Jump to content

alazuria

Members
  • Posts

    18
  • Joined

  • Last visited

Everything posted by alazuria

  1. Yes, it finally installed correctly, along with all the others. Thank you again!
  2. Microsoft Fix It said it was processed. I checked Windows Update again, and couldn't find anymore available updates.
  3. All 28 updates succeeded except for Definition Update for Windows Defender - KB915597 (Definition 1.131.1547.0) Installation date: ‎8/‎10/‎2012 10:50 AM Installation status: Failed Error details: Code 800705B4 Update type: Important
  4. Thank you so much! Windows Updates are working again and I can easily find BITS in the Services now.
  5. Farbar Service Scanner Version: 06-08-2012 Ran by sheila (administrator) on 10-08-2012 at 09:56:01 Running from "C:\Users\sheila\Downloads" Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) Boot Mode: Normal **************************************************************** Internet Services: ============ Connection Status: ============== Localhost is accessible. LAN connected. Google IP is accessible. Google.com is accessible. Yahoo IP is accessible. Yahoo.com is accessible. Windows Firewall: ============= Firewall Disabled Policy: ================== System Restore: ============ System Restore Disabled Policy: ======================== Security Center: ============ Windows Update: ============ BITS Service is not running. Checking service configuration: Checking Start type: ATTENTION!=====> Unable to retrieve start type of BITS. The value does not exist. The ImagePath of BITS service is OK. The ServiceDll of BITS service is OK. Windows Autoupdate Disabled Policy: ============================ Windows Defender: ============== WinDefend Service is not running. Checking service configuration: The start type of WinDefend service is set to Demand. The default start type is Auto. The ImagePath of WinDefend service is OK. The ServiceDll of WinDefend service is OK. Other Services: ============== File Check: ======== C:\Windows\system32\nsisvc.dll => MD5 is legit C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit C:\Windows\system32\dhcpcsvc.dll => MD5 is legit C:\Windows\system32\Drivers\afd.sys => MD5 is legit C:\Windows\system32\Drivers\tdx.sys => MD5 is legit C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit C:\Windows\system32\dnsrslvr.dll => MD5 is legit C:\Windows\system32\mpssvc.dll => MD5 is legit C:\Windows\system32\bfe.dll => MD5 is legit C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit C:\Windows\system32\SDRSVC.dll => MD5 is legit C:\Windows\system32\vssvc.exe => MD5 is legit C:\Windows\system32\wscsvc.dll => MD5 is legit C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit C:\Windows\system32\wuaueng.dll => MD5 is legit C:\Windows\system32\qmgr.dll => MD5 is legit C:\Windows\system32\es.dll => MD5 is legit C:\Windows\system32\cryptsvc.dll => MD5 is legit C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit C:\Windows\system32\svchost.exe => MD5 is legit C:\Windows\system32\rpcss.dll => MD5 is legit **** End of log ****
  6. Thank you. Hitman pro did find some viruses and tracking cookies, but nothing too major. Removing the problems still didn't solve my Windows Update problem, so I may need professional help regarding this issue. Windows Vista forums as well as Microsoft are unhelpful.
  7. I was recently hit with tons of malware, trojans and other problems that attacked my registry, and I received help here but I still can't run windows updates because of a 80246008 error. I've searched threads and Google for possible solutions and none of them have worked for me. Most threads suggest changing settings for the Background Intelligent Transfer Service, but my BITS program is missing from the Services. I'm not even sure if this is the right thread to post something like this in. Any help would be appreciated.
  8. Everything is running smoothly. Shut downs, log ins, rebooting the laptop is so much easier and works much faster. It's almost as if the laptop is brand new. Is there anything else I need to do?
  9. This was the only log I found ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK
  10. Sorry, your original instructions confused me a bit. I think this is what you meant. My apologies. ComboFix 12-08-07.02 - sheila 08/07/2012 8:09.3.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3573.1905 [GMT -4:00] Running from: c:\users\sheila\Desktop\ComboFix.exe Command switches used :: c:\users\sheila\Desktop\CFScript.txt SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2012-07-07 to 2012-08-07 ))))))))))))))))))))))))))))))) . . 2012-08-07 12:33 . 2012-08-07 12:33 -------- d-----w- c:\users\sheila\AppData\Local\temp 2012-08-07 12:33 . 2012-08-07 12:33 -------- d-----w- c:\users\Samantha\AppData\Local\temp 2012-08-07 12:33 . 2012-08-07 12:33 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-08-06 10:25 . 2012-06-05 16:47 1248768 ----a-w- c:\windows\system32\msxml3.dll 2012-08-05 00:27 . 2012-08-05 13:51 -------- d-----w- c:\program files\PCPitstop 2012-08-05 00:11 . 2012-08-05 00:11 -------- d-----w- c:\programdata\Sophos 2012-08-05 00:10 . 2012-08-05 00:10 73728 ----a-r- c:\users\sheila\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe 2012-08-05 00:10 . 2012-08-05 00:10 73728 ----a-r- c:\users\sheila\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe 2012-08-05 00:10 . 2012-08-05 00:10 73728 ----a-r- c:\users\sheila\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe 2012-08-05 00:09 . 2012-08-05 00:09 -------- d-----w- c:\program files\Sophos 2012-08-04 23:47 . 2012-08-04 23:47 -------- d-----w- c:\users\sheila\AppData\Roaming\Malwarebytes 2012-08-04 23:47 . 2012-08-04 23:47 -------- d-----w- c:\programdata\Malwarebytes 2012-08-04 23:47 . 2012-08-04 23:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-08-04 23:47 . 2012-07-03 17:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-08-04 12:03 . 2012-08-05 13:29 -------- d-----w- C:\TDSSKiller_Quarantine 2012-08-04 08:57 . 2012-08-04 08:57 110080 ----a-r- c:\users\sheila\AppData\Roaming\Microsoft\Installer\{CC1F6DA0-21D2-425A-B1B6-5B164A598450}\IconF7A21AF7.exe 2012-08-04 08:57 . 2012-08-04 08:57 110080 ----a-r- c:\users\sheila\AppData\Roaming\Microsoft\Installer\{CC1F6DA0-21D2-425A-B1B6-5B164A598450}\IconD7F16134.exe 2012-08-04 08:57 . 2012-08-04 08:57 110080 ----a-r- c:\users\sheila\AppData\Roaming\Microsoft\Installer\{CC1F6DA0-21D2-425A-B1B6-5B164A598450}\IconCF33A0CE.exe 2012-08-04 08:57 . 2012-08-04 08:57 -------- d-----w- C:\sh4ldr 2012-08-04 08:57 . 2012-08-04 08:57 -------- d-----w- c:\program files\Enigma Software Group 2012-08-04 08:56 . 2012-08-04 08:57 -------- d-----w- c:\windows\CC1F6DA021D2425AB1B65B164A598450.TMP 2012-08-04 08:51 . 2012-08-04 08:51 73696 ----a-w- c:\program files\Mozilla Firefox\breakpadinjector.dll 2012-08-04 08:51 . 2012-08-04 08:51 266720 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll 2012-08-04 08:51 . 2012-08-04 08:51 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll 2012-08-04 08:51 . 2012-08-04 08:51 18912 ----a-w- c:\program files\Mozilla Firefox\AccessibleMarshal.dll 2012-08-04 08:51 . 2012-08-04 08:51 118240 ----a-w- c:\program files\Mozilla Firefox\crashreporter.exe 2012-08-04 08:51 . 2012-08-04 08:51 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll 2012-08-04 06:19 . 2012-06-05 16:47 1401856 ----a-w- c:\windows\system32\msxml6.dll 2012-08-04 05:28 . 2012-06-04 15:26 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2012-08-04 05:28 . 2012-06-02 00:04 278528 ----a-w- c:\windows\system32\schannel.dll 2012-08-04 05:28 . 2012-06-02 00:03 204288 ----a-w- c:\windows\system32\ncrypt.dll 2012-08-04 04:32 . 2012-08-04 04:32 -------- d-----w- c:\users\sheila\AppData\Roaming\AVG2012 2012-08-04 03:41 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe 2012-08-04 03:41 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll 2012-08-04 03:41 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll 2012-08-04 03:41 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll 2012-08-04 03:40 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll 2012-08-04 03:40 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll 2012-08-04 03:40 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll 2012-08-04 03:40 . 2012-07-16 06:41 6891424 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{39B4C142-238B-4852-BCD4-4593264C2630}\mpengine.dll 2012-08-04 03:40 . 2012-06-02 19:19 171904 ----a-w- c:\windows\system32\wuwebv.dll 2012-08-04 03:40 . 2012-06-02 19:12 33792 ----a-w- c:\windows\system32\wuapp.exe 2012-08-04 02:36 . 2012-08-04 02:37 -------- d-----w- c:\programdata\DriverGenius 2012-08-04 02:36 . 2012-08-04 02:36 -------- d-----w- c:\program files\Driver-Soft 2012-08-03 08:22 . 2012-08-06 23:08 -------- d-----w- c:\windows\system32\wbem\repository 2012-08-03 07:25 . 2012-08-03 07:26 -------- d-----w- c:\users\Samantha\AppData\Roaming\Skype 2012-08-03 07:21 . 2012-08-03 07:21 -------- d-----w- c:\users\Samantha\AppData\Local\Mozilla 2012-08-03 06:43 . 2012-08-03 06:43 -------- d-----w- c:\programdata\iolo 2012-08-03 06:43 . 2012-08-03 06:43 -------- d-----w- c:\users\sheila\AppData\Roaming\iolo 2012-08-03 06:29 . 2012-08-03 06:29 -------- d-----w- c:\users\sheila\AppData\Roaming\Qwiklinx 2012-08-03 06:29 . 2012-08-03 06:29 -------- d-----w- c:\program files\Qwiklinx 2012-08-03 06:28 . 2012-08-03 06:29 -------- d-----w- c:\program files\Shop to Win 36 2012-08-03 06:28 . 2012-08-03 06:28 -------- d-----w- c:\program files\BabylonToolbar 2012-08-03 06:28 . 2012-08-03 06:28 -------- d-----w- c:\users\sheila\AppData\Local\Wajam 2012-08-03 06:27 . 2012-08-03 06:28 -------- d-----w- c:\program files\Wajam 2012-08-03 06:27 . 2012-08-03 06:27 -------- d-----w- c:\users\sheila\AppData\Roaming\RadarSync 2012-08-03 06:19 . 2012-08-03 06:20 -------- d-----w- c:\program files\Driver Checker 2012-08-03 06:07 . 2012-08-03 07:27 -------- d-----w- c:\users\Samantha\AppData\Local\PMB Files 2012-08-03 05:03 . 2012-08-03 05:03 -------- d-----w- c:\users\sheila\AppData\Local\ElevatedDiagnostics 2012-08-03 04:53 . 2012-08-03 04:53 -------- d-----w- c:\programdata\RegAce 2012-08-03 04:53 . 2012-08-03 04:53 -------- d-----w- c:\users\sheila\AppData\Local\APN 2012-08-03 04:41 . 2012-08-03 04:49 -------- d-----w- c:\program files\Fix RegCleaner 2012-08-01 22:48 . 2012-08-01 22:48 -------- d-----w- c:\windows\system32\%APPDATA% 2012-08-01 00:31 . 2012-08-01 00:31 -------- d-----w- c:\programdata\Macrovision 2012-07-31 21:53 . 2012-07-31 21:53 -------- d-----w- C:\$AVG 2012-07-31 21:53 . 2012-08-06 12:16 -------- d-----w- c:\programdata\AVG2012 2012-07-31 21:52 . 2012-07-31 21:52 -------- d-----w- c:\program files\AVG 2012-07-31 21:50 . 2012-08-06 10:28 -------- d-----w- c:\programdata\MFAData 2012-07-31 20:44 . 2012-07-31 20:44 -------- d-----w- c:\program files\Promosoft Corporation 2012-07-31 20:36 . 2012-07-31 20:36 -------- d-----w- c:\users\sheila\AppData\Roaming\YourFileDownloader 2012-07-31 20:20 . 2012-07-31 20:20 -------- d-----w- c:\users\sheila\AppData\Roaming\SpeedyPC Software 2012-07-31 20:20 . 2012-07-31 20:20 -------- d-----w- c:\users\sheila\AppData\Roaming\DriverCure 2012-07-31 20:20 . 2012-07-31 20:20 -------- d-----w- c:\program files\Common Files\SpeedyPC Software 2012-07-31 20:20 . 2012-07-31 20:20 -------- d-----w- c:\programdata\SpeedyPC Software 2012-07-31 20:20 . 2012-07-31 20:20 -------- d-----w- c:\program files\SpeedyPC Software 2012-07-31 09:51 . 2012-07-31 09:51 -------- d-----w- c:\users\sheila\AppData\Roaming\IObit 2012-07-31 09:44 . 2012-07-31 09:44 -------- d-----w- c:\users\sheila\AppData\Local\Promosoft Corporation 2012-07-16 19:50 . 2012-08-03 08:10 -------- d-----w- c:\windows\system32\drivers\N360\0502020.003 2012-07-13 11:00 . 2012-08-04 08:51 192592 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice_installer.exe 2012-07-13 11:00 . 2012-08-04 08:51 114144 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice.exe 2012-07-13 11:00 . 2012-08-04 08:51 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll 2012-07-13 11:00 . 2012-08-04 08:51 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll 2012-07-12 08:57 . 2012-07-12 08:57 -------- d-----w- c:\program files\x86 2012-07-12 08:55 . 2012-08-05 14:02 -------- d-----w- c:\program files\OApps 2012-07-12 08:55 . 2012-08-03 08:09 -------- d-----w- c:\program files\TorrentSearch 2012-07-12 08:54 . 2012-07-12 08:54 -------- d-----w- c:\users\sheila\Xoliul Shader 2012-07-12 08:54 . 2012-08-06 11:21 -------- d-----w- c:\program files\intellidownload 2012-07-10 17:37 . 2012-07-10 17:37 184886 ----a-w- C:\torrent.exe 2012-07-10 13:04 . 2012-07-10 13:04 -------- d-----w- c:\users\sheila\AppData\Local\Aeria Games 2012-07-10 13:03 . 2012-07-10 13:03 -------- d-----w- c:\programdata\Aeria Games 2012-07-10 12:49 . 2012-07-25 18:26 -------- d-sh--w- c:\windows\system32\AI_RecycleBin 2012-07-10 12:49 . 2012-08-03 08:09 -------- d-----w- c:\program files\Aeria Games 2012-07-10 08:46 . 2012-08-03 08:09 -------- d-----w- C:\New Folder . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-08-04 07:20 . 2012-06-27 03:51 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-08-04 07:20 . 2012-06-27 03:51 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-06-19 23:59 . 2012-06-19 23:59 18944 ----a-r- c:\users\sheila\AppData\Roaming\Microsoft\Installer\{8F018A9E-56DE-4A79-A5EF-25F413F1D538}\IconBB6A16301.exe 2012-05-31 16:25 . 2010-04-02 13:36 237072 ------w- c:\windows\system32\MpSigStub.exe 2012-05-18 00:39 . 2012-05-18 00:39 16304 ------w- c:\windows\system32\apl003.sys 2012-08-04 08:51 . 2012-08-04 08:51 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{31ad400d-1b06-4e33-a59a-90c2c140cba0}] 2009-11-08 14:55 297808 ----a-w- c:\windows\System32\mscoree.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2011-07-04 11:43 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Akamai NetSession Interface"="c:\users\sheila\AppData\Local\Akamai\netsession_win.exe" [2012-05-26 4327744] "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-08-09 221184] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-11-17 3810304] "SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-03-16 483428] "dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-06-03 206064] "Anti-phishing Domain Advisor"="c:\programdata\Anti-phishing Domain Advisor\visicom_antiphishing.exe" [2011-07-29 217256] "AirMac Base Station Agent"="c:\program files\AirMac\APAgent.exe" [2009-11-11 771360] "MyFunCards_5m Browser Plugin Loader"="c:\progra~1\MYFUNC~2\bar\1.bin\5mbrmon.exe" [2012-04-05 30096] "Aeria Ignite"="c:\program files\Aeria Games\Ignite\aeriaignite.exe" [2012-05-24 1241184] "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-08-09 221184] "Info Center"="c:\program files\PCPitstop\Info Center\InfoCenter.exe" [2012-05-16 26816] "PC Pitstop PC Matic Reminder"="c:\program files\PCPitstop\PC Matic\Reminder-PCMatic.exe" [2012-05-16 325320] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920] . c:\users\sheila\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Digsby.lnk - c:\program files\Digsby\digsby.exe [2010-3-3 141488] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-09-03 18:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer] @="Service" . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk backup=c:\windows\pss\Adobe Gamma Loader.lnk.CommonStartup backupExtension=.CommonStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier] 2011-04-20 16:48 58656 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast5] 2011-07-04 11:43 3493720 ----a-w- c:\program files\Alwil Software\Avast5\AvastUI.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI] 2008-11-17 11:29 3810304 ----a-w- c:\windows\System32\WLTRAY.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ddoctorv2] 2008-04-24 17:25 202560 ----a-w- c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell Webcam Central] 2008-06-03 19:54 446635 ------w- c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dldnamon] 2008-03-17 21:29 16624 ----a-w- c:\program files\Dell V105\dldnamon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dldnmon.exe] 2008-03-17 21:29 668912 ----a-w- c:\program files\Dell V105\dldnmon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe] 2010-03-31 15:13 125952 ----a-w- c:\windows\ehome\ehtray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EvtMgr6] 2011-06-23 23:44 1386776 ----a-w- c:\program files\Logitech\SetPointP\SetPoint.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] 2012-06-16 02:13 116648 ----atw- c:\users\sheila\AppData\Local\Google\Update\GoogleUpdate.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds] 2009-02-26 17:57 173592 ----a-w- c:\windows\System32\hkcmd.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray] 2009-02-26 17:57 141848 ----a-w- c:\windows\System32\igfxtray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup] 2004-08-09 10:03 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)] 2011-06-16 11:55 6276408 ----a-w- c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Default Manager] 2009-07-17 15:12 288080 ----a-w- c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2008-07-14 18:33 570664 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence] 2009-02-26 17:57 150552 ----a-w- c:\windows\System32\igfxpers.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2011-07-05 22:36 421888 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar] 2009-04-11 06:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SightSpeed] 2009-06-19 16:25 4825976 ----a-w- c:\program files\Dell Video Chat\DellVideoChat.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmileboxTray] 2012-05-15 14:06 325448 ----a-w- c:\users\sheila\AppData\Roaming\Smilebox\SmileboxTray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2012-01-18 18:02 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware] 2011-10-07 02:49 2424192 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender] 2010-03-31 15:05 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe . R0 45083044;45083044;c:\windows\system32\drivers\07025176.sys [x] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x] S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\aestsrv.exe [x] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . Contents of the 'Scheduled Tasks' folder . 2012-08-05 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-27 07:20] . 2012-08-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-04-03 10:44] . 2012-08-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-04-03 10:44] . 2012-08-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2596339596-1792215834-1845895286-1000Core.job - c:\users\sheila\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-16 02:13] . 2012-08-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2596339596-1792215834-1845895286-1000UA.job - c:\users\sheila\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-16 02:13] . 2012-07-16 c:\windows\Tasks\Norton Security Scan for sheila.job - c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-04-16 04:51] . . ------- Supplementary Scan ------- . uStart Page = hxxp://yahoo.com/?ilc=10&fr=ydwnld-home/ mStart Page = hxxp://www.yahoo.com mWindow Title = Windows Internet Explorer provided by Comcast uInternet Settings,ProxyOverride = *.local;<local> IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\users\sheila\AppData\Roaming\Mozilla\Firefox\Profiles\iyyvcftz.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=protectff&ei=UTF-8&p= FF - prefs.js: browser.search.selectedEngine - Yahoo FF - prefs.js: browser.startup.homepage - hxxp://yahoo.com/?ilc=10&fr=ydwnld-home FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=protectawe&ei=UTF-8&p= FF - user.js: browser.search.defaultEngine - yahoo FF - user.js: browser.search.defaultenginename - yahoo FF - user.js: browser.search.selectedEngine - Yahoo FF - user.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=protectff&ei=UTF-8&p= FF - user.js: keyword.URL - hxxp://search.yahoo.com/search?fr=protectawe&ei=UTF-8&p= FF - user.js: browser.search.param.yahoo-fr - chrf-protectff FF - user.js: extensions.autoDisableScopes - 14 user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0); . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-08-07 08:33 Windows 6.0.6002 Service Pack 2 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\N360] "ImagePath"="\"c:\program files\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\5.2.2.3\diMaster.dll\" /prefetch:1" -- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\PCCUJobMgr] "ImagePath"="\"c:\program files\Norton PC Checkup\Engine\2.0.12.27\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files\Norton PC Checkup\Engine\2.0.12.27\diMaster.dll\" /prefetch:1" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\PCD5SRVC{3F6A8B78-EC003E00-05040104}] "ImagePath"="\??\c:\progra~1\DELLSU~1\HWDiag\bin\PCD5SRVC.pkms" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions] @Denied: (2) (LocalSystem) "{9D425283-D487-4337-BAB6-AB8354A81457}"=hex:51,66,7a,6c,4c,1d,38,12,ed,51,51, 99,b5,9a,59,06,c5,a0,e8,c3,51,f6,50,43 "{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"=hex:51,66,7a,6c,4c,1d,38,12,8d,ec,f8, 7b,2b,25,27,06,e7,c4,bc,f0,98,15,0d,de "{EF99BD32-C1FB-11D2-892F-0090271D4F88}"=hex:51,66,7a,6c,4c,1d,38,12,5c,be,8a, eb,c9,8f,bc,54,f6,39,43,d0,22,43,0b,9c "{02478D38-C3F9-4EFB-9B51-7695ECA05670}"=hex:51,66,7a,6c,4c,1d,38,12,56,8e,54, 06,cb,8d,95,0b,e4,47,35,d5,e9,fe,12,64 "{2EECD738-5844-4A99-B4B6-146BF802613B}"=hex:51,66,7a,6c,4c,1d,38,12,56,d4,ff, 2a,76,16,f7,0f,cb,a0,57,2b,fd,5c,25,2f "{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}"=hex:51,66,7a,6c,4c,1d,38,12,60,d8,39, 64,cd,04,79,07,f5,b7,d6,9a,c1,81,e0,1c "{6D53EC84-6AAE-4787-AEEE-F4628F01010C}"=hex:51,66,7a,6c,4c,1d,38,12,ea,ef,40, 69,9c,24,e9,02,d1,f8,b7,22,8a,5f,45,18 "{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07, 72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57 "{8A86D350-37AB-410A-8531-7D1363F317B3}"=hex:51,66,7a,6c,4c,1d,38,12,3e,d0,95, 8e,99,79,64,04,fa,27,3e,53,66,ad,53,a7 "{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23, 94,30,02,d1,0f,f1,da,12,24,73,56,27,d2 "{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93, aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83 "{CA4520F3-AE13-4FB1-A513-58E23991C86D}"=hex:51,66,7a,6c,4c,1d,38,12,9d,23,56, ce,21,e0,df,0a,da,05,1b,a2,3c,cf,8c,79 "{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db, df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd "{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}"=hex:51,66,7a,6c,4c,1d,38,12,70,05,61, f9,ec,d1,23,0d,da,9c,48,eb,44,0f,8e,cc "{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}"=hex:51,66,7a,6c,4c,1d,38,12,cf,4e,be, f9,90,2f,b6,0a,e3,01,c5,b7,a9,7a,14,95 "{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}"=hex:51,66,7a,6c,4c,1d,38,12,35,fc,e1, 93,3e,68,a1,09,fc,5c,6e,9a,4b,77,a7,8a "{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16, fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17 "{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9, b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b "{336D0C35-8A85-403a-B9D2-65C292C39087}"=hex:51,66,7a,6c,4c,1d,3b,1b,08,d2,77, 68,82,e9,5d,3d,9d,e9,17,af,ad,b0,e5,ab . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration] @Denied: (2) (LocalSystem) "Timestamp"=hex:d1,03,ad,e3,bd,33,cd,01 . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,52,a5,3e,c0,23,2e,15,48,94,37,2c,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,52,a5,3e,c0,23,2e,15,48,94,37,2c,\ . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'Explorer.exe'(2676) c:\windows\system32\ACTXPRXY.DLL c:\program files\MyFunCards_5m\bar\1.bin\5mbrstub.dll c:\program files\Norton Security Suite\Engine\5.2.2.3\ccIPC.dll c:\program files\Norton Security Suite\Engine\5.2.2.3\ccGEvt.dll c:\windows\system32\mssprxy.dll . Completion time: 2012-08-07 08:39:42 ComboFix-quarantined-files.txt 2012-08-07 12:39 ComboFix2.txt 2012-08-07 00:03 ComboFix3.txt 2012-08-06 12:30 . Pre-Run: 182,438,207,488 bytes free Post-Run: 182,392,610,816 bytes free . - - End Of File - - B8B179B65D4A03FC56CC13D3F75C7421
  11. Then I'm not sure I understand your instructions. You want me to save it as a .txt file to my desktop then drag it into the ComboFix icon?
