windows\System32\srvsvc.dll 11:10:48.0241 1784 LanmanServer - ok 11:10:48.0288 1784 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll 11:10:48.0319 1784 LanmanWorkstation - ok 11:10:48.0475 1784 LiveUpdate (6293e44f4aa06f7fcda06f4b07cdc0c2) C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE 11:10:48.0522 1784 LiveUpdate - ok 11:10:48.0647 1784 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys 11:10:48.0693 1784 lltdio - ok 11:10:48.0725 1784 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll 11:10:48.0771 1784 lltdsvc - ok 11:10:48.0787 1784 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll 11:10:48.0834 1784 lmhosts - ok 11:10:48.0881 1784 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys 11:10:48.0896 1784 LSI_FC - ok 11:10:48.0912 1784 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys 11:10:48.0927 1784 LSI_SAS - ok 11:10:48.0943 1784 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys 11:10:48.0943 1784 LSI_SAS2 - ok 11:10:48.0959 1784 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys 11:10:48.0974 1784 LSI_SCSI - ok 11:10:49.0005 1784 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys 11:10:49.0052 1784 luafv - ok 11:10:49.0083 1784 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll 11:10:49.0099 1784 Mcx2Svc - ok 11:10:49.0146 1784 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys 11:10:49.0161 1784 megasas - ok 11:10:49.0224 1784 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys 11:10:49.0239 1784 MegaSR - ok 11:10:49.0271 1784 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll 11:10:49.0317 1784 MMCSS - ok 11:10:49.0364 1784 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys 11:10:49.0395 1784 Modem - ok 11:10:49.0473 1784 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys 11:10:49.0489 1784 monitor - ok 11:10:49.0520 1784 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys 11:10:49.0536 1784 mouclass - ok 11:10:49.0645 1784 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys 11:10:49.0661 1784 mouhid - ok 11:10:49.0692 1784 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys 11:10:49.0692 1784 mountmgr - ok 11:10:49.0723 1784 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys 11:10:49.0739 1784 mpio - ok 11:10:49.0754 1784 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys 11:10:49.0785 1784 mpsdrv - ok 11:10:49.0817 1784 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys 11:10:49.0832 1784 MRxDAV - ok 11:10:49.0863 1784 mrxsmb (b7f3d2c40bdf8ffb73ebfb19c77734e2) C:\Windows\system32\DRIVERS\mrxsmb.sys 11:10:49.0879 1784 mrxsmb - ok 11:10:49.0895 1784 mrxsmb10 (86c6f88b5168ce21cf8d69d0b3ff5d19) C:\Windows\system32\DRIVERS\mrxsmb10.sys 11:10:49.0910 1784 mrxsmb10 - ok 11:10:49.0941 1784 mrxsmb20 (b081069251c8e9f42cb8769d07148f9c) C:\Windows\system32\DRIVERS\mrxsmb20.sys 11:10:49.0957 1784 mrxsmb20 - ok 11:10:50.0004 1784 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys 11:10:50.0019 1784 msahci - ok 11:10:50.0035 1784 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys 11:10:50.0051 1784 msdsm - ok 11:10:50.0082 1784 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe 11:10:50.0097 1784 MSDTC - ok 11:10:50.0191 1784 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys 11:10:50.0222 1784 Msfs - ok 11:10:50.0238 1784 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys 11:10:50.0285 1784 mshidkmdf - ok 11:10:50.0300 1784 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys 11:10:50.0316 1784 msisadrv - ok 11:10:50.0363 1784 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll 11:10:50.0409 1784 MSiSCSI - ok 11:10:50.0409 1784 msiserver - ok 11:10:50.0472 1784 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys 11:10:50.0503 1784 MSKSSRV - ok 11:10:50.0550 1784 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys 11:10:50.0581 1784 MSPCLOCK - ok 11:10:50.0597 1784 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys 11:10:50.0643 1784 MSPQM - ok 11:10:50.0675 1784 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys 11:10:50.0690 1784 MsRPC - ok 11:10:50.0721 1784 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys 11:10:50.0721 1784 mssmbios - ok 11:10:50.0768 1784 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys 11:10:50.0799 1784 MSTEE - ok 11:10:50.0815 1784 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys 11:10:50.0831 1784 MTConfig - ok 11:10:50.0862 1784 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys 11:10:50.0862 1784 Mup - ok 11:10:50.0909 1784 napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll 11:10:50.0940 1784 napagent - ok 11:10:51.0065 1784 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys 11:10:51.0080 1784 NativeWifiP - ok 11:10:51.0221 1784 NAVENG (f594e1acbbb3ba48586b5dd69b3a6bc2) C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20110524.035\ENG64.SYS 11:10:51.0252 1784 NAVENG - ok 11:10:51.0299 1784 NAVEX15 (cfe00b55488acf0cd9f62b0401297864) C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20110524.035\EX64.SYS 11:10:51.0345 1784 NAVEX15 - ok 11:10:51.0455 1784 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys 11:10:51.0486 1784 NDIS - ok 11:10:51.0579 1784 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys 11:10:51.0626 1784 NdisCap - ok 11:10:51.0657 1784 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys 11:10:51.0689 1784 NdisTapi - ok 11:10:51.0720 1784 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys 11:10:51.0767 1784 Ndisuio - ok 11:10:51.0782 1784 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys 11:10:51.0813 1784 NdisWan - ok 11:10:51.0860 1784 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys 11:10:51.0891 1784 NDProxy - ok 11:10:52.0001 1784 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys 11:10:52.0032 1784 NetBIOS - ok 11:10:52.0063 1784 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys 11:10:52.0094 1784 NetBT - ok 11:10:52.0141 1784 Netlogon (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe 11:10:52.0157 1784 Netlogon - ok 11:10:52.0203 1784 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll 11:10:52.0250 1784 Netman - ok 11:10:52.0281 1784 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll 11:10:52.0313 1784 netprofm - ok 11:10:52.0391 1784 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe 11:10:52.0406 1784 NetTcpPortSharing - ok 11:10:52.0469 1784 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys 11:10:52.0469 1784 nfrd960 - ok 11:10:52.0562 1784 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll 11:10:52.0609 1784 NlaSvc - ok 11:10:52.0640 1784 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys 11:10:52.0687 1784 Npfs - ok 11:10:52.0718 1784 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll 11:10:52.0749 1784 nsi - ok 11:10:52.0796 1784 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys 11:10:52.0827 1784 nsiproxy - ok 11:10:52.0874 1784 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys 11:10:52.0905 1784 Ntfs - ok 11:10:52.0937 1784 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys 11:10:52.0968 1784 Null - ok 11:10:52.0999 1784 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys 11:10:52.0999 1784 nvraid - ok 11:10:53.0030 1784 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys 11:10:53.0046 1784 nvstor - ok 11:10:53.0061 1784 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys 11:10:53.0077 1784 nv_agp - ok 11:10:53.0202 1784 odserv (84de1dd996b48b05ace31ad015fa108a) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE 11:10:53.0217 1784 odserv - ok 11:10:53.0327 1784 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys 11:10:53.0342 1784 ohci1394 - ok 11:10:53.0420 1784 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 11:10:53.0420 1784 ose - ok 11:10:53.0545 1784 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll 11:10:53.0561 1784 p2pimsvc - ok 11:10:53.0592 1784 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll 11:10:53.0607 1784 p2psvc - ok 11:10:53.0654 1784 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys 11:10:53.0670 1784 Parport - ok 11:10:53.0701 1784 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys 11:10:53.0701 1784 partmgr - ok 11:10:53.0763 1784 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll 11:10:53.0779 1784 PcaSvc - ok 11:10:53.0810 1784 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys 11:10:53.0826 1784 pci - ok 11:10:53.0841 1784 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys 11:10:53.0857 1784 pciide - ok 11:10:53.0888 1784 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys 11:10:53.0904 1784 pcmcia - ok 11:10:54.0029 1784 PCTINDIS5X64 (b5d3c24e4ea8e6d4850e83dad8c510d4) C:\Windows\system32\PCTINDIS5X64.SYS 11:10:54.0060 1784 PCTINDIS5X64 - ok 11:10:54.0107 1784 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys 11:10:54.0107 1784 pcw - ok 11:10:54.0138 1784 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys 11:10:54.0185 1784 PEAUTH - ok 11:10:54.0247 1784 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll 11:10:54.0278 1784 PeerDistSvc - ok 11:10:54.0387 1784 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe 11:10:54.0403 1784 PerfHost - ok 11:10:54.0497 1784 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll 11:10:54.0559 1784 pla - ok 11:10:54.0606 1784 PlugPlay (23157d583244400e1d7fbaee2e4b31b7) C:\Windows\system32\umpnpmgr.dll 11:10:54.0637 1784 PlugPlay - ok 11:10:54.0746 1784 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll 11:10:54.0762 1784 PNRPAutoReg - ok 11:10:54.0793 1784 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll 11:10:54.0809 1784 PNRPsvc - ok 11:10:54.0840 1784 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll 11:10:54.0887 1784 PolicyAgent - ok 11:10:54.0933 1784 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll 11:10:54.0965 1784 Power - ok 11:10:55.0074 1784 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys 11:10:55.0105 1784 PptpMiniport - ok 11:10:55.0136 1784 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys 11:10:55.0152 1784 Processor - ok 11:10:55.0199 1784 ProfSvc (f381975e1f4346de875cb07339ce8d3a) C:\Windows\system32\profsvc.dll 11:10:55.0245 1784 ProfSvc - ok 11:10:55.0277 1784 ProtectedStorage (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe 11:10:55.0292 1784 ProtectedStorage - ok 11:10:55.0355 1784 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys 11:10:55.0386 1784 Psched - ok 11:10:55.0526 1784 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys 11:10:55.0557 1784 ql2300 - ok 11:10:55.0573 1784 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys 11:10:55.0589 1784 ql40xx - ok 11:10:55.0635 1784 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll 11:10:55.0651 1784 QWAVE - ok 11:10:55.0698 1784 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys 11:10:55.0729 1784 QWAVEdrv - ok 11:10:55.0745 1784 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys 11:10:55.0776 1784 RasAcd - ok 11:10:55.0901 1784 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys 11:10:55.0932 1784 RasAgileVpn - ok 11:10:55.0979 1784 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll 11:10:56.0010 1784 RasAuto - ok 11:10:56.0072 1784 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys 11:10:56.0103 1784 Rasl2tp - ok 11:10:56.0197 1784 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll 11:10:56.0244 1784 RasMan - ok 11:10:56.0291 1784 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys 11:10:56.0322 1784 RasPppoe - ok 11:10:56.0415 1784 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys 11:10:56.0462 1784 RasSstp - ok 11:10:56.0478 1784 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys 11:10:56.0509 1784 rdbss - ok 11:10:56.0540 1784 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys 11:10:56.0556 1784 rdpbus - ok 11:10:56.0571 1784 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys 11:10:56.0603 1784 RDPCDD - ok 11:10:56.0649 1784 RDPDR (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys 11:10:56.0665 1784 RDPDR - ok 11:10:56.0696 1784 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys 11:10:56.0743 1784 RDPENCDD - ok 11:10:56.0805 1784 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys 11:10:56.0852 1784 RDPREFMP - ok 11:10:56.0883 1784 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys 11:10:56.0915 1784 RDPWD - ok 11:10:56.0946 1784 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys 11:10:56.0961 1784 rdyboost - ok 11:10:57.0055 1784 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll 11:10:57.0102 1784 RemoteAccess - ok 11:10:57.0133 1784 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll 11:10:57.0164 1784 RemoteRegistry - ok 11:10:57.0227 1784 RimVSerPort (c903d49655b4aae46673f0aaa6be0f58) C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys 11:10:57.0242 1784 RimVSerPort - ok 11:10:57.0289 1784 ROOTMODEM (388d3dd1a6457280f3badba9f3acd6b1) C:\Windows\system32\Drivers\RootMdm.sys 11:10:57.0336 1784 ROOTMODEM - ok 11:10:57.0383 1784 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll 11:10:57.0414 1784 RpcEptMapper - ok 11:10:57.0461 1784 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe 11:10:57.0476 1784 RpcLocator - ok 11:10:57.0507 1784 RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll 11:10:57.0554 1784 RpcSs - ok 11:10:57.0601 1784 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys 11:10:57.0648 1784 rspndr - ok 11:10:57.0710 1784 s3cap (88af6e02ab19df7fd07ecdf9c91e9af6) C:\Windows\system32\DRIVERS\vms3cap.sys 11:10:57.0726 1784 s3cap - ok 11:10:57.0757 1784 SamSs (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe 11:10:57.0773 1784 SamSs - ok 11:10:57.0819 1784 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys 11:10:57.0835 1784 sbp2port - ok 11:10:57.0897 1784 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll 11:10:57.0929 1784 SCardSvr - ok 