needhelp1968

Hello, Couple of questions: 1) The volume indicator doesn't show anymore. When I increase or decrease the volume the bars appear towards of the bottom of the screen. They no longer appear. The volume does get adjusted but the bars don't show anymore. 2) Youtube record function is no longer working. Keeps prompting for apple quick time to be added to start up. Even after doing so, the recording option from youtube is blocked. Not sure what did that. Otherwise the computer seems to be doing well. Thanks again for your tremendous help!

Hello. 1) I ran delfile.bat and deleted the files. 2) We had not used DeFogger during this thread so I didn't mess with it. 3) I uninstalled Combofix. 4) I ran OTCleanIt 5) As recommended by you, I will be keeping Revo & CCleaner. I already have MBAM (Pro) running. 6) Security Programs: I have Norton & MBAM. I also installed the free version of WinPatrol. I also have Search and Destroy. It is still running, From the initial look of it, both SD and WinPatrol seem to be kind of same. Yes? I get Norton free from the internet provider. But I am willing to switch to Security Essentials if you think MSE has better security than Norton. 7) I also ran Windows Update and downloaded some updates. It is set to automatically download updates. 8) I reviewed the safety links you sent and will keep those in mind while online. 9) The computer seems to be working fine. Performance is good. Boot up was faster. IE is working normally. No malicious websites are being opened. Questions for you: =============== 1) Do you recommend using a different browser? So far I am using IE. I also downloaded Chrome now. Do you recommend Opera or Firefox or some other browser since IE has more vulnerabilities? 2) MSE or Norton? 3) Some of the programs that we removed from the start up script, if I need to add some of them back, how do I do it? Thank you very much. I really appreciate your help in cleaning up my computer. I will post back in another 24 hours or so with an update on how the computer is doing. Thanks again!

Hello! 1) I ran HijackThis and fixed the items you mentioned. 2) I ran the ESET Scan and here is the log: ====================================== C:\FRST\Quarantine\services.exe Win32/Sirefef.FB.Gen trojan C:\Qoobox\Quarantine\C\Windows\Installer\{f12373c9-bcd6-82bd-69d3-af7ed0d4ff3b}\U\80000000.@.vir a variant of Win32/Sirefef.FA trojan C:\Users\Neetu\Documents\Downloads\VeohWebPlayerSetup_eng.exe Win32/OpenCandy application C:\Users\Neetu\Downloads\cnet2_trj684_exe.exe a variant of Win32/InstallCore.D application ====================================== Thanks.

Phew :-) Thanks for the detailed instructions. I think I followed everything as you wanted me to. 1) I downloaded Revo Uninstaller and successfully removed the programs you had listed to be removed. 2) I downloaded the latest Adobe from the link you provided. 3) I installed Java from the link you provided. 4) I installed CCleaner and cleaned out the temp files. 5) I ran MBAM and here is the log: ================================================================ Malwarebytes Anti-Malware (PRO) 1.61.0.1400 www.malwarebytes.org Database version: v2012.07.07.06 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 Neetu :: NEETU-PC [administrator] Protection: Enabled 7/7/2012 1:28:11 PM mbam-log-2012-07-07 (13-28-11).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 205573 Time elapsed: 10 minute(s), 39 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) ================================================================ 6) I ran HijackThis and here is the log: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 1:44:23 PM, on 7/7/2012 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v9.00 (9.00.8112.16446) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Norton Security Suite\Engine\4.4.0.12\ccSvcHst.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe C:\Program Files\Launch Manager\LManager.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\QuickTime\qttask.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\The Weather Channel\The Weather Channel App\TWCApp.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE C:\Program Files\OpenOffice.org 2.3\program\soffice.exe C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE C:\Windows\system32\igfxext.exe C:\Windows\system32\igfxsrvc.exe C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE C:\Users\Neetu\AppData\Local\Temp\RtkBtMnt.exe C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe C:\Windows\system32\NOTEPAD.EXE C:\Program Files\DivX\DivX Update\DivXUpdate.exe C:\Windows\notepad.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\Macromed\Flash\FlashUtil32_11_3_300_257_ActiveX.exe C:\Users\Neetu\Downloads\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=mcafee&p=%s R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\4.4.0.12\coIEPlg.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\4.4.0.12\IPSBHO.DLL O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll O3 - Toolbar: Veoh Video Compass - {52836EB0-631A-47B1-94A6-61F9D9112DAE} - C:\Program Files\Veoh Networks\Veoh Video Compass\SearchRecsPlugin.dll O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\4.4.0.12\coIEPlg.dll O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [PLFSet] rundll32.exe C:\Windows\PLFSet.dll,PLFDefSetting O4 - HKLM\..\Run: [iAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe O4 - HKLM\..\Run: [Acer Assist Launcher] C:\Program Files\Acer Assist\launcher.exe O4 - HKLM\..\Run: [Acer Product Registration] "C:\Program Files\Acer Registration\ACE1.exe" /startup O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [skytel] Skytel.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun O4 - HKCU\..\Run: [DW7] "C:\Program Files\The Weather Channel\The Weather Channel App\TWCApp.exe" O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\RunOnce: [blekkotb] reg.exe delete "HKCU\Software\AppDataLow\Software\blekkotb" /f O4 - HKCU\..\RunOnce: [blekkotb_XP] reg.exe delete "HKCU\Software\blekkotb" /f O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe O4 - Global Startup: Device Detector 2.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe O4 - Global Startup: Empowering Technology Launcher.lnk = C:\Acer\Empowering Technology\eAPLauncher.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre7\bin\jp2iexp.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre7 \bin\jp2iexp.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12 \ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: CabBuilder - http://ak.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://img4.orkut.com/activex/10036/photouploader.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {80AEEC0E-A2BE-4B8D-985F-350FE869DC40} - http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsVista.cab O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} (CBSTIEPrint Class) - http://offers.e-centives.com/cif/download/bin/actxcab.cab O16 - DPF: {A903E5AB-C67E-40FB-94F1-E1305982F6E0} (KooPlayer Control) - http://www.ooxtv.com/livetv.ocx O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} (Photo Upload Plugin Class) - http://samsclubus.pnimedia.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab O16 - DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} (VodClient Control Class) - http://www.spvod.com/soft/vjocx-ch-spvod.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12 \GrooveSystemServices.dll O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: eDataSecurity Service - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe O23 - Service: Norton Security Suite (N360) - Symantec Corporation - C:\Program Files\Norton Security Suite\Engine\4.4.0.12 \ccSvcHst.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe -- End of file - 14658 bytes ================================================================ ================================================================ 7) During the course of the above operations Norton alerted me to these activities on my computer: Risk: High Title: Trojan.Zeroaccess.B requires manual removal Severity: High Activity: 00000008.@.vir (Trojan.Gen) detected by Virus Scanner Status: Quarantined Date & Time: Saturday, July 07, 2012 1.01 p.m. EST Severity: High Activity: n.vir (Trojan.Gen) detected by Virus Scanner Status: Quarantined Date & Time: Saturday, July 07, 2012 11.13 a.m. EST 8) Computer seems to be running all right. No more virus alerst other than the ones posted above. Performance seems to be good so far. Thanks,

Hello 1) Created CFScript.txt and dragged it to Combofix.exe 2) Combofix started executing, it then prompted me that a new version of combofix was available and asked if it should upgrade. I said yes, it did so and continued. 3) Here is the log it produced after executing: =================================================================== ComboFix 12-07-06.02 - Neetu 07/06/2012 14:34:27.3.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2038.784 [GMT -4:00] Running from: c:\users\Neetu\Desktop\Downloads\ComboFix.exe Command switches used :: c:\users\Neetu\Desktop\CFScript.txt AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} AV: Norton Security Suite *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} FW: Norton Security Suite *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Norton Security Suite *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files\blekkotb_031\blEKkotb_019x.dll . . ((((((((((((((((((((((((( Files Created from 2012-06-06 to 2012-07-06 ))))))))))))))))))))))))))))))) . . 2012-07-06 18:46 . 2012-07-06 18:46 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-07-04 21:14 . 2012-07-04 21:14 -------- d-----w- C:\FRST 2012-07-04 07:00 . 2012-07-04 07:01 -------- d-----w- C:\6788cb2bf9deb48900de59dea34775ee 2012-07-03 21:39 . 2012-07-03 21:39 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2012-07-03 17:30 . 2012-07-03 17:30 -------- d-----w- c:\users\Neetu\AppData\Roaming\Malwarebytes 2012-07-03 17:29 . 2012-07-03 17:29 -------- d-----w- c:\programdata\Malwarebytes 2012-07-03 17:29 . 2012-07-03 17:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-07-03 17:29 . 2012-04-04 19:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-07-01 22:26 . 2012-07-01 22:26 -------- d-----w- c:\users\Neetu\AppData\Roaming\AVG2012 2012-07-01 22:25 . 2012-07-01 22:25 -------- d-----w- c:\users\Neetu\AppData\Local\AVG Secure Search 2012-07-01 22:25 . 2012-07-01 22:25 -------- d-----w- c:\programdata\AVG Secure Search 2012-07-01 22:24 . 2012-07-01 22:25 -------- d-----w- c:\program files\Common Files\AVG Secure Search 2012-07-01 22:24 . 2012-07-01 22:25 -------- d-----w- c:\program files\AVG Secure Search 2012-07-01 22:24 . 2012-07-01 22:24 -------- d--h--w- c:\programdata\Common Files 2012-07-01 22:23 . 2012-07-06 14:47 -------- d-----w- c:\windows\system32\drivers\AVG 2012-07-01 22:23 . 2012-07-01 22:27 -------- d-----w- c:\programdata\AVG2012 2012-07-01 22:23 . 2012-07-01 22:23 -------- d-----w- C:\$AVG 2012-07-01 22:22 . 2012-07-01 22:22 -------- d-----w- c:\program files\AVG 2012-07-01 22:18 . 2012-07-06 14:47 -------- d-----w- c:\programdata\MFAData 2012-07-01 22:17 . 2012-06-15 20:39 169744 ----a-w- c:\windows\system32\ztvunrar36.dll 2012-07-01 22:17 . 2012-06-15 20:35 185616 ----a-w- c:\windows\system32\ztvunrar39.dll 2012-07-01 22:17 . 2012-06-15 20:33 605968 ----a-w- c:\windows\system32\ztv7z.dll 2012-07-01 22:17 . 2005-08-26 05:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll 2012-07-01 22:17 . 2012-06-15 20:33 77072 ----a-w- c:\windows\system32\ztvcabinet.dll 2012-07-01 22:17 . 2003-02-03 00:06 153088 ----a-w- c:\windows\system32\unrar3.dll 2012-07-01 22:17 . 2002-03-06 05:00 75264 ----a-w- c:\windows\system32\unacev2.dll 2012-07-01 22:16 . 2012-07-01 22:17 -------- d-----w- c:\users\Neetu\AppData\Roaming\Simply Super Software 2012-07-01 22:16 . 2012-07-01 22:16 -------- d-----w- c:\programdata\Simply Super Software 2012-07-01 22:16 . 2012-07-01 22:16 -------- d-----w- c:\programdata\blekko toolbars 2012-07-01 22:16 . 2012-07-06 18:45 -------- d-----w- c:\program files\blekkotb_031 2012-07-01 22:16 . 2012-07-01 22:16 -------- d-----w- c:\users\Neetu\AppData\Local\blekkotb_031 2012-07-01 22:15 . 2012-07-01 22:16 -------- d-----w- c:\programdata\Anti-phishing Domain Advisor 2012-07-01 21:52 . 2012-07-01 21:52 -------- d-----w- c:\users\Neetu\AppData\Roaming\PC Cleaners 2012-07-01 21:52 . 2012-07-01 21:52 -------- d-----w- c:\users\Neetu\AppData\Roaming\PCPro 2012-07-01 21:52 . 2012-07-01 21:51 4447544 ----a-w- c:\windows\uninst.exe 2012-07-01 21:52 . 2012-07-01 21:52 -------- d-----w- c:\programdata\PC1Data 2012-07-01 21:30 . 2012-07-01 21:51 -------- d-----w- c:\users\Neetu\AppData\Local\NPE 2012-07-01 17:33 . 2012-07-01 17:33 -------- d-----w- c:\program files\The Weather Channel 2012-06-28 23:04 . 2012-06-28 23:04 -------- d-sh--w- c:\windows\system32\%APPDATA% 2012-06-28 04:49 . 2012-06-28 04:49 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-06-23 08:41 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-23 08:41 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll 2012-06-23 08:41 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll 2012-06-23 08:41 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-23 08:40 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll 2012-06-23 08:40 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll 2012-06-23 08:40 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll 2012-06-23 08:39 . 2012-06-02 19:19 171904 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-23 08:39 . 2012-06-02 19:12 33792 ----a-w- c:\windows\system32\wuapp.exe 2012-06-14 12:37 . 2012-05-17 22:24 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-06-14 12:37 . 2012-05-17 23:21 140920 ----a-w- c:\program files\Internet Explorer\sqmapi.dll 2012-06-14 12:37 . 2012-05-17 22:31 194560 ----a-w- c:\program files\Internet Explorer\ieproxy.dll 2012-06-13 08:10 . 2012-04-23 16:00 984064 ----a-w- c:\windows\system32\crypt32.dll 2012-06-13 08:10 . 2012-04-23 16:00 98304 ----a-w- c:\windows\system32\cryptnet.dll 2012-06-13 08:10 . 2012-04-23 16:00 133120 ----a-w- c:\windows\system32\cryptsvc.dll 2012-06-13 08:09 . 2012-05-01 14:03 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-06-13 08:09 . 2012-05-15 19:51 2045440 ----a-w- c:\windows\system32\win32k.sys 2012-06-08 16:12 . 2012-07-04 16:55 -------- d-----w- c:\users\Neetu\AppData\Roaming\Skype 2012-06-08 16:12 . 2012-06-08 16:12 -------- d-----w- c:\program files\Common Files\Skype 2012-06-08 16:12 . 2012-06-08 16:12 -------- d-----r- c:\program files\Skype . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-06-28 04:49 . 2012-01-12 03:47 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-04-19 08:50 . 2012-04-19 08:50 24896 ----a-w- c:\windows\system32\drivers\avgidshx.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}] 2012-07-01 22:24 2074208 ----a-w- c:\program files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll" [2012-07-01 2074208] . [HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}] [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1] [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920] "Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-05-22 151552] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088] "VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2010-07-06 2634048] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-06-05 17344176] "DW7"="c:\program files\The Weather Channel\The Weather Channel App\TWCApp.exe" [2012-07-01 10555904] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="RtHDVCpl.exe" [2007-05-29 4472832] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-23 815104] "PLFSet"="c:\windows\PLFSet.dll" [2007-04-24 45056] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-07-12 178712] "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-15 71216] "LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-02-07 54832] "eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 457216] "LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2007-06-15 850704] "Acer Assist Launcher"="c:\program files\Acer Assist\launcher.exe" [2007-02-02 1261568] "Acer Product Registration"="c:\program files\Acer Registration\ACE1.exe" [2007-02-02 3383296] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-01-02 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-01-02 166424] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-01-02 133656] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-06 155648] "Skytel"="Skytel.exe" [2007-05-29 1826816] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040] "WinampAgent"="c:\program files\Winamp\winampa.exe" [2006-11-21 35328] "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-07-07 1848648] "CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-12-12 722256] "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-16 1164584] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696] "Anti-phishing Domain Advisor"="c:\programdata\Anti-phishing Domain Advisor\visicom_antiphishing.exe" [2012-05-03 217256] "AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008] "vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-07-01 1107552] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408] . c:\users\Neetu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OpenOffice.org 2.3.lnk - c:\program files\OpenOffice.org 2.3\program\quickstart.exe [2007-8-17 393216] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Device Detector 2.lnk - c:\program files\Olympus\DeviceDetector\DevDtct2.exe [2009-6-27 106496] Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2007-8-26 535336] Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-9-19 282624] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 . --- Other Services/Drivers In Memory --- . *NewlyCreated* - 30564131 *NewlyCreated* - ASWMBR *Deregistered* - 30564131 *Deregistered* - aswMBR . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 vvdsvc REG_MULTI_SZ vvdsvc LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . Contents of the 'Scheduled Tasks' folder . 2012-07-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1121395090-2152420972-532832032-1000Core.job - c:\users\Neetu\AppData\Local\Google\Update\GoogleUpdate.exe [2009-05-25 16:01] . 2012-07-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1121395090-2152420972-532832032-1000UA.job - c:\users\Neetu\AppData\Local\Google\Update\GoogleUpdate.exe [2009-05-25 16:01] . . ------- Supplementary Scan ------- . uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 uStart Page = about:blank mStart Page = hxxp://en.us.acer.yahoo.com uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s TCP: DhcpNameServer = 192.168.0.1 Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll DPF: CabBuilder - hxxp://ak.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-07-06 14:46 Windows 6.0.6002 Service Pack 2 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\N360] "ImagePath"="\"c:\program files\Norton Security Suite\Engine\4.4.0.12\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\4.4.0.12\diMaster.dll\" /prefetch:1" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}] "ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . Completion time: 2012-07-06 14:49:41 ComboFix-quarantined-files.txt 2012-07-06 18:49 ComboFix2.txt 2012-07-06 04:46 ComboFix3.txt 2012-07-04 07:14 . Pre-Run: 15,417,815,040 bytes free Post-Run: 15,365,451,776 bytes free . - - End Of File - - 2007045B78FE54BB542DA2827B4EC817 =================================================================== 4) Computer is running fine now, no lagging or slowness. No more prompts of viruses or trojans. I uninstalled AVG anti-virus. Only running Norton now. Norton is enabled now. Hasn't alerted me to any threats yet. Thank you!