  12. ComboFix 12-08-05.02 - sheila 08/06/2012 19:27:58.2.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3573.1930 [GMT -4:00] Running from: c:\users\sheila\Desktop\ComboFix.exe Command switches used :: c:\users\sheila\AppData\Roaming\Microsoft\Windows\Recent\CFScript.lnk SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2012-07-06 to 2012-08-06 ))))))))))))))))))))))))))))))) . . 2012-08-06 23:51 . 2012-08-06 23:51 -------- d-----w- c:\users\sheila\AppData\Local\temp 2012-08-06 23:51 . 2012-08-06 23:51 -------- d-----w- c:\users\Samantha\AppData\Local\temp 2012-08-06 23:51 . 2012-08-06 23:51 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-08-06 10:25 . 2012-06-05 16:47 1248768 ----a-w- c:\windows\system32\msxml3.dll 2012-08-05 00:27 . 2012-08-05 13:51 -------- d-----w- c:\program files\PCPitstop 2012-08-05 00:11 . 2012-08-05 00:11 -------- d-----w- c:\programdata\Sophos 2012-08-05 00:10 . 2012-08-05 00:10 73728 ----a-r- c:\users\sheila\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe 2012-08-05 00:10 . 2012-08-05 00:10 73728 ----a-r- c:\users\sheila\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe 2012-08-05 00:10 . 2012-08-05 00:10 73728 ----a-r- c:\users\sheila\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe 2012-08-05 00:09 . 2012-08-05 00:09 -------- d-----w- c:\program files\Sophos 2012-08-04 23:47 . 2012-08-04 23:47 -------- d-----w- c:\users\sheila\AppData\Roaming\Malwarebytes 2012-08-04 23:47 . 2012-08-04 23:47 -------- d-----w- c:\programdata\Malwarebytes 2012-08-04 23:47 . 2012-08-04 23:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-08-04 23:47 . 2012-07-03 17:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-08-04 12:03 . 2012-08-05 13:29 -------- d-----w- C:\TDSSKiller_Quarantine 2012-08-04 08:57 . 2012-08-04 08:57 110080 ----a-r- c:\users\sheila\AppData\Roaming\Microsoft\Installer\{CC1F6DA0-21D2-425A-B1B6-5B164A598450}\IconF7A21AF7.exe 2012-08-04 08:57 . 2012-08-04 08:57 110080 ----a-r- c:\users\sheila\AppData\Roaming\Microsoft\Installer\{CC1F6DA0-21D2-425A-B1B6-5B164A598450}\IconD7F16134.exe 2012-08-04 08:57 . 2012-08-04 08:57 110080 ----a-r- c:\users\sheila\AppData\Roaming\Microsoft\Installer\{CC1F6DA0-21D2-425A-B1B6-5B164A598450}\IconCF33A0CE.exe 2012-08-04 08:57 . 2012-08-04 08:57 -------- d-----w- C:\sh4ldr 2012-08-04 08:57 . 2012-08-04 08:57 -------- d-----w- c:\program files\Enigma Software Group 2012-08-04 08:56 . 2012-08-04 08:57 -------- d-----w- c:\windows\CC1F6DA021D2425AB1B65B164A598450.TMP 2012-08-04 08:51 . 2012-08-04 08:51 73696 ----a-w- c:\program files\Mozilla Firefox\breakpadinjector.dll 2012-08-04 08:51 . 2012-08-04 08:51 266720 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll 2012-08-04 08:51 . 2012-08-04 08:51 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll 2012-08-04 08:51 . 2012-08-04 08:51 18912 ----a-w- c:\program files\Mozilla Firefox\AccessibleMarshal.dll 2012-08-04 08:51 . 2012-08-04 08:51 118240 ----a-w- c:\program files\Mozilla Firefox\crashreporter.exe 2012-08-04 08:51 . 2012-08-04 08:51 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll 2012-08-04 06:19 . 2012-06-05 16:47 1401856 ----a-w- c:\windows\system32\msxml6.dll 2012-08-04 05:28 . 2012-06-04 15:26 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2012-08-04 05:28 . 2012-06-02 00:04 278528 ----a-w- c:\windows\system32\schannel.dll 2012-08-04 05:28 . 2012-06-02 00:03 204288 ----a-w- c:\windows\system32\ncrypt.dll 2012-08-04 04:32 . 2012-08-04 04:32 -------- d-----w- c:\users\sheila\AppData\Roaming\AVG2012 2012-08-04 03:41 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe 2012-08-04 03:41 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll 2012-08-04 03:41 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll 2012-08-04 03:41 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll 2012-08-04 03:40 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll 2012-08-04 03:40 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll 2012-08-04 03:40 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll 2012-08-04 03:40 . 2012-07-16 06:41 6891424 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{39B4C142-238B-4852-BCD4-4593264C2630}\mpengine.dll 2012-08-04 03:40 . 2012-06-02 19:19 171904 ----a-w- c:\windows\system32\wuwebv.dll 2012-08-04 03:40 . 2012-06-02 19:12 33792 ----a-w- c:\windows\system32\wuapp.exe 2012-08-04 02:36 . 2012-08-04 02:37 -------- d-----w- c:\programdata\DriverGenius 2012-08-04 02:36 . 2012-08-04 02:36 -------- d-----w- c:\program files\Driver-Soft 2012-08-03 08:22 . 2012-08-06 23:08 -------- d-----w- c:\windows\system32\wbem\repository 2012-08-03 07:25 . 2012-08-03 07:26 -------- d-----w- c:\users\Samantha\AppData\Roaming\Skype 2012-08-03 07:21 . 2012-08-03 07:21 -------- d-----w- c:\users\Samantha\AppData\Local\Mozilla 2012-08-03 06:43 . 2012-08-03 06:43 -------- d-----w- c:\programdata\iolo 2012-08-03 06:43 . 2012-08-03 06:43 -------- d-----w- c:\users\sheila\AppData\Roaming\iolo 2012-08-03 06:29 . 2012-08-03 06:29 -------- d-----w- c:\users\sheila\AppData\Roaming\Qwiklinx 2012-08-03 06:29 . 2012-08-03 06:29 -------- d-----w- c:\program files\Qwiklinx 2012-08-03 06:28 . 2012-08-03 06:29 -------- d-----w- c:\program files\Shop to Win 36 2012-08-03 06:28 . 2012-08-03 06:28 -------- d-----w- c:\program files\BabylonToolbar 2012-08-03 06:28 . 2012-08-03 06:28 -------- d-----w- c:\users\sheila\AppData\Local\Wajam 2012-08-03 06:27 . 2012-08-03 06:28 -------- d-----w- c:\program files\Wajam 2012-08-03 06:27 . 2012-08-03 06:27 -------- d-----w- c:\users\sheila\AppData\Roaming\RadarSync 2012-08-03 06:19 . 2012-08-03 06:20 -------- d-----w- c:\program files\Driver Checker 2012-08-03 06:07 . 2012-08-03 07:27 -------- d-----w- c:\users\Samantha\AppData\Local\PMB Files 2012-08-03 05:03 . 2012-08-03 05:03 -------- d-----w- c:\users\sheila\AppData\Local\ElevatedDiagnostics 2012-08-03 04:53 . 2012-08-03 04:53 -------- d-----w- c:\programdata\RegAce 2012-08-03 04:53 . 2012-08-03 04:53 -------- d-----w- c:\users\sheila\AppData\Local\APN 2012-08-03 04:41 . 2012-08-03 04:49 -------- d-----w- c:\program files\Fix RegCleaner 2012-08-01 22:48 . 2012-08-01 22:48 -------- d-----w- c:\windows\system32\%APPDATA% 2012-08-01 00:31 . 2012-08-01 00:31 -------- d-----w- c:\programdata\Macrovision 2012-07-31 21:53 . 2012-07-31 21:53 -------- d-----w- C:\$AVG 2012-07-31 21:53 . 2012-08-06 12:16 -------- d-----w- c:\programdata\AVG2012 2012-07-31 21:52 . 2012-07-31 21:52 -------- d-----w- c:\program files\AVG 2012-07-31 21:50 . 2012-08-06 10:28 -------- d-----w- c:\programdata\MFAData 2012-07-31 20:44 . 2012-07-31 20:44 -------- d-----w- c:\program files\Promosoft Corporation 2012-07-31 20:36 . 2012-07-31 20:36 -------- d-----w- c:\users\sheila\AppData\Roaming\YourFileDownloader 2012-07-31 20:20 . 2012-07-31 20:20 -------- d-----w- c:\users\sheila\AppData\Roaming\SpeedyPC Software 2012-07-31 20:20 . 2012-07-31 20:20 -------- d-----w- c:\users\sheila\AppData\Roaming\DriverCure 2012-07-31 20:20 . 2012-07-31 20:20 -------- d-----w- c:\program files\Common Files\SpeedyPC Software 2012-07-31 20:20 . 2012-07-31 20:20 -------- d-----w- c:\programdata\SpeedyPC Software 2012-07-31 20:20 . 2012-07-31 20:20 -------- d-----w- c:\program files\SpeedyPC Software 2012-07-31 09:51 . 2012-07-31 09:51 -------- d-----w- c:\users\sheila\AppData\Roaming\IObit 2012-07-31 09:44 . 2012-07-31 09:44 -------- d-----w- c:\users\sheila\AppData\Local\Promosoft Corporation 2012-07-16 19:50 . 2012-08-03 08:10 -------- d-----w- c:\windows\system32\drivers\N360\0502020.003 2012-07-13 11:00 . 2012-08-04 08:51 192592 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice_installer.exe 2012-07-13 11:00 . 2012-08-04 08:51 114144 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice.exe 2012-07-13 11:00 . 2012-08-04 08:51 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll 2012-07-13 11:00 . 2012-08-04 08:51 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll 2012-07-12 08:57 . 2012-07-12 08:57 -------- d-----w- c:\program files\x86 2012-07-12 08:55 . 2012-08-05 14:02 -------- d-----w- c:\program files\OApps 2012-07-12 08:55 . 2012-08-03 08:09 -------- d-----w- c:\program files\TorrentSearch 2012-07-12 08:54 . 2012-07-12 08:54 -------- d-----w- c:\users\sheila\Xoliul Shader 2012-07-12 08:54 . 2012-08-06 11:21 -------- d-----w- c:\program files\intellidownload 2012-07-10 17:37 . 2012-07-10 17:37 184886 ----a-w- C:\torrent.exe 2012-07-10 13:04 . 2012-07-10 13:04 -------- d-----w- c:\users\sheila\AppData\Local\Aeria Games 2012-07-10 13:03 . 2012-07-10 13:03 -------- d-----w- c:\programdata\Aeria Games 2012-07-10 12:49 . 2012-07-25 18:26 -------- d-sh--w- c:\windows\system32\AI_RecycleBin 2012-07-10 12:49 . 2012-08-03 08:09 -------- d-----w- c:\program files\Aeria Games 2012-07-10 08:46 . 2012-08-03 08:09 -------- d-----w- C:\New Folder . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-08-04 07:20 . 2012-06-27 03:51 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-08-04 07:20 . 2012-06-27 03:51 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-06-19 23:59 . 2012-06-19 23:59 18944 ----a-r- c:\users\sheila\AppData\Roaming\Microsoft\Installer\{8F018A9E-56DE-4A79-A5EF-25F413F1D538}\IconBB6A16301.exe 2012-05-31 16:25 . 2010-04-02 13:36 237072 ------w- c:\windows\system32\MpSigStub.exe 2012-05-18 00:39 . 2012-05-18 00:39 16304 ------w- c:\windows\system32\apl003.sys 2012-08-04 08:51 . 2012-08-04 08:51 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{31ad400d-1b06-4e33-a59a-90c2c140cba0}] 2009-11-08 14:55 297808 ----a-w- c:\windows\System32\mscoree.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2011-07-04 11:43 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Akamai NetSession Interface"="c:\users\sheila\AppData\Local\Akamai\netsession_win.exe" [2012-05-26 4327744] "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-08-09 221184] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-11-17 3810304] "SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-03-16 483428] "dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-06-03 206064] "Anti-phishing Domain Advisor"="c:\programdata\Anti-phishing Domain Advisor\visicom_antiphishing.exe" [2011-07-29 217256] "AirMac Base Station Agent"="c:\program files\AirMac\APAgent.exe" [2009-11-11 771360] "MyFunCards_5m Browser Plugin Loader"="c:\progra~1\MYFUNC~2\bar\1.bin\5mbrmon.exe" [2012-04-05 30096] "Aeria Ignite"="c:\program files\Aeria Games\Ignite\aeriaignite.exe" [2012-05-24 1241184] "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-08-09 221184] "Info Center"="c:\program files\PCPitstop\Info Center\InfoCenter.exe" [2012-05-16 26816] "PC Pitstop PC Matic Reminder"="c:\program files\PCPitstop\PC Matic\Reminder-PCMatic.exe" [2012-05-16 325320] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920] . c:\users\sheila\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Digsby.lnk - c:\program files\Digsby\digsby.exe [2010-3-3 141488] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-09-03 18:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer] @="Service" . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk backup=c:\windows\pss\Adobe Gamma Loader.lnk.CommonStartup backupExtension=.CommonStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier] 2011-04-20 16:48 58656 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast5] 2011-07-04 11:43 3493720 ----a-w- c:\program files\Alwil Software\Avast5\AvastUI.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI] 2008-11-17 11:29 3810304 ----a-w- c:\windows\System32\WLTRAY.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ddoctorv2] 2008-04-24 17:25 202560 ----a-w- c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell Webcam Central] 2008-06-03 19:54 446635 ------w- c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dldnamon] 2008-03-17 21:29 16624 ----a-w- c:\program files\Dell V105\dldnamon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dldnmon.exe] 2008-03-17 21:29 668912 ----a-w- c:\program files\Dell V105\dldnmon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe] 2010-03-31 15:13 125952 ----a-w- c:\windows\ehome\ehtray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EvtMgr6] 2011-06-23 23:44 1386776 ----a-w- c:\program files\Logitech\SetPointP\SetPoint.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] 2012-06-16 02:13 116648 ----atw- c:\users\sheila\AppData\Local\Google\Update\GoogleUpdate.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds] 2009-02-26 17:57 173592 ----a-w- c:\windows\System32\hkcmd.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray] 2009-02-26 17:57 141848 ----a-w- c:\windows\System32\igfxtray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup] 2004-08-09 10:03 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)] 2011-06-16 11:55 6276408 ----a-w- c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Default Manager] 2009-07-17 15:12 288080 ----a-w- c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2008-07-14 18:33 570664 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence] 2009-02-26 17:57 150552 ----a-w- c:\windows\System32\igfxpers.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2011-07-05 22:36 421888 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar] 2009-04-11 06:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SightSpeed] 2009-06-19 16:25 4825976 ----a-w- c:\program files\Dell Video Chat\DellVideoChat.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmileboxTray] 2012-05-15 14:06 325448 ----a-w- c:\users\sheila\AppData\Roaming\Smilebox\SmileboxTray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2012-01-18 18:02 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware] 2011-10-07 02:49 2424192 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender] 2010-03-31 15:05 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe . R0 45083044;45083044;c:\windows\system32\drivers\07025176.sys [x] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x] S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\aestsrv.exe [x] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . Contents of the 'Scheduled Tasks' folder . 2012-08-05 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-27 07:20] . 2012-08-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-04-03 10:44] . 2012-08-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-04-03 10:44] . 2012-08-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2596339596-1792215834-1845895286-1000Core.job - c:\users\sheila\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-16 02:13] . 2012-08-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2596339596-1792215834-1845895286-1000UA.job - c:\users\sheila\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-16 02:13] . 2012-07-16 c:\windows\Tasks\Norton Security Scan for sheila.job - c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-04-16 04:51] . . ------- Supplementary Scan ------- . uStart Page = hxxp://yahoo.com/?ilc=10&fr=ydwnld-home/ mStart Page = hxxp://www.yahoo.com mWindow Title = Windows Internet Explorer provided by Comcast uInternet Settings,ProxyOverride = *.local;<local> IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\users\sheila\AppData\Roaming\Mozilla\Firefox\Profiles\iyyvcftz.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=protectff&ei=UTF-8&p= FF - prefs.js: browser.search.selectedEngine - Yahoo FF - prefs.js: browser.startup.homepage - hxxp://yahoo.com/?ilc=10&fr=ydwnld-home FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=protectawe&ei=UTF-8&p= FF - user.js: browser.search.defaultEngine - yahoo FF - user.js: browser.search.defaultenginename - yahoo FF - user.js: browser.search.selectedEngine - Yahoo FF - user.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=protectff&ei=UTF-8&p= FF - user.js: keyword.URL - hxxp://search.yahoo.com/search?fr=protectawe&ei=UTF-8&p= FF - user.js: browser.search.param.yahoo-fr - chrf-protectff FF - user.js: extensions.BabylonToolbar_i.newTab - false FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=109935&tt=171011_prot FF - user.js: extensions.BabylonToolbar_i.babExt - FF - user.js: extensions.BabylonToolbar_i.srcExt - ss FF - user.js: extensions.BabylonToolbar_i.id - e67b30d700000000000000225f19a80c FF - user.js: extensions.BabylonToolbar_i.hardId - e67b30d700000000000000225f19a80c FF - user.js: extensions.BabylonToolbar_i.instlDay - 15476 FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1716:38 FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar FF - user.js: extensions.BabylonToolbar_i.aflt - babsst FF - user.js: extensions.BabylonToolbar_i.smplGrp - none FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9 FF - user.js: extensions.BabylonToolbar_i.instlRef - sst FF - user.js: extensions.funmoods.hmpg - false FF - user.js: extensions.funmoods.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=axl&chnl=axl&cd=2XzutAtN2Y1L1QzutDtDtBtByD0FtCzy0AzztD0CtAtD0DyBtN0D0TzutBtDtCtBtDyDtByC&cr=1914641341 FF - user.js: extensions.funmoods.dfltSrch - false FF - user.js: extensions.funmoods.srchPrvdr - Search FF - user.js: extensions.funmoods.dnsErr - true FF - user.js: extensions.funmoods_i.newTab - false FF - user.js: extensions.funmoods.newTabUrl - hxxp://start.funmoods.com/?f=2&a=axl&chnl=axl&cd=2XzutAtN2Y1L1QzutDtDtBtByD0FtCzy0AzztD0CtAtD0DyBtN0D0TzutBtDtCtBtDyDtByC&cr=1914641341 FF - user.js: extensions.funmoods.tlbrSrchUrl - FF - user.js: extensions.funmoods.id - e67b30d700000000000000225f19a80c FF - user.js: extensions.funmoods.instlDay - 15486 FF - user.js: extensions.funmoods.vrsn - 1.5.23.22 FF - user.js: extensions.funmoods.vrsni - 1.5.23.22 FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.23.2218:37:9 FF - user.js: extensions.funmoods.prtnrId - funmoods FF - user.js: extensions.funmoods.prdct - funmoods FF - user.js: extensions.funmoods.aflt - axl FF - user.js: extensions.funmoods_i.smplGrp - none FF - user.js: extensions.funmoods.tlbrId - base FF - user.js: extensions.funmoods.instlRef - axl FF - user.js: extensions.funmoods.dfltLng - FF - user.js: extensions.funmoods.excTlbr - false FF - user.js: extensions.funmoods.autoRvrt - false FF - user.js: extensions.funmoods.envrmnt - production FF - user.js: extensions.funmoods.isdcmntcmplt - true FF - user.js: extensions.funmoods.mntrvrsn - 1.3.0 FF - user.js: extensions.incredibar_i.newTab - false FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6PQABM6TI6&loc=IB_TB&i=26&search= FF - user.js: extensions.incredibar_i.id - e67b30d700000000000000225f19a80c FF - user.js: extensions.incredibar_i.instlDay - 15507 FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14 FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14 FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1423:05 FF - user.js: extensions.incredibar_i.prtnrId - Incredibar FF - user.js: extensions.incredibar_i.prdct - incredibar FF - user.js: extensions.incredibar_i.aflt - orgnl FF - user.js: extensions.incredibar_i.smplGrp - none FF - user.js: extensions.incredibar_i.tlbrId - base FF - user.js: extensions.incredibar_i.instlRef - FF - user.js: extensions.incredibar_i.dfltLng - FF - user.js: extensions.incredibar_i.excTlbr - false FF - user.js: extensions.incredibar_i.ms_url_id - FF - user.js: extensions.incredibar_i.upn2 - 6PQABM6TI6 FF - user.js: extensions.incredibar_i.upn2n - 92543068038237882 FF - user.js: extensions.incredibar_i.productid - 26 FF - user.js: extensions.incredibar_i.installerproductid - 26 FF - user.js: extensions.incredibar_i.did - 10665 FF - user.js: extensions.incredibar_i.ppd - FF - user.js: extentions.y2layers.installId - 86beee56-1272-479b-8b52-ed5a005d92bf FF - user.js: extentions.y2layers.defaultEnableAppsList - pagerage,ezLooker,buzzdock,toprelatedtopics,twittube FF - user.js: extensions.autoDisableScopes - 14 user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0); . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-08-06 19:51 Windows 6.0.6002 Service Pack 2 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\N360] "ImagePath"="\"c:\program files\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\5.2.2.3\diMaster.dll\" /prefetch:1" -- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\PCCUJobMgr] "ImagePath"="\"c:\program files\Norton PC Checkup\Engine\2.0.12.27\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files\Norton PC Checkup\Engine\2.0.12.27\diMaster.dll\" /prefetch:1" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\PCD5SRVC{3F6A8B78-EC003E00-05040104}] "ImagePath"="\??\c:\progra~1\DELLSU~1\HWDiag\bin\PCD5SRVC.pkms" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions] @Denied: (2) (LocalSystem) "{9D425283-D487-4337-BAB6-AB8354A81457}"=hex:51,66,7a,6c,4c,1d,38,12,ed,51,51, 99,b5,9a,59,06,c5,a0,e8,c3,51,f6,50,43 "{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"=hex:51,66,7a,6c,4c,1d,38,12,8d,ec,f8, 7b,2b,25,27,06,e7,c4,bc,f0,98,15,0d,de "{EF99BD32-C1FB-11D2-892F-0090271D4F88}"=hex:51,66,7a,6c,4c,1d,38,12,5c,be,8a, eb,c9,8f,bc,54,f6,39,43,d0,22,43,0b,9c "{02478D38-C3F9-4EFB-9B51-7695ECA05670}"=hex:51,66,7a,6c,4c,1d,38,12,56,8e,54, 06,cb,8d,95,0b,e4,47,35,d5,e9,fe,12,64 "{2EECD738-5844-4A99-B4B6-146BF802613B}"=hex:51,66,7a,6c,4c,1d,38,12,56,d4,ff, 2a,76,16,f7,0f,cb,a0,57,2b,fd,5c,25,2f "{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}"=hex:51,66,7a,6c,4c,1d,38,12,60,d8,39, 64,cd,04,79,07,f5,b7,d6,9a,c1,81,e0,1c "{6D53EC84-6AAE-4787-AEEE-F4628F01010C}"=hex:51,66,7a,6c,4c,1d,38,12,ea,ef,40, 69,9c,24,e9,02,d1,f8,b7,22,8a,5f,45,18 "{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07, 72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57 "{8A86D350-37AB-410A-8531-7D1363F317B3}"=hex:51,66,7a,6c,4c,1d,38,12,3e,d0,95, 8e,99,79,64,04,fa,27,3e,53,66,ad,53,a7 "{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23, 94,30,02,d1,0f,f1,da,12,24,73,56,27,d2 "{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93, aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83 "{CA4520F3-AE13-4FB1-A513-58E23991C86D}"=hex:51,66,7a,6c,4c,1d,38,12,9d,23,56, ce,21,e0,df,0a,da,05,1b,a2,3c,cf,8c,79 "{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db, df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd "{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}"=hex:51,66,7a,6c,4c,1d,38,12,70,05,61, f9,ec,d1,23,0d,da,9c,48,eb,44,0f,8e,cc "{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}"=hex:51,66,7a,6c,4c,1d,38,12,cf,4e,be, f9,90,2f,b6,0a,e3,01,c5,b7,a9,7a,14,95 "{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}"=hex:51,66,7a,6c,4c,1d,38,12,35,fc,e1, 93,3e,68,a1,09,fc,5c,6e,9a,4b,77,a7,8a "{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16, fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17 "{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9, b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b "{336D0C35-8A85-403a-B9D2-65C292C39087}"=hex:51,66,7a,6c,4c,1d,3b,1b,08,d2,77, 68,82,e9,5d,3d,9d,e9,17,af,ad,b0,e5,ab . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration] @Denied: (2) (LocalSystem) "Timestamp"=hex:d1,03,ad,e3,bd,33,cd,01 . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,52,a5,3e,c0,23,2e,15,48,94,37,2c,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,52,a5,3e,c0,23,2e,15,48,94,37,2c,\ . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'Explorer.exe'(5100) c:\windows\system32\ACTXPRXY.DLL c:\program files\MyFunCards_5m\bar\1.bin\5mbrstub.dll c:\windows\system32\mssprxy.dll . Completion time: 2012-08-06 20:03:11 ComboFix-quarantined-files.txt 2012-08-07 00:02 ComboFix2.txt 2012-08-06 12:30 . Pre-Run: 183,398,924,288 bytes free Post-Run: 182,432,690,176 bytes free . - - End Of File - - 00AE72F20A85BCC2EFFEE6594C0D89CD
  13. ComboFix 12-08-05.02 - sheila 08/06/2012 6:39.1.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3573.1751 [GMT -4:00] Running from: c:\users\sheila\Downloads\ComboFix.exe AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files\intellidownload\gunzip.exe c:\program files\Search Toolbar c:\program files\Search Toolbar\icon.ico c:\program files\Search Toolbar\SearchToolbar.dll c:\program files\Search Toolbar\SearchToolbarUninstall.exe c:\program files\Search Toolbar\SearchToolbarUpdater.exe c:\program files\Shop to Win c:\program files\Shop to Win\Test.htm c:\program files\Shop to Win\TestFeeds\DisableStatus.xml c:\program files\Shop to Win\TestFeeds\DisableStatusDirection.xml c:\program files\Shop to Win\TestFeeds\GenericPopup.xml c:\program files\Shop to Win\TestFeeds\MainStatus.xml c:\program files\Shop to Win\TestFeeds\ShoppingConfirmation.xml c:\program files\Shop to Win\unins000.dat c:\program files\Web Assistant\ExTEnsion32.dll c:\programdata\ntuser.dat c:\users\sheila\15.jpg c:\users\sheila\20091011223157.jpg c:\users\sheila\20091229225621.jpg c:\users\sheila\201072410563468337.jpg c:\users\sheila\3676907620771746162 (1).jpg c:\users\sheila\3676907620771746162.jpg c:\users\sheila\b5cb0b1d78ecb9d6a8b4c3227586adec.jpg c:\users\sheila\be82c034cf25c914338fa3cf87005d24-d3cyctl.jpg c:\users\sheila\Documents\~WRL0003.tmp c:\users\sheila\Documents\~WRL0004.tmp c:\users\sheila\Documents\~WRL0005.tmp c:\users\sheila\Documents\~WRL0221.tmp c:\users\sheila\Documents\~WRL0598.tmp c:\users\sheila\Documents\~WRL3164.tmp c:\users\sheila\Documents\~WRL3197.tmp c:\users\sheila\Documents\~WRL3668.tmp c:\users\sheila\Documents\~WRL4096.tmp c:\users\sheila\Documents\ShopToWin c:\users\sheila\fullclient_april25.exe c:\windows\assembly\GAC\Desktop.ini c:\windows\system32\URTTemp c:\windows\system32\URTTemp\regtlib.exe . Infected copy of c:\windows\System32\services.exe was found and disinfected Restored copy from - c:\combofix\HarddiskVolumeShadowCopy9_!Windows!System32!services.exe . . ((((((((((((((((((((((((( Files Created from 2012-07-06 to 2012-08-06 ))))))))))))))))))))))))))))))) . . 2012-08-06 11:25 . 2012-08-06 12:21 -------- d-----w- c:\users\sheila\AppData\Local\temp 2012-08-06 11:25 . 2012-08-06 11:25 -------- d-----w- c:\users\Samantha\AppData\Local\temp 2012-08-06 11:25 . 2012-08-06 11:25 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-08-05 00:27 . 2012-08-05 13:51 -------- d-----w- c:\program files\PCPitstop 2012-08-05 00:11 . 2012-08-05 00:11 -------- d-----w- c:\programdata\Sophos 2012-08-05 00:10 . 2012-08-05 00:10 73728 ----a-r- c:\users\sheila\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe 2012-08-05 00:10 . 2012-08-05 00:10 73728 ----a-r- c:\users\sheila\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe 2012-08-05 00:10 . 2012-08-05 00:10 73728 ----a-r- c:\users\sheila\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe 2012-08-05 00:09 . 2012-08-05 00:09 -------- d-----w- c:\program files\Sophos 2012-08-04 23:47 . 2012-08-04 23:47 -------- d-----w- c:\users\sheila\AppData\Roaming\Malwarebytes 2012-08-04 23:47 . 2012-08-04 23:47 -------- d-----w- c:\programdata\Malwarebytes 2012-08-04 23:47 . 2012-08-04 23:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-08-04 23:47 . 2012-07-03 17:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-08-04 12:03 . 2012-08-05 13:29 -------- d-----w- C:\TDSSKiller_Quarantine 2012-08-04 08:57 . 2012-08-04 08:57 110080 ----a-r- c:\users\sheila\AppData\Roaming\Microsoft\Installer\{CC1F6DA0-21D2-425A-B1B6-5B164A598450}\IconF7A21AF7.exe 2012-08-04 08:57 . 2012-08-04 08:57 110080 ----a-r- c:\users\sheila\AppData\Roaming\Microsoft\Installer\{CC1F6DA0-21D2-425A-B1B6-5B164A598450}\IconD7F16134.exe 2012-08-04 08:57 . 2012-08-04 08:57 110080 ----a-r- c:\users\sheila\AppData\Roaming\Microsoft\Installer\{CC1F6DA0-21D2-425A-B1B6-5B164A598450}\IconCF33A0CE.exe 2012-08-04 08:57 . 2012-08-04 08:57 -------- d-----w- C:\sh4ldr 2012-08-04 08:57 . 2012-08-04 08:57 -------- d-----w- c:\program files\Enigma Software Group 2012-08-04 08:56 . 2012-08-04 08:57 -------- d-----w- c:\windows\CC1F6DA021D2425AB1B65B164A598450.TMP 2012-08-04 08:51 . 2012-08-04 08:51 73696 ----a-w- c:\program files\Mozilla Firefox\breakpadinjector.dll 2012-08-04 08:51 . 2012-08-04 08:51 266720 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll 2012-08-04 08:51 . 2012-08-04 08:51 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll 2012-08-04 08:51 . 2012-08-04 08:51 18912 ----a-w- c:\program files\Mozilla Firefox\AccessibleMarshal.dll 2012-08-04 08:51 . 2012-08-04 08:51 118240 ----a-w- c:\program files\Mozilla Firefox\crashreporter.exe 2012-08-04 08:51 . 2012-08-04 08:51 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll 2012-08-04 05:28 . 2012-06-04 15:26 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2012-08-04 04:32 . 2012-08-04 04:32 -------- d-----w- c:\users\sheila\AppData\Roaming\AVG2012 2012-08-04 02:36 . 2012-08-04 02:37 -------- d-----w- c:\programdata\DriverGenius 2012-08-04 02:36 . 2012-08-04 02:36 -------- d-----w- c:\program files\Driver-Soft 2012-08-03 08:22 . 2012-08-06 12:18 -------- d-----w- c:\windows\system32\wbem\repository 2012-08-03 07:25 . 2012-08-03 07:26 -------- d-----w- c:\users\Samantha\AppData\Roaming\Skype 2012-08-03 07:21 . 2012-08-03 07:21 -------- d-----w- c:\users\Samantha\AppData\Local\Mozilla 2012-08-03 06:43 . 2012-08-03 06:43 -------- d-----w- c:\programdata\iolo 2012-08-03 06:43 . 2012-08-03 06:43 -------- d-----w- c:\users\sheila\AppData\Roaming\iolo 2012-08-03 06:29 . 2012-08-03 06:29 -------- d-----w- c:\users\sheila\AppData\Roaming\Qwiklinx 2012-08-03 06:29 . 2012-08-03 06:29 -------- d-----w- c:\program files\Qwiklinx 2012-08-03 06:28 . 2012-08-03 06:29 -------- d-----w- c:\program files\Shop to Win 36 2012-08-03 06:28 . 2012-08-03 06:28 -------- d-----w- c:\program files\BabylonToolbar 2012-08-03 06:28 . 2012-08-03 06:28 -------- d-----w- c:\users\sheila\AppData\Local\Wajam 2012-08-03 06:27 . 2012-08-03 06:28 -------- d-----w- c:\program files\Wajam 2012-08-03 06:27 . 2012-08-03 06:27 -------- d-----w- c:\users\sheila\AppData\Roaming\RadarSync 2012-08-03 06:19 . 2012-08-03 06:20 -------- d-----w- c:\program files\Driver Checker 2012-08-03 06:07 . 2012-08-03 07:27 -------- d-----w- c:\users\Samantha\AppData\Local\PMB Files 2012-08-03 05:03 . 2012-08-03 05:03 -------- d-----w- c:\users\sheila\AppData\Local\ElevatedDiagnostics 2012-08-03 04:53 . 2012-08-03 04:53 -------- d-----w- c:\programdata\RegAce 2012-08-03 04:53 . 2012-08-03 04:53 -------- d-----w- c:\users\sheila\AppData\Local\APN 2012-08-03 04:41 . 2012-08-03 04:49 -------- d-----w- c:\program files\Fix RegCleaner 2012-08-01 22:48 . 2012-08-01 22:48 -------- d-----w- c:\windows\system32\%APPDATA% 2012-08-01 00:31 . 2012-08-01 00:31 -------- d-----w- c:\programdata\Macrovision 2012-07-31 21:53 . 2012-07-31 21:53 -------- d-----w- C:\$AVG 2012-07-31 21:53 . 2012-08-06 12:16 -------- d-----w- c:\programdata\AVG2012 2012-07-31 21:52 . 2012-07-31 21:52 -------- d-----w- c:\program files\AVG 2012-07-31 21:50 . 2012-08-06 10:28 -------- d-----w- c:\programdata\MFAData 2012-07-31 20:44 . 2012-07-31 20:44 -------- d-----w- c:\program files\Promosoft Corporation 2012-07-31 20:36 . 2012-07-31 20:36 -------- d-----w- c:\users\sheila\AppData\Roaming\YourFileDownloader 2012-07-31 20:20 . 2012-07-31 20:20 -------- d-----w- c:\users\sheila\AppData\Roaming\SpeedyPC Software 2012-07-31 20:20 . 2012-07-31 20:20 -------- d-----w- c:\users\sheila\AppData\Roaming\DriverCure 2012-07-31 20:20 . 2012-07-31 20:20 -------- d-----w- c:\program files\Common Files\SpeedyPC Software 2012-07-31 20:20 . 2012-07-31 20:20 -------- d-----w- c:\programdata\SpeedyPC Software 2012-07-31 20:20 . 2012-07-31 20:20 -------- d-----w- c:\program files\SpeedyPC Software 2012-07-31 09:51 . 2012-07-31 09:51 -------- d-----w- c:\users\sheila\AppData\Roaming\IObit 2012-07-31 09:44 . 2012-07-31 09:44 -------- d-----w- c:\users\sheila\AppData\Local\Promosoft Corporation 2012-07-16 19:50 . 2012-08-03 08:10 -------- d-----w- c:\windows\system32\drivers\N360\0502020.003 2012-07-13 11:00 . 2012-08-04 08:51 192592 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice_installer.exe 2012-07-13 11:00 . 2012-08-04 08:51 114144 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice.exe 2012-07-13 11:00 . 2012-08-04 08:51 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll 2012-07-13 11:00 . 2012-08-04 08:51 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll 2012-07-12 08:57 . 2012-07-12 08:57 -------- d-----w- c:\program files\x86 2012-07-12 08:55 . 2012-08-05 14:02 -------- d-----w- c:\program files\OApps 2012-07-12 08:55 . 2012-08-03 08:09 -------- d-----w- c:\program files\TorrentSearch 2012-07-12 08:54 . 2012-07-12 08:54 -------- d-----w- c:\users\sheila\Xoliul Shader 2012-07-12 08:54 . 2012-08-06 11:21 -------- d-----w- c:\program files\intellidownload 2012-07-10 17:37 . 2012-07-10 17:37 184886 ----a-w- C:\torrent.exe 2012-07-10 13:04 . 2012-07-10 13:04 -------- d-----w- c:\users\sheila\AppData\Local\Aeria Games 2012-07-10 13:03 . 2012-07-10 13:03 -------- d-----w- c:\programdata\Aeria Games 2012-07-10 12:49 . 2012-07-25 18:26 -------- d-sh--w- c:\windows\system32\AI_RecycleBin 2012-07-10 12:49 . 2012-08-03 08:09 -------- d-----w- c:\program files\Aeria Games 2012-07-10 08:46 . 2012-08-03 08:09 -------- d-----w- C:\New Folder . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-08-04 07:20 . 2012-06-27 03:51 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-08-04 07:20 . 2012-06-27 03:51 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-06-19 23:59 . 2012-06-19 23:59 18944 ----a-r- c:\users\sheila\AppData\Roaming\Microsoft\Installer\{8F018A9E-56DE-4A79-A5EF-25F413F1D538}\IconBB6A16301.exe 2012-06-05 16:47 . 2012-08-04 06:19 1401856 ----a-w- c:\windows\system32\msxml6.dll 2012-06-05 16:47 . 2012-08-06 10:25 1248768 ----a-w- c:\windows\system32\msxml3.dll 2012-06-02 22:19 . 2012-08-04 03:41 53784 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-02 22:19 . 2012-08-04 03:41 45080 ----a-w- c:\windows\system32\wups2.dll 2012-06-02 22:19 . 2012-08-04 03:40 35864 ----a-w- c:\windows\system32\wups.dll 2012-06-02 22:19 . 2012-08-04 03:40 577048 ----a-w- c:\windows\system32\wuapi.dll 2012-06-02 22:19 . 2012-08-04 03:41 1933848 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-02 22:12 . 2012-08-04 03:41 2422272 ----a-w- c:\windows\system32\wucltux.dll 2012-06-02 22:12 . 2012-08-04 03:40 88576 ----a-w- c:\windows\system32\wudriver.dll 2012-06-02 19:19 . 2012-08-04 03:40 171904 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-02 19:12 . 2012-08-04 03:40 33792 ----a-w- c:\windows\system32\wuapp.exe 2012-06-02 00:04 . 2012-08-04 05:28 278528 ----a-w- c:\windows\system32\schannel.dll 2012-06-02 00:03 . 2012-08-04 05:28 204288 ----a-w- c:\windows\system32\ncrypt.dll 2012-05-31 16:25 . 2010-04-02 13:36 237072 ------w- c:\windows\system32\MpSigStub.exe 2012-05-18 00:39 . 2012-05-18 00:39 16304 ------w- c:\windows\system32\apl003.sys 2012-08-04 08:51 . 2012-08-04 08:51 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{31ad400d-1b06-4e33-a59a-90c2c140cba0}] 2009-11-08 14:55 297808 ----a-w- c:\windows\System32\mscoree.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2011-07-04 11:43 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Akamai NetSession Interface"="c:\users\sheila\AppData\Local\Akamai\netsession_win.exe" [2012-05-26 4327744] "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-08-09 221184] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-11-17 3810304] "SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-03-16 483428] "dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-06-03 206064] "Anti-phishing Domain Advisor"="c:\programdata\Anti-phishing Domain Advisor\visicom_antiphishing.exe" [2011-07-29 217256] "AirMac Base Station Agent"="c:\program files\AirMac\APAgent.exe" [2009-11-11 771360] "MyFunCards_5m Browser Plugin Loader"="c:\progra~1\MYFUNC~2\bar\1.bin\5mbrmon.exe" [2012-04-05 30096] "Aeria Ignite"="c:\program files\Aeria Games\Ignite\aeriaignite.exe" [2012-05-24 1241184] "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-08-09 221184] "Info Center"="c:\program files\PCPitstop\Info Center\InfoCenter.exe" [2012-05-16 26816] "PC Pitstop PC Matic Reminder"="c:\program files\PCPitstop\PC Matic\Reminder-PCMatic.exe" [2012-05-16 325320] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920] . c:\users\sheila\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Digsby.lnk - c:\program files\Digsby\digsby.exe [2010-3-3 141488] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-09-03 18:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer] @="Service" . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk backup=c:\windows\pss\Adobe Gamma Loader.lnk.CommonStartup backupExtension=.CommonStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier] 2011-04-20 16:48 58656 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast5] 2011-07-04 11:43 3493720 ----a-w- c:\program files\Alwil Software\Avast5\AvastUI.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI] 2008-11-17 11:29 3810304 ----a-w- c:\windows\System32\WLTRAY.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ddoctorv2] 2008-04-24 17:25 202560 ----a-w- c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell Webcam Central] 2008-06-03 19:54 446635 ------w- c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dldnamon] 2008-03-17 21:29 16624 ----a-w- c:\program files\Dell V105\dldnamon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dldnmon.exe] 2008-03-17 21:29 668912 ----a-w- c:\program files\Dell V105\dldnmon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe] 2010-03-31 15:13 125952 ----a-w- c:\windows\ehome\ehtray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EvtMgr6] 2011-06-23 23:44 1386776 ----a-w- c:\program files\Logitech\SetPointP\SetPoint.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] 2012-06-16 02:13 116648 ----atw- c:\users\sheila\AppData\Local\Google\Update\GoogleUpdate.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds] 2009-02-26 17:57 173592 ----a-w- c:\windows\System32\hkcmd.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray] 2009-02-26 17:57 141848 ----a-w- c:\windows\System32\igfxtray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup] 2004-08-09 10:03 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)] 2011-06-16 11:55 6276408 ----a-w- c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Default Manager] 2009-07-17 15:12 288080 ----a-w- c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2008-07-14 18:33 570664 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence] 2009-02-26 17:57 150552 ----a-w- c:\windows\System32\igfxpers.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2011-07-05 22:36 421888 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar] 2009-04-11 06:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SightSpeed] 2009-06-19 16:25 4825976 ----a-w- c:\program files\Dell Video Chat\DellVideoChat.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmileboxTray] 2012-05-15 14:06 325448 ----a-w- c:\users\sheila\AppData\Roaming\Smilebox\SmileboxTray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2012-01-18 18:02 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware] 2011-10-07 02:49 2424192 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender] 2010-03-31 15:05 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe . R0 45083044;45083044;c:\windows\system32\drivers\07025176.sys [x] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x] S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\aestsrv.exe [x] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . Contents of the 'Scheduled Tasks' folder . 2012-08-05 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-27 07:20] . 2012-08-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-04-03 10:44] . 2012-08-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-04-03 10:44] . 2012-08-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2596339596-1792215834-1845895286-1000Core.job - c:\users\sheila\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-16 02:13] . 2012-08-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2596339596-1792215834-1845895286-1000UA.job - c:\users\sheila\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-16 02:13] . 