11:10:58.0038 1784 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys 11:10:58.0069 1784 scfilter - ok 11:10:58.0131 1784 Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\Windows\system32\schedsvc.dll 11:10:58.0147 1784 Schedule - ok 11:10:58.0194 1784 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll 11:10:58.0225 1784 SCPolicySvc - ok 11:10:58.0256 1784 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll 11:10:58.0272 1784 SDRSVC - ok 11:10:58.0334 1784 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys 11:10:58.0365 1784 secdrv - ok 11:10:58.0397 1784 seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll 11:10:58.0443 1784 seclogon - ok 11:10:58.0475 1784 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll 11:10:58.0506 1784 SENS - ok 11:10:58.0521 1784 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll 11:10:58.0537 1784 SensrSvc - ok 11:10:58.0599 1784 Ser2rs (487fe5ca3b50cf31989298108f192a73) C:\Windows\system32\DRIVERS\ser2rs64.sys 11:10:58.0615 1784 Ser2rs - ok 11:10:58.0662 1784 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys 11:10:58.0677 1784 Serenum - ok 11:10:58.0709 1784 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys 11:10:58.0724 1784 Serial - ok 11:10:58.0740 1784 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys 11:10:58.0755 1784 sermouse - ok 11:10:58.0802 1784 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll 11:10:58.0833 1784 SessionEnv - ok 11:10:58.0880 1784 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys 11:10:58.0896 1784 sffdisk - ok 11:10:58.0911 1784 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys 11:10:58.0927 1784 sffp_mmc - ok 11:10:58.0943 1784 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys 11:10:58.0958 1784 sffp_sd - ok 11:10:59.0005 1784 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys 11:10:59.0021 1784 sfloppy - ok 11:10:59.0052 1784 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll 11:10:59.0099 1784 SharedAccess - ok 11:10:59.0145 1784 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll 11:10:59.0161 1784 ShellHWDetection - ok 11:10:59.0208 1784 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys 11:10:59.0223 1784 SiSRaid2 - ok 11:10:59.0239 1784 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys 11:10:59.0255 1784 SiSRaid4 - ok 11:10:59.0286 1784 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys 11:10:59.0317 1784 Smb - ok 11:10:59.0457 1784 SmcService (cb7a612fd3ce17a83584ec1ca7042801) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe 11:10:59.0504 1784 SmcService - ok 11:10:59.0551 1784 SNAC (7baaa607b3d6b9f6180a3f1746bf1a6a) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE 11:10:59.0567 1784 SNAC - ok 11:10:59.0660 1784 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe 11:10:59.0676 1784 SNMPTRAP - ok 11:10:59.0754 1784 SolidWorks Licensing Service (4945020bc094c322571184a6e8056b3a) C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe 11:10:59.0754 1784 SolidWorks Licensing Service ( UnsignedFile.Multi.Generic ) - warning 11:10:59.0754 1784 SolidWorks Licensing Service - detected UnsignedFile.Multi.Generic (1) 11:10:59.0832 1784 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys 11:10:59.0847 1784 spldr - ok 11:10:59.0894 1784 Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\Windows\System32\spoolsv.exe 11:10:59.0910 1784 Spooler - ok 11:11:00.0003 1784 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe 11:11:00.0066 1784 sppsvc - ok 11:11:00.0081 1784 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll 11:11:00.0113 1784 sppuinotify - ok 11:11:00.0175 1784 SRTSP (38d169348885454747a9b0b32d3b57f4) C:\Windows\system32\Drivers\SRTSP64.SYS 11:11:00.0206 1784 SRTSP - ok 11:11:00.0237 1784 SRTSPL (8321388d4af04003ac3c3f97f98317ea) C:\Windows\system32\Drivers\SRTSPL64.SYS 11:11:00.0269 1784 SRTSPL - ok 11:11:00.0300 1784 SRTSPX (7e91a1ae3053e876195bebfe0d4b938c) C:\Windows\system32\Drivers\SRTSPX64.SYS 11:11:00.0331 1784 SRTSPX - ok 11:11:00.0362 1784 srv (148d50904d2a0df29a19778715eb35bb) C:\Windows\system32\DRIVERS\srv.sys 11:11:00.0393 1784 srv - ok 11:11:00.0409 1784 srv2 (ce2189fe31d36678ac9eb7ddee08ec96) C:\Windows\system32\DRIVERS\srv2.sys 11:11:00.0425 1784 srv2 - ok 11:11:00.0471 1784 srvnet (cb69edeb069a49577592835659cd0e46) C:\Windows\system32\DRIVERS\srvnet.sys 11:11:00.0487 1784 srvnet - ok 11:11:00.0549 1784 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll 11:11:00.0596 1784 SSDPSRV - ok 11:11:00.0690 1784 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll 11:11:00.0737 1784 SstpSvc - ok 11:11:00.0799 1784 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys 11:11:00.0815 1784 stexstor - ok 11:11:00.0861 1784 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll 11:11:00.0893 1784 stisvc - ok 11:11:00.0955 1784 STOPzilla Local Service - ok 11:11:01.0033 1784 storflt (ffd7a6f15b14234b5b0e5d49e7961895) C:\Windows\system32\DRIVERS\vmstorfl.sys 11:11:01.0049 1784 storflt - ok 11:11:01.0080 1784 StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll 11:11:01.0111 1784 StorSvc - ok 11:11:01.0173 1784 storvsc (8fccbefc5c440b3c23454656e551b09a) C:\Windows\system32\DRIVERS\storvsc.sys 11:11:01.0189 1784 storvsc - ok 11:11:01.0283 1784 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys 11:11:01.0298 1784 swenum - ok 11:11:01.0345 1784 swmsflt (0f84a321e89d3d78233d77a5ca86bba6) C:\Windows\System32\drivers\swmsflt.sys 11:11:01.0361 1784 swmsflt - ok 11:11:01.0485 1784 SWNC8U80 (773a241e354daaecfd0e716462c9ba43) C:\Windows\system32\DRIVERS\swnc8u80.sys 11:11:01.0501 1784 SWNC8U80 - ok 11:11:01.0548 1784 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll 11:11:01.0595 1784 swprv - ok 11:11:01.0688 1784 SWUMX80 (6149b0691beb390a0bda3a8e90787fd4) C:\Windows\system32\DRIVERS\swumx80.sys 11:11:01.0719 1784 SWUMX80 - ok 11:11:01.0829 1784 Symantec AntiVirus (dd10cb8aa990f89091bc267370fd0843) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe 11:11:01.0875 1784 Symantec AntiVirus - ok 11:11:01.0969 1784 SymEvent (70c8d165063eb76f1a373b74456d2aab) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS 11:11:02.0000 1784 SymEvent - ok 11:11:02.0063 1784 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll 11:11:02.0109 1784 SysMain - ok 11:11:02.0141 1784 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll 11:11:02.0156 1784 TabletInputService - ok 11:11:02.0187 1784 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll 11:11:02.0219 1784 TapiSrv - ok 11:11:02.0250 1784 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll 11:11:02.0281 1784 TBS - ok 11:11:02.0359 1784 Tcpip (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\drivers\tcpip.sys 11:11:02.0406 1784 Tcpip - ok 11:11:02.0484 1784 TCPIP6 (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\DRIVERS\tcpip.sys 11:11:02.0515 1784 TCPIP6 - ok 11:11:02.0546 1784 tcpipBM (7734bdcf76898452c8d83745da1b86fa) C:\Windows\system32\drivers\tcpipBM.sys 