Hello! 1) When I booted up my computer, Malwarebytes Pro didn't start up. Instead I got this message: [OpenEvent] Failed to perform desired action. Error Code: 2 I clicked ok and proceeded. 2) Disabled AVG and Norton anti-virus. 3) Ran TDSSKiller. Here is the log: 10:41:04.0949 6984 TDSS rootkit removing tool 2.7.44.0 Jul 2 2012 20:01:08 10:41:05.0271 6984 ============================================================ 10:41:05.0271 6984 Current date / time: 2012/07/06 10:41:05.0271 10:41:05.0271 6984 SystemInfo: 10:41:05.0271 6984 10:41:05.0271 6984 OS Version: 6.0.6002 ServicePack: 2.0 10:41:05.0271 6984 Product type: Workstation 10:41:05.0271 6984 ComputerName: NEETU-PC 10:41:05.0272 6984 UserName: Neetu 10:41:05.0272 6984 Windows directory: C:\Windows 10:41:05.0272 6984 System windows directory: C:\Windows 10:41:05.0272 6984 Processor architecture: Intel x86 10:41:05.0272 6984 Number of processors: 2 10:41:05.0272 6984 Page size: 0x1000 10:41:05.0272 6984 Boot type: Normal boot 10:41:05.0272 6984 ============================================================ 10:41:09.0183 6984 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050 10:41:09.0217 6984 ============================================================ 10:41:09.0217 6984 \Device\Harddisk0\DR0: 10:41:09.0236 6984 MBR partitions: 10:41:09.0236 6984 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1388800, BlocksNum 0x8B4A800 10:41:09.0236 6984 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x9ED3000, BlocksNum 0x8B46000 10:41:09.0236 6984 ============================================================ 10:41:09.0751 6984 C: <-> \Device\Harddisk0\DR0\Partition0 10:41:09.0879 6984 D: <-> \Device\Harddisk0\DR0\Partition1 10:41:09.0880 6984 ============================================================ 10:41:09.0880 6984 Initialize success 10:41:09.0880 6984 ============================================================ 10:41:50.0186 3720 ============================================================ 10:41:50.0186 3720 Scan started 10:41:50.0186 3720 Mode: Manual; 10:41:50.0186 3720 ============================================================ 10:41:53.0766 3720 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys 10:41:53.0773 3720 ACPI - ok 10:41:53.0848 3720 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys 10:41:53.0858 3720 adp94xx - ok 10:41:53.0900 3720 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys 10:41:53.0908 3720 adpahci - ok 10:41:53.0937 3720 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys 10:41:53.0941 3720 adpu160m - ok 10:41:53.0971 3720 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys 10:41:53.0975 3720 adpu320 - ok 10:41:54.0029 3720 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll 10:41:54.0031 3720 AeLookupSvc - ok 10:41:54.0122 3720 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys 10:41:54.0128 3720 AFD - ok 10:41:54.0202 3720 AgereModemAudio (39e435c90c9c4f780fa0ed05ca3c3a1b) C:\Windows\system32\agrsmsvc.exe 10:41:54.0204 3720 AgereModemAudio - ok 10:41:54.0322 3720 AgereSoftModem (d31d1a92479bd8c0d050a6ffbdd410d9) C:\Windows\system32\DRIVERS\AGRSM.sys 10:41:54.0350 3720 AgereSoftModem - ok 10:41:54.0412 3720 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys 10:41:54.0415 3720 agp440 - ok 10:41:54.0453 3720 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys 10:41:54.0456 3720 aic78xx - ok 10:41:54.0498 3720 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe 10:41:54.0499 3720 ALG - ok 10:41:54.0513 3720 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys 10:41:54.0515 3720 aliide - ok 10:41:54.0547 3720 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys 10:41:54.0549 3720 amdagp - ok 10:41:54.0583 3720 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys 10:41:54.0585 3720 amdide - ok 10:41:54.0620 3720 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys 10:41:54.0622 3720 AmdK7 - ok 10:41:54.0733 3720 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys 10:41:54.0736 3720 AmdK8 - ok 10:41:54.0802 3720 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll 10:41:54.0803 3720 Appinfo - ok 10:41:54.0849 3720 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys 10:41:54.0852 3720 arc - ok 10:41:54.0886 3720 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys 10:41:54.0889 3720 arcsas - ok 10:41:55.0108 3720 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe 10:41:55.0220 3720 aspnet_state - ok 10:41:55.0278 3720 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys 10:41:55.0281 3720 AsyncMac - ok 10:41:55.0330 3720 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys 10:41:55.0376 3720 atapi - ok 10:41:56.0408 3720 athr (6046a55f79de9c581b8d5e9c1366cc81) C:\Windows\system32\DRIVERS\athr.sys 10:41:56.0678 3720 athr - ok 10:41:57.0461 3720 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll 10:41:57.0498 3720 AudioEndpointBuilder - ok 10:41:57.0512 3720 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll 10:41:57.0518 3720 Audiosrv - ok 10:41:59.0112 3720 Automatic LiveUpdate Scheduler (b5d974c1fd078a68c7536c561b031d39) C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe 10:41:59.0284 3720 Automatic LiveUpdate Scheduler - ok 10:42:06.0030 3720 AVGIDSAgent (55893fff154ffd7c29919d2b9218210c) C:\Program Files\AVG\AVG2012\avgidsagent.exe 10:42:08.0300 3720 AVGIDSAgent - ok 10:42:10.0965 3720 AVGIDSDriver (1074f787080068c71303b61fae7e7ca4) C:\Windows\system32\DRIVERS\avgidsdriverx.sys 10:42:10.0971 3720 AVGIDSDriver - ok 10:42:11.0124 3720 AVGIDSFilter (61a7e0b02f82cff3db2445bbe50b3589) C:\Windows\system32\DRIVERS\avgidsfilterx.sys 10:42:11.0126 3720 AVGIDSFilter - ok 10:42:11.0217 3720 AVGIDSHX (d63d83659eedf60b3a3e620281a888e5) C:\Windows\system32\DRIVERS\avgidshx.sys 10:42:11.0236 3720 AVGIDSHX - ok 10:42:11.0334 3720 AVGIDSShim (baf975b72062f53d327788e99d64197e) C:\Windows\system32\DRIVERS\avgidsshimx.sys 10:42:11.0351 3720 AVGIDSShim - ok 10:42:11.0668 3720 Avgldx86 (dda6a2a18841e4c9172bb85958b8d948) C:\Windows\system32\DRIVERS\avgldx86.sys 10:42:11.0695 3720 Avgldx86 - ok 10:42:11.0831 3720 Avgmfx86 (ccdd61545aaea265977e4b1efdc74e8c) C:\Windows\system32\DRIVERS\avgmfx86.sys 10:42:11.0851 3720 Avgmfx86 - ok 10:42:12.0064 3720 Avgrkx86 (1fd90b28d2c3100bf4500199c8ad6358) C:\Windows\system32\DRIVERS\avgrkx86.sys 10:42:12.0075 3720 Avgrkx86 - ok 10:42:12.0833 3720 Avgtdix (1263f2554ace925c237a40b4c568d815) C:\Windows\system32\DRIVERS\avgtdix.sys 10:42:12.0870 3720 Avgtdix - ok 10:42:13.0490 3720 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files\AVG\AVG2012\avgwdsvc.exe 10:42:13.0533 3720 avgwd - ok 10:42:14.0275 3720 b57nd60x (0b92ccf7bfcbe2b33838434f2f50cb61) C:\Windows\system32\DRIVERS\b57nd60x.sys 10:42:14.0386 3720 b57nd60x - ok 10:42:14.0897 3720 BCM43XV (746f59822a5187510471fc46889b8cc9) C:\Windows\system32\DRIVERS\bcmwl6.sys 10:42:15.0160 3720 BCM43XV - ok 10:42:15.0194 3720 BCM43XX (746f59822a5187510471fc46889b8cc9) C:\Windows\system32\DRIVERS\bcmwl6.sys 10:42:15.0200 3720 BCM43XX - ok 10:42:15.0279 3720 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys 10:42:15.0296 3720 Beep - ok 10:42:15.0798 3720 BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll 10:42:15.0825 3720 BFE - ok 10:42:16.0962 3720 BHDrvx86 (a9e111a358ac5f7eba7ac61e43fc6725) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20120619.001\BHDrvx86.sys 10:42:17.0709 3720 BHDrvx86 - ok 10:42:19.0403 3720 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\system32\qmgr.dll 10:42:19.0823 3720 BITS - ok 10:42:19.0885 3720 blbdrive - ok 10:42:20.0365 3720 Bonjour Service (cc4e72a0fa7f62175c8bb42ba2caa3d5) C:\Program Files\Bonjour\mDNSResponder.exe 10:42:20.0372 3720 Bonjour Service - ok 10:42:20.0783 3720 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys 10:42:20.0826 3720 bowser - ok 10:42:21.0192 3720 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys 10:42:21.0267 3720 BrFiltLo - ok 10:42:21.0411 3720 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys 10:42:21.0467 3720 BrFiltUp - ok 10:42:21.0842 3720 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll 10:42:21.0868 3720 Browser - ok 10:42:22.0113 3720 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys 10:42:22.0163 3720 Brserid - ok 10:42:22.0384 3720 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys 10:42:22.0399 3720 BrSerWdm - ok 10:42:22.0463 3720 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys 10:42:22.0476 3720 BrUsbMdm - ok 10:42:22.0679 3720 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys 10:42:22.0682 3720 BrUsbSer - ok 10:42:22.0895 3720 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys 10:42:22.0899 3720 BTHMODEM - ok 10:42:27.0096 3720 catchme - ok 10:42:29.0136 3720 ccHP (1fa1c0e73eca849bed29a47c508f7f17) C:\Windows\system32\drivers\N360\0404000.00C\ccHPx86.sys 10:42:29.0260 3720 ccHP - ok 10:42:29.0874 3720 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys 10:42:29.0920 3720 cdfs - ok 10:42:30.0292 3720 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys 10:42:30.0350 3720 cdrom - ok 10:42:30.0542 3720 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll 10:42:30.0562 3720 CertPropSvc - ok 10:42:30.0912 3720 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys 10:42:30.0923 3720 circlass - ok 10:42:31.0934 3720 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys 10:42:32.0000 3720 CLFS - ok 10:42:32.0798 3720 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 10:42:32.0976 3720 clr_optimization_v2.0.50727_32 - ok 10:42:33.0908 3720 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 10:42:34.0474 3720 clr_optimization_v4.0.30319_32 - ok 10:42:34.0801 3720 CLTNetCnService - ok 10:42:34.0923 3720 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys 10:42:34.0940 3720 CmBatt - ok 10:42:35.0046 3720 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys 10:42:35.0059 3720 cmdide - ok 10:42:35.0218 3720 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys 10:42:35.0233 3720 Compbatt - ok 10:42:35.0240 3720 COMSysApp - ok 10:42:35.0351 3720 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys 10:42:35.0353 3720 crcdisk - ok 10:42:35.0465 3720 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys 10:42:35.0473 3720 Crusoe - ok 10:42:35.0957 3720 CryptSvc (75c6a297e364014840b48eccd7525e30) C:\Windows\system32\cryptsvc.dll 10:42:35.0991 3720 CryptSvc - ok 10:42:37.0830 3720 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll 10:42:38.0073 3720 DcomLaunch - ok 10:42:38.0414 3720 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys 10:42:38.0460 3720 DfsC - ok 10:42:41.0499 3720 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe 10:42:41.0765 3720 DFSR - ok 10:42:42.0310 3720 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll 10:42:42.0333 3720 Dhcp - ok 10:42:42.0613 3720 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys 10:42:42.0674 3720 disk - ok 10:42:43.0030 3720 DKbFltr (73baf270d24fe726b9cd7f80bb17a23d) C:\Windows\system32\DRIVERS\DKbFltr.sys 10:42:43.0118 3720 DKbFltr - ok 10:42:43.0568 3720 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll 10:42:43.0571 3720 Dnscache - ok 10:42:45.0903 3720 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll 10:42:46.0011 3720 dot3svc - ok 10:42:48.0395 3720 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys 10:42:48.0813 3720 Dot4 - ok 10:42:49.0333 3720 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys 10:42:49.0351 3720 Dot4Print - ok 10:42:49.0821 3720 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys 10:42:49.0860 3720 dot4usb - ok 10:42:51.0236 3720 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll 10:42:51.0283 3720 DPS - ok 10:42:51.0428 3720 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys 10:42:51.0479 3720 drmkaud - ok 10:42:53.0529 3720 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys 10:42:53.0827 3720 DXGKrnl - ok 10:42:54.0851 3720 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys 10:42:54.0887 3720 E1G60 - ok 10:42:55.0264 3720 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll 10:42:55.0311 3720 EapHost - ok 10:42:57.0936 3720 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys 10:42:58.0621 3720 Ecache - ok 10:43:05.0086 3720 eDataSecurity Service (f54907aa07f60aff81e1e09e97af98b0) C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe 10:43:05.0298 3720 eDataSecurity Service - ok 10:43:08.0556 3720 eeCtrl (fce87ba643d5e9a8b6e0378508d1b22d) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys 10:43:09.0030 3720 eeCtrl - ok 10:43:13.0376 3720 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe 10:43:13.0677 3720 ehRecvr - ok 10:43:14.0871 3720 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe 10:43:14.0962 3720 ehSched - ok 10:43:15.0235 3720 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll 10:43:15.0266 3720 ehstart - ok 10:43:15.0649 3720 eLockService (a7b5f3b9363f9ab1d4fe459baf3b15d6) C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe 10:43:15.0693 3720 eLockService - ok 10:43:26.0490 3720 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys 10:43:26.0585 3720 elxstor - ok 10:43:29.0043 3720 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll 10:43:29.0240 3720 EMDMgmt - ok 10:43:30.0525 3720 eNet Service (207e2dda01aac6ad64f0368ca59fc179) C:\Acer\Empowering Technology\eNet\eNet Service.exe 10:43:30.0678 3720 eNet Service - ok 10:43:31.0719 3720 EraserUtilRebootDrv (115dc729465a8c386615207f28875255) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 10:43:31.0733 3720 EraserUtilRebootDrv - ok 10:43:32.0061 3720 eRecoveryService (a7b084bfbbd582a843d2f5c35220f962) C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe 10:43:32.0087 3720 eRecoveryService - ok 10:43:32.0254 3720 eSettingsService (06484e97d22f06de8de0f8e2bec6fa9e) C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe 10:43:32.0285 3720 eSettingsService - ok 10:43:33.0223 3720 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll 10:43:33.0361 3720 EventSystem - ok 10:43:34.0341 3720 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys 10:43:34.0375 3720 exfat - ok 10:43:34.0638 3720 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys 10:43:34.0765 3720 fastfat - ok 10:43:34.0907 3720 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys 10:43:34.0910 3720 fdc - ok 10:43:34.0987 3720 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll 10:43:34.0990 3720 fdPHost - ok 10:43:35.0171 3720 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll 10:43:35.0201 3720 FDResPub - ok 10:43:35.0447 3720 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys 10:43:35.0482 3720 FileInfo - ok 10:43:35.0764 3720 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys 10:43:35.0944 3720 Filetrace - ok 10:43:36.0065 3720 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys 10:43:36.0078 3720 flpydisk - ok 10:43:36.0503 3720 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys 10:43:36.0949 3720 FltMgr - ok 10:43:40.0933 3720 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll 10:43:41.0466 3720 FontCache - ok 10:43:41.0874 3720 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe 10:43:41.0882 3720 FontCache3.0.0.0 - ok 10:43:42.0035 3720 Fs_Rec (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys 10:43:42.0063 3720 Fs_Rec - ok 10:43:42.0525 3720 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys 10:43:42.0556 3720 gagp30kx - ok 10:43:42.0736 3720 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 10:43:42.0791 3720 GEARAspiWDM - ok 10:43:45.0196 3720 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll 10:43:45.0499 3720 gpsvc - ok 10:43:45.0782 3720 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys 10:43:45.0815 3720 HdAudAddService - ok 10:43:46.0904 3720 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys 10:43:47.0295 3720 HDAudBus - ok 10:43:47.0438 3720 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys 10:43:47.0553 3720 HidBth - ok 10:43:48.0027 3720 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys 10:43:48.0036 3720 HidIr - ok 10:43:48.0477 3720 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\System32\hidserv.dll 10:43:48.0486 3720 hidserv - ok 10:43:48.0695 3720 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys 10:43:48.0767 3720 HidUsb - ok 10:43:49.0095 3720 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll 10:43:49.0129 3720 hkmsvc - ok 10:43:49.0231 3720 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys 10:43:49.0254 3720 HpCISSs - ok 10:43:50.0610 3720 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS 10:43:50.0776 3720 HSFHWAZL - ok 10:43:52.0565 3720 HSF_DPV (ec36f1d542ed4252390d446bf6d4dfd0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS 10:43:53.0143 3720 HSF_DPV - ok 10:43:53.0318 3720 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys 10:43:53.0514 3720 HTTP - ok 10:43:54.0362 3720 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys 10:43:54.0405 3720 i2omp - ok 10:43:56.0223 3720 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys 10:43:56.0315 3720 i8042prt - ok 10:43:57.0477 3720 IAANTMON (204a73a56751c68c6031e9d5d611ec98) C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe 10:43:57.0527 3720 IAANTMON - ok 10:44:14.0279 3720 ialm (c134e69ce901422d1f2d7ea8d69098fe) C:\Windows\system32\DRIVERS\igdkmd32.sys 10:44:15.0362 3720 ialm - ok 10:44:17.0657 3720 iaStor (2358c53f30cb9dcd1d3843c4e2f299b2) C:\Windows\system32\DRIVERS\iaStor.sys 10:44:17.0662 3720 iaStor - ok 10:44:18.0075 3720 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys 10:44:18.0182 3720 iaStorV - ok 10:44:18.0649 3720 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe 10:44:18.0691 3720 IDriverT - ok 10:44:20.0798 3720 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 10:44:21.0215 3720 idsvc - ok 10:44:26.0103 3720 IDSVix86 (6262c22a913bd255a0795d070b82aa47) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20120705.001\IDSvix86.sys 10:44:26.0821 3720 IDSVix86 - ok 10:44:40.0666 3720 igfx (c134e69ce901422d1f2d7ea8d69098fe) C:\Windows\system32\DRIVERS\igdkmd32.sys 