2012-07-16 c:\windows\Tasks\Norton Security Scan for sheila.job - c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-04-16 04:51] . . ------- Supplementary Scan ------- . uStart Page = hxxp://yahoo.com/?ilc=10&fr=ydwnld-home/ mStart Page = hxxp://www.yahoo.com mWindow Title = Windows Internet Explorer provided by Comcast uInternet Settings,ProxyOverride = *.local;<local> IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\users\sheila\AppData\Roaming\Mozilla\Firefox\Profiles\iyyvcftz.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=protectff&ei=UTF-8&p= FF - prefs.js: browser.search.selectedEngine - Yahoo FF - prefs.js: browser.startup.homepage - hxxp://yahoo.com/?ilc=10&fr=ydwnld-home FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=protectawe&ei=UTF-8&p= FF - user.js: browser.search.defaultEngine - yahoo FF - user.js: browser.search.defaultenginename - yahoo FF - user.js: browser.search.selectedEngine - Yahoo FF - user.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=protectff&ei=UTF-8&p= FF - user.js: keyword.URL - hxxp://search.yahoo.com/search?fr=protectawe&ei=UTF-8&p= FF - user.js: browser.search.param.yahoo-fr - chrf-protectff FF - user.js: extensions.BabylonToolbar_i.newTab - false FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=109935&tt=171011_prot FF - user.js: extensions.BabylonToolbar_i.babExt - FF - user.js: extensions.BabylonToolbar_i.srcExt - ss FF - user.js: extensions.BabylonToolbar_i.id - e67b30d700000000000000225f19a80c FF - user.js: extensions.BabylonToolbar_i.hardId - e67b30d700000000000000225f19a80c FF - user.js: extensions.BabylonToolbar_i.instlDay - 15476 FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1716:38 FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar FF - user.js: extensions.BabylonToolbar_i.aflt - babsst FF - user.js: extensions.BabylonToolbar_i.smplGrp - none FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9 FF - user.js: extensions.BabylonToolbar_i.instlRef - sst FF - user.js: extensions.funmoods.hmpg - false FF - user.js: extensions.funmoods.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=axl&chnl=axl&cd=2XzutAtN2Y1L1QzutDtDtBtByD0FtCzy0AzztD0CtAtD0DyBtN0D0TzutBtDtCtBtDyDtByC&cr=1914641341 FF - user.js: extensions.funmoods.dfltSrch - false FF - user.js: extensions.funmoods.srchPrvdr - Search FF - user.js: extensions.funmoods.dnsErr - true FF - user.js: extensions.funmoods_i.newTab - false FF - user.js: extensions.funmoods.newTabUrl - hxxp://start.funmoods.com/?f=2&a=axl&chnl=axl&cd=2XzutAtN2Y1L1QzutDtDtBtByD0FtCzy0AzztD0CtAtD0DyBtN0D0TzutBtDtCtBtDyDtByC&cr=1914641341 FF - user.js: extensions.funmoods.tlbrSrchUrl - FF - user.js: extensions.funmoods.id - e67b30d700000000000000225f19a80c FF - user.js: extensions.funmoods.instlDay - 15486 FF - user.js: extensions.funmoods.vrsn - 1.5.23.22 FF - user.js: extensions.funmoods.vrsni - 1.5.23.22 FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.23.2218:37:9 FF - user.js: extensions.funmoods.prtnrId - funmoods FF - user.js: extensions.funmoods.prdct - funmoods FF - user.js: extensions.funmoods.aflt - axl FF - user.js: extensions.funmoods_i.smplGrp - none FF - user.js: extensions.funmoods.tlbrId - base FF - user.js: extensions.funmoods.instlRef - axl FF - user.js: extensions.funmoods.dfltLng - FF - user.js: extensions.funmoods.excTlbr - false FF - user.js: extensions.funmoods.autoRvrt - false FF - user.js: extensions.funmoods.envrmnt - production FF - user.js: extensions.funmoods.isdcmntcmplt - true FF - user.js: extensions.funmoods.mntrvrsn - 1.3.0 FF - user.js: extensions.incredibar_i.newTab - false FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6PQABM6TI6&loc=IB_TB&i=26&search= FF - user.js: extensions.incredibar_i.id - e67b30d700000000000000225f19a80c FF - user.js: extensions.incredibar_i.instlDay - 15507 FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14 FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14 FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1423:05 FF - user.js: extensions.incredibar_i.prtnrId - Incredibar FF - user.js: extensions.incredibar_i.prdct - incredibar FF - user.js: extensions.incredibar_i.aflt - orgnl FF - user.js: extensions.incredibar_i.smplGrp - none FF - user.js: extensions.incredibar_i.tlbrId - base FF - user.js: extensions.incredibar_i.instlRef - FF - user.js: extensions.incredibar_i.dfltLng - FF - user.js: extensions.incredibar_i.excTlbr - false FF - user.js: extensions.incredibar_i.ms_url_id - FF - user.js: extensions.incredibar_i.upn2 - 6PQABM6TI6 FF - user.js: extensions.incredibar_i.upn2n - 92543068038237882 FF - user.js: extensions.incredibar_i.productid - 26 FF - user.js: extensions.incredibar_i.installerproductid - 26 FF - user.js: extensions.incredibar_i.did - 10665 FF - user.js: extensions.incredibar_i.ppd - FF - user.js: extentions.y2layers.installId - 86beee56-1272-479b-8b52-ed5a005d92bf FF - user.js: extentions.y2layers.defaultEnableAppsList - pagerage,ezLooker,buzzdock,toprelatedtopics,twittube FF - user.js: extensions.autoDisableScopes - 14 user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0); . - - - - ORPHANS REMOVED - - - - . URLSearchHooks-{f4c28532-b9d0-4950-a2df-e83f9929242b} - c:\program files\MyFunCards_5m\bar\1.bin\5mSrcAs.dll WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file) HKLM-Run-SearchSettings - c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe SafeBoot-45083044.sys SafeBoot-56671536.sys MSConfigStartUp-Adobe ARM - c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe MSConfigStartUp-ComcastAntispyClient - c:\program files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe MSConfigStartUp-DailyBibleGuideIE Browser Plugin Loader - c:\progra~1\DAILYB~2\bar\1.bin\elbrmon.exe MSConfigStartUp-DriverFinder - c:\program files\DriverFinder\DriverFinder.exe MSConfigStartUp-iTunesHelper - c:\program files\iTunes\iTunesHelper.exe MSConfigStartUp-msnmsgr - c:\program files\Windows Live\Messenger\msnmsgr.exe MSConfigStartUp-My Web Search Bar Search Scope Monitor - c:\progra~1\MYWEBS~1\bar\2.bin\m3SrchMn.exe MSConfigStartUp-MyWebSearch Email Plugin - c:\progra~1\MYWEBS~1\bar\2.bin\mwsoemon.exe AddRemove-ComcastHSI - c:\program files\support.com\uninstall\chsi_uninstaller.exe AddRemove-Funmoods Web Search - c:\progra~1\Funmoods\1.5.23.22\uninstall.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-08-06 08:19 Windows 6.0.6002 Service Pack 2 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\N360] "ImagePath"="\"c:\program files\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\5.2.2.3\diMaster.dll\" /prefetch:1" -- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\PCCUJobMgr] "ImagePath"="\"c:\program files\Norton PC Checkup\Engine\2.0.12.27\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files\Norton PC Checkup\Engine\2.0.12.27\diMaster.dll\" /prefetch:1" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\PCD5SRVC{3F6A8B78-EC003E00-05040104}] "ImagePath"="\??\c:\progra~1\DELLSU~1\HWDiag\bin\PCD5SRVC.pkms" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions] @Denied: (2) (LocalSystem) "{9D425283-D487-4337-BAB6-AB8354A81457}"=hex:51,66,7a,6c,4c,1d,38,12,ed,51,51, 99,b5,9a,59,06,c5,a0,e8,c3,51,f6,50,43 "{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"=hex:51,66,7a,6c,4c,1d,38,12,8d,ec,f8, 7b,2b,25,27,06,e7,c4,bc,f0,98,15,0d,de "{EF99BD32-C1FB-11D2-892F-0090271D4F88}"=hex:51,66,7a,6c,4c,1d,38,12,5c,be,8a, eb,c9,8f,bc,54,f6,39,43,d0,22,43,0b,9c "{02478D38-C3F9-4EFB-9B51-7695ECA05670}"=hex:51,66,7a,6c,4c,1d,38,12,56,8e,54, 06,cb,8d,95,0b,e4,47,35,d5,e9,fe,12,64 "{2EECD738-5844-4A99-B4B6-146BF802613B}"=hex:51,66,7a,6c,4c,1d,38,12,56,d4,ff, 2a,76,16,f7,0f,cb,a0,57,2b,fd,5c,25,2f "{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}"=hex:51,66,7a,6c,4c,1d,38,12,60,d8,39, 64,cd,04,79,07,f5,b7,d6,9a,c1,81,e0,1c "{6D53EC84-6AAE-4787-AEEE-F4628F01010C}"=hex:51,66,7a,6c,4c,1d,38,12,ea,ef,40, 69,9c,24,e9,02,d1,f8,b7,22,8a,5f,45,18 "{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07, 72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57 "{8A86D350-37AB-410A-8531-7D1363F317B3}"=hex:51,66,7a,6c,4c,1d,38,12,3e,d0,95, 8e,99,79,64,04,fa,27,3e,53,66,ad,53,a7 "{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23, 94,30,02,d1,0f,f1,da,12,24,73,56,27,d2 "{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93, aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83 "{CA4520F3-AE13-4FB1-A513-58E23991C86D}"=hex:51,66,7a,6c,4c,1d,38,12,9d,23,56, ce,21,e0,df,0a,da,05,1b,a2,3c,cf,8c,79 "{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db, df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd "{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}"=hex:51,66,7a,6c,4c,1d,38,12,70,05,61, f9,ec,d1,23,0d,da,9c,48,eb,44,0f,8e,cc "{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}"=hex:51,66,7a,6c,4c,1d,38,12,cf,4e,be, f9,90,2f,b6,0a,e3,01,c5,b7,a9,7a,14,95 "{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}"=hex:51,66,7a,6c,4c,1d,38,12,35,fc,e1, 93,3e,68,a1,09,fc,5c,6e,9a,4b,77,a7,8a "{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16, fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17 "{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9, b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b "{336D0C35-8A85-403a-B9D2-65C292C39087}"=hex:51,66,7a,6c,4c,1d,3b,1b,08,d2,77, 68,82,e9,5d,3d,9d,e9,17,af,ad,b0,e5,ab . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration] @Denied: (2) (LocalSystem) "Timestamp"=hex:d1,03,ad,e3,bd,33,cd,01 . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,52,a5,3e,c0,23,2e,15,48,94,37,2c,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,52,a5,3e,c0,23,2e,15,48,94,37,2c,\ . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'Explorer.exe'(1608) c:\program files\Norton Security Suite\Engine\5.2.2.3\buShell.dll c:\windows\Microsoft.NET\Framework\v4.0.30319\clr.dll . ------------------------ Other Running Processes ------------------------ . c:\progra~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE c:\windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\STacSV.exe c:\windows\System32\WLTRYSVC.EXE c:\windows\System32\bcmwltry.exe c:\program files\Alwil Software\Avast5\AvastSvc.exe c:\windows\system32\WLANExt.exe c:\program files\Bonjour\mDNSResponder.exe c:\windows\system32\dldncoms.exe c:\program files\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe c:\program files\Norton PC Checkup\Engine\2.0.12.27\ccSvcHst.exe c:\program files\Comcast\Desktop Doctor\bin\sprtsvc.exe c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe c:\windows\system32\DllHost.exe c:\program files\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe c:\program files\Norton PC Checkup\Engine\2.0.12.27\ccSvcHst.exe c:\program files\IObit\Game Booster 3\gbtray.exe c:\windows\system32\igfxsrvc.exe c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe c:\program files\Norton PC Checkup\Engine\2.0.12.27\SymcPCCULaunchSvc.exe c:\program files\Dell Support Center\bin\sprtsvc.exe c:\program files\Windows Media Player\wmpnscfg.exe c:\program files\Windows Media Player\wmpnetwk.exe . ************************************************************************** . Completion time: 2012-08-06 08:29:59 - machine was rebooted ComboFix-quarantined-files.txt 2012-08-06 12:29 . Pre-Run: 193,192,067,072 bytes free Post-Run: 184,391,561,216 bytes free . - - End Of File - - DBE770E42F00C8B85A184816DAA0CCB8
  14. AVG and Norton Security Suite kept requesting neccessary actions for some infected files. I'll attach those logs later if you need them. DDS Log DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31 Run by sheila at 22:09:14 on 2012-08-05 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3573.1947 [GMT -4:00] . AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\PROGRA~1\AVG\AVG2012\avgrsx.exe C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\STacSV.exe C:\Program Files\AVG\AVG2012\avgcsrvx.exe C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\WLTRYSVC.EXE C:\Windows\system32\WLANExt.exe C:\Windows\System32\bcmwltry.exe C:\Program Files\Alwil Software\Avast5\AvastSvc.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\taskeng.exe C:\Program Files\IObit\Game Booster 3\gbtray.exe C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\aestsrv.exe C:\Program Files\AVG\AVG2012\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\system32\dldncoms.exe C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe C:\Program Files\Norton PC Checkup\Engine\2.0.12.27\ccSvcHst.exe C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe C:\Program Files\AVG\AVG2012\avgnsx.exe C:\Program Files\AVG\AVG2012\avgemcx.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.1.5\ToolbarUpdater.exe C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\SearchIndexer.exe C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\Program Files\AVG\AVG2012\avgidsagent.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\Norton PC Checkup\Engine\2.0.12.27\ccSvcHst.exe C:\Windows\System32\WLTRAY.EXE C:\Program Files\IDT\WDM\sttray.exe C:\Program Files\Dell Support Center\bin\sprtcmd.exe C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe C:\Program Files\AirMac\APAgent.exe C:\Program Files\MyFunCards_5m\bar\1.bin\5mbrmon.exe C:\Program Files\Aeria Games\Ignite\aeriaignite.exe C:\Program Files\AVG\AVG2012\avgtray.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\AVG Secure Search\vprot.exe C:\Program Files\PCPitstop\Info Center\InfoCenter.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Users\sheila\AppData\Local\Akamai\netsession_win.exe C:\Program Files\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe C:\Windows\system32\DllHost.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Users\sheila\AppData\Local\Google\Update\1.3.21.115\GoogleCrashHandler.exe C:\Users\sheila\AppData\Local\Akamai\netsession_win.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\SearchProtocolHost.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Norton PC Checkup\Engine\2.0.12.27\SymcPCCULaunchSvc.exe C:\Program Files\Dell Support Center\bin\sprtsvc.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://yahoo.com/?ilc=10&fr=ydwnld-home/ uWindow Title = Windows Internet Explorer provided by Comcast mStart Page = hxxp://www.yahoo.com mDefault_Page_URL = hxxp://www.yahoo.com mWindow Title = Windows Internet Explorer provided by Comcast uInternet Settings,ProxyOverride = *.local;<local> uURLSearchHooks: IObit Toolbar: {0bda0769-fd72-49f4-9266-e1fb004f4d8f} - c:\program files\iobit toolbar\ie\5.6\iobitToolbarIE.dll uURLSearchHooks: H - No File uURLSearchHooks: N/A: {f4c28532-b9d0-4950-a2df-e83f9929242b} - c:\program files\myfuncards_5m\bar\1.bin\5mSrcAs.dll mURLSearchHooks: N/A: {f4c28532-b9d0-4950-a2df-e83f9929242b} - c:\program files\myfuncards_5m\bar\1.bin\5mSrcAs.dll mURLSearchHooks: YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll BHO: IObit Toolbar: {0bda0769-fd72-49f4-9266-e1fb004f4d8f} - c:\program files\iobit toolbar\ie\5.6\iobitToolbarIE.dll BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - c:\program files\avg\avg2012\avgdtiex.dll BHO: Messenger Plus! Community SmartbarEngine: {31ad400d-1b06-4e33-a59a-90c2c140cba0} - mscoree.dll BHO: Web Assistant: {336d0c35-8a85-403a-b9d2-65c292c39087} - c:\program files\web assistant\Extension32.dll BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton security suite\engine\5.2.2.3\coIEPlg.dll BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton security suite\engine\5.2.2.3\ips\IPSBHO.DLL BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\12.1.0.21\AVG Secure Search_toolbar.dll BHO: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll TB: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton security suite\engine\5.2.2.3\coIEPlg.dll TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll TB: Messenger Plus! Community Smartbar: {ae07101b-46d4-4a98-af68-0333ea26e113} - mscoree.dll TB: IObit Toolbar: {0bda0769-fd72-49f4-9266-e1fb004f4d8f} - c:\program files\iobit toolbar\ie\5.6\iobitToolbarIE.dll TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\12.1.0.21\AVG Secure Search_toolbar.dll TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File {e7df6bff-55a5-4eb7-a673-4ed3e9456d39} uRun: [Akamai NetSession Interface] "c:\users\sheila\appdata\local\akamai\netsession_win.exe" uRun: [Google Update] "c:\users\sheila\appdata\local\google\update\GoogleUpdate.exe" /c uRun: [iSUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup mRun: [broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe mRun: [sysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter mRun: [Anti-phishing Domain Advisor] "c:\programdata\anti-phishing domain advisor\visicom_antiphishing.exe" mRun: [AirMac Base Station Agent] "c:\program files\airmac\APAgent.exe" mRun: [MyFunCards_5m Browser Plugin Loader] c:\progra~1\myfunc~2\bar\1.bin\5mbrmon.exe mRun: [<NO NAME>] mRun: [searchSettings] "c:\program files\common files\spigot\search settings\SearchSettings.exe" mRun: [Aeria Ignite] "c:\program files\aeria games\ignite\aeriaignite.exe" silent mRun: [iSUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe" mRun: [vProt] "c:\program files\avg secure search\vprot.exe" mRun: [info Center] c:\program files\pcpitstop\info center\InfoCenter.exe mRun: [PC Pitstop PC Matic Reminder] c:\program files\pcpitstop\pc matic\Reminder-PCMatic.exe mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray StartupFolder: c:\users\sheila\appdata\roaming\micros~1\windows\startm~1\programs\startup\digsby.lnk - c:\program files\digsby\digsby.exe mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files\avg\avg2012\avgdtiex.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL LSP: mswsock.dll DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} - hxxp://utilities.pcpitstop.com/Exterminate2/pcpitstopAntiVirus.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{4AA34806-31D2-46B3-BB14-BF33709D5CA6} : DhcpNameServer = 192.168.1.1 Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\12.1.5\ViProtocol.dll Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll Notify: igfxcui - igfxdev.dll SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL . ================= FIREFOX =================== . FF - ProfilePath - c:\users\sheila\appdata\roaming\mozilla\firefox\profiles\iyyvcftz.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=protectff&ei=UTF-8&p= FF - prefs.js: browser.search.selectedEngine - AVG Secure Search FF - prefs.js: browser.startup.homepage - hxxp://yahoo.com/?ilc=10&fr=ydwnld-home FF - prefs.js: keyword.URL - hxxps://isearch.avg.com/search?cid=%7Bd45d6b46-cdab-4304-9d2e-f564c2d1295c%7D&mid=49203be05ad843ac95931df41e95a489-1a71e38da43c7be14eed47335abb07994792215d&ds=AVG&v=12.1.0.21〈=en&pr=fr&d=2012-08-04%2000%3A10%3A39&sap=ku&q= FF - component: c:\program files\microsoft\search enhancement pack\search helper\firefoxextension\searchhelperextension\components\SEPsearchhelperff.dll FF - plugin: c:\progra~1\meadco~1\npmeadax.dll FF - plugin: c:\program files\common files\avg secure search\sitesafetyinstaller\12.1.5\npsitesafety.dll FF - plugin: c:\program files\foxit software\foxit reader\plugins\npFoxitReaderPlugin.dll FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll FF - plugin: c:\users\sheila\appdata\local\google\update\1.3.21.115\npGoogleUpdate3.dll FF - plugin: c:\users\sheila\appdata\local\yahoo!\browserplus\2.9.8\plugins\npybrowserplus_2.9.8.dll FF - plugin: c:\users\sheila\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_270.dll . ---- FIREFOX POLICIES ---- . FF - user.js: browser.search.defaultEngine - yahoo FF - user.js: browser.search.defaultenginename - yahoo FF - user.js: browser.search.selectedEngine - Yahoo FF - user.