11:11:02.0577 1784 tcpipBM ( UnsignedFile.Multi.Generic ) - warning 11:11:02.0577 1784 tcpipBM - detected UnsignedFile.Multi.Generic (1) 11:11:02.0609 1784 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys 11:11:02.0655 1784 tcpipreg - ok 11:11:02.0671 1784 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys 11:11:02.0718 1784 TDPIPE - ok 11:11:02.0749 1784 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys 11:11:02.0780 1784 TDTCP - ok 11:11:02.0811 1784 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys 11:11:02.0843 1784 tdx - ok 11:11:02.0858 1784 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys 11:11:02.0874 1784 TermDD - ok 11:11:02.0921 1784 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll 11:11:02.0967 1784 TermService - ok 11:11:02.0983 1784 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll 11:11:02.0999 1784 Themes - ok 11:11:03.0030 1784 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll 11:11:03.0077 1784 THREADORDER - ok 11:11:03.0108 1784 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll 11:11:03.0155 1784 TrkWks - ok 11:11:03.0217 1784 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe 11:11:03.0233 1784 TrustedInstaller - ok 11:11:03.0295 1784 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys 11:11:03.0326 1784 tssecsrv - ok 11:11:03.0404 1784 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys 11:11:03.0435 1784 tunnel - ok 11:11:03.0467 1784 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys 11:11:03.0482 1784 uagp35 - ok 11:11:03.0513 1784 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys 11:11:03.0545 1784 udfs - ok 11:11:03.0591 1784 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe 11:11:03.0607 1784 UI0Detect - ok 11:11:03.0654 1784 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys 11:11:03.0669 1784 uliagpkx - ok 11:11:03.0701 1784 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys 11:11:03.0716 1784 umbus - ok 11:11:03.0732 1784 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys 11:11:03.0747 1784 UmPass - ok 11:11:03.0779 1784 UmRdpService (af0ac98ee5077eb844413eb54287fde3) C:\Windows\System32\umrdp.dll 11:11:03.0794 1784 UmRdpService - ok 11:11:03.0825 1784 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll 11:11:03.0872 1784 upnphost - ok 11:11:03.0919 1784 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys 11:11:03.0935 1784 USBAAPL64 - ok 11:11:03.0981 1784 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys 11:11:03.0997 1784 usbccgp - ok 11:11:04.0028 1784 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys 11:11:04.0044 1784 usbcir - ok 11:11:04.0075 1784 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys 11:11:04.0091 1784 usbehci - ok 11:11:04.0122 1784 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys 11:11:04.0137 1784 usbhub - ok 11:11:04.0153 1784 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys 11:11:04.0169 1784 usbohci - ok 11:11:04.0200 1784 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys 11:11:04.0215 1784 usbprint - ok 11:11:04.0247 1784 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS 11:11:04.0262 1784 USBSTOR - ok 11:11:04.0278 1784 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys 11:11:04.0293 1784 usbuhci - ok 11:11:04.0387 1784 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys 11:11:04.0403 1784 usbvideo - ok 11:11:04.0449 1784 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll 11:11:04.0481 1784 UxSms - ok 11:11:04.0527 1784 VaultSvc (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe 11:11:04.0543 1784 VaultSvc - ok 11:11:04.0652 1784 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys 11:11:04.0668 1784 vdrvroot - ok 11:11:04.0715 1784 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe 11:11:04.0730 1784 vds - ok 11:11:04.0777 1784 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys 11:11:04.0808 1784 vga - ok 11:11:04.0824 1784 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys 11:11:04.0871 1784 VgaSave - ok 11:11:04.0902 1784 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys 11:11:04.0917 1784 vhdmp - ok 11:11:04.0933 1784 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys 11:11:04.0949 1784 viaide - ok 11:11:04.0980 1784 vmbus (1501699d7eda984abc4155a7da5738d1) C:\Windows\system32\DRIVERS\vmbus.sys 11:11:04.0995 1784 vmbus - ok 11:11:05.0027 1784 VMBusHID (ae10c35761889e65a6f7176937c5592c) C:\Windows\system32\DRIVERS\VMBusHID.sys 11:11:05.0042 1784 VMBusHID - ok 11:11:05.0073 1784 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys 11:11:05.0089 1784 volmgr - ok 11:11:05.0120 1784 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys 11:11:05.0136 1784 volmgrx - ok 11:11:05.0167 1784 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys 11:11:05.0183 1784 volsnap - ok 11:11:05.0198 1784 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys 11:11:05.0214 1784 vsmraid - ok 11:11:05.0276 1784 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe 11:11:05.0323 1784 VSS - ok 11:11:05.0370 1784 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys 11:11:05.0385 1784 vwifibus - ok 11:11:05.0432 1784 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys 11:11:05.0448 1784 vwififlt - ok 11:11:05.0557 1784 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll 11:11:05.0604 1784 W32Time - ok 11:11:05.0651 1784 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys 11:11:05.0666 1784 WacomPen - ok 11:11:05.0713 1784 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys 11:11:05.0744 1784 WANARP - ok 11:11:05.0760 1784 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys 11:11:05.0807 1784 Wanarpv6 - ok 11:11:05.0900 1784 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe 11:11:05.0931 1784 wbengine - ok 11:11:05.0963 1784 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll 11:11:05.0978 1784 WbioSrvc - ok 11:11:06.0025 1784 wcncsvc (dd1bae8ebfc653824d29ccf8c9054d68) C:\Windows\System32\wcncsvc.dll 11:11:06.0041 1784 wcncsvc - ok 11:11:06.0072 1784 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll 11:11:06.0087 1784 WcsPlugInService - ok 11:11:06.0119 1784 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys 11:11:06.0134 1784 Wd - ok 11:11:06.0165 1784 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys 11:11:06.0181 1784 Wdf01000 - ok 11:11:06.0228 1784 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll 11:11:06.0243 1784 WdiServiceHost - ok 11:11:06.0259 1784 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll 11:11:06.0306 1784 WdiSystemHost - ok 11:11:06.0337 1784 WebClient (733006127f235be7c35354ebee7b9a7b) C:\Windows\System32\webclnt.dll 11:11:06.0353 1784 WebClient - ok 11:11:06.0384 1784 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll 11:11:06.0431 1784 Wecsvc - ok 11:11:06.0462 1784 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll 11:11:06.0493 1784 wercplsupport - ok 11:11:06.0540 