10:44:40.0685 3720 igfx - ok 10:44:42.0731 3720 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys 10:44:42.0733 3720 iirsp - ok 10:44:44.0520 3720 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll 10:44:44.0602 3720 IKEEXT - ok 10:44:44.0739 3720 int15 (9d64201c9e5ac8d1f088762ba00ff3ab) C:\Windows\system32\drivers\int15.sys 10:44:44.0749 3720 int15 - ok 10:44:49.0610 3720 IntcAzAudAddService (9438fe15da89c6aace8a79db2c6f60c1) C:\Windows\system32\drivers\RTKVHDA.sys 10:44:50.0498 3720 IntcAzAudAddService - ok 10:44:52.0531 3720 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys 10:44:52.0548 3720 intelide - ok 10:44:52.0797 3720 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys 10:44:52.0967 3720 intelppm - ok 10:44:53.0291 3720 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll 10:44:53.0350 3720 IPBusEnum - ok 10:44:53.0648 3720 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys 10:44:53.0651 3720 IpFilterDriver - ok 10:44:54.0195 3720 iphlpsvc (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll 10:44:54.0370 3720 iphlpsvc - ok 10:44:54.0379 3720 IpInIp - ok 10:44:54.0498 3720 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys 10:44:54.0532 3720 IPMIDRV - ok 10:44:55.0291 3720 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys 10:44:55.0420 3720 IPNAT - ok 10:44:56.0136 3720 irda (e50a95179211b12946f7e035d60af560) C:\Windows\system32\DRIVERS\irda.sys 10:44:56.0154 3720 irda - ok 10:44:56.0394 3720 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys 10:44:56.0452 3720 IRENUM - ok 10:44:57.0040 3720 Irmon (cbb0d940221a281bcfeaea695bd1cda5) C:\Windows\System32\irmon.dll 10:44:57.0099 3720 Irmon - ok 10:44:57.0423 3720 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys 10:44:57.0454 3720 isapnp - ok 10:44:58.0069 3720 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys 10:44:58.0178 3720 iScsiPrt - ok 10:44:58.0372 3720 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys 10:44:58.0375 3720 iteatapi - ok 10:44:58.0547 3720 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys 10:44:58.0574 3720 iteraid - ok 10:44:58.0834 3720 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys 10:44:58.0870 3720 kbdclass - ok 10:44:58.0978 3720 kbdhid (d2600cb17b7408b4a83f231dc9a11ac3) C:\Windows\system32\drivers\kbdhid.sys 10:44:59.0012 3720 kbdhid - ok 10:44:59.0156 3720 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe 10:44:59.0170 3720 KeyIso - ok 10:45:01.0219 3720 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys 10:45:01.0362 3720 KSecDD - ok 10:45:02.0382 3720 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll 10:45:02.0540 3720 KtmRm - ok 10:45:03.0138 3720 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\System32\srvsvc.dll 10:45:03.0151 3720 LanmanServer - ok 10:45:03.0795 3720 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll 10:45:03.0826 3720 LanmanWorkstation - ok 10:45:04.0256 3720 LightScribeService (793ff718477345cd5d232c50bed1e452) C:\Program Files\Common Files\LightScribe\LSSrvc.exe 10:45:04.0259 3720 LightScribeService - ok 10:45:05.0370 3720 LiveUpdate (a97eeb81f05bce3d7aa6c81f04ef39a4) C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE 10:45:05.0482 3720 LiveUpdate - ok 10:45:06.0758 3720 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys 10:45:06.0761 3720 lltdio - ok 10:45:06.0962 3720 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll 10:45:06.0968 3720 lltdsvc - ok 10:45:07.0143 3720 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll 10:45:07.0160 3720 lmhosts - ok 10:45:07.0244 3720 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys 10:45:07.0247 3720 LSI_FC - ok 10:45:07.0291 3720 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys 10:45:07.0294 3720 LSI_SAS - ok 10:45:07.0335 3720 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys 10:45:07.0338 3720 LSI_SCSI - ok 10:45:07.0382 3720 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys 10:45:07.0386 3720 luafv - ok 10:45:07.0486 3720 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\Windows\system32\drivers\mbam.sys 10:45:07.0501 3720 MBAMProtector - ok 10:45:07.0990 3720 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe 10:45:08.0005 3720 MBAMService - ok 10:45:08.0037 3720 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll 10:45:08.0042 3720 Mcx2Svc - ok 10:45:08.0085 3720 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys 10:45:08.0087 3720 megasas - ok 10:45:08.0182 3720 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe 10:45:08.0186 3720 Microsoft Office Groove Audit Service - ok 10:45:08.0237 3720 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll 10:45:08.0240 3720 MMCSS - ok 10:45:08.0296 3720 MobilityService - ok 10:45:08.0402 3720 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys 10:45:08.0404 3720 Modem - ok 10:45:08.0482 3720 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys 10:45:08.0484 3720 monitor - ok 10:45:08.0595 3720 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys 10:45:08.0597 3720 mouclass - ok 10:45:08.0645 3720 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys 10:45:08.0650 3720 mouhid - ok 10:45:08.0794 3720 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys 10:45:08.0798 3720 MountMgr - ok 10:45:08.0962 3720 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys 10:45:08.0966 3720 mpio - ok 10:45:09.0107 3720 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys 10:45:09.0110 3720 mpsdrv - ok 10:45:09.0172 3720 MpsSvc (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll 10:45:09.0221 3720 MpsSvc - ok 10:45:09.0306 3720 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys 10:45:09.0309 3720 Mraid35x - ok 10:45:09.0355 3720 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys 10:45:09.0358 3720 MRxDAV - ok 10:45:09.0411 3720 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys 10:45:09.0415 3720 mrxsmb - ok 10:45:09.0508 3720 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys 10:45:09.0551 3720 mrxsmb10 - ok 10:45:09.0575 3720 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys 10:45:09.0578 3720 mrxsmb20 - ok 10:45:09.0628 3720 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys 10:45:09.0630 3720 msahci - ok 10:45:09.0652 3720 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys 10:45:09.0696 3720 msdsm - ok 10:45:09.0797 3720 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe 10:45:09.0802 3720 MSDTC - ok 10:45:09.0903 3720 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys 10:45:09.0906 3720 Msfs - ok 10:45:09.0957 3720 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys 10:45:09.0959 3720 msisadrv - ok 10:45:10.0021 3720 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll 10:45:10.0025 3720 MSiSCSI - ok 10:45:10.0059 3720 msiserver - ok 10:45:10.0091 3720 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys 10:45:10.0093 3720 MSKSSRV - ok 10:45:10.0143 3720 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys 10:45:10.0145 3720 MSPCLOCK - ok 10:45:10.0156 3720 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys 10:45:10.0158 3720 MSPQM - ok 10:45:10.0283 3720 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys 10:45:10.0288 3720 MsRPC - ok 10:45:10.0358 3720 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys 10:45:10.0360 3720 mssmbios - ok 10:45:10.0418 3720 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys 10:45:10.0420 3720 MSTEE - ok 10:45:10.0454 3720 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys 10:45:10.0456 3720 Mup - ok 10:45:11.0011 3720 N360 (b4187346f54e362daffe647b25a58d50) C:\Program Files\Norton Security Suite\Engine\4.4.0.12\ccSvcHst.exe 10:45:11.0038 3720 N360 - ok 10:45:11.0250 3720 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll 10:45:11.0281 3720 napagent - ok 10:45:12.0895 3720 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys 10:45:12.0919 3720 NativeWifiP - ok 10:45:13.0397 3720 NAVENG (f11033730b38260b6892e837c457fb4b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20120705.036\NAVENG.SYS 10:45:13.0402 3720 NAVENG - ok 10:45:14.0083 3720 NAVEX15 (4e4e7c0259d3bb97de24a636c0e06aba) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20120705.036\NAVEX15.SYS 10:45:14.0174 3720 NAVEX15 - ok 10:45:15.0071 3720 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys 10:45:15.0087 3720 NDIS - ok 10:45:15.0209 3720 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys 10:45:15.0222 3720 NdisTapi - ok 10:45:15.0254 3720 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys 10:45:15.0256 3720 Ndisuio - ok 10:45:15.0390 3720 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys 10:45:15.0394 3720 NdisWan - ok 10:45:15.0825 3720 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys 10:45:16.0056 3720 NDProxy - ok 10:45:16.0268 3720 Net Driver HPZ12 (51c6d8bfbd4ea5b62a1ba7f4469250d3) C:\Windows\system32\HPZinw12.dll 10:45:16.0272 3720 Net Driver HPZ12 - ok 10:45:16.0497 3720 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys 10:45:16.0526 3720 NetBIOS - ok 10:45:16.0560 3720 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys 10:45:16.0565 3720 netbt - ok 10:45:16.0612 3720 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe 10:45:16.0614 3720 Netlogon - ok 10:45:17.0112 3720 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll 10:45:17.0125 3720 Netman - ok 10:45:17.0490 3720 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe 10:45:17.0513 3720 NetMsmqActivator - ok 10:45:17.0526 3720 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe 10:45:17.0530 3720 NetPipeActivator - ok 10:45:18.0108 3720 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll 10:45:18.0116 3720 netprofm - ok 10:45:18.0126 3720 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe 10:45:18.0128 3720 NetTcpActivator - ok 10:45:18.0137 3720 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe 10:45:18.0139 3720 NetTcpPortSharing - ok 10:45:19.0379 3720 NETw3v32 (a15f219208843a5a210c8cb391384453) C:\Windows\system32\DRIVERS\NETw3v32.sys 10:45:20.0245 3720 NETw3v32 - ok 10:45:20.0727 3720 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys 10:45:20.0731 3720 nfrd960 - ok 10:45:21.0045 3720 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll 10:45:21.0079 3720 NlaSvc - ok 10:45:21.0175 3720 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys 10:45:21.0189 3720 Npfs - ok 10:45:21.0278 3720 NSCIRDA (6d8d2e5652fc2442c810c5d8be784148) C:\Windows\system32\DRIVERS\nscirda.sys 10:45:21.0281 3720 NSCIRDA - ok 10:45:21.0378 3720 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll 10:45:21.0381 3720 nsi - ok 10:45:21.0444 3720 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys 10:45:21.0466 3720 nsiproxy - ok 10:45:22.0182 3720 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys 10:45:22.0378 3720 Ntfs - ok 10:45:22.0488 3720 NTIDrvr (7f1c1f78d709c4a54cbb46ede7e0b48d) C:\Windows\system32\DRIVERS\NTIDrvr.sys 10:45:22.0514 3720 NTIDrvr - ok 10:45:22.0534 3720 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys 10:45:22.0536 3720 ntrigdigi - ok 10:45:22.0590 3720 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys 10:45:22.0603 3720 Null - ok 10:45:22.0810 3720 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys 10:45:22.0814 3720 nvraid - ok 10:45:22.0883 3720 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys 10:45:22.0886 3720 nvstor - ok 10:45:22.0965 3720 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys 10:45:22.0969 3720 nv_agp - ok 10:45:22.0976 3720 NwlnkFlt - ok 10:45:22.0995 3720 NwlnkFwd - ok 10:45:23.0641 3720 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE 10:45:23.0655 3720 odserv - ok 10:45:23.0822 3720 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys 10:45:23.0824 3720 ohci1394 - ok 10:45:23.0880 3720 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE 10:45:23.0915 3720 ose - ok 10:45:24.0172 3720 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll 10:45:24.0196 3720 p2pimsvc - ok 10:45:24.0212 3720 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll 10:45:24.0220 3720 p2psvc - ok 10:45:24.0269 3720 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys 10:45:24.0273 3720 Parport - ok 10:45:24.0341 3720 partmgr (b9c2b89f08670e159f7181891e449cd9) C:\Windows\system32\drivers\partmgr.sys 10:45:24.0351 3720 partmgr - ok 10:45:24.0429 3720 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys 10:45:24.0432 3720 Parvdm - ok 10:45:25.0126 3720 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll 10:45:25.0129 3720 PcaSvc - ok 10:45:25.0236 3720 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys 10:45:25.0242 3720 pci - ok 10:45:25.0346 3720 pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys 10:45:25.0360 3720 pciide - ok 10:45:26.0040 3720 pcmcia (3bb2244f343b610c29c98035504c9b75) C:\Windows\system32\DRIVERS\pcmcia.sys 10:45:26.0047 3720 pcmcia - ok 10:45:27.0975 3720 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys 10:45:28.0257 3720 PEAUTH - ok 10:45:30.0678 3720 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll 10:45:31.0252 3720 pla - ok 10:45:32.0189 3720 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll 10:45:32.0236 3720 PlugPlay - ok 10:45:32.0322 3720 Pml Driver HPZ12 (79834aa2fbf9fe81eebb229024f6f7fc) C:\Windows\system32\HPZipm12.dll 10:45:32.0332 3720 Pml Driver HPZ12 - ok 10:45:32.0851 3720 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll 10:45:32.0859 3720 PNRPAutoReg - ok 10:45:32.0876 3720 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll 10:45:32.0884 3720 PNRPsvc - ok 10:45:34.0057 3720 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll 10:45:34.0092 3720 PolicyAgent - ok 10:45:34.0919 3720 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys 10:45:34.0937 3720 PptpMiniport - ok 10:45:34.0980 3720 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys 10:45:34.0983 3720 Processor - ok 10:45:35.0216 3720 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll 10:45:35.0306 3720 ProfSvc - ok 10:45:35.0389 3720 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe 10:45:35.0391 3720 ProtectedStorage - ok 10:45:35.0995 3720 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys 10:45:36.0005 3720 PSched - ok 10:45:36.0128 3720 PSDFilter (e801d5cc24e1cf18fa87d24d7074b876) C:\Windows\system32\DRIVERS\psdfilter.sys 10:45:36.0130 3720 PSDFilter - ok 10:45:36.0224 3720 PSDNServ (24b5e3429f7f0e779fc2e6e36a0a5f73) C:\Windows\system32\drivers\PSDNServ.sys 10:45:36.0227 3720 PSDNServ - ok 10:45:36.0524 3720 psdvdisk (01cbfd08c0e8a6106bb26fcda297154e) C:\Windows\system32\drivers\psdvdisk.sys 10:45:36.0540 3720 psdvdisk - ok 10:45:36.0729 3720 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\Windows\system32\Drivers\PxHelp20.sys 10:45:36.0747 3720 PxHelp20 - ok 10:45:42.0810 3720 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys 10:45:43.0392 3720 ql2300 - ok 10:45:43.0703 3720 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys 10:45:43.0715 3720 ql40xx - ok 10:45:43.0942 3720 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll 10:45:43.0965 3720 QWAVE - ok 10:45:44.0122 3720 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys 10:45:44.0126 3720 QWAVEdrv - ok 10:45:44.0194 3720 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys 10:45:44.0197 3720 RasAcd - ok 10:45:44.0535 3720 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll 10:45:44.0581 3720 RasAuto - ok 10:45:44.0902 3720 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys 10:45:44.0910 3720 Rasl2tp - ok 10:45:45.0197 3720 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll 10:45:45.0209 3720 RasMan - ok 10:45:45.0361 3720 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys 10:45:45.0411 3720 RasPppoe - ok 10:45:45.0891 3720 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys 10:45:46.0296 3720 RasSstp - ok 10:45:46.0811 3720 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys 10:45:46.0817 3720 rdbss - ok 10:45:46.0920 3720 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys 10:45:46.0948 3720 RDPCDD - ok 10:45:47.0068 3720 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys 10:45:47.0074 3720 rdpdr - ok 10:45:47.0126 3720 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys 10:45:47.0139 3720 RDPENCDD - ok 10:45:47.0701 3720 RDPWD (c127ebd5afab31524662c48dfceb773a) C:\Windows\system32\drivers\RDPWD.sys 10:45:54.0720 3720 RDPWD - ok 10:45:55.0781 3720 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll 10:45:56.0339 3720 RemoteAccess - ok 10:45:57.0741 3720 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll 10:45:58.0518 3720 RemoteRegistry - ok 10:45:59.0617 3720 RichVideo (2de0a33a7e58bedc8d70b1940e0ffe28) C:\Program Files\CyberLink\Shared Files\RichVideo.exe 10:46:00.0782 3720 RichVideo - ok 10:46:00.0844 3720 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe 10:46:00.0879 3720 RpcLocator - ok 10:46:01.0187 3720 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll 10:46:01.0765 3720 RpcSs - ok 10:46:02.0946 3720 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys 10:46:03.0254 3720 rspndr - ok 10:46:03.0334 3720 RTL8169 (283392af1860ecdb5e0f8ebd7f3d72df) C:\Windows\system32\DRIVERS\Rtlh86.sys 10:46:03.0459 3720 RTL8169 - ok 10:46:03.0543 3720 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe 10:46:04.0336 3720 SamSs - ok 10:46:04.0413 3720 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys 10:46:04.0930 3720 sbp2port - ok 10:46:06.0049 3720 SBSDWSCService (a0c00a6265949ac72ab51b711743ca6d) C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe 10:46:07.0222 3720 SBSDWSCService - ok 10:46:07.0549 3720 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll 10:46:07.0802 3720 SCardSvr - ok 10:46:08.0383 3720 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll 10:46:08.0925 3720 Schedule - ok 10:46:08.0972 3720 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll 10:46:09.0856 3720 SCPolicySvc - ok 10:46:10.0261 3720 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys 10:46:10.0663 3720 