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=protectff&ei=UTF-8&p= FF - user.js: keyword.URL - hxxp://search.yahoo.com/search?fr=protectawe&ei=UTF-8&p= FF - user.js: browser.search.param.yahoo-fr - chrf-protectff FF - user.js: extensions.BabylonToolbar_i.newTab - false FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=109935&tt=171011_prot FF - user.js: extensions.BabylonToolbar_i.babExt - FF - user.js: extensions.BabylonToolbar_i.srcExt - ss FF - user.js: extensions.BabylonToolbar_i.id - e67b30d700000000000000225f19a80c FF - user.js: extensions.BabylonToolbar_i.hardId - e67b30d700000000000000225f19a80c FF - user.js: extensions.BabylonToolbar_i.instlDay - 15476 FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1716:38:01 FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar FF - user.js: extensions.BabylonToolbar_i.aflt - babsst FF - user.js: extensions.BabylonToolbar_i.smplGrp - none FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9 FF - user.js: extensions.BabylonToolbar_i.instlRef - sst FF - user.js: extensions.funmoods.hmpg - false FF - user.js: extensions.funmoods.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=axl&chnl=axl&cd=2XzutAtN2Y1L1QzutDtDtBtByD0FtCzy0AzztD0CtAtD0DyBtN0D0TzutBtDtCtBtDyDtByC&cr=1914641341 FF - user.js: extensions.funmoods.dfltSrch - false FF - user.js: extensions.funmoods.srchPrvdr - Search FF - user.js: extensions.funmoods.dnsErr - true FF - user.js: extensions.funmoods_i.newTab - false FF - user.js: extensions.funmoods.newTabUrl - hxxp://start.funmoods.com/?f=2&a=axl&chnl=axl&cd=2XzutAtN2Y1L1QzutDtDtBtByD0FtCzy0AzztD0CtAtD0DyBtN0D0TzutBtDtCtBtDyDtByC&cr=1914641341 FF - user.js: extensions.funmoods.tlbrSrchUrl - FF - user.js: extensions.funmoods.id - e67b30d700000000000000225f19a80c FF - user.js: extensions.funmoods.instlDay - 15486 FF - user.js: extensions.funmoods.vrsn - 1.5.23.22 FF - user.js: extensions.funmoods.vrsni - 1.5.23.22 FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.23.2218:37:9 FF - user.js: extensions.funmoods.prtnrId - funmoods FF - user.js: extensions.funmoods.prdct - funmoods FF - user.js: extensions.funmoods.aflt - axl FF - user.js: extensions.funmoods_i.smplGrp - none FF - user.js: extensions.funmoods.tlbrId - base FF - user.js: extensions.funmoods.instlRef - axl FF - user.js: extensions.funmoods.dfltLng - FF - user.js: extensions.funmoods.excTlbr - false FF - user.js: extensions.funmoods.autoRvrt - false FF - user.js: extensions.funmoods.envrmnt - production FF - user.js: extensions.funmoods.isdcmntcmplt - true FF - user.js: extensions.funmoods.mntrvrsn - 1.3.0 FF - user.js: extensions.incredibar_i.newTab - false FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6PQABM6TI6&loc=IB_TB&i=26&search= FF - user.js: extensions.incredibar_i.id - e67b30d700000000000000225f19a80c FF - user.js: extensions.incredibar_i.instlDay - 15507 FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14 FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14 FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1423:05:08 FF - user.js: extensions.incredibar_i.prtnrId - Incredibar FF - user.js: extensions.incredibar_i.prdct - incredibar FF - user.js: extensions.incredibar_i.aflt - orgnl FF - user.js: extensions.incredibar_i.smplGrp - none FF - user.js: extensions.incredibar_i.tlbrId - base FF - user.js: extensions.incredibar_i.instlRef - FF - user.js: extensions.incredibar_i.dfltLng - FF - user.js: extensions.incredibar_i.excTlbr - false FF - user.js: extensions.incredibar_i.ms_url_id - FF - user.js: extensions.incredibar_i.upn2 - 6PQABM6TI6 FF - user.js: extensions.incredibar_i.upn2n - 92543068038237882 FF - user.js: extensions.incredibar_i.productid - 26 FF - user.js: extensions.incredibar_i.installerproductid - 26 FF - user.js: extensions.incredibar_i.did - 10665 FF - user.js: extensions.incredibar_i.ppd - . FF - user.js: extentions.y2layers.installId - 86beee56-1272-479b-8b52-ed5a005d92bf FF - user.js: extentions.y2layers.defaultEnableAppsList - pagerage,ezLooker,buzzdock,toprelatedtopics,twittube . FF - user.js: extensions.autoDisableScopes - 14 user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0); ============= SERVICES / DRIVERS =============== . R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 24896] R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-1-31 31952] R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0502020.003\symds.sys [2012-7-16 340088] R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0502020.003\symefa.sys [2012-7-16 744568] R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-5-26 441176] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-12-23 309848] R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-2-22 235216] R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-12-23 41040] R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-3-19 301248] R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2012-8-4 27496] R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\bashdefs\20120711.002\BHDrvx86.sys [2012-7-12 821920] R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\ipsdefs\20120803.002\IDSvix86.sys [2012-8-3 382624] R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2010-1-5 12872] R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-1-5 67656] R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0502020.003\ironx86.sys [2012-7-16 136312] R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\n360\0502020.003\symtdiv.sys [2012-7-16 331384] R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_f6ef8056\AEstSrv.exe [2011-9-6 81920] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-12-23 19544] R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-12-23 54104] R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-12-23 42184] R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\avgidsagent.exe [2012-7-4 5160568] R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2012-2-14 193288] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] R2 dldn_device;dldn_device;c:\windows\system32\dldncoms.exe -service --> c:\windows\system32\dldncoms.exe -service [?] R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2010-3-31 21504] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-8-4 655944] R2 N360;Norton Security Suite;c:\program files\norton security suite\engine\5.2.2.3\ccsvchst.exe [2012-7-16 130008] R2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files\norton pc checkup\engine\2.0.12.27\SymcPCCULaunchSvc.exe [2011-9-6 135608] R2 PCCUJobMgr;Common Client Job Manager Service;c:\program files\norton pc checkup\engine\2.0.12.27\ccSvcHst.exe [2011-9-6 126392] R2 SpyHunter 4 Service;SpyHunter 4 Service;c:\progra~1\enigma~1\spyhun~1\SH4SER~1.EXE [2012-7-11 763840] R2 vToolbarUpdater12.1.5;vToolbarUpdater12.1.5;c:\program files\common files\avg secure search\vtoolbarupdater\12.1.5\ToolbarUpdater.exe [2012-8-4 830048] R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [2008-10-16 482176] R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 139856] R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [2011-12-23 24144] R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 17232] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-8-3 106656] R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-9-22 112128] R3 itecir;ITECIR Infrared Receiver;c:\windows\system32\drivers\itecir.sys [2010-3-8 62496] R3 k57nd60x;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\k57nd60x.sys [2008-1-29 203264] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-8-4 22344] R3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\drivers\OA001Ufd.sys [2010-4-2 133632] R3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\drivers\OA001Vid.sys [2010-4-2 280096] R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] S2 dldnCATSCustConnectService;dldnCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\dldnserv.exe [2008-3-4 99568] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-4-3 135664] S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-6-7 160944] S2 Web Assistant Updater;Web Assistant Updater;c:\program files\web assistant\extensionupdaterservice.exe --> c:\program files\web assistant\ExtensionUpdaterService.exe [?] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-6-26 250056] S3 apf001;apf001;c:\windows\system32\apf001.sys [2012-1-20 10872] S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-4-3 135664] S3 PCD5SRVC{3F6A8B78-EC003E00-05040104};PCD5SRVC{3F6A8B78-EC003E00-05040104} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\dellsu~1\hwdiag\bin\PCD5SRVC.pkms [2008-11-4 22904] S3 PTDMBus;PANTECH USB Modem Composite Device Driver ;c:\windows\system32\drivers\PTDMBus.sys [2010-4-9 55056] S3 PTDMMdm;PANTECH USB Modem Drivers ;c:\windows\system32\drivers\PTDMMdm.sys [2010-4-9 160912] S3 PTDMVsp;PANTECH USB Modem Serial Port ;c:\windows\system32\drivers\PTDMVsp.sys [2010-4-9 160912] S3 PTDMWFLT;PTDMWWAN Filter Driver;c:\windows\system32\drivers\PTDMWFLT.sys [2010-4-9 13456] S3 PTDMWWAN;PANTECH USB Modem WWAN Driver;c:\windows\system32\drivers\PTDMWWAN.sys [2010-4-9 118800] S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-1-5 12872] S4 Application Updater;Application Updater;c:\program files\application updater\ApplicationUpdater.exe [2012-4-23 785304] S4 ATService;AuthenTec Fingerprint Service;c:\program files\fingerprint sensor\AtService.exe [2008-10-16 1668344] S4 MyFunCards_5mService;MyFunCardsService;c:\progra~1\myfunc~2\bar\1.bin\5mbarsvc.exe [2012-4-4 42528] . =============== Created Last 30 ================ . 2012-08-05 00:27:41 -------- d-----w- c:\program files\PCPitstop 2012-08-05 00:11:33 -------- d-----w- c:\programdata\Sophos 2012-08-05 00:10:23 73728 ----a-r- c:\users\sheila\appdata\roaming\microsoft\installer\{b829e117-d072-41ea-9606-9826a38d34c1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe 2012-08-05 00:10:22 73728 ----a-r- c:\users\sheila\appdata\roaming\microsoft\installer\{b829e117-d072-41ea-9606-9826a38d34c1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe 2012-08-05 00:10:22 73728 ----a-r- c:\users\sheila\appdata\roaming\microsoft\installer\{b829e117-d072-41ea-9606-9826a38d34c1}\ARPPRODUCTICON.exe 2012-08-05 00:09:58 -------- d-----w- c:\program files\Sophos 2012-08-04 23:47:47 -------- d-----w- c:\users\sheila\appdata\roaming\Malwarebytes 2012-08-04 23:47:40 -------- d-----w- c:\programdata\Malwarebytes 2012-08-04 23:47:38 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-08-04 23:47:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-08-04 12:03:14 -------- d-----w- C:\TDSSKiller_Quarantine 2012-08-04 08:57:31 110080 ----a-r- c:\users\sheila\appdata\roaming\microsoft\installer\{cc1f6da0-21d2-425a-b1b6-5b164a598450}\IconF7A21AF7.exe 2012-08-04 08:57:31 110080 ----a-r- c:\users\sheila\appdata\roaming\microsoft\installer\{cc1f6da0-21d2-425a-b1b6-5b164a598450}\IconD7F16134.exe 2012-08-04 08:57:31 110080 ----a-r- c:\users\sheila\appdata\roaming\microsoft\installer\{cc1f6da0-21d2-425a-b1b6-5b164a598450}\IconCF33A0CE.exe 2012-08-04 08:57:26 -------- d-----w- C:\sh4ldr 2012-08-04 08:57:26 -------- d-----w- c:\program files\Enigma Software Group 2012-08-04 08:56:54 -------- d-----w- c:\windows\CC1F6DA021D2425AB1B65B164A598450.TMP 2012-08-04 08:51:09 73696 ----a-w- c:\program files\mozilla firefox\breakpadinjector.dll 2012-08-04 08:51:09 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll 2012-08-04 08:51:09 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll 2012-08-04 08:51:09 18912 ----a-w- c:\program files\mozilla firefox\AccessibleMarshal.dll 2012-08-04 08:51:09 118240 ----a-w- c:\program files\mozilla firefox\crashreporter.exe 2012-08-04 08:51:08 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll 2012-08-04 05:28:02 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2012-08-04 05:28:02 278528 ----a-w- c:\windows\system32\schannel.dll 2012-08-04 05:28:02 204288 ----a-w- c:\windows\system32\ncrypt.dll 2012-08-04 04:32:03 -------- d-----w- c:\users\sheila\appdata\roaming\AVG2012 2012-08-04 04:10:30 27496 ----a-w- c:\windows\system32\drivers\avgtpx86.sys 2012-08-04 04:09:29 -------- d-----w- c:\program files\AVG Secure Search 2012-08-04 04:04:37 -------- d-----w- c:\windows\system32\drivers\AVG 2012-08-04 03:41:43 2422272 ----a-w- c:\windows\system32\wucltux.dll 2012-08-04 03:40:33 6891424 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{39b4c142-238b-4852-bcd4-4593264c2630}\mpengine.dll 2012-08-04 03:40:33 33792 ----a-w- c:\windows\system32\wuapp.exe 2012-08-04 03:40:33 171904 ----a-w- c:\windows\system32\wuwebv.dll 2012-08-04 02:36:49 -------- d-----w- c:\programdata\DriverGenius 2012-08-04 02:36:14 -------- d-----w- c:\program files\Driver-Soft 2012-08-03 08:22:11 -------- d-----w- c:\windows\system32\wbem\repository 2012-08-03 08:20:33 -------- d-----w- c:\windows\Registration 2012-08-03 06:43:36 -------- d-----w- c:\users\sheila\appdata\roaming\iolo 2012-08-03 06:43:36 -------- d-----w- c:\programdata\iolo 2012-08-03 06:29:10 -------- d-----w- c:\users\sheila\appdata\roaming\Qwiklinx 2012-08-03 06:29:10 -------- d-----w- c:\program files\Qwiklinx 2012-08-03 06:28:15 -------- d-----w- c:\program files\Shop to Win 36 2012-08-03 06:28:14 -------- d-----w- c:\program files\BabylonToolbar 2012-08-03 06:28:04 -------- d-----w- c:\users\sheila\appdata\local\Wajam 2012-08-03 06:27:54 -------- d-----w- c:\users\sheila\appdata\roaming\RadarSync 2012-08-03 06:27:54 -------- d-----w- c:\program files\Wajam 2012-08-03 06:19:46 -------- d-----w- c:\program files\Driver Checker 2012-08-03 05:03:44 -------- d-----w- c:\users\sheila\appdata\local\ElevatedDiagnostics 2012-08-03 04:53:29 -------- d-----w- c:\programdata\RegAce 2012-08-03 04:53:16 -------- d-----w- c:\users\sheila\appdata\local\APN 2012-08-03 04:41:55 -------- d-----w- c:\program files\Fix RegCleaner 2012-08-01 22:48:29 -------- d-----w- c:\windows\system32\%APPDATA% 2012-07-31 21:54:39 -------- d-----w- c:\users\sheila\appdata\local\AVG Secure Search 2012-07-31 21:54:23 -------- d-----w- c:\programdata\AVG Secure Search 2012-07-31 21:54:10 -------- d-----w- c:\program files\common files\AVG Secure Search 2012-07-31 21:53:24 -------- d-----w- C:\$AVG 2012-07-31 21:53:23 -------- d-----w- c:\programdata\AVG2012 2012-07-31 21:52:51 -------- d-----w- c:\program files\AVG 2012-07-31 21:50:58 -------- d-----w- c:\programdata\MFAData 2012-07-31 20:44:51 -------- d-----w- c:\program files\Promosoft Corporation 2012-07-31 20:36:05 -------- d-----w- c:\users\sheila\appdata\roaming\YourFileDownloader 2012-07-31 20:20:46 -------- d-----w- c:\users\sheila\appdata\roaming\SpeedyPC Software 2012-07-31 20:20:46 -------- d-----w- c:\users\sheila\appdata\roaming\DriverCure 2012-07-31 20:20:42 -------- d-----w- c:\program files\common files\SpeedyPC Software 2012-07-31 20:20:41 -------- d-----w- c:\programdata\SpeedyPC Software 2012-07-31 20:20:41 -------- d-----w- c:\program files\SpeedyPC Software 2012-07-31 09:51:40 -------- d-----w- c:\users\sheila\appdata\roaming\IObit 2012-07-31 09:44:28 -------- d-----w- c:\users\sheila\appdata\local\Promosoft Corporation 2012-07-16 19:51:23 331384 ----a-w- c:\windows\system32\drivers\n360\0502020.003\symtdiv.sys 2012-07-16 19:51:23 299640 ----a-w- c:\windows\system32\drivers\n360\0502020.003\symnets.sys 2012-07-16 19:51:22 744568 ----a-w- c:\windows\system32\drivers\n360\0502020.003\symefa.sys 2012-07-16 19:51:22 516216 ----a-w- c:\windows\system32\drivers\n360\0502020.003\srtsp.sys 2012-07-16 19:51:22 50168 ----a-w- c:\windows\system32\drivers\n360\0502020.003\srtspx.sys 2012-07-16 19:51:22 340088 ----a-w- c:\windows\system32\drivers\n360\0502020.003\symds.sys 2012-07-16 19:51:21 136312 ----a-r- c:\windows\system32\drivers\n360\0502020.003\ironx86.sys 2012-07-16 19:50:31 -------- d-----w- c:\windows\system32\drivers\n360\0502020.003 2012-07-13 11:00:08 192592 ----a-w- c:\program files\mozilla firefox\maintenanceservice_installer.exe 2012-07-13 11:00:08 114144 ----a-w- c:\program files\mozilla firefox\maintenanceservice.exe 2012-07-13 11:00:07 770384 ----a-w- c:\program files\mozilla firefox\msvcr100.dll 2012-07-13 11:00:07 421200 ----a-w- c:\program files\mozilla firefox\msvcp100.dll 2012-07-12 08:57:30 -------- d-----w- c:\program files\x86 2012-07-12 08:55:18 -------- d-----w- c:\program files\OApps 2012-07-12 08:55:15 -------- d-----w- c:\program files\TorrentSearch 2012-07-12 08:54:49 -------- d-----w- c:\users\sheila\Xoliul Shader 2012-07-12 08:54:00 -------- d-----w- c:\program files\intellidownload 2012-07-10 17:37:14 184886 ----a-w- C:\torrent.exe 2012-07-10 13:04:40 -------- d-----w- c:\users\sheila\appdata\local\Aeria Games 2012-07-10 13:03:31 -------- d-----w- c:\programdata\Aeria Games 2012-07-10 12:49:28 -------- d-sh--w- c:\windows\system32\AI_RecycleBin 2012-07-10 12:49:22 -------- d-----w- c:\program files\Aeria Games 2012-07-10 08:46:47 -------- d-----w- C:\New Folder . ==================== Find3M ==================== . 2012-08-04 07:20:21 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-08-04 07:20:21 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-05-31 16:25:14 237072 ------w- c:\windows\system32\MpSigStub.exe 2012-05-18 00:39:20 16304 ------w- c:\windows\system32\apl003.sys . ============= FINISH: 22:15:47.28 =============== unhide file Processing the C:\ drive Finished processing the C:\ drive. 244116 files processed. The C:\Users\sheila\AppData\Local\Temp\smtmp\ folder does not exist!! Unhide cannot restore your missing shortcuts!! Please see this topic in order to learn how to restore default Start Menu shortcuts: http://www.bleepingcomputer.com/forums/topic405109.html Searching for Windows Registry changes made by FakeHDD rogues. - Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer - Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer - Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System - Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop - Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced No registry changes detected. Restarting Explorer.exe in order to apply changes. Program finished at: 08/05/2012 09:43:46 AM Execution time: 0 hours(s), 13 minute(s), and 51 seconds(s) Database version: v2012.08.05.08 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 sheila :: SHEILA-PC [administrator] Protection: Enabled 8/5/2012 8:46:27 PM mbam-log-2012-08-05 (20-46-27).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 208933 Time elapsed: 28 minute(s), 49 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 9 HKCR\bho_project.bho_object (Trojan.BHO) -> Quarantined and deleted successfully. HKCR\bho_project.bho_object.1 (Trojan.BHO) -> Quarantined and deleted successfully. HKCU\SOFTWARE\MyWebSearch (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKLM\SOFTWARE\FocusInteractive (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Fun Web Products (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKLM\SOFTWARE\MyFunCards_5m (Adware.MyFunCards) -> Quarantined and deleted successfully. HKLM\SOFTWARE\MyWebSearch (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Google\Chrome\Extensions\kincjchfokkeneeofpeefomkikfkiedl (PUP.FCTPlugin) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Google\chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki (PUP.Funmoods) -> Quarantined and deleted successfully. Registry Values Detected: 1 HKLM\SOFTWARE\Mozilla\Firefox\extensions|HBLite@HBLite.com (Adware.HotBar) -> Data: C:\Program Files\HBLite\bin\11.0.181.0\firefox\extensions -> Quarantined and deleted successfully. Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 3 C:\Program Files\FunWebProducts (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\FunWebProducts\Installr (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\FunWebProducts\Installr\1.bin (PUP.MyWebSearch) -> Quarantined and deleted successfully. Files Detected: 3 C:\Windows\assembly\GAC\Desktop.ini (Trojan.0access) -> Delete on reboot. C:\Users\sheila\AppData\Local\funmoods.crx (PUP.Funmoods) -> Quarantined and deleted successfully. C:\Users\sheila\Local Settings\Application Data\funmoods.crx (PUP.Funmoods) -> Quarantined and deleted successfully. (end)
  15. I did for a few minutes, but the desktop wouldn't load, the toolbar didn't pop up, even when opening up Task Manager and typing in 'explorer.exe' to get it to respond. I'm still stuck in safe mode, but loading user accounts is running much faster.