1784 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll 11:11:06.0571 1784 WerSvc - ok 11:11:06.0680 1784 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys 11:11:06.0711 1784 WfpLwf - ok 11:11:06.0743 1784 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys 11:11:06.0758 1784 WIMMount - ok 11:11:06.0821 1784 WinDefend - ok 11:11:06.0836 1784 WinHttpAutoProxySvc - ok 11:11:06.0945 1784 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll 11:11:06.0992 1784 Winmgmt - ok 11:11:07.0070 1784 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll 11:11:07.0133 1784 WinRM - ok 11:11:07.0257 1784 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys 11:11:07.0273 1784 WinUsb - ok 11:11:07.0320 1784 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll 11:11:07.0351 1784 Wlansvc - ok 11:11:07.0413 1784 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys 11:11:07.0413 1784 WmiAcpi - ok 11:11:07.0491 1784 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe 11:11:07.0507 1784 wmiApSrv - ok 11:11:07.0538 1784 WMPNetworkSvc - ok 11:11:07.0632 1784 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll 11:11:07.0647 1784 WPCSvc - ok 11:11:07.0663 1784 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll 11:11:07.0679 1784 WPDBusEnum - ok 11:11:07.0725 1784 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys 11:11:07.0772 1784 ws2ifsl - ok 11:11:07.0866 1784 wscsvc (8f9f3969933c02da96eb0f84576db43e) C:\Windows\system32\wscsvc.dll 11:11:07.0881 1784 wscsvc - ok 11:11:07.0881 1784 WSearch - ok 11:11:07.0959 1784 wuauserv (38340204a2d0228f1e87740fc5e554a7) C:\Windows\system32\wuaueng.dll 11:11:08.0037 1784 wuauserv - ok 11:11:08.0084 1784 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys 11:11:08.0115 1784 WudfPf - ok 11:11:08.0147 1784 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys 11:11:08.0178 1784 WUDFRd - ok 11:11:08.0256 1784 wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\Windows\System32\WUDFSvc.dll 11:11:08.0287 1784 wudfsvc - ok 11:11:08.0318 1784 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll 11:11:08.0349 1784 WwanSvc - ok 11:11:08.0459 1784 yukonw7 (64f88af327aa74e03658ae32b48ccb8b) C:\Windows\system32\DRIVERS\yk62x64.sys 11:11:08.0474 1784 yukonw7 - ok 11:11:08.0521 1784 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0 11:11:08.0661 1784 \Device\Harddisk0\DR0 ( TDSS File System ) - warning 11:11:08.0661 1784 \Device\Harddisk0\DR0 - detected TDSS File System (1) 11:11:08.0677 1784 Boot (0x1200) (662aa67fcc5d0fc65b4e9adc62f2bfa4) \Device\Harddisk0\DR0\Partition0 11:11:08.0677 1784 \Device\Harddisk0\DR0\Partition0 - ok 11:11:08.0693 1784 Boot (0x1200) (3f0bc95441fa6dd9f75b18afbe369bf5) \Device\Harddisk0\DR0\Partition1 11:11:08.0693 1784 \Device\Harddisk0\DR0\Partition1 - ok 11:11:08.0693 1784 ============================================================ 11:11:08.0693 1784 Scan finished 11:11:08.0693 1784 ============================================================ 11:11:08.0708 2976 Detected object count: 5 11:11:08.0708 2976 Actual detected object count: 5 11:11:13.0263 2976 BMLoad ( UnsignedFile.Multi.Generic ) - skipped by user 11:11:13.0263 2976 BMLoad ( UnsignedFile.Multi.Generic ) - User select action: Skip 11:11:13.0404 2976 C:\Windows\system32\TcUsb.dll - copied to quarantine 11:11:13.0887 2976 HKLM\SYSTEM\ControlSet001\services\Cinemsup - will be deleted on reboot 11:11:14.0075 2976 C:\Windows\system32\TcUsb.dll - will be deleted on reboot 11:11:14.0075 2976 Cinemsup ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete 11:11:14.0075 2976 SolidWorks Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user 11:11:14.0090 2976 SolidWorks Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 11:11:14.0090 2976 tcpipBM ( UnsignedFile.Multi.Generic ) - skipped by user 11:11:14.0090 2976 tcpipBM ( UnsignedFile.Multi.Generic ) - User select action: Skip 11:11:14.0090 2976 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user 11:11:14.0090 2976 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip 11:11:22.0967 0996 Deinitialize success
  12. There is not an option to cure, only to delete, but the instructions say not to use delete unless instructed. Thanks Gus
  13. I decided to go with the cleaning. I ran TDSSKiller and this is a screen print of the results of the scan. There is no option to CURE. Please advise.
  14. Thank for your help MrCharlie! I followed your instructions and this is the report: RogueKiller V7.3.2 [03/20/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7600 ) 64 bits version Started in : Normal mode User: ccaracciolo [Admin rights] Mode: Scan -- Date: 04/02/2012 09:43:17 ¤¤¤ Bad processes: 0 ¤¤¤ ¤¤¤ Registry Entries: 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver: [NOT LOADED] ¤¤¤ ¤¤¤ Infection : ZeroAccess ¤¤¤ [ZeroAccess] sys32\consrv.dll present! ¤¤¤ HOSTS File: ¤¤¤ ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: WDC WD2500BEVT-75A23T0 ATA Device +++++ --- User --- [MBR] d33edfe67ab1a03c3937bdb8a311678b [bSP] 81b7824b68ee6103ca78272c99caf828 : Windows 7 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 217990 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 446445568 | Size: 20482 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[9].txt >> RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt ; RKreport[6].txt ; RKreport[7].txt ; RKreport[8].txt ; RKreport[9].txt
  15. Hello all, I have a laptop with 64bit Windows 7. I started observing random advertisements and ran Malwarebytes and the svchost file using a lot of cpu power. The results were that I had an infection with trojan.agent. I tried to clean it but it comes back all the time, either as trojan.agent or trojanproxy.agent. Please help. Attached are the dds.txt and attach files as well as a hijackthis log. Any help will be greatly appreciated. Thanks in advance, Gus Sorry for attaching the logs. This is the DDS log: . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_26 Run by ccaracciolo at 11:03:08 on 2012-03-30 Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.3032.1658 [GMT -4:00] . SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe C:\Windows\System32\spoolsv.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe C:\Windows\system32\WUDFHost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SmcGui.exe C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Users\ccaracciolo\Application Data\Dropbox\bin\Dropbox.exe C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\wuauclt.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Windows\SysWOW64\ping.exe C:\Windows\system32\conhost.exe C:\Windows\explorer.