sdbus - ok 10:46:10.0716 3720 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll 10:46:10.0732 3720 SDRSVC - ok 10:46:11.0284 3720 SeaPort (16a252022535b680046f6e34e136d378) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe 10:46:11.0877 3720 SeaPort - ok 10:46:12.0245 3720 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys 10:46:12.0271 3720 secdrv - ok 10:46:12.0571 3720 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll 10:46:12.0638 3720 seclogon - ok 10:46:13.0049 3720 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\system32\sens.dll 10:46:13.0131 3720 SENS - ok 10:46:13.0152 3720 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys 10:46:13.0249 3720 Serenum - ok 10:46:13.0580 3720 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys 10:46:13.0749 3720 Serial - ok 10:46:13.0860 3720 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys 10:46:14.0733 3720 sermouse - ok 10:46:14.0889 3720 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll 10:46:14.0904 3720 SessionEnv - ok 10:46:14.0982 3720 sffdisk (51cf56aa8bcc241f134b420b8f850406) C:\Windows\system32\drivers\sffdisk.sys 10:46:15.0101 3720 sffdisk - ok 10:46:15.0214 3720 sffp_mmc (96ded8b20c734ac41641ce275250e55d) C:\Windows\system32\drivers\sffp_mmc.sys 10:46:15.0421 3720 sffp_mmc - ok 10:46:15.0593 3720 sffp_sd (8b08cab1267b2c377883fc9e56981f90) C:\Windows\system32\drivers\sffp_sd.sys 10:46:16.0653 3720 sffp_sd - ok 10:46:16.0701 3720 sfloppy (c33bfbd6e9e41fcd9ffef9729e9faed6) C:\Windows\system32\DRIVERS\sfloppy.sys 10:46:16.0843 3720 sfloppy - ok 10:46:17.0052 3720 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll 10:46:17.0096 3720 SharedAccess - ok 10:46:17.0165 3720 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll 10:46:17.0917 3720 ShellHWDetection - ok 10:46:17.0957 3720 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys 10:46:18.0066 3720 sisagp - ok 10:46:18.0405 3720 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys 10:46:18.0532 3720 SiSRaid2 - ok 10:46:19.0318 3720 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys 10:46:20.0236 3720 SiSRaid4 - ok 10:46:23.0943 3720 Skype C2C Service (2a99850c2a6edd6c6602e822c716edaf) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe 10:46:25.0705 3720 Skype C2C Service - ok 10:46:25.0996 3720 SkypeUpdate (c70aebd3608ed9fcea2a1bae83567ffc) C:\Program Files\Skype\Updater\Updater.exe 10:46:28.0025 3720 SkypeUpdate - ok 10:46:29.0463 3720 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe 10:46:30.0394 3720 slsvc - ok 10:46:31.0049 3720 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll 10:46:31.0235 3720 SLUINotify - ok 10:46:31.0310 3720 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys 10:46:31.0412 3720 Smb - ok 10:46:31.0452 3720 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe 10:46:31.0459 3720 SNMPTRAP - ok 10:46:31.0725 3720 SNP2UVC (53d1e2ecbf26b313ffdd2b8ba3d2f66e) C:\Windows\system32\DRIVERS\snp2uvc.sys 10:46:32.0076 3720 SNP2UVC - ok 10:46:32.0502 3720 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys 10:46:32.0509 3720 spldr - ok 10:46:32.0592 3720 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe 10:46:32.0802 3720 Spooler - ok 10:46:32.0974 3720 SRTSP (ec5c3c6260f4019b03dfaa03ec8cbf6a) C:\Windows\System32\Drivers\N360\0404000.00C\SRTSP.SYS 10:46:33.0120 3720 SRTSP - ok 10:46:33.0162 3720 SRTSPX (55d5c37ed41231e3ac2063d16df50840) C:\Windows\system32\drivers\N360\0404000.00C\SRTSPX.SYS 10:46:33.0244 3720 SRTSPX - ok 10:46:33.0295 3720 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys 10:46:33.0433 3720 srv - ok 10:46:33.0477 3720 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys 10:46:33.0548 3720 srv2 - ok 10:46:33.0592 3720 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys 10:46:33.0654 3720 srvnet - ok 10:46:33.0711 3720 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll 10:46:33.0722 3720 SSDPSRV - ok 10:46:33.0765 3720 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll 10:46:33.0806 3720 SstpSvc - ok 10:46:33.0899 3720 StillCam (ef70b3d22b4bffda6ea851ecb063efaa) C:\Windows\system32\DRIVERS\serscan.sys 10:46:33.0972 3720 StillCam - ok 10:46:34.0032 3720 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll 10:46:34.0728 3720 stisvc - ok 10:46:34.0906 3720 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys 10:46:34.0967 3720 swenum - ok 10:46:35.0196 3720 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll 10:46:35.0320 3720 swprv - ok 10:46:35.0420 3720 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys 10:46:35.0521 3720 Symc8xx - ok 10:46:35.0677 3720 SymDS (56890bf9d9204b93042089d4b45ae671) C:\Windows\system32\drivers\N360\0404000.00C\SYMDS.SYS 10:46:36.0081 3720 SymDS - ok 10:46:36.0416 3720 SymEFA (10ba64273feff4df0a7ccb0ff3b9b26b) C:\Windows\system32\drivers\N360\0404000.00C\SYMEFA.SYS 10:46:36.0729 3720 SymEFA - ok 10:46:37.0027 3720 SymEvent (961b48b86f94d4cc8ceb483f8aa89374) C:\Windows\system32\Drivers\SYMEVENT.SYS 10:46:37.0282 3720 SymEvent - ok 10:46:37.0548 3720 SymIRON (dc80fbf0a348e54853ef82eed4e11e35) C:\Windows\system32\drivers\N360\0404000.00C\Ironx86.SYS 10:46:38.0001 3720 SymIRON - ok 10:46:38.0094 3720 SYMTDIv (b501d61792d8355eae7eb4f7449a9d99) C:\Windows\System32\Drivers\N360\0404000.00C\SYMTDIV.SYS 10:46:38.0308 3720 SYMTDIv - ok 10:46:38.0367 3720 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys 10:46:38.0477 3720 Sym_hi - ok 10:46:38.0584 3720 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys 10:46:38.0649 3720 Sym_u3 - ok 10:46:38.0758 3720 SynTP (f7a4250bb3e3afcd4af100e551509352) C:\Windows\system32\DRIVERS\SynTP.sys 10:46:39.0049 3720 SynTP - ok 10:46:39.0433 3720 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll 10:46:39.0532 3720 SysMain - ok 10:46:39.0599 3720 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll 10:46:39.0609 3720 TabletInputService - ok 10:46:39.0678 3720 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll 10:46:39.0768 3720 TapiSrv - ok 10:46:39.0956 3720 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll 10:46:40.0013 3720 TBS - ok 10:46:40.0327 3720 Tcpip (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\drivers\tcpip.sys 10:46:40.0427 3720 Tcpip - ok 10:46:40.0444 3720 Tcpip6 (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\DRIVERS\tcpip.sys 10:46:40.0453 3720 Tcpip6 - ok 10:46:40.0710 3720 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys 10:46:41.0188 3720 tcpipreg - ok 10:46:41.0257 3720 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys 10:46:41.0362 3720 TDPIPE - ok 10:46:41.0422 3720 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys 10:46:41.0554 3720 TDTCP - ok 10:46:42.0394 3720 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys 10:46:42.0516 3720 tdx - ok 10:46:42.0562 3720 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys 10:46:42.0725 3720 TermDD - ok 10:46:42.0998 3720 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll 10:46:43.0075 3720 TermService - ok 10:46:43.0154 3720 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll 10:46:43.0159 3720 Themes - ok 10:46:43.0217 3720 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll 10:46:43.0230 3720 THREADORDER - ok 10:46:43.0399 3720 tifm21 (78213f01ce781f93180bef5eb5b3ad81) C:\Windows\system32\drivers\tifm21.sys 10:46:43.0578 3720 tifm21 - ok 10:46:43.0649 3720 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll 10:46:43.0661 3720 TrkWks - ok 10:46:43.0747 3720 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe 10:46:43.0804 3720 TrustedInstaller - ok 10:46:44.0125 3720 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys 10:46:44.0404 3720 tssecsrv - ok 10:46:44.0476 3720 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys 10:46:44.0546 3720 tunmp - ok 10:46:44.0592 3720 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys 10:46:44.0636 3720 tunnel - ok 10:46:44.0708 3720 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys 10:46:44.0817 3720 uagp35 - ok 10:46:46.0396 3720 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys 10:46:46.0799 3720 udfs - ok 10:46:47.0615 3720 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe 10:46:47.0629 3720 UI0Detect - ok 10:46:48.0668 3720 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys 10:46:49.0759 3720 uliagpkx - ok 10:46:51.0912 3720 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys 10:46:52.0415 3720 uliahci - ok 10:46:53.0760 3720 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys 10:46:53.0986 3720 UlSata - ok 10:46:54.0562 3720 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys 10:46:55.0273 3720 ulsata2 - ok 10:46:55.0529 3720 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys 10:46:56.0111 3720 umbus - ok 10:47:00.0387 3720 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll 10:47:00.0858 3720 upnphost - ok 10:47:01.0469 3720 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys 10:47:01.0614 3720 usbccgp - ok 10:47:01.0674 3720 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys 10:47:01.0759 3720 usbcir - ok 10:47:01.0833 3720 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys 10:47:02.0401 3720 usbehci - ok 10:47:02.0531 3720 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys 10:47:02.0864 3720 usbhub - ok 10:47:03.0143 3720 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys 10:47:03.0225 3720 usbohci - ok 10:47:03.0294 3720 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys 10:47:03.0383 3720 usbprint - ok 10:47:04.0339 3720 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys 10:47:04.0404 3720 usbscan - ok 10:47:04.0451 3720 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS 10:47:04.0542 3720 USBSTOR - ok 10:47:05.0148 3720 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys 10:47:05.0216 3720 usbuhci - ok 10:47:05.0283 3720 usbvideo (0a6b81f01bc86399482e27e6fda7b33b) C:\Windows\system32\Drivers\usbvideo.sys 10:47:05.0347 3720 usbvideo - ok 10:47:05.0415 3720 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll 10:47:05.0557 3720 UxSms - ok 10:47:06.0064 3720 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe 10:47:06.0379 3720 vds - ok 10:47:06.0418 3720 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys 10:47:06.0507 3720 vga - ok 10:47:06.0554 3720 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys 10:47:06.0598 3720 VgaSave - ok 10:47:06.0962 3720 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys 10:47:07.0003 3720 viaagp - ok 10:47:07.0214 3720 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys 10:47:07.0533 3720 ViaC7 - ok 10:47:07.0579 3720 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys 10:47:07.0649 3720 viaide - ok 10:47:08.0012 3720 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys 10:47:08.0031 3720 volmgr - ok 10:47:08.0105 3720 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys 10:47:08.0192 3720 volmgrx - ok 10:47:08.0255 3720 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys 10:47:08.0297 3720 volsnap - ok 10:47:08.0704 3720 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys 10:47:08.0776 3720 vsmraid - ok 10:47:09.0504 3720 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe 10:47:09.0555 3720 VSS - ok 10:47:10.0196 3720 vToolbarUpdater11.2.0 (8ed347bad8d1fb7c40b593bfb01786d2) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe 10:47:10.0698 3720 vToolbarUpdater11.2.0 - ok 10:47:10.0964 3720 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll 10:47:11.0072 3720 W32Time - ok 10:47:11.0205 3720 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys 10:47:11.0281 3720 WacomPen - ok 10:47:11.0325 3720 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys 10:47:11.0432 3720 Wanarp - ok 10:47:11.0439 3720 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys 10:47:11.0441 3720 Wanarpv6 - ok 10:47:11.0825 3720 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll 10:47:12.0222 3720 wcncsvc - ok 10:47:12.0566 3720 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll 10:47:12.0612 3720 WcsPlugInService - ok 10:47:12.0765 3720 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys 10:47:12.0875 3720 Wd - ok 10:47:14.0904 3720 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys 10:47:15.0164 3720 Wdf01000 - ok 10:47:15.0818 3720 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll 10:47:15.0954 3720 WdiServiceHost - ok 10:47:15.0961 3720 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll 10:47:15.0966 3720 WdiSystemHost - ok 10:47:16.0927 3720 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll 10:47:17.0112 3720 WebClient - ok 10:47:18.0090 3720 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll 10:47:18.0310 3720 Wecsvc - ok 10:47:18.0748 3720 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll 10:47:18.0815 3720 wercplsupport - ok 10:47:19.0250 3720 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll 10:47:19.0504 3720 WerSvc - ok 10:47:20.0731 3720 winachsf (5c7bdcf5864db00323fe2d90fa26a8a2) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS 10:47:20.0875 3720 winachsf - ok 10:47:21.0839 3720 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll 10:47:22.0382 3720 WinDefend - ok 10:47:22.0399 3720 WinHttpAutoProxySvc - ok 10:47:23.0574 3720 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll 10:47:24.0275 3720 Winmgmt - ok 10:47:25.0242 3720 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll 10:47:25.0838 3720 WinRM - ok 10:47:26.0104 3720 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll 10:47:26.0208 3720 Wlansvc - ok 10:47:26.0787 3720 wlidsvc (fb01d4ae207b9efdbabfc55dc95c7e31) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 10:47:27.0082 3720 wlidsvc - ok 10:47:28.0696 3720 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys 10:47:28.0741 3720 WmiAcpi - ok 10:47:28.0839 3720 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe 10:47:28.0890 3720 wmiApSrv - ok 10:47:29.0038 3720 WMIService (e8781cf1a4262881897444d22921a3a6) C:\Acer\Empowering Technology\ePower\ePowerSvc.exe 10:47:29.0155 3720 WMIService - ok 10:47:29.0308 3720 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe 10:47:29.0395 3720 WMPNetworkSvc - ok 10:47:29.0833 3720 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll 10:47:29.0970 3720 WPCSvc - ok 10:47:30.0045 3720 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll 10:47:30.0144 3720 WPDBusEnum - ok 10:47:30.0276 3720 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys 10:47:30.0335 3720 WpdUsb - ok 10:47:30.0683 3720 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe 10:47:31.0132 3720 WPFFontCache_v0400 - ok 10:47:31.0340 3720 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys 10:47:31.0393 3720 ws2ifsl - ok 10:47:31.0491 3720 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\system32\wscsvc.dll 10:47:31.0605 3720 wscsvc - ok 10:47:31.0617 3720 WSearch - ok 10:47:32.0355 3720 wuauserv (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll 10:47:32.0731 3720 wuauserv - ok 10:47:33.0132 3720 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys 10:47:33.0191 3720 WUDFRd - ok 10:47:33.0266 3720 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll 10:47:33.0276 3720 wudfsvc - ok 10:47:33.0386 3720 {95808DC4-FA4A-4c74-92FE-5B863F82066B} (8098180b3f6c430a4e60333bc036f936) C:\Program Files\CyberLink\PowerDVD\000.fcl 10:47:33.0398 3720 {95808DC4-FA4A-4c74-92FE-5B863F82066B} - ok 10:47:33.0422 3720 MBR (0x1B8) (6fc6f9186c07bca94e140f63bfe6e9b4) \Device\Harddisk0\DR0 10:47:37.0559 3720 \Device\Harddisk0\DR0 - ok 10:47:37.0592 3720 Boot (0x1200) (0ad4c135ddd5c7c558f1b37433dd641f) \Device\Harddisk0\DR0\Partition0 10:47:37.0594 3720 \Device\Harddisk0\DR0\Partition0 - ok 10:47:37.0614 3720 Boot (0x1200) (1785dd7402a53f688825e4069d107f1f) \Device\Harddisk0\DR0\Partition1 10:47:37.0616 3720 \Device\Harddisk0\DR0\Partition1 - ok 10:47:37.0617 3720 ============================================================ 10:47:37.0617 3720 Scan finished 10:47:37.0617 3720 ============================================================ 10:47:37.0643 7168 Detected object count: 0 10:47:37.0643 7168 Actual detected object count: 0 4) I ran aswMBR. Here is the log: aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software Run date: 2012-07-06 10:52:31 ----------------------------- 10:52:31.947 OS Version: Windows 6.0.6002 Service Pack 2 10:52:31.947 Number of processors: 2 586 0xF0D 10:52:31.949 ComputerName: NEETU-PC UserName: Neetu 10:52:42.303 Initialize success 10:56:25.112 AVAST engine defs: 12070600 10:59:36.659 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 10:59:36.665 Disk 0 Vendor: Hitachi_ SB4O Size: 152627MB BusType: 3 10:59:36.698 Disk 0 MBR read successfully 10:59:36.704 Disk 0 MBR scan 10:59:36.719 Disk 0 unknown MBR code 10:59:36.735 Disk 0 Partition 1 00 27 Hidden NTFS WinRE MSDOS5.0 10000 MB offset 2048 10:59:36.766 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 71317 MB offset 20482048 10:59:36.799 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 71308 MB offset 166539264 10:59:36.821 Disk 0 scanning sectors +312578048 10:59:36.895 Disk 0 scanning C:\Windows\system32\drivers 11:00:08.164 Service scanning 11:00:54.338 Modules scanning 11:01:07.063 Disk 0 trace - called modules: 11:01:07.135 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iaStor.sys 11:01:07.148 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x860d8ac8] 11:01:07.162 3 CLASSPNP.SYS[87fb98b3] -> nt!IofCallDriver -> [0x84e0f798] 11:01:07.175 5 acpi.sys[806996bc] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x84e15030] 11:01:08.069 AVAST engine scan C:\Windows 11:01:37.906 AVAST engine scan C:\Windows\system32 11:07:48.536 AVAST engine scan C:\Windows\system32\drivers 11:08:10.626 AVAST engine scan C:\Users\Neetu 11:14:10.076 AVAST engine scan C:\ProgramData 11:22:32.629 Scan finished successfully 11:25:49.921 Disk 0 MBR has been saved successfully to "C:\Users\Neetu\Desktop\Downloads\MBR.dat" 11:25:49.932 The log file has been saved successfully to "C:\Users\Neetu\Desktop\Downloads\aswMBR.txt" Thank you!