  16. 07:11:21.0378 7976 BrUsbMdm - ok 07:11:21.0394 7976 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys 07:11:21.0488 7976 BrUsbSer - ok 07:11:21.0519 7976 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys 07:11:21.0597 7976 BTHMODEM - ok 07:11:21.0597 7976 BVRPMPR5 - ok 07:11:21.0644 7976 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys 07:11:21.0690 7976 cdfs - ok 07:11:21.0722 7976 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys 07:11:21.0768 7976 cdrom - ok 07:11:21.0815 7976 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll 07:11:21.0862 7976 CertPropSvc - ok 07:11:21.0893 7976 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\DRIVERS\circlass.sys 07:11:21.0956 7976 circlass - ok 07:11:22.0002 7976 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys 07:11:22.0018 7976 CLFS - ok 07:11:22.0112 7976 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 07:11:22.0127 7976 clr_optimization_v2.0.50727_32 - ok 07:11:22.0221 7976 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 07:11:22.0236 7976 clr_optimization_v4.0.30319_32 - ok 07:11:22.0268 7976 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys 07:11:22.0314 7976 CmBatt - ok 07:11:22.0392 7976 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys 07:11:22.0408 7976 cmdide - ok 07:11:22.0439 7976 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys 07:11:22.0455 7976 Compbatt - ok 07:11:22.0455 7976 COMSysApp - ok 07:11:22.0470 7976 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys 07:11:22.0486 7976 crcdisk - ok 07:11:22.0502 7976 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys 07:11:22.0533 7976 Crusoe - ok 07:11:22.0564 7976 CryptSvc (fb27772beaf8e1d28ccd825c09da939b) C:\Windows\system32\cryptsvc.dll 07:11:22.0611 7976 CryptSvc - ok 07:11:22.0689 7976 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll 07:11:22.0767 7976 DcomLaunch - ok 07:11:22.0814 7976 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys 07:11:22.0892 7976 DfsC - ok 07:11:23.0048 7976 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe 07:11:23.0188 7976 DFSR - ok 07:11:23.0313 7976 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll 07:11:23.0375 7976 Dhcp - ok 07:11:23.0438 7976 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys 07:11:23.0453 7976 disk - ok 07:11:23.0516 7976 dldnCATSCustConnectService (c7f6a4f1f95d22abc6ea9173b2bca545) C:\Windows\system32\spool\DRIVERS\W32X86\3\\dldnserv.exe 07:11:23.0531 7976 dldnCATSCustConnectService - ok 07:11:23.0531 7976 dldn_device - ok 07:11:23.0562 7976 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll 07:11:23.0609 7976 Dnscache - ok 07:11:23.0656 7976 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll 07:11:23.0672 7976 dot3svc - ok 07:11:23.0687 7976 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll 07:11:23.0718 7976 DPS - ok 07:11:23.0750 7976 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys 07:11:23.0796 7976 drmkaud - ok 07:11:23.0859 7976 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys 07:11:23.0890 7976 DXGKrnl - ok 07:11:23.0952 7976 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys 07:11:24.0030 7976 E1G60 - ok 07:11:24.0062 7976 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll 07:11:24.0093 7976 EapHost - ok 07:11:24.0124 7976 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys 07:11:24.0140 7976 Ecache - ok 07:11:24.0249 7976 eeCtrl (fce87ba643d5e9a8b6e0378508d1b22d) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys 07:11:24.0264 7976 eeCtrl - ok 07:11:24.0327 7976 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe 07:11:24.0358 7976 ehRecvr - ok 07:11:24.0436 7976 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe 07:11:24.0483 7976 ehSched - ok 07:11:24.0530 7976 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll 07:11:24.0576 7976 ehstart - ok 07:11:24.0654 7976 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys 07:11:24.0686 7976 elxstor - ok 07:11:24.0779 7976 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll 07:11:24.0888 7976 EMDMgmt - ok 07:11:24.0998 7976 EraserUtilRebootDrv (115dc729465a8c386615207f28875255) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 07:11:24.0998 7976 EraserUtilRebootDrv - ok 07:11:25.0029 7976 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys 07:11:25.0076 7976 ErrDev - ok 07:11:25.0138 7976 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll 07:11:25.0185 7976 EventSystem - ok 07:11:25.0232 7976 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys 07:11:25.0310 7976 exfat - ok 07:11:25.0356 7976 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys 07:11:25.0388 7976 fastfat - ok 07:11:25.0434 7976 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys 07:11:25.0481 7976 fdc - ok 07:11:25.0512 7976 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll 07:11:25.0575 7976 fdPHost - ok 07:11:25.0606 7976 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll 07:11:25.0668 7976 FDResPub - ok 07:11:25.0700 7976 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys 07:11:25.0715 7976 FileInfo - ok 07:11:25.0746 7976 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys 07:11:25.0778 7976 Filetrace - ok 07:11:25.0793 7976 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys 07:11:25.0856 7976 flpydisk - ok 07:11:25.0887 7976 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys 07:11:25.0902 7976 FltMgr - ok 07:11:25.0980 7976 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll 07:11:26.0090 7976 FontCache - ok 07:11:26.0199 7976 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe 07:11:26.0214 7976 FontCache3.0.0.0 - ok 07:11:26.0246 7976 Fs_Rec (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys 07:11:26.0308 7976 Fs_Rec - ok 07:11:26.0355 7976 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys 07:11:26.0370 7976 gagp30kx - ok 07:11:26.0433 7976 GEARAspiWDM (5ae3a887ece5bbb72cfab273c2fd1cfa) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 07:11:26.0433 7976 GEARAspiWDM - ok 07:11:26.0495 7976 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll 07:11:26.0573 7976 gpsvc - ok 07:11:26.0698 7976 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe 07:11:26.0714 7976 gupdate - ok 07:11:26.0714 7976 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe 07:11:26.0729 7976 gupdatem - ok 07:11:26.0760 7976 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys 07:11:26.0792 7976 HdAudAddService - ok 07:11:26.0854 7976 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys 07:11:26.0885 7976 HDAudBus - ok 07:11:26.0948 7976 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys 07:11:27.0026 7976 HidBth - ok 07:11:27.0057 7976 HidIr (d8df3722d5e961baa1292aa2f12827e2) C:\Windows\system32\DRIVERS\hidir.sys 07:11:27.0072 7976 HidIr - ok 07:11:27.0104 7976 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\system32\hidserv.dll 07:11:27.0135 7976 hidserv - ok 07:11:27.0166 7976 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys 07:11:27.0213 7976 HidUsb - ok 07:11:27.0260 7976 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll 07:11:27.0306 7976 hkmsvc - ok 07:11:27.0338 7976 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys 07:11:27.0353 7976 HpCISSs - ok 07:11:27.0416 7976 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys 07:11:27.0462 7976 HTTP - ok 07:11:27.0494 7976 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys 07:11:27.0509 7976 i2omp - ok 07:11:27.0540 7976 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys 07:11:27.0587 7976 i8042prt - ok 07:11:27.0650 7976 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys 07:11:27.0665 7976 iaStorV - ok 07:11:27.0806 7976 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 07:11:27.0837 7976 idsvc - ok 07:11:28.0196 7976 IDSVix86 (6262c22a913bd255a0795d070b82aa47) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120803.002\IDSvix86.sys 07:11:28.0211 7976 IDSVix86 - ok 07:11:28.0508 7976 igfx (a9221d13d8f1f772010ee293ba9baeb7) C:\Windows\system32\DRIVERS\igdkmd32.sys 07:11:28.0757 7976 igfx - ok 07:11:28.0882 7976 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys 07:11:28.0898 7976 iirsp - ok 07:11:28.0944 7976 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll 07:11:29.0007 7976 IKEEXT - ok 07:11:29.0054 7976 IntcHdmiAddService (092a78e9c6f71bf0e22379503b90e800) C:\Windows\system32\drivers\IntcHdmi.sys 07:11:29.0100 7976 IntcHdmiAddService - ok 07:11:29.0132 7976 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys 07:11:29.0147 7976 intelide - ok 07:11:29.0178 7976 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys 07:11:29.0225 7976 intelppm - ok 07:11:29.0256 7976 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll 07:11:29.0288 7976 IPBusEnum - ok 07:11:29.0319 7976 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys 07:11:29.0366 7976 IpFilterDriver - ok 07:11:29.0397 7976 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys 07:11:29.0428 7976 IPMIDRV - ok 07:11:29.0459 7976 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys 07:11:29.0506 7976 IPNAT - ok 07:11:29.0615 7976 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys 07:11:29.0678 7976 IRENUM - ok 07:11:29.0724 7976 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys 07:11:29.0740 7976 isapnp - ok 07:11:29.0787 7976 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys 07:11:29.0802 7976 iScsiPrt - ok 07:11:29.0834 7976 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys 07:11:29.0849 7976 iteatapi - ok 07:11:29.0896 7976 itecir (20425664e2e196d339ca877e0387c023) C:\Windows\system32\DRIVERS\itecir.sys 07:11:29.0912 7976 itecir - ok 07:11:29.0943 7976 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys 07:11:29.0958 7976 iteraid - ok 07:11:30.0005 7976 k57nd60x (a67e8cfcad7d4f8b35643d6c79ba64c3) C:\Windows\system32\DRIVERS\k57nd60x.sys 07:11:30.0083 7976 k57nd60x - ok 07:11:30.0114 7976 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys 07:11:30.0130 7976 kbdclass - ok 07:11:30.0161 7976 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys 07:11:30.0208 7976 kbdhid - ok 07:11:30.0255 7976 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe 07:11:30.0348 7976 KeyIso - ok 07:11:30.0395 7976 KSecDD (4a1445efa932a3baf5bdb02d7131ee20) C:\Windows\system32\Drivers\ksecdd.sys 07:11:30.0411 7976 KSecDD - ok 07:11:30.0489 7976 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll 07:11:30.0551 7976 KtmRm - ok 07:11:30.0614 7976 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\system32\srvsvc.dll 07:11:30.0645 7976 LanmanServer - ok 07:11:30.0676 7976 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll 07:11:30.0723 7976 LanmanWorkstation - ok 07:11:30.0863 7976 LBTServ (9582504591a9f405f7505fefb4f64123) C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe 07:11:30.0879 7976 LBTServ - ok 07:11:30.0941 7976 LHidFilt (05d6b85ecc3204931923ab7940b9596e) C:\Windows\system32\DRIVERS\LHidFilt.Sys 07:11:30.0941 7976 LHidFilt - ok 07:11:30.0972 7976 lirsgt (4127e8b6ddb4090e815c1f8852c277d3) C:\Windows\system32\DRIVERS\lirsgt.sys 07:11:30.0988 7976 lirsgt - ok 07:11:31.0035 7976 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys 07:11:31.0082 7976 lltdio - ok 07:11:31.0128 7976 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll 07:11:31.0191 7976 lltdsvc - ok 07:11:31.0222 7976 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll 07:11:31.0300 7976 lmhosts - ok 07:11:31.0316 7976 LMouFilt (053dbcc1082fdf74ab145a71917a6556) C:\Windows\system32\DRIVERS\LMouFilt.Sys 07:11:31.0331 7976 LMouFilt - ok 07:11:31.0378 7976 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys 07:11:31.0394 7976 LSI_FC - ok 07:11:31.0394 7976 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys 07:11:31.0409 7976 LSI_SAS - ok 07:11:31.0456 7976 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys 07:11:31.0472 7976 LSI_SCSI - ok 07:11:31.0518 7976 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys 07:11:31.0550 7976 luafv - ok 07:11:31.0596 7976 LUsbFilt (95dab70d56bbac7ddb7e6d0017d71369) C:\Windows\system32\Drivers\LUsbFilt.Sys 07:11:31.0612 7976 LUsbFilt - ok 07:11:31.0674 7976 Macromedia Licensing Service (d5ba9b816afef5292fe13c9a6267b6ab) C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe 07:11:31.0690 7976 Macromedia Licensing Service ( UnsignedFile.Multi.Generic ) - warning 07:11:31.0690 7976 Macromedia Licensing Service - detected UnsignedFile.Multi.Generic (1) 07:11:31.0752 7976 MBAMProtector (6dfe7f2e8e8a337263aa5c92a215f161) C:\Windows\system32\drivers\mbam.sys 07:11:31.0768 7976 MBAMProtector - ok 07:11:31.0893 7976 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe 07:11:31.0924 7976 MBAMService - ok 07:11:31.0986 7976 MBAMSwissArmy (0db7527db188c7d967a37bb51bbf3963) C:\Windows\system32\drivers\mbamswissarmy.sys 07:11:31.0986 7976 MBAMSwissArmy - ok 07:11:32.0018 7976 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll 07:11:32.0064 7976 Mcx2Svc - ok 07:11:32.0096 7976 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys 07:11:32.0111 7976 megasas - ok 07:11:32.0158 7976 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys 07:11:32.0174 7976 MegaSR - ok 07:11:32.0205 7976 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll 07:11:32.0267 7976 MMCSS - ok 07:11:32.0283 7976 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys 07:11:32.0330 7976 Modem - ok 07:11:32.0361 7976 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys 07:11:32.0408 7976 monitor - ok 07:11:32.0423 7976 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys 07:11:32.0439 7976 mouclass - ok 07:11:32.0454 7976 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys 07:11:32.0501 7976 mouhid - ok 07:11:32.0532 7976 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys 07:11:32.0548 7976 MountMgr - ok 07:11:32.0595 7976 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys 07:11:32.0610 7976 mpio - ok 07:11:32.0642 7976 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys 07:11:32.0688 7976 mpsdrv - ok 07:11:32.0735 7976 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys 07:11:32.0751 7976 Mraid35x - ok 07:11:32.0798 7976 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys 07:11:32.0829 7976 MRxDAV - ok 07:11:32.0844 7976 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys 07:11:32.0907 7976 mrxsmb - ok 07:11:32.0954 7976 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys 07:11:32.0985 7976 mrxsmb10 - ok 07:11:33.0016 7976 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys 07:11:33.0047 7976 mrxsmb20 - ok 07:11:33.0078 7976 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys 07:11:33.0094 7976 msahci - ok 07:11:33.0156 7976 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys 07:11:33.0188 7976 msdsm - ok 07:11:33.0234 7976 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe 07:11:33.0266 7976 MSDTC - ok 07:11:33.0297 7976 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys 07:11:33.0344 7976 Msfs - ok 07:11:33.0375 7976 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys 07:11:33.0390 7976 msisadrv - ok 07:11:33.0422 7976 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll 07:11:33.0484 7976 MSiSCSI - ok 07:11:33.0484 7976 msiserver - ok 07:11:33.0515 7976 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys 07:11:33.0546 7976 MSKSSRV - ok 07:11:33.0546 7976 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys 07:11:33.0593 7976 MSPCLOCK - ok 07:11:33.0624 7976 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys 07:11:33.0702 7976 MSPQM - ok 07:11:33.0734 7976 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys 07:11:33.0765 7976 MsRPC - ok 07:11:33.0796 7976 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys 07:11:33.0812 7976 mssmbios - ok 07:11:33.0812 7976 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys 07:11:33.0874 7976 MSTEE - ok 07:11:33.0905 7976 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys 07:11:33.0921 7976 Mup - ok 07:11:33.0983 7976 MyFunCards_5mService (72f8c1568a56c7059cb1074a7e529dc6) C:\PROGRA~1\MYFUNC~2\bar\1.bin\5mbarsvc.exe 07:11:34.0014 7976 MyFunCards_5mService - ok 07:11:34.0108 7976 N360 (e78a365cc3e0fbfc018a33dce01909f8) C:\Program Files\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe 07:11:34.0124 7976 N360 - ok 07:11:34.0170 7976 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll 07:11:34.0217 7976 napagent - ok 07:11:34.0264 7976 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys 07:11:34.0295 7976 NativeWifiP - ok 07:11:34.0545 7976 NAVENG (f11033730b38260b6892e837c457fb4b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120803.020\NAVENG.SYS 07:11:34.0560 7976 NAVENG - ok 07:11:34.0654 7976 NAVEX15 (4e4e7c0259d3bb97de24a636c0e06aba) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120803.020\NAVEX15.SYS 07:11:34.0779 7976 NAVEX15 - ok 07:11:34.0982 7976 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys 07:11:34.0997 7976 NDIS - ok 07:11:35.0060 7976 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys 07:11:35.0091 7976 NdisTapi - ok 07:11:35.0138 7976 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys 07:11:35.0184 7976 Ndisuio - ok 07:11:35.0278 7976 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys 07:11:35.0325 7976 NdisWan - ok 07:11:35.0340 7976 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys 07:11:35.0372 7976 NDProxy - ok 07:11:35.0403 7976 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys 07:11:35.0450 7976 NetBIOS - ok 07:11:35.0496 7976 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys 07:11:35.0543 7976 netbt - ok 07:11:35.0574 7976 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe 07:11:35.0590 7976 Netlogon - ok 07:11:35.0637 7976 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll 07:11:35.0699 7976 Netman - ok 07:11:35.0808 7976 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe 07:11:35.0824 7976 NetMsmqActivator - ok 07:11:35.0824 7976 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe 07:11:35.0840 7976 NetPipeActivator - ok 07:11:35.0886 7976 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll 07:11:35.0933 7976 netprofm - ok 07:11:35.0933 7976 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe 07:11:35.0949 7976 NetTcpActivator - ok 07:11:35.0949 7976 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe 07:11:35.0964 7976 NetTcpPortSharing - ok 07:11:35.0996 7976 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys 07:11:36.0011 7976 nfrd960 - ok 07:11:36.0042 7976 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll 07:11:36.0089 7976 NlaSvc - ok 07:11:36.0245 7976 NMIndexingService (193fa51dddd0bffded1c340f0434999a) C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe 07:11:36.0261 7976 NMIndexingService - ok 07:11:36.0323 7976 Norton PC Checkup Application Launcher - ok 07:11:36.0370 7976 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys 07:11:36.0417 7976 Npfs - ok 07:11:36.0448 7976 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll 07:11:36.0495 7976 nsi - ok 07:11:36.0526 7976 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys 07:11:36.0557 7976 nsiproxy - ok 07:11:36.0635 7976 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys 07:11:36.0682 7976 Ntfs - ok 07:11:36.0760 7976 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys 07:11:36.0822 7976 ntrigdigi - ok 07:11:36.0854 7976 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys 07:11:36.0900 7976 Null - ok 07:11:36.0932 7976 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys 07:11:36.0947 7976 nvraid - ok 07:11:36.0978 7976 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys 07:11:36.0994 7976 nvstor - ok 07:11:37.0025 7976 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys 07:11:37.0041 7976 nv_agp - ok 07:11:37.0072 7976 OA001Ufd (2cf21d5f8f1b74bb1922135ac2b12ddb) C:\Windows\system32\DRIVERS\OA001Ufd.sys 07:11:37.0103 7976 OA001Ufd - ok 07:11:37.0150 7976 OA001Vid (4075063d25af9da64101769854b83787) C:\Windows\system32\DRIVERS\OA001Vid.sys 07:11:37.0181 7976 OA001Vid - ok 07:11:37.0290 7976 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE 07:11:37.0322 7976 odserv - ok 07:11:37.0384 7976 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys 07:11:37.0415 7976 ohci1394 - ok 07:11:37.0478 7976 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE 07:11:37.0478 7976 ose - ok 07:11:37.0556 7976 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll 07:11:37.0665 7976 p2pimsvc - ok 07:11:37.0665 7976 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll 07:11:37.0696 7976 p2psvc - ok 07:11:37.0774 7976 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys 07:11:37.0852 7976 Parport - ok 07:11:37.0914 7976 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys 07:11:37.0930 7976 partmgr - ok 07:11:37.0946 7976 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys 07:11:38.0008 7976 Parvdm - ok 07:11:38.0039 7976 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll 07:11:38.0117 7976 PcaSvc - ok 07:11:38.0242 7976 PCCUJobMgr (2f86be1818c2d7ac90478e3323ee7fcb) C:\Program Files\Norton PC Checkup\Engine\2.0.12.27\ccSvcHst.exe 07:11:38.0258 7976 PCCUJobMgr - ok 07:11:38.0382 7976 PCD5SRVC{3F6A8B78-EC003E00-05040104} (42ede7d217325ff56cb8a9983cd7f73b) C:\PROGRA~1\DELLSU~1\HWDiag\bin\PCD5SRVC.pkms 07:11:38.0398 7976 PCD5SRVC{3F6A8B78-EC003E00-05040104} - ok 07:11:38.0445 7976 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys 07:11:38.0460 7976 pci - ok 07:11:38.0492 7976 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys 07:11:38.0507 7976 pciide - ok 07:11:38.0554 