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://m.www.yahoo.com/?fr=w3i&type=W3i_SP,150,0_0,StartPage,20100312,6687,0,8,0 uWindow Title = Microsoft Internet Explorer provided by IN)Range Systems uInternet Settings,ProxyOverride = *.local mWinlogon: Userinit=userinit.exe, BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO: STOPzilla Browser Helper Object: {e3215f20-3212-11d6-9f8b-00d0b743919d} - C:\Windows\SysWOW64\StopzillaBHO.dll TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File mRun: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe" mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe mRun: [<NO NAME>] mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" dRun: [4Y3Y0C3A1V0FUXUGPXMSQPMVDIRKALS] C:\RBin\0A50B4EE035.exe /q StartupFolder: C:\Users\CCARAC~1\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\ccaracciolo\Application Data\Dropbox\bin\Dropbox.exe uPolicies-system: HideLegacyLogonScripts = 1 (0x1) uPolicies-system: HideLogonScripts = 1 (0x1) uPolicies-system: HideLogoffScripts = 1 (0x1) mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: PromptOnSecureDesktop = 0 (0x0) dPolicies-explorer: HideSCAHealth = 1 (0x1) dPolicies-system: HideLegacyLogonScripts = 1 (0x1) dPolicies-system: HideLogonScripts = 1 (0x1) dPolicies-system: HideLogoffScripts = 1 (0x1) IE: &Search IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll LSP: mswsock.dll DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: DhcpNameServer = 10.1.2.20 10.1.2.19 TCP: Interfaces\{5698B770-A4CA-4C7F-AA8B-E31DCCABBCD9} : DhcpNameServer = 4.2.2.1 4.2.2.2 TCP: Interfaces\{F3BE685E-EDAE-4531-B1A6-A3CA0E1C4EF8} : DhcpNameServer = 10.1.2.20 10.1.2.19 Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4 BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO-X64: SkypeIEPluginBHO - No File BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO-X64: STOPzilla Browser Helper Object: {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Windows\SysWOW64\StopzillaBHO.dll TB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File mRun-x64: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe" mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe mRun-x64: [(Default)] mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\ccaracciolo\Application Data\Mozilla\Firefox\Profiles\8zycntl7.default\ FF - prefs.js: network.proxy.type - 0 FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll . ============= SERVICES / DRIVERS =============== . R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?] R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952] R2 Symantec AntiVirus;Symantec Endpoint Protection;C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe [2009-4-1 2440120] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-5-23 136824] R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 Device Manager;Device Manager;C:\Windows\System32\config\systemprofile\AppData\Roaming\devicemgrsvc.bat [2012-3-28 120] S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-5-25 136176] S2 STOPzilla Local Service;STOPzilla Local Service;C:\Program Files (x86)\STOPzilla!\SZNTSvc.exe /service "STOPzilla Local Service" --> C:\Program Files (x86)\STOPzilla!\SZNTSvc.exe [?] S3 ATTRcAppSvc;AT&T RcAppSvc;C:\Program Files (x86)\AT&T\Communication Manager\RcAppSvc.exe [2010-7-27 121416] S3 CAATT;AT&T Con App Svc;C:\Program Files (x86)\AT&T\Communication Manager\ConAppsSvc.exe [2010-7-27 125512] S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-5-25 136176] S3 PCTINDIS5X64;PCTINDIS5X64 NDIS Protocol Driver;\??\C:\Windows\system32\PCTINDIS5X64.SYS --> C:\Windows\system32\PCTINDIS5X64.SYS [?] S3 Ser2rs;Radioshack USB to Serial Driver;C:\Windows\system32\DRIVERS\ser2rs64.sys --> C:\Windows\system32\DRIVERS\ser2rs64.sys [?] S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992] S3 SWNC8U80;Sierra Wireless MUX NDIS Driver (UMTS80);C:\Windows\system32\DRIVERS\swnc8u80.sys --> C:\Windows\system32\DRIVERS\swnc8u80.sys [?] S3 SWUMX80;Sierra Wireless USB MUX Driver (UMTS80);C:\Windows\system32\DRIVERS\swumx80.sys --> C:\Windows\system32\DRIVERS\swumx80.sys [?] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?] SUnknown SPService;SPService; [x] . =============== Created Last 30 ================ . 2012-03-30 14:11:58 -------- d-----w- C:\Program Files (x86)\STOPzilla! 2012-03-30 13:17:39 -------- d-----w- C:\Program Files (x86)\VS Revo Group 2012-03-29 21:24:31 -------- d-----w- C:\Program Files\STOPzilla! 2012-03-29 19:35:22 57976 ----a-r- C:\Windows\System32\drivers\SBREDrv.sys 2012-03-29 19:01:36 -------- d-----w- C:\TDSSKiller_Quarantine 2012-03-29 18:51:29 0 --sha-w- C:\Windows\System32\dds_trash_log.cmd 2012-03-29 17:57:59 -------- d-----w- C:\Program Files\CCleaner 2012-03-29 15:10:34 20480 ----a-w- C:\Windows\backupsvchostbackup.exe 2012-03-27 18:29:48 -------- d-----w- C:\ProgramData\F4D55F3B000435DB03318318A6014588 2012-03-27 18:28:10 -------- d-----we C:\Windows\system64 2012-03-27 18:27:16 99328 ----a-w- C:\Windows\System32\compgMgr64.dll 2012-03-27 18:27:16 88064 ----a-w- C:\Windows\SysWow64\compgMgr.dll 2012-03-26 21:41:31 -------- d-sh--w- C:\Windows\System32\%APPDATA% 2012-03-23 18:43:37 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-03-23 18:43:37 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-03-23 18:31:24 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy 2012-03-23 18:31:24 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2012-03-20 18:19:06 -------- d-----w- C:\Program Files (x86)\Citrix 2012-03-20 18:17:35 60304 ----a-w- C:\Users\ccaracciolo\g2mdlhlpx.exe 2012-03-19 14:50:34 -------- d-----w- C:\Program Files\iPod 2012-03-19 14:50:33 -------- d-----w- C:\Program Files\iTunes 2012-03-19 14:50:33 -------- d-----w- C:\Program Files (x86)\iTunes . ==================== Find3M ==================== . 2012-02-15 15:01:50 52736 ----a-w- C:\Windows\System32\drivers\usbaapl64.sys 2012-02-15 15:01:50 4547944 ----a-w- C:\Windows\System32\usbaaplrc.dll 2012-01-19 14:22:08 45936 ----a-r- C:\Windows\System32\SBBD.EXE . ============= FINISH: 11:04:38.72 =============== This is the Attach log: . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows 7 Professional Boot Device: \Device\HarddiskVolume1 Install Date: 5/23/2011 6:46:05 AM System Uptime: 3/30/2012 10:43:20 AM (1 hours ago) . Motherboard: Dell Inc. | | 0G848F Processor: Pentium® Dual-Core CPU T4500 @ 2.30GHz | Microprocessor | 2300/200mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 213 GiB total, 158.204 GiB free. D: is FIXED (NTFS) - 20 GiB total, 11.674 GiB free. E: is CDROM () F: is CDROM (CDFS) G: is Removable M: is Removable . ==== Disabled Device Manager Items ============= . Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318} Description: Cisco Systems VPN Adapter for 64-bit Windows Device ID: ROOT\NET\0000 Manufacturer: Cisco Systems Name: Cisco Systems VPN Adapter for 64-bit Windows PNP Device ID: ROOT\NET\0000 Service: CVirtA . ==== System Restore Points =================== . No restore point in system. . ==== Installed Programs ====================== . Adobe AIR Adobe Flash Player 11 ActiveX Adobe Reader X (10.1.1) Amazon Kindle Apple Application Support Apple Software Update Brother Driver Deployment Wizard Cisco IP Communicator Click to Call with Skype Driver Detective Dropbox Google Chrome Google Toolbar for Internet Explorer Google Update Helper GoToMeeting 5.1.0.880 Java Auto Updater Java 6 Update 26 LiveUpdate 3.3 (Symantec Corporation) Malwarebytes Anti-Malware version 1.60.1.1000 Microsoft Office Access MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office InfoPath MUI (English) 2007 Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Professional Plus 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Publisher MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Standard 2007 Microsoft Office Word MUI (English) 2007 Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs Microsoft Silverlight Mozilla Firefox 4.0.1 (x86 en-US) QuickTime RadioShack USB to Serial Driver Revo Uninstaller 1.93 Safari Skype™ 5.5 SolidWorks eDrawings 2011 Spybot - Search & Destroy Stamps.com Stamps.com Address Book Support for Microsoft Outlook 97-2010 Stamps.com support for Microsoft Outlook 97-2010 VLC media player 1.1.9 . ==== Event Viewer Messages From Past Week ======== . 3/30/2012 9:55:58 AM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 3/30/2012 9:55:58 AM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 3/30/2012 9:55:13 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start. 3/30/2012 9:55:12 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 3/30/2012 9:55:12 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 3/30/2012 9:55:10 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89} 3/30/2012 9:55:10 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E} 3/30/2012 9:55:09 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 3/30/2012 9:55:03 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} 3/30/2012 9:54:59 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD CSC DfsC discache eeCtrl luafv NetBIOS NetBT nsiproxy Psched rdbss SASDIFSV SASKUTIL spldr SRTSP SRTSPX tcpipBM tdx vwififlt Wanarpv6 WfpLwf ws2ifsl 3/30/2012 9:54:55 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 3/30/2012 9:54:55 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning. 3/30/2012 9:54:55 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 3/30/2012 9:54:55 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 3/30/2012 9:54:55 AM, Error: Service Control Manager [7001] - The Netlogon service depends on the Workstation service which failed to start because of the following error: The dependency service or group failed to start. 3/30/2012 9:54:55 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 3/30/2012 9:54:49 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 3/30/2012 9:54:49 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning. 3/30/2012 9:54:49 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 3/30/2012 9:54:49 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning. 3/30/2012 9:54:49 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 3/30/2012 11:02:11 AM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file. 3/30/2012 10:43:49 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: luafv 3/30/2012 10:43:49 AM, Error: Service Control Manager [7023] - The Windows Defender service terminated with the following error: The specified module could not be found. 3/30/2012 10:43:48 AM, Error: Service Control Manager [7023] - The SPService service terminated with the following error: The specified module could not be found. 3/30/2012 10:43:48 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Device Manager service to connect. 3/30/2012 10:43:45 AM, Error: Service Control Manager [7000] - The STOPzilla Local Service service failed to start due to the following error: The system cannot find the file specified. 3/30/2012 10:12:34 AM, Error: Service Control Manager [7030] - The STOPzilla Local Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. 3/29/2012 9:42:06 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x0000000000000000, 0x0000000000000002, 0x0000000000000000, 0xfffff80002adc79f). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 032912-46457-01. 3/29/2012 9:36:19 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000096, 0xfffff80002aac08a, 0x0000000000000000, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 032912-29858-01. 3/29/2012 9:32:00 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff80001e6a797, 0x0000000000000000, 0x000000007ef90000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 032912-35505-01. 3/29/2012 2:54:31 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running. 3/29/2012 2:54:31 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Multimedia Class Scheduler service, but this action failed with the following error: An instance of the service is already running. 3/29/2012 2:52:31 PM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 3/29/2012 2:52:31 PM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 3/29/2012 2:52:31 PM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 3/29/2012 2:52:31 PM, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 3/29/2012 2:52:31 PM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 3/29/2012 2:52:31 PM, Error: Service Control Manager [7031] - The Secondary Logon service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 3/29/2012 2:52:31 PM, Error: Service Control Manager [7031] - The Remote Access Connection Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 3/29/2012 2:52:31 PM, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 3/29/2012 2:52:31 PM, Error: Service Control Manager [7031] - The IP Helper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 3/29/2012 2:52:31 PM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 3/29/2012 2:52:31 PM, Error: Service Control Manager [7031] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 3/29/2012 2:52:31 PM, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 3/29/2012 2:52:05 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. 3/29/2012 2:52:05 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535. 3/29/2012 2:43:59 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD CSC DfsC discache eeCtrl luafv NetBIOS NetBT nsiproxy Psched rdbss spldr SRTSP SRTSPX tcpipBM tdx vwififlt Wanarpv6 WfpLwf ws2ifsl 3/29/2012 2:09:59 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046} 3/29/2012 11:46:20 AM, Error: Service Control Manager [7022] - The Windows Font Cache Service service hung on starting. 3/29/2012 11:29:22 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache eeCtrl luafv spldr SRTSP SRTSPX Wanarpv6 3/29/2012 1:55:35 PM, Error: Service Control Manager [7031] - The Windows Update service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 3/29/2012 1:55:34 PM, Error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 3/28/2012 4:57:02 PM, Error: Service Control Manager [7030] - The Device Manager service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. 