1) I booted up the PC. Immediately Norton fired up saying "Security threats were found. These have been fixed" 2) Disabled antivirus (AVG and Norton) 3) Ran Combofix Got an error message "Error Opening file for writing: C:\32788R22FW\pev.3XE" Retry didn't work, so I clicked "Ignore" and proceeded Then it executed without much fuss. PC is performing slow. Here is the log: ComboFix 12-07-05.04 - Neetu 07/06/2012 0:25.2.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2038.600 [GMT -4:00] Running from: c:\users\Neetu\Desktop\Downloads\ComboFix.exe AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} AV: Norton Security Suite *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} FW: Norton Security Suite *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Norton Security Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\assembly\GAC\Desktop.ini c:\windows\system32\AutoRun.inf c:\windows\system32\BSTIEPrintCtl1.dll . . ((((((((((((((((((((((((( Files Created from 2012-06-06 to 2012-07-06 ))))))))))))))))))))))))))))))) . . 2012-07-06 04:41 . 2012-07-06 04:41 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-07-04 21:14 . 2012-07-04 21:14 -------- d-----w- C:\FRST 2012-07-04 07:00 . 2012-07-04 07:01 -------- d-----w- C:\6788cb2bf9deb48900de59dea34775ee 2012-07-03 21:39 . 2012-07-03 21:39 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2012-07-03 17:30 . 2012-07-03 17:30 -------- d-----w- c:\users\Neetu\AppData\Roaming\Malwarebytes 2012-07-03 17:29 . 2012-07-03 17:29 -------- d-----w- c:\programdata\Malwarebytes 2012-07-03 17:29 . 2012-07-03 17:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-07-03 17:29 . 2012-04-04 19:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-07-01 22:26 . 2012-07-01 22:26 -------- d-----w- c:\users\Neetu\AppData\Roaming\AVG2012 2012-07-01 22:25 . 2012-07-01 22:25 -------- d-----w- c:\users\Neetu\AppData\Local\AVG Secure Search 2012-07-01 22:25 . 2012-07-01 22:25 -------- d-----w- c:\programdata\AVG Secure Search 2012-07-01 22:24 . 2012-07-01 22:25 -------- d-----w- c:\program files\Common Files\AVG Secure Search 2012-07-01 22:24 . 2012-07-01 22:25 -------- d-----w- c:\program files\AVG Secure Search 2012-07-01 22:24 . 2012-07-01 22:24 -------- d--h--w- c:\programdata\Common Files 2012-07-01 22:23 . 2012-07-06 04:04 -------- d-----w- c:\windows\system32\drivers\AVG 2012-07-01 22:23 . 2012-07-01 22:27 -------- d-----w- c:\programdata\AVG2012 2012-07-01 22:23 . 2012-07-01 22:23 -------- d-----w- C:\$AVG 2012-07-01 22:22 . 2012-07-01 22:22 -------- d-----w- c:\program files\AVG 2012-07-01 22:18 . 2012-07-06 04:05 -------- d-----w- c:\programdata\MFAData 2012-07-01 22:17 . 2012-06-15 20:39 169744 ----a-w- c:\windows\system32\ztvunrar36.dll 2012-07-01 22:17 . 2012-06-15 20:35 185616 ----a-w- c:\windows\system32\ztvunrar39.dll 2012-07-01 22:17 . 2012-06-15 20:33 605968 ----a-w- c:\windows\system32\ztv7z.dll 2012-07-01 22:17 . 2005-08-26 05:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll 2012-07-01 22:17 . 2012-06-15 20:33 77072 ----a-w- c:\windows\system32\ztvcabinet.dll 2012-07-01 22:17 . 2003-02-03 00:06 153088 ----a-w- c:\windows\system32\unrar3.dll 2012-07-01 22:17 . 2002-03-06 05:00 75264 ----a-w- c:\windows\system32\unacev2.dll 2012-07-01 22:16 . 2012-07-01 22:17 -------- d-----w- c:\users\Neetu\AppData\Roaming\Simply Super Software 2012-07-01 22:16 . 2012-07-01 22:16 -------- d-----w- c:\programdata\Simply Super Software 2012-07-01 22:16 . 2012-07-01 22:16 -------- d-----w- c:\programdata\blekko toolbars 2012-07-01 22:16 . 2012-07-01 22:16 -------- d-----w- c:\program files\blekkotb_031 2012-07-01 22:16 . 2012-07-01 22:16 -------- d-----w- c:\users\Neetu\AppData\Local\blekkotb_031 2012-07-01 22:15 . 2012-07-01 22:16 -------- d-----w- c:\programdata\Anti-phishing Domain Advisor 2012-07-01 21:52 . 2012-07-01 21:52 -------- d-----w- c:\users\Neetu\AppData\Roaming\PC Cleaners 2012-07-01 21:52 . 2012-07-01 21:52 -------- d-----w- c:\users\Neetu\AppData\Roaming\PCPro 2012-07-01 21:52 . 2012-07-01 21:51 4447544 ----a-w- c:\windows\uninst.exe 2012-07-01 21:52 . 2012-07-01 21:52 -------- d-----w- c:\programdata\PC1Data 2012-07-01 21:30 . 2012-07-01 21:51 -------- d-----w- c:\users\Neetu\AppData\Local\NPE 2012-07-01 17:33 . 2012-07-01 17:33 -------- d-----w- c:\program files\The Weather Channel 2012-06-28 23:04 . 2012-06-28 23:04 -------- d-sh--w- c:\windows\system32\%APPDATA% 2012-06-28 04:49 . 2012-06-28 04:49 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-06-23 08:41 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-23 08:41 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll 2012-06-23 08:41 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll 2012-06-23 08:41 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-23 08:40 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll 2012-06-23 08:40 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll 2012-06-23 08:40 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll 2012-06-23 08:39 . 2012-06-02 19:19 171904 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-23 08:39 . 2012-06-02 19:12 33792 ----a-w- c:\windows\system32\wuapp.exe 2012-06-14 12:37 . 2012-05-17 22:24 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-06-14 12:37 . 2012-05-17 23:21 140920 ----a-w- c:\program files\Internet Explorer\sqmapi.dll 2012-06-14 12:37 . 2012-05-17 22:31 194560 ----a-w- c:\program files\Internet Explorer\ieproxy.dll 2012-06-13 08:10 . 2012-04-23 16:00 984064 ----a-w- c:\windows\system32\crypt32.dll 2012-06-13 08:10 . 2012-04-23 16:00 98304 ----a-w- c:\windows\system32\cryptnet.dll 2012-06-13 08:10 . 2012-04-23 16:00 133120 ----a-w- c:\windows\system32\cryptsvc.dll 2012-06-13 08:09 . 2012-05-01 14:03 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-06-13 08:09 . 2012-05-15 19:51 2045440 ----a-w- c:\windows\system32\win32k.sys 2012-06-08 16:12 . 2012-07-04 16:55 -------- d-----w- c:\users\Neetu\AppData\Roaming\Skype 2012-06-08 16:12 . 2012-06-08 16:12 -------- d-----w- c:\program files\Common Files\Skype 2012-06-08 16:12 . 2012-06-08 16:12 -------- d-----r- c:\program files\Skype . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-06-28 04:49 . 2012-01-12 03:47 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-04-19 08:50 . 2012-04-19 08:50 24896 ----a-w- c:\windows\system32\drivers\avgidshx.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8769adce-dba5-48e9-afb5-67b12cdf2e61}] 2012-05-18 19:44 85288 ----a-w- c:\program files\blekkotb_031\blekkotb_019X.dll . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}] 2012-07-01 22:24 2074208 ----a-w- c:\program files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{8769adce-dba5-48e9-afb5-67b12cdf2e61}"= "c:\program files\blekkotb_031\blekkotb_019X.dll" [2012-05-18 85288] "{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll" [2012-07-01 2074208] . [HKEY_CLASSES_ROOT\clsid\{8769adce-dba5-48e9-afb5-67b12cdf2e61}] . [HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}] [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1] [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920] "Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-05-22 151552] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088] "VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2010-07-06 2634048] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-06-05 17344176] "DW7"="c:\program files\The Weather Channel\The Weather Channel App\TWCApp.exe" [2012-07-01 10555904] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="RtHDVCpl.exe" [2007-05-29 4472832] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-23 815104] "PLFSet"="c:\windows\PLFSet.dll" [2007-04-24 45056] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-07-12 178712] "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-15 71216] "LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-02-07 54832] "eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 457216] "LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2007-06-15 850704] "Acer Assist Launcher"="c:\program files\Acer Assist\launcher.exe" [2007-02-02 1261568] "Acer Product Registration"="c:\program files\Acer Registration\ACE1.exe" [2007-02-02 3383296] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-01-02 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-01-02 166424] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-01-02 133656] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-06 155648] "Skytel"="Skytel.exe" [2007-05-29 1826816] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040] "WinampAgent"="c:\program files\Winamp\winampa.exe" [2006-11-21 35328] "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-07-07 1848648] "CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-12-12 722256] "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-16 1164584] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696] "Anti-phishing Domain Advisor"="c:\programdata\Anti-phishing Domain Advisor\visicom_antiphishing.exe" [2012-05-03 217256] "AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008] "vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-07-01 1107552] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408] . c:\users\Neetu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OpenOffice.org 2.3.lnk - c:\program files\OpenOffice.org 2.3\program\quickstart.exe [2007-8-17 393216] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Device Detector 2.lnk - c:\program files\Olympus\DeviceDetector\DevDtct2.exe [2009-6-27 106496] Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2007-8-26 535336] Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-9-19 282624] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 vvdsvc REG_MULTI_SZ vvdsvc LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . Contents of the 'Scheduled Tasks' folder . 2012-07-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1121395090-2152420972-532832032-1000Core.job - c:\users\Neetu\AppData\Local\Google\Update\GoogleUpdate.exe [2009-05-25 16:01] . 2012-07-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1121395090-2152420972-532832032-1000UA.job - c:\users\Neetu\AppData\Local\Google\Update\GoogleUpdate.exe [2009-05-25 16:01] . . ------- Supplementary Scan ------- . uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 uStart Page = about:blank mStart Page = hxxp://en.us.acer.yahoo.com uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s TCP: DhcpNameServer = 192.168.0.1 Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll DPF: CabBuilder - hxxp://ak.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-07-06 00:42 Windows 6.0.6002 Service Pack 2 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\N360] "ImagePath"="\"c:\program files\Norton Security Suite\Engine\4.4.0.12\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\4.4.0.12\diMaster.dll\" /prefetch:1" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}] "ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . Completion time: 2012-07-06 00:46:00 ComboFix-quarantined-files.txt 2012-07-06 04:45 ComboFix2.txt 2012-07-04 07:14 . Pre-Run: 17,980,375,040 bytes free Post-Run: 17,534,480,384 bytes free . - - End Of File - - DF2F39B1F26271DD6E4E91D43E7BDAE9

Duhhh! Sorry and thank you! Here is the requested log (Fixlog.txt)Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 04-07-2012 01 Ran by SYSTEM at 2012-07-05 19:38:58 Run:1 Running from D:\ ============================================== C:\Windows\System32\services.exe moved successfully. C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe copied successfully to C:\Windows\System32\services.exe C:\Windows\Installer\{f12373c9-bcd6-82bd-69d3-af7ed0d4ff3b} moved successfully. C:\Users\Neetu\AppData\Local\{f12373c9-bcd6-82bd-69d3-af7ed0d4ff3b} moved successfully. ==== End of Fixlog ====

Hello, Sorry bit of a noob here. I wasn't fully able to understand your previous post 1) I saved the code to my flash drive as fixlist.txt 2) I entered the System Recovery Options 3) I am stuck here. Do I launch "Command Prompt" from here and then run FRST64? If yes, what command do I type for it? Also, where is FRST64 located? Thanks.