7976 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys 07:11:38.0570 7976 pcmcia - ok 07:11:38.0632 7976 PCPitstop Scheduling (9c6ae415ec245d7ec696ffd915b41573) C:\Program Files\PCPitstop\PCPitstopScheduleService.exe 07:11:38.0663 7976 PCPitstop Scheduling ( UnsignedFile.Multi.Generic ) - warning 07:11:38.0663 7976 PCPitstop Scheduling - detected UnsignedFile.Multi.Generic (1) 07:11:38.0726 7976 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys 07:11:38.0850 7976 PEAUTH - ok 07:11:38.0991 7976 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll 07:11:39.0100 7976 pla - ok 07:11:39.0225 7976 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll 07:11:39.0256 7976 PlugPlay - ok 07:11:39.0303 7976 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll 07:11:39.0334 7976 PNRPAutoReg - ok 07:11:39.0350 7976 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll 07:11:39.0381 7976 PNRPsvc - ok 07:11:39.0428 7976 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll 07:11:39.0490 7976 PolicyAgent - ok 07:11:39.0568 7976 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys 07:11:39.0630 7976 PptpMiniport - ok 07:11:39.0677 7976 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys 07:11:39.0740 7976 Processor - ok 07:11:39.0786 7976 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll 07:11:39.0833 7976 ProfSvc - ok 07:11:39.0896 7976 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe 07:11:39.0911 7976 ProtectedStorage - ok 07:11:39.0958 7976 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys 07:11:39.0989 7976 PSched - ok 07:11:40.0020 7976 PTDMBus (c23d7e6cfdfbdf0139a9315655315fc7) C:\Windows\system32\DRIVERS\PTDMBus.sys 07:11:40.0036 7976 PTDMBus - ok 07:11:40.0083 7976 PTDMMdm (182ed48f0f876e10ed2398fa4cf8e385) C:\Windows\system32\DRIVERS\PTDMMdm.sys 07:11:40.0098 7976 PTDMMdm - ok 07:11:40.0161 7976 PTDMVsp (0f13e2f9c746fa53a0292f6a9b7a34d4) C:\Windows\system32\DRIVERS\PTDMVsp.sys 07:11:40.0176 7976 PTDMVsp - ok 07:11:40.0208 7976 PTDMWFLT (cd358e58e865989667ff3af59a546ece) C:\Windows\system32\DRIVERS\PTDMWFLT.sys 07:11:40.0208 7976 PTDMWFLT - ok 07:11:40.0239 7976 PTDMWWAN (3e1793aea177a1192495d21ff09512bb) C:\Windows\system32\DRIVERS\PTDMWWAN.sys 07:11:40.0239 7976 PTDMWWAN - ok 07:11:40.0317 7976 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys 07:11:40.0364 7976 ql2300 - ok 07:11:40.0426 7976 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys 07:11:40.0442 7976 ql40xx - ok 07:11:40.0488 7976 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll 07:11:40.0535 7976 QWAVE - ok 07:11:40.0551 7976 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys 07:11:40.0582 7976 QWAVEdrv - ok 07:11:40.0629 7976 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys 07:11:40.0676 7976 RasAcd - ok 07:11:40.0691 7976 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll 07:11:40.0754 7976 RasAuto - ok 07:11:40.0785 7976 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys 07:11:40.0816 7976 Rasl2tp - ok 07:11:40.0847 7976 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll 07:11:40.0878 7976 RasMan - ok 07:11:40.0910 7976 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys 07:11:40.0956 7976 RasPppoe - ok 07:11:41.0003 7976 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys 07:11:41.0019 7976 RasSstp - ok 07:11:41.0050 7976 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys 07:11:41.0097 7976 rdbss - ok 07:11:41.0128 7976 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys 07:11:41.0175 7976 RDPCDD - ok 07:11:41.0237 7976 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys 07:11:41.0268 7976 rdpdr - ok 07:11:41.0300 7976 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys 07:11:41.0346 7976 RDPENCDD - ok 07:11:41.0378 7976 RDPWD (79c6df8477250f5c54f7c5ae1d6b814e) C:\Windows\system32\drivers\RDPWD.sys 07:11:41.0409 7976 RDPWD - ok 07:11:41.0440 7976 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll 07:11:41.0471 7976 RemoteAccess - ok 07:11:41.0502 7976 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll 07:11:41.0534 7976 RemoteRegistry - ok 07:11:41.0565 7976 rimmptsk (ea885e7a56f1be1f14c372337c42fe48) C:\Windows\system32\DRIVERS\rimmptsk.sys 07:11:41.0627 7976 rimmptsk - ok 07:11:41.0658 7976 rimsptsk (d7e09bc852684a7b1fc0f74fe090d45a) C:\Windows\system32\DRIVERS\rimsptsk.sys 07:11:41.0690 7976 rimsptsk - ok 07:11:41.0705 7976 rismxdp (b0a7494a9ba7909efac64e05d3f160db) C:\Windows\system32\DRIVERS\rixdptsk.sys 07:11:41.0736 7976 rismxdp - ok 07:11:41.0736 7976 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe 07:11:41.0768 7976 RpcLocator - ok 07:11:41.0830 7976 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll 07:11:41.0877 7976 RpcSs - ok 07:11:41.0924 7976 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys 07:11:41.0955 7976 rspndr - ok 07:11:41.0986 7976 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe 07:11:42.0002 7976 SamSs - ok 07:11:42.0048 7976 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 07:11:42.0064 7976 SASDIFSV - ok 07:11:42.0080 7976 SASENUM (7ce61c25c159f50f9eaf6d77fc83fa35) C:\Program Files\SUPERAntiSpyware\SASENUM.SYS 07:11:42.0095 7976 SASENUM - ok 07:11:42.0111 7976 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys 07:11:42.0126 7976 SASKUTIL - ok 07:11:42.0158 7976 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys 07:11:42.0173 7976 sbp2port - ok 07:11:42.0204 7976 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll 07:11:42.0251 7976 SCardSvr - ok 07:11:42.0314 7976 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll 07:11:42.0345 7976 Schedule - ok 07:11:42.0376 7976 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll 07:11:42.0392 7976 SCPolicySvc - ok 07:11:42.0470 7976 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys 07:11:42.0516 7976 sdbus - ok 07:11:42.0548 7976 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll 07:11:42.0610 7976 SDRSVC - ok 07:11:42.0626 7976 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys 07:11:42.0688 7976 secdrv - ok 07:11:42.0719 7976 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll 07:11:42.0766 7976 seclogon - ok 07:11:42.0797 7976 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll 07:11:42.0860 7976 SENS - ok 07:11:42.0875 7976 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys 07:11:42.0953 7976 Serenum - ok 07:11:42.0984 7976 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys 07:11:43.0047 7976 Serial - ok 07:11:43.0094 7976 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys 07:11:43.0109 7976 sermouse - ok 07:11:43.0156 7976 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll 07:11:43.0187 7976 SessionEnv - ok 07:11:43.0203 7976 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys 07:11:43.0250 7976 sffdisk - ok 07:11:43.0281 7976 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys 07:11:43.0343 7976 sffp_mmc - ok 07:11:43.0359 7976 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys 07:11:43.0406 7976 sffp_sd - ok 07:11:43.0437 7976 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys 07:11:43.0499 7976 sfloppy - ok 07:11:43.0546 7976 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll 07:11:43.0593 7976 ShellHWDetection - ok 07:11:43.0624 7976 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys 07:11:43.0640 7976 sisagp - ok 07:11:43.0671 7976 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys 07:11:43.0686 7976 SiSRaid2 - ok 07:11:43.0702 7976 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys 07:11:43.0718 7976 SiSRaid4 - ok 07:11:43.0842 7976 SkypeUpdate (ddaa5f4a6b958fc313ebd02dd925752f) C:\Program Files\Skype\Updater\Updater.exe 07:11:43.0858 7976 SkypeUpdate - ok 07:11:44.0014 7976 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe 07:11:44.0170 7976 slsvc - ok 07:11:44.0264 7976 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll 07:11:44.0326 7976 SLUINotify - ok 07:11:44.0357 7976 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys 07:11:44.0404 7976 Smb - ok 07:11:44.0435 7976 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe 07:11:44.0451 7976 SNMPTRAP - ok 07:11:44.0482 7976 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys 07:11:44.0498 7976 spldr - ok 07:11:44.0529 7976 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe 07:11:44.0622 7976 Spooler - ok 07:11:44.0747 7976 sprtsvc_ddoctorv2 (c3716ec0d36ad924b6888d794563e647) C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe 07:11:44.0763 7976 sprtsvc_ddoctorv2 - ok 07:11:44.0872 7976 sprtsvc_DellSupportCenter (777115c9cc675bd98127660712d2f784) C:\Program Files\Dell Support Center\bin\sprtsvc.exe 07:11:44.0888 7976 sprtsvc_DellSupportCenter - ok 07:11:45.0012 7976 SpyHunter 4 Service (f9ec94e35f5019a8e82665e1ef4b4d02) C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE 07:11:45.0028 7976 SpyHunter 4 Service - ok 07:11:45.0278 7976 SRTSP (83726cf02eced69138948083e06b6eac) C:\Windows\System32\Drivers\N360\0502020.003\SRTSP.SYS 07:11:45.0293 7976 SRTSP - ok 07:11:45.0387 7976 SRTSPX (4e7eab2e5615d39cf1f1df9c71e5e225) C:\Windows\system32\drivers\N360\0502020.003\SRTSPX.SYS 07:11:45.0387 7976 SRTSPX - ok 07:11:45.0449 7976 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys 07:11:45.0512 7976 srv - ok 07:11:45.0543 7976 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys 07:11:45.0590 7976 srv2 - ok 07:11:45.0636 7976 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys 07:11:45.0668 7976 srvnet - ok 07:11:45.0730 7976 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll 07:11:45.0792 7976 SSDPSRV - ok 07:11:45.0824 7976 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll 07:11:45.0870 7976 SstpSvc - ok 07:11:45.0980 7976 STacSV (ddeb942850278d67edc108d57f774bf8) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\STacSV.exe 07:11:45.0995 7976 STacSV - ok 07:11:46.0073 7976 STHDA (c4be9c3af8af6f2e4cdd22fcabf77a1b) C:\Windows\system32\DRIVERS\stwrt.sys 07:11:46.0120 7976 STHDA - ok 07:11:46.0167 7976 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll 07:11:46.0229 7976 stisvc - ok 07:11:46.0260 7976 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys 07:11:46.0276 7976 swenum - ok 07:11:46.0307 7976 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll 07:11:46.0370 7976 swprv - ok 07:11:46.0401 7976 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys 07:11:46.0416 7976 Symc8xx - ok 07:11:46.0510 7976 SymDS (9bbeb8c6258e72d62e7560e6667aad39) C:\Windows\system32\drivers\N360\0502020.003\SYMDS.SYS 07:11:46.0526 7976 SymDS - ok 07:11:46.0604 7976 SymEFA (d5c02629c02a820a7e71bca3d44294a3) C:\Windows\system32\drivers\N360\0502020.003\SYMEFA.SYS 07:11:46.0619 7976 SymEFA - ok 07:11:46.0682 7976 SymEvent (ab33c3b196197ca467cbdda717860dba) C:\Windows\system32\Drivers\SYMEVENT.SYS 07:11:46.0697 7976 SymEvent - ok 07:11:46.0744 7976 SymIRON (a73399804d5d4a8b20ba60fcf70c9f1f) C:\Windows\system32\drivers\N360\0502020.003\Ironx86.SYS 07:11:46.0760 7976 SymIRON - ok 07:11:46.0791 7976 SYMTDIv (d42a7229e333af725f1445f785e4658d) C:\Windows\System32\Drivers\N360\0502020.003\SYMTDIV.SYS 07:11:46.0822 7976 SYMTDIv - ok 07:11:46.0853 7976 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys 07:11:46.0869 7976 Sym_hi - ok 07:11:46.0900 7976 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys 07:11:46.0916 7976 Sym_u3 - ok 07:11:46.0962 7976 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll 07:11:47.0040 7976 SysMain - ok 07:11:47.0072 7976 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll 07:11:47.0134 7976 TabletInputService - ok 07:11:47.0165 7976 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll 07:11:47.0212 7976 TapiSrv - ok 07:11:47.0259 7976 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll 07:11:47.0290 7976 TBS - ok 07:11:47.0368 7976 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys 07:11:47.0399 7976 Tcpip - ok 07:11:47.0415 7976 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys 07:11:47.0462 7976 Tcpip6 - ok 07:11:47.0493 7976 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys 07:11:47.0540 7976 tcpipreg - ok 07:11:47.0571 7976 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys 07:11:47.0602 7976 TDPIPE - ok 07:11:47.0618 7976 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys 07:11:47.0649 7976 TDTCP - ok 07:11:47.0696 7976 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys 07:11:47.0742 7976 tdx - ok 07:11:47.0789 7976 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys 07:11:47.0805 7976 TermDD - ok 07:11:47.0852 7976 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll 07:11:47.0898 7976 TermService - ok 07:11:47.0945 7976 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll 07:11:47.0976 7976 Themes - ok 07:11:47.0992 7976 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll 07:11:48.0023 7976 THREADORDER - ok 07:11:48.0054 7976 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll 07:11:48.0101 7976 TrkWks - ok 07:11:48.0148 7976 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe 07:11:48.0179 7976 TrustedInstaller - ok 07:11:48.0210 7976 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys 07:11:48.0257 7976 tssecsrv - ok 07:11:48.0304 7976 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys 07:11:48.0335 7976 tunmp - ok 07:11:48.0382 7976 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys 07:11:48.0398 7976 tunnel - ok 07:11:48.0444 7976 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys 07:11:48.0460 7976 uagp35 - ok 07:11:48.0507 7976 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys 07:11:48.0522 7976 udfs - ok 07:11:48.0554 7976 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe 07:11:48.0600 7976 UI0Detect - ok 07:11:48.0616 7976 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys 07:11:48.0632 7976 uliagpkx - ok 07:11:48.0663 7976 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys 07:11:48.0678 7976 uliahci - ok 07:11:48.0756 7976 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys 07:11:48.0772 7976 UlSata - ok 07:11:48.0788 7976 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys 07:11:48.0803 7976 ulsata2 - ok 07:11:48.0819 7976 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys 07:11:48.0850 7976 umbus - ok 07:11:48.0897 7976 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll 07:11:48.0944 7976 upnphost - ok 07:11:48.0990 7976 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys 07:11:49.0037 7976 usbaudio - ok 07:11:49.0053 7976 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys 07:11:49.0100 7976 usbccgp - ok 07:11:49.0131 7976 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys 07:11:49.0209 7976 usbcir - ok 07:11:49.0256 7976 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys 07:11:49.0271 7976 usbehci - ok 07:11:49.0302 7976 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys 07:11:49.0334 7976 usbhub - ok 07:11:49.0365 7976 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys 07:11:49.0412 7976 usbohci - ok 07:11:49.0443 7976 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys 07:11:49.0474 7976 usbprint - ok 07:11:49.0505 7976 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys 07:11:49.0521 7976 usbscan - ok 07:11:49.0552 7976 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS 07:11:49.0599 7976 USBSTOR - ok 07:11:49.0630 7976 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys 07:11:49.0677 7976 usbuhci - ok 07:11:49.0724 7976 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys 07:11:49.0755 7976 usbvideo - ok 07:11:49.0786 7976 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll 07:11:49.0817 7976 UxSms - ok 07:11:49.0880 7976 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe 07:11:49.0942 7976 vds - ok 07:11:50.0004 7976 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys 07:11:50.0036 7976 vga - ok 07:11:50.0067 7976 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys 07:11:50.0098 7976 VgaSave - ok 07:11:50.0129 7976 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys 07:11:50.0145 7976 viaagp - ok 07:11:50.0176 7976 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys 07:11:50.0238 7976 ViaC7 - ok 07:11:50.0254 7976 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys 07:11:50.0270 7976 viaide - ok 07:11:50.0285 7976 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys 07:11:50.0301 7976 volmgr - ok 07:11:50.0348 7976 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys 07:11:50.0379 7976 volmgrx - ok 07:11:50.0410 7976 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys 07:11:50.0441 7976 volsnap - ok 07:11:50.0488 7976 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys 07:11:50.0504 7976 vsmraid - ok 07:11:50.0582 7976 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe 07:11:50.0691 7976 VSS - ok 07:11:50.0862 7976 vToolbarUpdater12.1.5 (3da649c6ec481d8f36b54f33fc01dd1e) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.1.5\ToolbarUpdater.exe 07:11:50.0925 7976 vToolbarUpdater12.1.5 - ok 07:11:51.0034 7976 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll 07:11:51.0065 7976 W32Time - ok 07:11:51.0096 7976 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys 07:11:51.0174 7976 WacomPen - ok 07:11:51.0190 7976 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys 07:11:51.0221 7976 Wanarp - ok 07:11:51.0221 7976 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys 07:11:51.0252 7976 Wanarpv6 - ok 07:11:51.0284 7976 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll 07:11:51.0330 7976 wcncsvc - ok 07:11:51.0362 7976 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll 07:11:51.0408 7976 WcsPlugInService - ok 07:11:51.0455 7976 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys 07:11:51.0471 7976 Wd - ok 07:11:51.0533 7976 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys 07:11:51.0564 7976 Wdf01000 - ok 07:11:51.0627 7976 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll 07:11:51.0674 7976 WdiServiceHost - ok 07:11:51.0689 7976 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll 07:11:51.0720 7976 WdiSystemHost - ok 07:11:51.0783 7976 Web Assistant Updater - ok 07:11:51.0830 7976 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll 07:11:51.0892 7976 WebClient - ok 07:11:51.0954 7976 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll 07:11:52.0001 7976 Wecsvc - ok 07:11:52.0064 7976 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll 07:11:52.0110 7976 wercplsupport - ok 07:11:52.0173 7976 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll 07:11:52.0204 7976 WerSvc - ok 07:11:52.0266 7976 WinHttpAutoProxySvc - ok 07:11:52.0329 7976 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll 07:11:52.0360 7976 Winmgmt - ok 07:11:52.0469 7976 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll 07:11:52.0547 7976 WinRM - ok 07:11:52.0672 7976 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll 07:11:52.0734 7976 Wlansvc - ok 07:11:52.0750 7976 wltrysvc - ok 07:11:52.0859 7976 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys 07:11:52.0890 7976 WmiAcpi - ok 07:11:52.0968 7976 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe 07:11:53.0000 7976 wmiApSrv - ok 07:11:53.0124 7976 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe 07:11:53.0249 7976 WMPNetworkSvc - ok 07:11:53.0280 7976 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll 07:11:53.0343 7976 WPCSvc - ok 07:11:53.0390 7976 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll 07:11:53.0468 7976 WPDBusEnum - ok 07:11:53.0561 7976 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys 07:11:53.0592 7976 WpdUsb - ok 07:11:53.0764 7976 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe 07:11:53.0826 7976 WPFFontCache_v0400 - ok 07:11:53.0858 7976 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys 07:11:53.0889 7976 ws2ifsl - ok 07:11:53.0920 7976 WSearch - ok 07:11:53.0967 7976 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys 07:11:53.0998 7976 WUDFRd - ok 07:11:54.0029 7976 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll 07:11:54.0076 7976 wudfsvc - ok 07:11:54.0170 7976 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe 07:11:54.0216 7976 YahooAUService - ok 07:11:54.0310 7976 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0 07:11:54.0372 7976 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected 07:11:54.0372 7976 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0) 07:11:54.0450 7976 \Device\Harddisk0\DR0 ( TDSS File System ) - warning 07:11:54.0450 7976 \Device\Harddisk0\DR0 - detected TDSS File System (1) 07:11:54.0450 7976 Boot (0x1200) (93322fbb338e540af0d387ac2e1329db) \Device\Harddisk0\DR0\Partition0 07:11:54.0450 7976 \Device\Harddisk0\DR0\Partition0 - ok 07:11:54.0466 7976 ============================================================ 07:11:54.0466 7976 Scan finished 07:11:54.0466 7976 ============================================================ 07:11:54.0513 6448 Detected object count: 4 07:11:54.0513 6448 Actual detected object count: 4 07:18:30.0311 6448 Macromedia Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user 07:18:30.0311 6448 Macromedia Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 07:18:30.0311 6448 PCPitstop Scheduling ( UnsignedFile.Multi.Generic ) - skipped by user 07:18:30.0311 6448 PCPitstop Scheduling ( UnsignedFile.Multi.Generic ) - User select action: Skip 07:18:33.0012 6448 \Device\Harddisk0\DR0\# - copied to quarantine 07:18:33.0012 6448 \Device\Harddisk0\DR0 - copied to quarantine 07:18:38.0814 6448 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine 07:18:42.0164 6448 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine 07:18:42.0427 6448 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine 07:18:43.0352 6448 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine 07:18:44.0141 6448 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine 07:18:46.0779 6448 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine 07:18:48.0766 6448 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine 07:18:48.0821 6448 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine 07:18:48.0877 6448 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine 07:18:49.0266 6448 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine 07:18:49.0532 6448 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine 07:18:49.0755 6448 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine 07:18:49.0807 6448 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine 07:18:49.0866 6448 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine 07:18:50.0170 6448 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot 07:18:50.0212 6448 \Device\Harddisk0\DR0 - ok 07:18:50.0261 6448 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure 07:18:50.0261 6448 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user 07:18:50.0261 6448 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip 07:18:58.0502 7252 Deinitialize success