3/28/2012 4:45:50 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Symantec Endpoint Protection service, but this action failed with the following error: An instance of the service is already running. 3/28/2012 4:45:41 PM, Error: Service Control Manager [7031] - The Symantec Settings Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service. 3/28/2012 4:45:41 PM, Error: Service Control Manager [7031] - The Symantec Event Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 200 milliseconds: Restart the service. 3/28/2012 4:45:40 PM, Error: Service Control Manager [7031] - The Symantec Management Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service. 3/28/2012 4:45:40 PM, Error: Service Control Manager [7031] - The Symantec Endpoint Protection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. 3/28/2012 3:02:51 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff80001e62797, 0x0000000000000000, 0x000000007efa0000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 032812-40513-01. 3/27/2012 3:56:23 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the eventlog service. 3/27/2012 2:40:18 PM, Error: Service Control Manager [7022] - The Background Intelligent Transfer Service service hung on starting. 3/27/2012 2:34:37 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff80002d6a32a, 0x0000000000000001, 0x0000000000000018). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 032712-34694-01. 3/27/2012 2:17:01 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Browser service. 3/27/2012 2:17:01 PM, Error: Service Control Manager [7000] - The Computer Browser service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 3/27/2012 10:05:23 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff80002ab1797, 0x0000000000000000, 0x000000007ef90000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 032712-30201-01. 3/26/2012 8:51:35 AM, Error: NetBT [4321] - The name "INRANGE :1d" could not be registered on the interface with IP address 10.1.2.98. The computer with the IP address 10.1.2.20 did not allow the name to be claimed by this computer. 3/26/2012 5:44:00 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff80002ab1797, 0x0000000000000000, 0x000000007efa0000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 032612-29437-01. 3/26/2012 5:40:49 PM, Error: Service Control Manager [7034] - The Diagnostic System Host service terminated unexpectedly. It has done this 1 time(s). 3/26/2012 5:40:49 PM, Error: Service Control Manager [7031] - The WLAN AutoConfig service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 3/26/2012 5:40:49 PM, Error: Service Control Manager [7031] - The Windows Driver Foundation - User-mode Driver Framework service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 3/26/2012 5:40:49 PM, Error: Service Control Manager [7031] - The Windows Audio Endpoint Builder service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 3/26/2012 5:40:49 PM, Error: Service Control Manager [7031] - The Superfetch service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 3/26/2012 5:40:49 PM, Error: Service Control Manager [7031] - The Program Compatibility Assistant Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 3/26/2012 5:40:49 PM, Error: Service Control Manager [7031] - The Portable Device Enumerator Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 3/26/2012 5:40:49 PM, Error: Service Control Manager [7031] - The Offline Files service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 3/26/2012 5:40:49 PM, Error: Service Control Manager [7031] - The Network Connections service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service. 3/26/2012 5:40:49 PM, Error: Service Control Manager [7031] - The Distributed Link Tracking Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 3/26/2012 5:40:49 PM, Error: Service Control Manager [7031] - The Desktop Window Manager Session Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 3/23/2012 2:34:27 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect. 3/23/2012 2:34:27 PM, Error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 3/23/2012 2:34:27 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service gupdate with arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69} 3/23/2012 10:11:18 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service LiveUpdate with arguments "" in order to run the server: {03E0E6C2-363B-11D3-B536-00902771A435} 3/23/2012 10:11:17 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the LiveUpdate service to connect. 3/23/2012 10:11:17 AM, Error: Service Control Manager [7000] - The LiveUpdate service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. . ==== End Of File =========================== and this is the Hijackthis log: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 10:52:24 AM, on 3/30/2012 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16766) Boot mode: Normal Running processes: C:\Users\ccaracciolo\Application Data\Dropbox\bin\Dropbox.exe C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe C:\Users\ccaracciolo\Desktop\HijackThis.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://m.www.yahoo.com/?fr=w3i&type=W3i_SP,150,0_0,StartPage,20100312,6687,0,8,0 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by IN)Range Systems R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local F2 - REG:system.ini: UserInit=userinit.exe, O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Windows\SysWOW64\StopzillaBHO.dll O4 - HKLM\..\Run: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKUS\S-1-5-18\..\Run: [4Y3Y0C3A1V0FUXUGPXMSQPMVDIRKALS] C:\RBin\0A50B4EE035.exe /q (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [4Y3Y0C3A1V0FUXUGPXMSQPMVDIRKALS] C:\RBin\0A50B4EE035.exe /q (User 'Default user') O4 - Startup: Dropbox.lnk = C:\Users\ccaracciolo\Application Data\Dropbox\bin\Dropbox.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll O16 - DPF: Garmin Communicator Plug-In - https://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = inrange.local O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = inrange.local O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = inrange.local O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: AT&T RcAppSvc (ATTRcAppSvc) - SmithMicro Inc. - C:\Program Files (x86)\AT&T\Communication Manager\RcAppSvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: AT&T Con App Svc (CAATT) - SmithMicro Inc. - C:\Program Files (x86)\AT&T\Communication Manager\ConAppsSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe O23 - Service: Device Manager - Unknown owner - C:\Windows\System32\config\systemprofile\AppData\Roaming\devicemgrsvc.bat (file missing) O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: STOPzilla Local Service - Unknown owner - C:\Program Files (x86)\STOPzilla!\SZNTSvc.exe (file missing) O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 9434 bytes Attach.txt DDS.txt hijackthis.log
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.