Hello! Sorry for the delay in getting back to you. Please find the requested log (Search.txt): Farbar Recovery Scan Tool Version: 04-07-2012 01 Ran by SYSTEM at 2012-07-05 10:50:17 Running from D:\ ================== Search: "services.exe" =================== C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe [2009-08-04 18:18] - [2009-04-10 22:27] - 0279552 ____A (Microsoft Corporation) D4E6D91C1349B7BFB3599A6ADA56851B C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe [2008-06-25 06:02] - [2008-01-18 23:33] - 0279040 ____A (Microsoft Corporation) 2B336AB6286D6C81FA02CBAB914E3C6C C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6000.16386_none_cd28fe6bd05df036\services.exe [2006-11-02 00:35] - [2006-11-02 01:45] - 0279552 ____A (Microsoft Corporation) 329CF3C97CE4C19375C8ABCABAE258B0 C:\Windows\System32\services.exe [2009-08-04 18:18] - [2009-04-10 22:27] - 0279552 ____A (Microsoft Corporation) 8737764F4FD36D6808EE80578409C843 === End Of Search ===

Hi Gringo thank you for the quick reply. Please find the log that you requested (FRST.txt): Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 04-07-2012 01 Ran by SYSTEM at 04-07-2012 13:15:00 Running from F:\ Windows Vista Home Premium (X86) OS Language: English(US) The current controlset is ControlSet001 ========================== Registry (Whitelisted) ============= HKLM\...\Run: [RtHDVCpl] RtHDVCpl.exe [x] HKLM\...\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [815104 2006-10-23] (Synaptics, Inc.) HKLM\...\Run: [PLFSet] rundll32.exe C:\Windows\PLFSet.dll,PLFDefSetting [45056 2007-04-24] ( ) HKLM\...\Run: [iAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [178712 2007-07-12] (Intel Corporation) HKLM\...\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [71216 2007-03-14] (Cyberlink Corp.) HKLM\...\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [54832 2007-02-07] () HKLM\...\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe [457216 2007-04-25] (HiTRUST) HKLM\...\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe [850704 2007-06-14] (Dritek System Inc.) HKLM\...\Run: [Acer Assist Launcher] C:\Program Files\Acer Assist\launcher.exe [1261568 2007-02-02] () HKLM\...\Run: [Acer Product Registration] "C:\Program Files\Acer Registration\ACE1.exe" /startup [3383296 2007-02-02] (Leader Technologies) HKLM\...\Run: [igfxTray] C:\Windows\system32\igfxtray.exe [141848 2008-01-02] (Intel Corporation) HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [166424 2008-01-02] (Intel Corporation) HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [133656 2008-01-02] (Intel Corporation) HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime [155648 2008-05-06] (Apple Computer, Inc.) HKLM\...\Run: [skytel] Skytel.exe [x] HKLM\...\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49152 2007-03-11] (Hewlett-Packard Co.) HKLM\...\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation) HKLM\...\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe [35328 2006-11-21] () HKLM\...\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon [1848648 2009-07-06] (CANON INC.) HKLM\...\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon [722256 2008-12-11] (CANON INC.) HKLM\...\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1164584 2010-09-16] () HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [37296 2011-09-07] (Adobe Systems Incorporated) HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [937920 2011-03-29] (Adobe Systems Incorporated) HKLM\...\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [254696 2011-04-08] (Sun Microsystems, Inc.) HKLM\...\Run: [Anti-phishing Domain Advisor] "C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe" [217256 2012-05-03] (Visicom Media Inc. (Powered by Panda Security)) HKLM\...\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe" [2587008 2012-04-05] (AVG Technologies CZ, s.r.o.) HKLM\...\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe" [1107552 2012-07-01] () HKLM\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462408 2012-04-04] (Malwarebytes Corporation) HKU\Neetu\...\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe [151552 2007-05-22] (Acer Inc.) HKU\Neetu\...\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet [4670704 2007-08-30] (Yahoo! Inc.) HKU\Neetu\...\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2144088 2009-01-26] (Safer Networking Limited) HKU\Neetu\...\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2634048 2010-07-06] (Veoh Networks) HKU\Neetu\...\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun [17344176 2012-06-05] (Skype Technologies S.A.) HKU\Neetu\...\Run: [DW7] "C:\Program Files\The Weather Channel\The Weather Channel App\TWCApp.exe" [10555904 2012-07-01] (The Weather Channel) HKU\Neetu\...\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-18] (Microsoft Corporation) Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Startup: C:\Users\All Users\Start Menu\Programs\Startup\Device Detector 2.lnk ShortcutTarget: Device Detector 2.lnk -> C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe (OLYMPUS Corporation) Startup: C:\Users\All Users\Start Menu\Programs\Startup\Empowering Technology Launcher.lnk ShortcutTarget: Empowering Technology Launcher.lnk -> C:\Acer\Empowering Technology\eAPLauncher.exe (Acer Inc.) Startup: C:\Users\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk ShortcutTarget: Kodak EasyShare software.lnk -> C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company) Startup: C:\Users\Neetu\Start Menu\Programs\Startup\OpenOffice.org 2.3.lnk ShortcutTarget: OpenOffice.org 2.3.lnk -> C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe () ================================ Services (Whitelisted) ================== 2 Automatic LiveUpdate Scheduler; "C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [554352 2007-09-12] (Symantec Corporation) 2 AVGIDSAgent; "C:\Program Files\AVG\AVG2012\avgidsagent.exe" [5161080 2012-06-12] (AVG Technologies CZ, s.r.o.) 2 avgwd; "C:\Program Files\AVG\AVG2012\avgwdsvc.exe" [193288 2012-02-14] (AVG Technologies CZ, s.r.o.) 2 eDataSecurity Service; "C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe" [457512 2007-04-25] (HiTRSUT) 2 eLockService; C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe [24576 2007-04-23] (Acer Inc.) 2 eNet Service; C:\Acer\Empowering Technology\eNet\eNet Service.exe [135168 2007-06-13] (Acer Inc.) 2 eRecoveryService; C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe [53248 2007-07-03] (Acer Inc.) 2 eSettingsService; C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [24576 2007-06-28] () 2 Eventlog; C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [21504 2008-01-18] (Microsoft Corporation) 2 Irmon; C:\Windows\System32\irmon.dll [17920 2006-11-02] (Microsoft Corporation) 3 LiveUpdate; "C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE" [2999664 2007-09-12] (Symantec Corporation) 2 MBAMService; "C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe" [654408 2012-04-04] (Malwarebytes Corporation) 2 MobilityService; C:\Acer\Mobility Center\MobilityService.exe -p [107008 2006-11-24] () 2 N360; "C:\Program Files\Norton Security Suite\Engine\4.4.0.12\ccSvcHst.exe" /s "N360" /m "C:\Program Files\Norton Security Suite\Engine\4.4.0.12\diMaster.dll" /prefetch:1 [135032 2010-04-29] (Symantec Corporation) 2 RichVideo; "C:\Program Files\CyberLink\Shared Files\RichVideo.exe" [272024 2007-04-02] () 2 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [810320 2008-01-28] (Safer Networking Ltd.) 2 Skype C2C Service; "C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe" [3048136 2012-06-19] (Skype Technologies S.A.) 2 SkypeUpdate; "C:\Program Files\Skype\Updater\Updater.exe" [160944 2012-06-05] (Skype Technologies) 2 vToolbarUpdater11.2.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [935008 2012-07-01] () 2 WMIService; C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [167936 2007-06-13] (acer) 2 CLTNetCnService; "c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [x] 4 NetMsmqActivator; "c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe" -NetMsmqActivator [x] 4 NetPipeActivator; c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [x] 4 NetTcpActivator; c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [x] 4 NetTcpPortSharing; c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [x] ========================== Drivers (Whitelisted) ============= 3 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [139856 2011-12-23] (AVG Technologies CZ, s.r.o. ) 3 AVGIDSFilter; C:\Windows\System32\DRIVERS\avgidsfilterx.sys [24144 2011-12-23] (AVG Technologies CZ, s.r.o. ) 0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [24896 2012-04-19] (AVG Technologies CZ, s.r.o. ) 3 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [17232 2011-12-23] (AVG Technologies CZ, s.r.o. ) 1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [235216 2012-02-22] (AVG Technologies CZ, s.r.o.) 1 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [41040 2011-12-23] (AVG Technologies CZ, s.r.o.) 0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [31952 2012-01-31] (AVG Technologies CZ, s.r.o.) 1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [301248 2012-03-19] (AVG Technologies CZ, s.r.o.) 1 BHDrvx86; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20120619.001\BHDrvx86.sys [821920 2012-06-18] (Symantec Corporation) 1 ccHP; C:\Windows\system32\drivers\N360\0404000.00C\ccHPx86.sys [485512 2011-08-03] (Symantec Corporation) 3 DKbFltr; C:\Windows\System32\DRIVERS\DKbFltr.sys [21264 2007-06-14] (Dritek System Inc.) 1 eeCtrl; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376480 2012-05-30] (Symantec Corporation) 3 EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [106656 2012-05-30] (Symantec Corporation) 1 IDSVix86; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20120702.001\IDSvix86.sys [382624 2012-06-14] (Symantec Corporation) 2 int15; \??\C:\Windows\system32\drivers\int15.sys [76584 2007-03-02] () 2 irda; C:\Windows\System32\DRIVERS\irda.sys [95744 2008-01-18] (Microsoft Corporation) 4 iteraid; C:\Windows\system32\drivers\iteraid.sys [35944 2006-11-02] (Integrated Technology Express, Inc.) 3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [22344 2012-04-04] (Malwarebytes Corporation) 3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20120703.017\NAVENG.SYS [87928 2012-05-16] (Symantec Corporation) 3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20120703.017\NAVEX15.SYS [1589752 2012-05-16] (Symantec Corporation) 3 NSCIRDA; C:\Windows\System32\DRIVERS\nscirda.sys [30720 2008-01-18] (National Semiconductor Corporation) 3 NTIDrvr; C:\Windows\System32\DRIVERS\NTIDrvr.sys [6144 2007-08-25] (NewTech Infosystems, Inc.) 0 PSDFilter; C:\Windows\System32\DRIVERS\psdfilter.sys [20776 2007-04-25] (HiTRUST) 0 PSDNServ; C:\Windows\System32\drivers\PSDNServ.sys [16680 2007-04-25] (HiTRUST) 0 psdvdisk; C:\Windows\System32\drivers\psdvdisk.sys [60712 2007-04-25] (HiTRUST) 3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1729152 2007-02-07] () 1 SRTSP; C:\Windows\System32\Drivers\N360\0404000.00C\SRTSP.SYS [325680 2010-04-21] (Symantec Corporation) 1 SRTSPX; C:\Windows\system32\drivers\N360\0404000.00C\SRTSPX.SYS [43696 2010-04-21] (Symantec Corporation) 0 SymDS; C:\Windows\System32\drivers\N360\0404000.00C\SYMDS.SYS [328752 2009-10-14] (Symantec Corporation) 0 SymEFA; C:\Windows\System32\drivers\N360\0404000.00C\SYMEFA.SYS [173176 2011-08-21] (Symantec Corporation) 3 SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT.SYS [124976 2011-01-01] (Symantec Corporation) 1 SymIRON; C:\Windows\system32\drivers\N360\0404000.00C\Ironx86.SYS [116784 2010-04-28] (Symantec Corporation) 1 SYMTDIv; C:\Windows\System32\Drivers\N360\0404000.00C\SYMTDIV.SYS [340088 2011-08-21] (Symantec Corporation) 2 {95808DC4-FA4A-4c74-92FE-5B863F82066B}; \??\C:\Program Files\CyberLink\PowerDVD\000.fcl [13560 2006-11-02] (Cyberlink Corp.) 4 blbdrive; C:\Windows\system32\drivers\blbdrive.sys [x] 3 catchme; \??\C:\ComboFix\catchme.sys [x] 3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x] 3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x] 3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x] ========================== NetSvcs (Whitelisted) =========== ============ One Month Created Files and Folders ============== 2012-07-03 23:14 - 2012-07-03 23:14 - 00019389 ____A C:\ComboFix.txt 2012-07-03 23:00 - 2012-07-03 23:01 - 00000000 ____D C:\6788cb2bf9deb48900de59dea34775ee 2012-07-03 22:25 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe 2012-07-03 22:25 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe 2012-07-03 22:25 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe 2012-07-03 22:25 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe 2012-07-03 22:25 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe 2012-07-03 22:25 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe 2012-07-03 22:25 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe 2012-07-03 22:25 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe 2012-07-03 22:24 - 2012-07-03 23:14 - 00000000 ____D C:\ComboFix 2012-07-03 21:50 - 2012-07-03 23:14 - 00000000 ____D C:\Qoobox 2012-07-03 21:50 - 2012-07-03 23:11 - 00000000 ____D C:\Windows\erdnt 2012-07-03 21:49 - 2012-07-03 21:49 - 00001500 ____A C:\Users\Neetu\Desktop\checkup.txt 2012-07-03 18:18 - 2012-07-03 18:18 - 00025040 ____A C:\Users\Neetu\Desktop\DDS.txt 2012-07-03 18:18 - 2012-07-03 18:18 - 00013435 ____A C:\Users\Neetu\Desktop\Attach.txt 2012-07-03 18:16 - 2012-07-03 18:16 - 00013435 ____A C:\Users\Neetu\Documents\Attach.txt 2012-07-03 14:11 - 2012-07-03 14:11 - 00000000 ____D C:\Users\Neetu\AppData\Local\{96A5A0B0-3C35-478F-B52F-98599CAE6458} 2012-07-03 14:10 - 2012-07-03 14:11 - 00000000 ____D C:\Users\Neetu\AppData\Local\{C49A0691-CD44-4865-921D-E9F316C50626} 2012-07-03 12:55 - 2012-07-03 12:56 - 00000000 ____D C:\Users\Neetu\AppData\Local\{03A696AC-E90B-4315-B7E3-AA64E255829E} 2012-07-03 12:54 - 2012-07-03 12:55 - 00000000 ____D C:\Users\Neetu\AppData\Local\{B019819B-3271-46F0-81D0-985B303AE82C} 2012-07-03 09:30 - 2012-07-03 09:30 - 00000910 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2012-07-03 09:30 - 2012-07-03 09:30 - 00000000 ____D C:\Users\Neetu\AppData\Roaming\Malwarebytes 2012-07-03 09:29 - 2012-07-03 09:30 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware 2012-07-03 09:29 - 2012-07-03 09:29 - 00000000 ____D C:\Users\All Users\Malwarebytes 2012-07-03 09:29 - 2012-04-04 11:56 - 00022344 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys 2012-07-03 09:15 - 2012-07-03 09:15 - 10063000 ____A (Malwarebytes Corporation ) C:\Users\Neetu\Downloads\mbam-setup-1.61.0.1400.exe 2012-07-03 09:15 - 2012-07-03 09:15 - 00000000 ____D C:\Users\Neetu\AppData\Local\{C3ABB107-7F6A-4438-AF82-A464E6ECB267} 2012-07-03 09:14 - 2012-07-03 09:14 - 00000000 ____D C:\Users\Neetu\AppData\Local\{2F4D5299-68E3-4338-B34D-5A3BE24F52DE} 2012-07-01 14:40 - 2012-07-01 14:41 - 00000000 ____D C:\Users\Neetu\AppData\Local\{3F590268-1497-49B6-8033-3E4F328DEA10} 2012-07-01 14:39 - 2012-07-01 14:40 - 00000000 ____D C:\Users\Neetu\AppData\Local\{6C8453B7-95A2-4C17-96EE-A6278176B168} 2012-07-01 14:26 - 2012-07-01 14:26 - 00000000 ____D C:\Users\Neetu\AppData\Roaming\AVG2012 2012-07-01 14:25 - 2012-07-02 04:26 - 00000846 ____A C:\Users\Public\Desktop\AVG 2012.lnk 2012-07-01 14:25 - 2012-07-01 14:25 - 00000000 ____D C:\Users\Neetu\AppData\Local\AVG Secure Search 2012-07-01 14:25 - 2012-07-01 14:25 - 00000000 ____D C:\Users\All Users\AVG Secure Search 2012-07-01 14:24 - 2012-07-01 14:25 - 00000000 ____D C:\Program Files\Common Files\AVG Secure Search 2012-07-01 14:24 - 2012-07-01 14:25 - 00000000 ____D C:\Program Files\AVG Secure Search 2012-07-01 14:23 - 2012-07-04 04:59 - 00000000 ____D C:\Windows\System32\Drivers\AVG 2012-07-01 14:23 - 2012-07-01 14:27 - 00000000 ____D C:\Users\All Users\AVG2012 2012-07-01 14:23 - 2012-07-01 14:23 - 00000000 ____D C:\$AVG 2012-07-01 14:22 - 2012-07-01 14:22 - 00000000 ____D C:\Program Files\AVG 2012-07-01 14:18 - 2012-07-04 05:00 - 00000000 ____D C:\Users\All Users\MFAData 2012-07-01 14:18 - 2012-07-01 14:18 - 03879304 ____A (AVG Technologies) C:\Users\Neetu\Downloads\avg_free_stb_all_2012_2180_cnet.exe 2012-07-01 14:17 - 2012-07-01 14:17 - 00000000 ____D C:\Users\Neetu\Documents\Simply Super Software 2012-07-01 14:17 - 2012-06-15 12:39 - 00169744 ____A C:\Windows\System32\ztvunrar36.dll 2012-07-01 14:17 - 2012-06-15 12:35 - 00185616 ____A C:\Windows\System32\ztvunrar39.dll 2012-07-01 14:17 - 2012-06-15 12:33 - 00605968 ____A (Igor Pavlov) C:\Windows\System32\ztv7z.dll 2012-07-01 14:17 - 2012-06-15 12:33 - 00077072 ____A (Microsoft Corporation) C:\Windows\System32\ztvcabinet.dll 2012-07-01 14:17 - 2005-08-25 21:50 - 00077312 ____A C:\Windows\System32\ztvunace26.dll 2012-07-01 14:17 - 2003-02-02 16:06 - 00153088 ____A C:\Windows\System32\unrar3.dll 2012-07-01 14:17 - 2002-03-05 21:00 - 00075264 ____A C:\Windows\System32\unacev2.dll 2012-07-01 14:16 - 2012-07-01 14:17 - 00000000 ____D C:\Users\Neetu\AppData\Roaming\Simply Super Software 2012-07-01 14:16 - 2012-07-01 14:16 - 00000000 ____D C:\Users\Neetu\AppData\Local\blekkotb_031 2012-07-01 14:16 - 2012-07-01 14:16 - 00000000 ____D C:\Users\All Users\Simply Super Software 2012-07-01 14:16 - 2012-07-01 14:16 - 00000000 ____D C:\Users\All Users\blekko toolbars 2012-07-01 14:16 - 2012-07-01 14:16 - 00000000 ____D C:\Program Files\blekkotb_031 2012-07-01 14:15 - 2012-07-01 14:16 - 00000000 ____D C:\Users\All Users\Anti-phishing Domain Advisor 2012-07-01 14:15 - 2012-07-01 14:15 - 12308848 ____A (Simply Super Software ) C:\Users\Neetu\Downloads\trj684.exe 2012-07-01 14:14 - 2012-07-01 14:15 - 00463080 ____A (CNET Download.com) C:\Users\Neetu\Downloads\cnet2_trj684_exe.exe 2012-07-01 13:52 - 2012-07-01 13:52 - 00000781 ____A C:\Users\Neetu\Desktop\PC Cleaner Pro.lnk 2012-07-01 13:52 - 2012-07-01 13:52 - 00000000 ____D C:\Users\Neetu\AppData\Roaming\PCPro 2012-07-01 13:52 - 2012-07-01 13:52 - 00000000 ____D C:\Users\Neetu\AppData\Roaming\PC Cleaners 2012-07-01 13:52 - 2012-07-01 13:52 - 00000000 ____D C:\Users\All Users\PC1Data 2012-07-01 13:52 - 2012-07-01 13:51 - 04447544 ____A (PC Cleaners) C:\Windows\uninst.exe 2012-07-01 13:51 - 2012-07-01 13:51 - 04447544 ____A (PC Cleaners) C:\Users\Neetu\Downloads\PC_Pro_Installer.exe 2012-07-01 13:40 - 2012-07-01 13:40 - 00000000 ____D C:\Users\Neetu\AppData\Local\{882D2F6C-BD61-4D20-B929-C1A041A2E13F} 2012-07-01 13:39 - 2012-07-01 13:39 - 00000000 ____D C:\Users\Neetu\AppData\Local\{8D807900-7F4A-4CB0-8A47-E016CDD121EA} 2012-07-01 13:30 - 2012-07-01 13:51 - 00000000 ____D C:\Users\Neetu\AppData\Local\NPE 2012-07-01 13:29 - 2012-07-01 13:30 - 02841104 ____A (Symantec Corporation) C:\Users\Neetu\Downloads\NPE.exe 2012-07-01 09:39 - 2012-07-01 09:39 - 00001105 ____A C:\Users\Public\Desktop\The Weather Channel App.lnk 2012-07-01 09:33 - 2012-07-01 09:33 - 00000000 ____D C:\Users\Neetu\AppData\Local\{F139DA26-DEB0-4A11-AFC2-D9872F5EF462} 2012-07-01 09:33 - 2012-07-01 09:33 - 00000000 ____D C:\Program Files\The Weather Channel 2012-07-01 09:32 - 2012-07-01 09:33 - 00000000 ____D C:\Users\Neetu\AppData\Local\{FA2FA6D5-9F0A-420B-8D02-514DEFCA6761} 2012-06-28 15:04 - 2012-06-28 15:04 - 00000000 __SHD C:\Windows\System32\%APPDATA% 2012-06-27 20:49 - 2012-06-27 20:49 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe 2012-06-25 19:32 - 2012-06-25 19:32 - 00000000 ____D C:\Users\Neetu\AppData\Roaming\Mozilla 2012-06-23 00:41 - 2012-06-02 14:19 - 01933848 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll 2012-06-23 00:41 - 2012-06-02 14:19 - 00053784 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe 2012-06-23 00:41 - 2012-06-02 14:19 - 00045080 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll 2012-06-23 00:41 - 2012-06-02 14:12 - 02422272 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll 2012-06-23 00:40 - 2012-06-02 14:19 - 00577048 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll 2012-06-23 00:40 - 2012-06-02 14:19 - 00035864 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll 2012-06-23 00:40 - 2012-06-02 14:12 - 00088576 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll 2012-06-23 00:39 - 2012-06-02 11:19 - 00171904 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll 2012-06-23 00:39 - 2012-06-02 11:12 - 00033792 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe 2012-06-14 04:37 - 2012-05-17 14:27 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2012-06-14 04:37 - 2012-05-17 14:25 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2012-06-14 04:37 - 2012-05-17 14:24 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2012-06-14 04:36 - 2012-05-17 15:11 - 12314624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2012-06-14 04:36 - 2012-05-17 14:48 - 09737728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2012-06-14 04:36 - 2012-05-17 14:45 - 01800192 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2012-06-14 04:36 - 2012-05-17 14:36 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2012-06-14 04:36 - 2012-05-17 14:35 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2012-06-14 04:36 - 2012-05-17 14:35 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2012-06-14 04:36 - 2012-05-17 14:33 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll 2012-06-14 04:36 - 2012-05-17 14:31 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2012-06-14 04:36 - 2012-05-17 14:29 - 00716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2012-06-14 04:36 - 2012-05-17 14:29 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2012-06-14 04:36 - 2012-05-17 14:20 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2012-06-13 00:10 - 2012-04-23 08:00 - 00984064 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll 2012-06-13 00:10 - 2012-04-23 08:00 - 00133120 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll 2012-06-13 00:10 - 2012-04-23 08:00 - 00098304 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll 2012-06-13 00:09 - 2012-05-15 11:51 - 02045440 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2012-06-13 00:09 - 2012-05-01 06:03 - 00180736 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys 2012-06-08 08:12 - 2012-07-04 08:55 - 00000000 ____D C:\Users\Neetu\AppData\Roaming\Skype 2012-06-08 08:12 - 2012-06-08 08:12 - 00001878 ____A C:\Users\Public\Desktop\Skype.lnk 2012-06-08 08:12 - 2012-06-08 08:12 - 00000000 ___RD C:\Program Files\Skype 2012-06-08 08:12 - 2012-06-08 08:12 - 00000000 ____D C:\Program Files\Common Files\Skype 2012-06-08 08:09 - 2012-06-08 08:09 - 00944304 ____A (Skype Technologies S.A.) C:\Users\Neetu\Downloads\SkypeSetup.exe 2012-06-08 05:51 - 2012-06-08 05:52 - 00000000 ____D C:\Users\Neetu\AppData\Local\{89A46BBA-E89D-4E57-998E-B4702D63D27D} 2012-06-08 05:51 - 2012-06-08 05:51 - 00000000 ____D C:\Users\Neetu\AppData\Local\{D08E103D-FCC9-4B50-B48E-1B8CB525A1A0} 2012-06-07 11:08 - 2012-06-07 11:08 - 00000000 ____D C:\Users\Neetu\AppData\Local\{8285022C-173F-4724-9223-B468237A3046} 2012-06-07 11:08 - 2012-06-07 11:08 - 00000000 ____D C:\Users\Neetu\AppData\Local\{75E89D35-3E13-433C-9202-0F7A09117920} 2012-06-07 09:57 - 2012-06-07 09:57 - 00000000 ____D C:\Users\Neetu\AppData\Local\{F967FD96-05E8-4260-B059-FF1E1003E7AB} 2012-06-07 09:57 - 2012-06-07 09:57 - 00000000 ____D C:\Users\Neetu\AppData\Local\{8A0C59AA-440E-42D8-B5CD-8D056DAC399D} 2012-06-06 19:22 - 2012-06-06 19:22 - 00000000 ____D C:\Users\Neetu\AppData\Local\{54CFE2E8-42DF-443B-8BEE-3C83468B5020} 2012-06-06 19:21 - 2012-06-06 19:21 - 00000000 ____D C:\Users\Neetu\AppData\Local\{44B58133-73DA-491A-82A6-51545C7432B8} ============ 3 Months Modified Files ======================== 2012-07-04 09:07 - 2006-11-02 05:01 - 00032588 ____A C:\Windows\Tasks\SCHEDLGU.TXT 2012-07-04 09:07 - 2006-11-02 05:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2012-07-04 09:05 - 2009-06-30 22:57 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1121395090-2152420972-532832032-1000UA.job 2012-07-04 09:04 - 2006-11-02 04:47 - 00003568 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2012-07-04 09:04 - 2006-11-02 04:47 - 00003568 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2012-07-04 08:57 - 2007-10-09 11:03 - 01144365 ____A C:\Windows\WindowsUpdate.log 2012-07-03 23:14 - 2012-07-03 23:14 - 00019389 ____A C:\ComboFix.txt 2012-07-03 23:06 - 2006-11-02 02:23 - 00000215 ____A C:\Windows\system.ini 2012-07-03 23:03 - 2007-08-25 21:36 - 00452068 ____A C:\Windows\PFRO.log 2012-07-03 23:02 - 2006-11-02 02:22 - 54001664 ____A C:\Windows\System32\config\SOFTWARE.bak 2012-07-03 23:02 - 2006-11-02 02:22 - 42205184 ____A C:\Windows\System32\config\COMPON~1.bak 2012-07-03 23:02 - 2006-11-02 02:22 - 26476544 ____A C:\Windows\System32\config\SYSTEM.bak 2012-07-03 23:02 - 2006-11-02 02:22 - 00524288 ____A C:\Windows\System32\config\DEFAULT.bak 2012-07-03 23:02 - 2006-11-02 02:22 - 00262144 ____A C:\Windows\System32\config\SECURITY.bak 2012-07-03 23:02 - 2006-11-02 02:22 - 00262144 ____A C:\Windows\System32\config\SAM.bak 2012-07-03 21:49 - 2012-07-03 21:49 - 00001500 ____A C:\Users\Neetu\Desktop\checkup.txt 2012-07-03 18:18 - 2012-07-03 18:18 - 00025040 ____A C:\Users\Neetu\Desktop\DDS.txt 2012-07-03 18:18 - 2012-07-03 18:18 - 00013435 ____A C:\Users\Neetu\Desktop\Attach.txt 2012-07-03 18:16 - 2012-07-03 18:16 - 00013435 ____A C:\Users\Neetu\Documents\Attach.txt 2012-07-03 17:59 - 2006-11-02 02:33 - 00756338 ____A C:\Windows\System32\PerfStringBackup.INI 2012-07-03 14:30 - 2008-05-06 15:11 - 00054156 ___AH C:\Windows\QTFont.qfn 2012-07-03 09:30 - 2012-07-03 09:30 - 00000910 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2012-07-03 09:15 - 2012-07-03 09:15 - 10063000 ____A (Malwarebytes Corporation ) C:\Users\Neetu\Downloads\mbam-setup-1.61.0.1400.exe 2012-07-02 16:05 - 2009-06-30 22:56 - 00000856 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1121395090-2152420972-532832032-1000Core.job 2012-07-02 04:26 - 2012-07-01 14:25 - 00000846 ____A C:\Users\Public\Desktop\AVG 2012.lnk 2012-07-01 14:18 - 2012-07-01 14:18 - 03879304 ____A (AVG Technologies) C:\Users\Neetu\Downloads\avg_free_stb_all_2012_2180_cnet.exe 2012-07-01 14:15 - 2012-07-01 14:15 - 12308848 ____A (Simply Super Software ) C:\Users\Neetu\Downloads\trj684.exe 2012-07-01 14:15 - 2012-07-01 14:14 - 00463080 ____A (CNET Download.com) C:\Users\Neetu\Downloads\cnet2_trj684_exe.exe 2012-07-01 13:52 - 2012-07-01 13:52 - 00000781 ____A C:\Users\Neetu\Desktop\PC Cleaner Pro.lnk 2012-07-01 13:51 - 2012-07-01 13:52 - 04447544 ____A (PC Cleaners) C:\Windows\uninst.exe 2012-07-01 13:51 - 2012-07-01 13:51 - 04447544 ____A (PC Cleaners) C:\Users\Neetu\Downloads\PC_Pro_Installer.exe 2012-07-01 13:30 - 2012-07-01 13:29 - 02841104 ____A (Symantec Corporation) C:\Users\Neetu\Downloads\NPE.exe 2012-07-01 09:39 - 2012-07-01 09:39 - 00001105 ____A C:\Users\Public\Desktop\The Weather Channel App.lnk 2012-06-30 20:27 - 2006-11-02 04:52 - 00070810 ____A C:\Windows\setupact.log 2012-06-27 20:49 - 2012-06-27 20:49 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe 2012-06-27 20:49 - 2012-01-11 19:47 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl 2012-06-15 12:39 - 2012-07-01 14:17 - 00169744 ____A C:\Windows\System32\ztvunrar36.dll 2012-06-15 12:35 - 2012-07-01 14:17 - 00185616 ____A C:\Windows\System32\ztvunrar39.dll 2012-06-15 12:33 - 2012-07-01 14:17 - 00605968 ____A (Igor Pavlov) C:\Windows\System32\ztv7z.dll 2012-06-15 12:33 - 2012-07-01 14:17 - 00077072 ____A (Microsoft Corporation) C:\Windows\System32\ztvcabinet.dll 2012-06-14 06:03 - 2006-11-02 04:47 - 00389968 ____A C:\Windows\System32\FNTCACHE.DAT 2012-06-08 08:12 - 2012-06-08 08:12 - 00001878 ____A C:\Users\Public\Desktop\Skype.lnk 2012-06-08 08:09 - 2012-06-08 08:09 - 00944304 ____A (Skype Technologies S.A.) C:\Users\Neetu\Downloads\SkypeSetup.exe 2012-06-03 19:35 - 2006-11-02 02:24 - 56731752 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe 2012-06-02 14:19 - 2012-06-23 00:41 - 01933848 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll 2012-06-02 14:19 - 2012-06-23 00:41 - 00053784 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe 2012-06-02 14:19 - 2012-06-23 00:41 - 00045080 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll 2012-06-02 14:19 - 2012-06-23 00:40 - 00577048 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll 2012-06-02 14:19 - 2012-06-23 00:40 - 00035864 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll 2012-06-02 14:12 - 2012-06-23 00:41 - 02422272 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll 2012-06-02 14:12 - 2012-06-23 00:40 - 00088576 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll 2012-06-02 11:19 - 2012-06-23 00:39 - 00171904 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll 2012-06-02 11:12 - 2012-06-23 00:39 - 00033792 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe 2012-05-17 15:11 - 2012-06-14 04:36 - 12314624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2012-05-17 14:48 - 2012-06-14 04:36 - 09737728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2012-05-17 14:45 - 2012-06-14 04:36 - 01800192 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2012-05-17 14:36 - 2012-06-14 04:36 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2012-05-17 14:35 - 2012-06-14 04:36 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2012-05-17 14:35 - 2012-06-14 04:36 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2012-05-17 14:33 - 2012-06-14 04:36 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll 2012-05-17 14:31 - 2012-06-14 04:36 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2012-05-17 14:29 - 2012-06-14 04:36 - 00716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2012-05-17 14:29 - 2012-06-14 04:36 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2012-05-17 14:27 - 2012-06-14 04:37 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2012-05-17 14:25 - 2012-06-14 04:37 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2012-05-17 14:24 - 2012-06-14 04:37 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2012-05-17 14:20 - 2012-06-14 04:36 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2012-05-17 06:19 - 2012-05-17 06:19 - 00035810 ____A C:\Users\Neetu\Downloads\Voicemail_20120517125400Z (1).wav 2012-05-17 06:18 - 2012-05-17 06:18 - 00035810 ____A C:\Users\Neetu\Downloads\Voicemail_20120517125400Z.wav 2012-05-15 11:51 - 2012-06-13 00:09 - 02045440 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2012-05-11 07:56 - 2008-01-15 10:02 - 00000680 ____A C:\Users\Neetu\AppData\Local\d3d9caps.dat 2012-05-09 09:54 - 2008-05-06 15:18 - 04031488 ___RA C:\Users\Public\Documents\ESBK.mbb 2012-05-09 09:54 - 2008-05-06 15:18 - 01915904 ___RA C:\Users\Public\Documents\ESBK.mb 2012-05-01 06:03 - 2012-06-13 00:09 - 00180736 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys 2012-04-23 08:00 - 2012-06-13 00:10 - 00984064 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll 2012-04-23 08:00 - 2012-06-13 00:10 - 00133120 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll 2012-04-23 08:00 - 2012-06-13 00:10 - 00098304 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll 2012-04-19 00:50 - 2012-04-19 00:50 - 00024896 ____A (AVG Technologies CZ, s.r.o. ) C:\Windows\System32\Drivers\avgidshx.sys 2012-04-11 23:33 - 2012-04-11 23:33 - 00138824 ____A C:\Windows\Minidump\Mini041212-01.dmp 2012-04-11 23:32 - 2009-08-25 06:36 - 329419551 ____A C:\Windows\MEMORY.DMP ZeroAccess: C:\Windows\Installer\{f12373c9-bcd6-82bd-69d3-af7ed0d4ff3b} C:\Windows\Installer\{f12373c9-bcd6-82bd-69d3-af7ed0d4ff3b}\L C:\Windows\Installer\{f12373c9-bcd6-82bd-69d3-af7ed0d4ff3b}\U ZeroAccess: C:\Users\Neetu\AppData\Local\{f12373c9-bcd6-82bd-69d3-af7ed0d4ff3b} C:\Users\Neetu\AppData\Local\{f12373c9-bcd6-82bd-69d3-af7ed0d4ff3b}\L C:\Users\Neetu\AppData\Local\{f12373c9-bcd6-82bd-69d3-af7ed0d4ff3b}\U ========================= Known DLLs (Whitelisted) ============ ========================= Bamital & volsnap Check ============ C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe [2009-08-04 18:18] - [2009-04-10 22:28] - 0314368 ____A (Microsoft Corporation) C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe 8737764F4FD36D6808EE80578409C843 ZeroAccess <==== ATTENTION!. C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ========================= Memory info ====================== Percentage of memory in use: 14% Total physical RAM: 2037.81 MB Available physical RAM: 1752.02 MB Total Pagefile: 1969.71 MB Available Pagefile: 1826.8 MB Total Virtual: 2047.88 MB Available Virtual: 1983.72 MB ======================= Partitions ========================= 1 Drive c: (ACER) (Fixed) (Total:69.65 GB) (Free:11.21 GB) NTFS ==>[Drive with boot components (obtained from BCD)] 2 Drive d: (DATA) (Fixed) (Total:69.64 GB) (Free:6.71 GB) NTFS 4 Drive f: (KINGSTON) (Removable) (Total:7.45 GB) (Free:0.81 GB) FAT32 5 Drive x: (PQSERVICE) (Fixed) (Total:9.76 GB) (Free:3.87 GB) FAT32 Disk ### Status Size Free Dyn Gpt -------- ---------- ------- ------- --- --- Disk 0 Online 149 GB 1849 KB Disk 1 Online 7640 MB 0 B Partitions of Disk 0: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 OEM 10 GB 1024 KB Partition 2 Primary 70 GB 10 GB Partition 3 Primary 70 GB 79 GB ================================================================================== Disk: 0 Partition 1 Type : 27 Hidden: Yes Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 4 X PQSERVICE FAT32 Partition 10 GB Healthy Hidden ================================================================================== Disk: 0 Partition 2 Type : 07 Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 2 C ACER NTFS Partition 70 GB Healthy ================================================================================== Disk: 0 Partition 3 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 3 D DATA NTFS Partition 70 GB Healthy ================================================================================== Partitions of Disk 1: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 7636 MB 4032 KB ================================================================================== Disk: 1 Partition 1 Type : 0C Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 2 F KINGSTON FAT32 Removable 7636 MB Healthy ================================================================================== ========================================================== Last Boot: 2012-07-03 23:38 ======================= End Of Log ==========================

Hello Gringo_pr, Thank you for helping me with my request. I have followed your instructions carefully. If anything is still amiss please let me know and I will re-do it. 1) Dump of Checkup.txt Results of screen317's Security Check version 0.99.42 Windows Vista Service Pack 2 x86 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Security Center service is not running! This report may not be accurate! Norton Security Suite WMI entry may not exist for antivirus; attempting automatic update. AVG2012 successfully updated! `````````Anti-malware/Other Utilities Check:````````` Spybot - Search & Destroy Malwarebytes Anti-Malware version 1.61.0.1400 PC Cleaners Java 6 Update 26 Java 6 Update 3 Java 6 Update 5 Java version out of Date! Adobe Flash Player 10 Flash Player out of Date! Adobe Flash Player 10.0.32.18 Flash Player out of Date! Adobe Reader 9 Adobe Reader out of Date! ````````Process Check: objlist.exe by Laurent```````` Norton ccSvcHst.exe Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe AVG avgwdsvc.exe AVG avgtray.exe AVG avgrsx.exe AVG avgnsx.exe AVG avgemc.exe Empowering Technology eSettings Service capuserv.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 1 % ````````````````````End of Log`````````````````````` ============================================================================ 2) Log from Combofix ComboFix 12-07-02.01 - Neetu 07/04/2012 2:29.1.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2038.671 [GMT -4:00] Running from: c:\users\Neetu\Desktop\Downloads\ComboFix.exe AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} AV: Norton Security Suite *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} FW: Norton Security Suite *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Norton Security Suite *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Neetu\AppData\Local\{f12373c9-bcd6-82bd-69d3-af7ed0d4ff3b}\@ c:\users\Neetu\AppData\Local\{f12373c9-bcd6-82bd-69d3-af7ed0d4ff3b}\n c:\users\Neetu\AppData\Roaming\8434.677 c:\windows\Installer\{f12373c9-bcd6-82bd-69d3-af7ed0d4ff3b}\@ c:\windows\Installer\{f12373c9-bcd6-82bd-69d3-af7ed0d4ff3b}\L\00000004.@ c:\windows\Installer\{f12373c9-bcd6-82bd-69d3-af7ed0d4ff3b}\L\1afb2d56 c:\windows\Installer\{f12373c9-bcd6-82bd-69d3-af7ed0d4ff3b}\L\201d3dde c:\windows\Installer\{f12373c9-bcd6-82bd-69d3-af7ed0d4ff3b}\L\55490ac4 c:\windows\Installer\{f12373c9-bcd6-82bd-69d3-af7ed0d4ff3b}\n c:\windows\Installer\{f12373c9-bcd6-82bd-69d3-af7ed0d4ff3b}\U\00000004.@ c:\windows\Installer\{f12373c9-bcd6-82bd-69d3-af7ed0d4ff3b}\U\00000008.@ c:\windows\Installer\{f12373c9-bcd6-82bd-69d3-af7ed0d4ff3b}\U\000000cb.@ c:\windows\Installer\{f12373c9-bcd6-82bd-69d3-af7ed0d4ff3b}\U\80000000.@ c:\windows\Installer\{f12373c9-bcd6-82bd-69d3-af7ed0d4ff3b}\U\80000032.@ c:\windows\system32\Nagasoft c:\windows\system32\Nagasoft\32.ICO c:\windows\system32\Nagasoft\Codecs\asyncflt.ax c:\windows\system32\Nagasoft\Codecs\atrc.dll c:\windows\system32\Nagasoft\Codecs\cook.dll c:\windows\system32\Nagasoft\Codecs\drvc.dll c:\windows\system32\Nagasoft\Codecs\raac.dll c:\windows\system32\Nagasoft\Codecs\RealMediaSplitter.ax c:\windows\system32\Nagasoft\Codecs\WMFDemux.dll c:\windows\system32\Nagasoft\FFVJPlayer.exe c:\windows\system32\Nagasoft\GifShower.dll c:\windows\system32\Nagasoft\Uninstall.exe c:\windows\system32\Nagasoft\vjocx.dll c:\windows\system32\Nagasoft\vjocx.exe . c:\windows\system32\Services.exe . . . is infected!! . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Service_vvdsvc -------\Service_vvdsvc . . ((((((((((((((((((((((((( Files Created from 2012-06-04 to 2012-07-04 ))))))))))))))))))))))))))))))) . . 2012-07-04 07:00 . 2012-07-04 07:01 -------- d-----w- C:\6788cb2bf9deb48900de59dea34775ee 2012-07-04 06:58 . 2012-07-04 06:58 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-07-03 21:39 . 2012-07-03 21:39 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2012-07-03 17:30 . 2012-07-03 17:31 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2012-07-03 17:30 . 2012-07-03 17:30 -------- d-----w- c:\users\Neetu\AppData\Roaming\Malwarebytes 2012-07-03 17:29 . 2012-07-03 17:29 -------- d-----w- c:\programdata\Malwarebytes 2012-07-03 17:29 . 2012-07-03 17:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-07-03 17:29 . 2012-04-04 19:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-07-01 22:26 . 2012-07-01 22:26 -------- d-----w- c:\users\Neetu\AppData\Roaming\AVG2012 2012-07-01 22:25 . 2012-07-01 22:25 -------- d-----w- c:\users\Neetu\AppData\Local\AVG Secure Search 2012-07-01 22:25 . 2012-07-01 22:25 -------- d-----w- c:\programdata\AVG Secure Search 2012-07-01 22:24 . 2012-07-01 22:25 -------- d-----w- c:\program files\Common Files\AVG Secure Search 2012-07-01 22:24 . 2012-07-01 22:25 -------- d-----w- c:\program files\AVG Secure Search 2012-07-01 22:24 . 2012-07-01 22:24 -------- d--h--w- c:\programdata\Common Files 2012-07-01 22:23 . 2012-07-03 22:59 -------- d-----w- c:\windows\system32\drivers\AVG 2012-07-01 22:23 . 2012-07-01 22:27 -------- d-----w- c:\programdata\AVG2012 2012-07-01 22:23 . 2012-07-01 22:23 -------- d-----w- C:\$AVG 2012-07-01 22:22 . 2012-07-01 22:22 -------- d-----w- c:\program files\AVG 2012-07-01 22:18 . 2012-07-03 22:59 -------- d-----w- c:\programdata\MFAData 2012-07-01 22:17 . 2012-06-15 20:39 169744 ----a-w- c:\windows\system32\ztvunrar36.dll 2012-07-01 22:17 . 2012-06-15 20:35 185616 ----a-w- c:\windows\system32\ztvunrar39.dll 2012-07-01 22:17 . 2012-06-15 20:33 605968 ----a-w- c:\windows\system32\ztv7z.dll 2012-07-01 22:17 . 2005-08-26 05:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll 2012-07-01 22:17 . 2012-06-15 20:33 77072 ----a-w- c:\windows\system32\ztvcabinet.dll 2012-07-01 22:17 . 2003-02-03 00:06 153088 ----a-w- c:\windows\system32\unrar3.dll 2012-07-01 22:17 . 2002-03-06 05:00 75264 ----a-w- c:\windows\system32\unacev2.dll 2012-07-01 22:16 . 2012-07-01 22:17 -------- d-----w- c:\users\Neetu\AppData\Roaming\Simply Super Software 2012-07-01 22:16 . 2012-07-01 22:16 -------- d-----w- c:\programdata\Simply Super Software 2012-07-01 22:16 . 2012-07-01 22:16 -------- d-----w- c:\programdata\blekko toolbars 2012-07-01 22:16 . 2012-07-01 22:16 -------- d-----w- c:\program files\blekkotb_031 2012-07-01 22:16 . 2012-07-01 22:16 -------- d-----w- c:\users\Neetu\AppData\Local\blekkotb_031 2012-07-01 22:15 . 2012-07-01 22:16 -------- d-----w- c:\programdata\Anti-phishing Domain Advisor 2012-07-01 21:52 . 2012-07-01 21:52 -------- d-----w- c:\users\Neetu\AppData\Roaming\PC Cleaners 2012-07-01 21:52 . 2012-07-01 21:52 -------- d-----w- c:\users\Neetu\AppData\Roaming\PCPro 2012-07-01 21:52 . 2012-07-01 21:51 4447544 ----a-w- c:\windows\uninst.exe 2012-07-01 21:52 . 2012-07-01 21:52 -------- d-----w- c:\programdata\PC1Data 2012-07-01 21:30 . 2012-07-01 21:51 -------- d-----w- c:\users\Neetu\AppData\Local\NPE 2012-07-01 17:33 . 2012-07-01 17:33 -------- d-----w- c:\program files\The Weather Channel 2012-06-28 23:04 . 2012-06-28 23:04 -------- d-sh--w- c:\windows\system32\%APPDATA% 2012-06-28 04:49 . 2012-06-28 04:49 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-06-23 08:41 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-23 08:41 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll 2012-06-23 08:41 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll 2012-06-23 08:41 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-23 08:40 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll 2012-06-23 08:40 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll 2012-06-23 08:40 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll 2012-06-23 08:39 . 2012-06-02 19:19 171904 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-23 08:39 . 2012-06-02 19:12 33792 ----a-w- c:\windows\system32\wuapp.exe 2012-06-14 12:37 . 2012-05-17 22:24 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-06-14 12:37 . 2012-05-17 23:21 140920 ----a-w- c:\program files\Internet Explorer\sqmapi.dll 2012-06-14 12:37 . 2012-05-17 22:31 194560 ----a-w- c:\program files\Internet Explorer\ieproxy.dll 2012-06-13 08:10 . 2012-04-23 16:00 984064 ----a-w- c:\windows\system32\crypt32.dll 2012-06-13 08:10 . 2012-04-23 16:00 98304 ----a-w- c:\windows\system32\cryptnet.dll 2012-06-13 08:10 . 2012-04-23 16:00 133120 ----a-w- c:\windows\system32\cryptsvc.dll 2012-06-13 08:09 . 2012-05-01 14:03 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-06-13 08:09 . 2012-05-15 19:51 2045440 ----a-w- c:\windows\system32\win32k.sys 2012-06-08 16:12 . 2012-07-04 06:02 -------- d-----w- c:\users\Neetu\AppData\Roaming\Skype 2012-06-08 16:12 . 2012-06-08 16:12 -------- d-----w- c:\program files\Common Files\Skype 2012-06-08 16:12 . 2012-06-08 16:12 -------- d-----r- c:\program files\Skype . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-06-28 04:49 . 2012-01-12 03:47 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-04-19 08:50 . 2012-04-19 08:50 24896 ----a-w- c:\windows\system32\drivers\avgidshx.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8769adce-dba5-48e9-afb5-67b12cdf2e61}] 2012-05-18 19:44 85288 ----a-w- c:\program files\blekkotb_031\blekkotb_019X.dll . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}] 2012-07-01 22:24 2074208 ----a-w- c:\program files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{8769adce-dba5-48e9-afb5-67b12cdf2e61}"= "c:\program files\blekkotb_031\blekkotb_019X.dll" [2012-05-18 85288] "{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll" [2012-07-01 2074208] . [HKEY_CLASSES_ROOT\clsid\{8769adce-dba5-48e9-afb5-67b12cdf2e61}] . [HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}] [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1] [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920] "Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-05-22 151552] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088] "VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2010-07-06 2634048] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-06-05 17344176] "DW7"="c:\program files\The Weather Channel\The Weather Channel App\TWCApp.exe" [2012-07-01 10555904] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="RtHDVCpl.exe" [2007-05-29 4472832] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-23 815104] "PLFSet"="c:\windows\PLFSet.dll" [2007-04-24 45056] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-07-12 178712] "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-15 71216] "LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-02-07 54832] "eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 457216] "LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2007-06-15 850704] "Acer Assist Launcher"="c:\program files\Acer Assist\launcher.exe" [2007-02-02 1261568] "Acer Product Registration"="c:\program files\Acer Registration\ACE1.exe" [2007-02-02 3383296] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-01-02 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-01-02 166424] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-01-02 133656] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-06 155648] "Skytel"="Skytel.exe" [2007-05-29 1826816] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040] "WinampAgent"="c:\program files\Winamp\winampa.exe" [2006-11-21 35328] "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-07-07 1848648] "CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-12-12 722256] "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-16 1164584] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696] "Anti-phishing Domain Advisor"="c:\programdata\Anti-phishing Domain Advisor\visicom_antiphishing.exe" [2012-05-03 217256] "AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008] "vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-07-01 1107552] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408] . c:\users\Neetu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OpenOffice.org 2.3.lnk - c:\program files\OpenOffice.org 2.3\program\quickstart.exe [2007-8-17 393216] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Device Detector 2.lnk - c:\program files\Olympus\DeviceDetector\DevDtct2.exe [2009-6-27 106496] Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2007-8-26 535336] Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-9-19 282624] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 vvdsvc REG_MULTI_SZ vvdsvc LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . Contents of the 'Scheduled Tasks' folder . 2012-07-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1121395090-2152420972-532832032-1000Core.job - c:\users\Neetu\AppData\Local\Google\Update\GoogleUpdate.exe [2009-05-25 16:01] . 2012-07-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1121395090-2152420972-532832032-1000UA.job - c:\users\Neetu\AppData\Local\Google\Update\GoogleUpdate.exe [2009-05-25 16:01] . . ------- Supplementary Scan ------- . uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 uStart Page = about:blank mStart Page = hxxp://en.us.acer.yahoo.com uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s LSP: mswsock.dll TCP: DhcpNameServer = 192.168.0.1 Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll DPF: CabBuilder - hxxp://ak.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab . - - - - ORPHANS REMOVED - - - - . WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file) HKCU-Run-DW6 - c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe HKLM-Run-Acer Tour - (no file) HKLM-Run-eRecoveryService - (no file) HKLM-Run-PC Cleaners - c:\program files\PC Cleaners\PCCleaners.exe AddRemove-The Weather Channel Desktop 6 - c:\program files\The Weather Channel FW\Desktop\TheWeatherChannelCustomUninstall.exe AddRemove-VJOcx2.0 - c:\windows\system32\Nagasoft\Uninstall.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-07-04 03:07 Windows 6.0.6002 Service Pack 2 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\N360] "ImagePath"="\"c:\program files\Norton Security Suite\Engine\4.4.0.12\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\4.4.0.12\diMaster.dll\" /prefetch:1" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}] "ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'Explorer.exe'(5076) c:\program files\Microsoft Office\Office12\GrooveMisc.dll . ------------------------ Other Running Processes ------------------------ . c:\progra~1\AVG\AVG2012\avgrsx.exe c:\program files\AVG\AVG2012\avgcsrvx.exe c:\windows\system32\agrsmsvc.exe c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe c:\program files\AVG\AVG2012\avgwdsvc.exe c:\program files\Bonjour\mDNSResponder.exe c:\acer\Empowering Technology\eDataSecurity\eDSService.exe c:\acer\Empowering Technology\eLock\Service\eLockServ.exe c:\acer\Empowering Technology\eNet\eNet Service.exe c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe c:\program files\AVG\AVG2012\avgnsx.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\program files\AVG\AVG2012\avgemcx.exe c:\acer\Mobility Center\MobilityService.exe c:\program files\Norton Security Suite\Engine\4.4.0.12\ccSvcHst.exe c:\program files\CyberLink\Shared Files\RichVideo.exe c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE c:\acer\Empowering Technology\ePower\ePowerSvc.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe c:\acer\Empowering Technology\eRecovery\eRecoveryService.exe c:\acer\Empowering Technology\eSettings\Service\capuserv.exe c:\program files\Spybot - Search & Destroy\SDWinSec.exe c:\windows\system32\wbem\unsecapp.exe c:\program files\Norton Security Suite\Engine\4.4.0.12\ccSvcHst.exe c:\windows\system32\DllHost.exe c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe . ************************************************************************** . Completion time: 2012-07-04 03:14:39 - machine was rebooted ComboFix-quarantined-files.txt 2012-07-04 07:14 . Pre-Run: 12,636,794,880 bytes free Post-Run: 12,372,754,432 bytes free . - - End Of File - - 4827DEDBE3A758232EC3D25C76C44195 =================================================================== 3) Issues Encountered: a) Combofix took three attempts to run b) First time it seemed to execute but gave very quick 2-3 pop us (that were gone before I could read) and then nothing happened. c) I rebooted and tried a second time. This time the command prompt window showed me that combofix was executing but halfway through it I saw it freeze. I was not running any other applications or processes. Both anti virus were disabled (AVG and Norton). I did however get a pop up message saying "Running Combofix in Compatibility mode may damage the machine!" d) I rebooted and tried a third time. Third time was a charm, It ran through and then said trying to create a restore point and started completing various stages. Like some 38-40 stages or so. Then it said "System file infected" and showed this location "C:\Windows\System 32\System.exe" After some time time it popped up a message saying something like - normal cleanup failed - trying other methods and deeper scan. After some more time it generated the log. This entire process in item c described here took over 45 minutes. =================================================================== 4) How is the computer doing: I tried to open Norton Anti-Virus to enable it but got the message "Illegal operation attempted on a registery key that has been marked for deletion." So as per your instructions I re-started the computer and this time Norton and AVG launched without any problem. But as soon as the computer reboot I did get a couple of messages from Norton a) One for Trojan.gen.2 b) Other as under: Severity: High Activity: )Trojan.Zeroaccess.B) detected by Auto-Protect Status: Manual Removal Required Otherwise the computer seems to be running ok. Performance is much improved (not much lag seen). So far no malicious websites have been opened. Other than the two instances where I was flagged about the trojans above there have been no other pop ups from my anti virus indicating viruses. Earlier (before I ran your instructions) I was getting hit with like 1-2 pop us a minute from my anti virus about the trojans. Thank you for the very detailed and clear instructions. I am not using the computer yet other than to provide you what you have asked for. What would you like me to do next. Thanks again!

Hello Forum, My PC is infected with some Trojan viruses. I purchased Malware Bytes Pro and ran a full scan. It detected some trojan's and notified me that they had been removed but my computer continues to be under attack. 1) The computer is awfully slow. 2) IE is opening up malicious websites. 3) My anti-virus continues to prompt me with pop-ups notifying of the virus "Threat Detected" 4) Here are some of the messages: - Trojan.Gen.2 detected - Location: C:\Windows\System 32\System.exe - Infection: Trojan horse Patched_c.LYT Says "Detected on open" 5) Also shows Trojan.Zeroaccess.B - says manual removal required 6) Attached are the logs requested (DDS and Attach). Appreciate any help this forum can provide. Thank you much in advance! DDS.txtAttach.txt