  17. Ran the TDSSKiller The post was too large, so I tried splitting it. Hope that's ok 07:10:35.0826 4632 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32 07:10:36.0216 4632 ============================================================ 07:10:36.0216 4632 Current date / time: 2012/08/05 07:10:36.0216 07:10:36.0216 4632 SystemInfo: 07:10:36.0216 4632 07:10:36.0216 4632 OS Version: 6.0.6002 ServicePack: 2.0 07:10:36.0216 4632 Product type: Workstation 07:10:36.0216 4632 ComputerName: SHEILA-PC 07:10:36.0216 4632 UserName: sheila 07:10:36.0216 4632 Windows directory: C:\Windows 07:10:36.0216 4632 System windows directory: C:\Windows 07:10:36.0216 4632 Processor architecture: Intel x86 07:10:36.0216 4632 Number of processors: 2 07:10:36.0216 4632 Page size: 0x1000 07:10:36.0216 4632 Boot type: Safe boot with network 07:10:36.0216 4632 ============================================================ 07:10:37.0667 4632 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050 07:10:37.0667 4632 ============================================================ 07:10:37.0667 4632 \Device\Harddisk0\DR0: 07:10:37.0667 4632 MBR partitions: 07:10:37.0667 4632 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x2542D800 07:10:37.0667 4632 ============================================================ 07:10:37.0698 4632 C: <-> \Device\Harddisk0\DR0\Partition0 07:10:37.0698 4632 ============================================================ 07:10:37.0698 4632 Initialize success 07:10:37.0698 4632 ============================================================ 07:10:40.0335 6804 ============================================================ 07:10:40.0335 6804 Scan started 07:10:40.0335 6804 Mode: Manual; 07:10:40.0335 6804 ============================================================ 07:10:45.0420 6804 45083044 - ok 07:10:45.0514 6804 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys 07:10:45.0514 6804 ACPI - ok 07:10:45.0576 6804 AdobeFlashPlayerUpdateSvc (6c40d5ed8951ab7b90d08af655224ee4) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe 07:10:45.0592 6804 AdobeFlashPlayerUpdateSvc - ok 07:10:45.0654 6804 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys 07:10:45.0670 6804 adp94xx - ok 07:10:45.0701 6804 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys 07:10:45.0701 6804 adpahci - ok 07:10:45.0717 6804 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys 07:10:45.0717 6804 adpu160m - ok 07:10:45.0748 6804 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys 07:10:45.0748 6804 adpu320 - ok 07:10:45.0779 6804 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll 07:10:45.0795 6804 AeLookupSvc - ok 07:10:45.0888 6804 AESTFilters (827dbc22c96eecf6d36a13162fabafd3) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\aestsrv.exe 07:10:45.0888 6804 AESTFilters - ok 07:10:45.0951 6804 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys 07:10:45.0982 6804 AFD - ok 07:10:46.0013 6804 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys 07:10:46.0013 6804 agp440 - ok 07:10:46.0044 6804 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys 07:10:46.0044 6804 aic78xx - ok 07:10:46.0076 6804 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe 07:10:46.0076 6804 ALG - ok 07:10:46.0107 6804 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys 07:10:46.0107 6804 aliide - ok 07:10:46.0122 6804 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys 07:10:46.0138 6804 amdagp - ok 07:10:46.0154 6804 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys 07:10:46.0154 6804 amdide - ok 07:10:46.0185 6804 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys 07:10:46.0185 6804 AmdK7 - ok 07:10:46.0216 6804 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys 07:10:46.0216 6804 AmdK8 - ok 07:10:46.0247 6804 apf001 (7b4beb577c5d0171f9b66f390ec29284) C:\Windows\system32\apf001.sys 07:10:46.0247 6804 apf001 - ok 07:10:46.0247 6804 apf003 - ok 07:10:46.0278 6804 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll 07:10:46.0278 6804 Appinfo - ok 07:10:46.0388 6804 Apple Mobile Device (20f6f19fe9e753f2780dc2fa083ad597) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 07:10:46.0388 6804 Apple Mobile Device - ok 07:10:46.0450 6804 Application Updater (f4c5530d92fa7f9a41c19edfc4c51bd4) C:\Program Files\Application Updater\ApplicationUpdater.exe 07:10:46.0481 6804 Application Updater - ok 07:10:46.0512 6804 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys 07:10:46.0512 6804 arc - ok 07:10:46.0544 6804 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys 07:10:46.0544 6804 arcsas - ok 07:10:46.0700 6804 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe 07:10:46.0731 6804 aspnet_state - ok 07:10:46.0746 6804 aswFsBlk (861cb512e4e850e87dd2316f88d69330) C:\Windows\system32\drivers\aswFsBlk.sys 07:10:46.0746 6804 aswFsBlk - ok 07:10:46.0762 6804 aswMonFlt (ff83c93aeee8b0cf4b464ca667a67acd) C:\Windows\system32\drivers\aswMonFlt.sys 07:10:46.0762 6804 aswMonFlt - ok 07:10:46.0793 6804 aswRdr (8db043bf96bb6d334e5b4888e709e1c7) C:\Windows\system32\drivers\aswRdr.sys 07:10:46.0793 6804 aswRdr - ok 07:10:46.0871 6804 aswSnx (17230708a2028cd995656df455f2e303) C:\Windows\system32\drivers\aswSnx.sys 07:10:46.0887 6804 aswSnx - ok 07:10:46.0965 6804 aswSP (dbedd9d43b00630966ef05d2d8d04cee) C:\Windows\system32\drivers\aswSP.sys 07:10:46.0965 6804 aswSP - ok 07:10:47.0012 6804 aswTdi (984cfce2168286c2511695c2f9621475) C:\Windows\system32\drivers\aswTdi.sys 07:10:47.0012 6804 aswTdi - ok 07:10:47.0027 6804 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys 07:10:47.0027 6804 AsyncMac - ok 07:10:47.0058 6804 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys 07:10:47.0058 6804 atapi - ok 07:10:47.0090 6804 atksgt (3c4b9850a2631c2263507400d029057b) C:\Windows\system32\DRIVERS\atksgt.sys 07:10:47.0105 6804 atksgt - ok 07:10:47.0230 6804 ATService (f0da6cc98afbf6f4f65dbcadbd91bc7c) C:\Program Files\Fingerprint Sensor\AtService.exe 07:10:47.0277 6804 ATService - ok 07:10:47.0417 6804 ATSwpWDF (40e3212da94acf9e120c30acebc6ea80) C:\Windows\system32\Drivers\ATSwpWDF.sys 07:10:47.0417 6804 ATSwpWDF - ok 07:10:47.0464 6804 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll 07:10:47.0464 6804 AudioEndpointBuilder - ok 07:10:47.0480 6804 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll 07:10:47.0480 6804 Audiosrv - ok 07:10:47.0558 6804 avast! Antivirus (d16c826f375a44802bf317982e81a7e2) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe 07:10:47.0558 6804 avast! Antivirus - ok 07:10:47.0979 6804 AVGIDSAgent (d67719bcfde5798f5c30d14efed3bcaf) C:\Program Files\AVG\AVG2012\avgidsagent.exe 07:10:48.0197 6804 AVGIDSAgent - ok 07:10:48.0338 6804 AVGIDSDriver (1074f787080068c71303b61fae7e7ca4) C:\Windows\system32\DRIVERS\avgidsdriverx.sys 07:10:48.0338 6804 AVGIDSDriver - ok 07:10:48.0369 6804 AVGIDSFilter (61a7e0b02f82cff3db2445bbe50b3589) C:\Windows\system32\DRIVERS\avgidsfilterx.sys 07:10:48.0369 6804 AVGIDSFilter - ok 07:10:48.0416 6804 AVGIDSHX (d63d83659eedf60b3a3e620281a888e5) C:\Windows\system32\DRIVERS\avgidshx.sys 07:10:48.0416 6804 AVGIDSHX - ok 07:10:48.0447 6804 AVGIDSShim (baf975b72062f53d327788e99d64197e) C:\Windows\system32\DRIVERS\avgidsshimx.sys 07:10:48.0447 6804 AVGIDSShim - ok 07:10:48.0494 6804 Avgldx86 (dda6a2a18841e4c9172bb85958b8d948) C:\Windows\system32\DRIVERS\avgldx86.sys 07:10:48.0509 6804 Avgldx86 - ok 07:10:48.0525 6804 Avgmfx86 (ccdd61545aaea265977e4b1efdc74e8c) C:\Windows\system32\DRIVERS\avgmfx86.sys 07:10:48.0525 6804 Avgmfx86 - ok 07:10:48.0572 6804 Avgrkx86 (1fd90b28d2c3100bf4500199c8ad6358) C:\Windows\system32\DRIVERS\avgrkx86.sys 07:10:48.0572 6804 Avgrkx86 - ok 07:10:48.0603 6804 Avgtdix (1263f2554ace925c237a40b4c568d815) C:\Windows\system32\DRIVERS\avgtdix.sys 07:10:48.0603 6804 Avgtdix - ok 07:10:48.0634 6804 avgtp (684de9d6e62bfb177aabed3c62fdeab3) C:\Windows\system32\drivers\avgtpx86.sys 07:10:48.0634 6804 avgtp - ok 07:10:48.0821 6804 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files\AVG\AVG2012\avgwdsvc.exe 07:10:48.0837 6804 avgwd - ok 07:10:48.0852 6804 BCM42RLY (423c7b87e886ac93d22936ea82665f83) C:\Windows\system32\drivers\BCM42RLY.sys 07:10:48.0852 6804 BCM42RLY - ok 07:10:48.0946 6804 BCM43XX (41a70777e892c3dea606758366566a77) C:\Windows\system32\DRIVERS\bcmwl6.sys 07:10:48.0977 6804 BCM43XX - ok 07:10:49.0133 6804 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys 07:10:49.0133 6804 Beep - ok 07:10:49.0196 6804 Bfel2t0sui (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys 07:10:49.0196 6804 Bfel2t0sui - ok 07:10:49.0508 6804 BHDrvx86 (a9e111a358ac5f7eba7ac61e43fc6725) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120711.002\BHDrvx86.sys 07:10:49.0539 6804 BHDrvx86 - ok 07:10:49.0570 6804 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys 07:10:49.0570 6804 blbdrive - ok 07:10:49.0664 6804 Bonjour Service (1c87705ccb2f60172b0fc86b5d82f00d) C:\Program Files\Bonjour\mDNSResponder.exe 07:10:49.0679 6804 Bonjour Service - ok 07:10:49.0710 6804 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys 07:10:49.0710 6804 bowser - ok 07:10:49.0726 6804 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys 07:10:49.0726 6804 BrFiltLo - ok 07:10:49.0742 6804 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys 07:10:49.0742 6804 BrFiltUp - ok 07:10:49.0773 6804 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll 07:10:49.0773 6804 Browser - ok 07:10:49.0788 6804 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys 07:10:49.0804 6804 Brserid - ok 07:10:49.0820 6804 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys 07:10:49.0820 6804 BrSerWdm - ok 07:10:49.0835 6804 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys 07:10:49.0835 6804 BrUsbMdm - ok 07:10:49.0835 6804 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys 07:10:49.0851 6804 BrUsbSer - ok 07:10:49.0851 6804 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys 07:10:49.0851 6804 BTHMODEM - ok 07:10:49.0866 6804 BVRPMPR5 - ok 07:10:49.0898 6804 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys 07:10:49.0898 6804 cdfs - ok 07:10:49.0929 6804 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys 07:10:49.0929 6804 cdrom - ok 07:10:49.0944 6804 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll 07:10:49.0944 6804 CertPropSvc - ok 07:10:49.0976 6804 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\DRIVERS\circlass.sys 07:10:49.0976 6804 circlass - ok 07:10:50.0022 6804 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys 07:10:50.0038 6804 CLFS - ok 07:10:50.0132 6804 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 07:10:50.0132 6804 clr_optimization_v2.0.50727_32 - ok 07:10:50.0225 6804 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 07:10:50.0241 6804 clr_optimization_v4.0.30319_32 - ok 07:10:50.0272 6804 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys 07:10:50.0272 6804 CmBatt - ok 07:10:50.0303 6804 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys 07:10:50.0303 6804 cmdide - ok 07:10:50.0303 6804 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys 07:10:50.0319 6804 Compbatt - ok 07:10:50.0334 6804 COMSysApp - ok 07:10:50.0428 6804 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys 07:10:50.0428 6804 crcdisk - ok 07:10:50.0444 6804 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys 07:10:50.0444 6804 Crusoe - ok 07:10:50.0475 6804 CryptSvc (fb27772beaf8e1d28ccd825c09da939b) C:\Windows\system32\cryptsvc.dll 07:10:50.0475 6804 CryptSvc - ok 07:10:50.0537 6804 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll 07:10:50.0553 6804 DcomLaunch - ok 07:10:50.0568 6804 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys 07:10:50.0584 6804 DfsC - ok 07:10:50.0693 6804 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe 07:10:50.0756 6804 DFSR - ok 07:10:50.0880 6804 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll 07:10:50.0880 6804 Dhcp - ok 07:10:50.0912 6804 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys 07:10:50.0912 6804 disk - ok 07:10:50.0974 6804 dldnCATSCustConnectService (c7f6a4f1f95d22abc6ea9173b2bca545) C:\Windows\system32\spool\DRIVERS\W32X86\3\\dldnserv.exe 07:10:50.0990 6804 dldnCATSCustConnectService - ok 07:10:50.0990 6804 dldn_device - ok 07:10:51.0036 6804 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll 07:10:51.0036 6804 Dnscache - ok 07:10:51.0083 6804 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll 07:10:51.0083 6804 dot3svc - ok 07:10:51.0114 6804 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll 07:10:51.0114 6804 DPS - ok 07:10:51.0146 6804 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys 07:10:51.0146 6804 drmkaud - ok 07:10:51.0208 6804 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys 07:10:51.0224 6804 DXGKrnl - ok 07:10:51.0255 6804 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys 07:10:51.0270 6804 E1G60 - ok 07:10:51.0286 6804 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll 07:10:51.0286 6804 EapHost - ok 07:10:51.0333 6804 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys 07:10:51.0333 6804 Ecache - ok 07:10:51.0442 6804 eeCtrl (fce87ba643d5e9a8b6e0378508d1b22d) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys 07:10:51.0473 6804 eeCtrl - ok 07:10:51.0504 6804 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe 07:10:51.0520 6804 ehRecvr - ok 07:10:51.0551 6804 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe 07:10:51.0551 6804 ehSched - ok 07:10:51.0567 6804 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll 07:10:51.0567 6804 ehstart - ok 07:10:51.0614 6804 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys 07:10:51.0629 6804 elxstor - ok 07:10:51.0676 6804 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll 07:10:51.0707 6804 EMDMgmt - ok 07:10:51.0816 6804 EraserUtilRebootDrv (115dc729465a8c386615207f28875255) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 07:10:51.0816 6804 EraserUtilRebootDrv - ok 07:10:51.0848 6804 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys 07:10:51.0848 6804 ErrDev - ok 07:10:51.0926 6804 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll 07:10:51.0941 6804 EventSystem - ok 07:10:52.0004 6804 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys 07:10:52.0004 6804 exfat - ok 07:10:52.0050 6804 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys 07:10:52.0050 6804 fastfat - ok 07:10:52.0082 6804 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys 07:10:52.0082 6804 fdc - ok 07:10:52.0113 6804 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll 07:10:52.0113 6804 fdPHost - ok 07:10:52.0144 6804 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll 07:10:52.0144 6804 FDResPub - ok 07:10:52.0175 6804 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys 07:10:52.0175 6804 FileInfo - ok 07:10:52.0206 6804 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys 07:10:52.0206 6804 Filetrace - ok 07:10:52.0222 6804 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys 07:10:52.0222 6804 flpydisk - ok 07:10:52.0269 6804 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys 07:10:52.0269 6804 FltMgr - ok 07:10:52.0331 6804 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll 07:10:52.0378 6804 FontCache - ok 07:10:52.0472 6804 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe 07:10:52.0472 6804 FontCache3.0.0.0 - ok 07:10:52.0518 6804 Fs_Rec (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys 07:10:52.0518 6804 Fs_Rec - ok 07:10:52.0550 6804 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys 07:10:52.0550 6804 gagp30kx - ok 07:10:52.0565 6804 GEARAspiWDM (5ae3a887ece5bbb72cfab273c2fd1cfa) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 07:10:52.0565 6804 GEARAspiWDM - ok 07:10:52.0628 6804 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll 07:10:52.0643 6804 gpsvc - ok 07:10:52.0752 6804 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe 07:10:52.0752 6804 gupdate - ok 07:10:52.0768 6804 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe 07:10:52.0768 6804 gupdatem - ok 07:10:52.0799 6804 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys 07:10:52.0799 6804 HdAudAddService - ok 07:10:52.0862 6804 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys 07:10:52.0862 6804 HDAudBus - ok 07:10:52.0908 6804 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys 07:10:52.0908 6804 HidBth - ok 07:10:52.0940 6804 HidIr (d8df3722d5e961baa1292aa2f12827e2) C:\Windows\system32\DRIVERS\hidir.sys 07:10:52.0940 6804 HidIr - ok 07:10:53.0002 6804 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\system32\hidserv.dll 07:10:53.0002 6804 hidserv - ok 07:10:53.0033 6804 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys 07:10:53.0033 6804 HidUsb - ok 07:10:53.0064 6804 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll 07:10:53.0064 6804 hkmsvc - ok 07:10:53.0096 6804 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys 07:10:53.0096 6804 HpCISSs - ok 07:10:53.0158 6804 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys 07:10:53.0158 6804 HTTP - ok 07:10:53.0220 6804 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys 07:10:53.0220 6804 i2omp - ok 07:10:53.0252 6804 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys 07:10:53.0252 6804 i8042prt - ok 07:10:53.0283 6804 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys 07:10:53.0298 6804 iaStorV - ok 07:10:53.0439 6804 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 07:10:53.0454 6804 idsvc - ok 07:10:53.0798 6804 IDSVix86 (6262c22a913bd255a0795d070b82aa47) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120803.002\IDSvix86.sys 07:10:53.0798 6804 IDSVix86 - ok 07:10:54.0094 6804 igfx (a9221d13d8f1f772010ee293ba9baeb7) C:\Windows\system32\DRIVERS\igdkmd32.sys 07:10:54.0219 6804 igfx - ok 07:10:54.0344 6804 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys 07:10:54.0344 6804 iirsp - ok 07:10:54.0390 6804 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll 07:10:54.0406 6804 IKEEXT - ok 07:10:54.0437 6804 IntcHdmiAddService (092a78e9c6f71bf0e22379503b90e800) C:\Windows\system32\drivers\IntcHdmi.sys 07:10:54.0437 6804 IntcHdmiAddService - ok 07:10:54.0468 6804 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys 07:10:54.0468 6804 intelide - ok 07:10:54.0500 6804 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys 07:10:54.0500 6804 intelppm - ok 07:10:54.0531 6804 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll 07:10:54.0531 6804 IPBusEnum - ok 07:10:54.0562 6804 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys 07:10:54.0562 6804 IpFilterDriver - ok 07:10:54.0593 6804 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys 07:10:54.0593 6804 IPMIDRV - ok 07:10:54.0624 6804 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys 07:10:54.0624 6804 IPNAT - ok 07:10:54.0656 6804 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys 07:10:54.0656 6804 IRENUM - ok 07:10:54.0687 6804 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys 07:10:54.0702 6804 isapnp - ok 07:10:54.0734 6804 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys 07:10:54.0734 6804 iScsiPrt - ok 07:10:54.0765 6804 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys 07:10:54.0765 6804 iteatapi - ok 07:10:54.0796 6804 itecir (20425664e2e196d339ca877e0387c023) C:\Windows\system32\DRIVERS\itecir.sys 07:10:54.0796 6804 itecir - ok 07:10:54.0827 6804 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys 07:10:54.0827 6804 iteraid - ok 07:10:54.0858 6804 k57nd60x (a67e8cfcad7d4f8b35643d6c79ba64c3) C:\Windows\system32\DRIVERS\k57nd60x.sys 07:10:54.0858 6804 k57nd60x - ok 07:10:54.0890 6804 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys 07:10:54.0890 6804 kbdclass - ok 07:10:54.0952 6804 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys 07:10:54.0952 6804 kbdhid - ok 07:10:55.0014 6804 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe 07:10:55.0014 6804 KeyIso - ok 07:10:55.0061 6804 KSecDD (4a1445efa932a3baf5bdb02d7131ee20) C:\Windows\system32\Drivers\ksecdd.sys 07:10:55.0092 6804 KSecDD - ok 07:10:55.0170 6804 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll 07:10:55.0202 6804 KtmRm - ok 07:10:55.0233 6804 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\system32\srvsvc.dll 07:10:55.0233 6804 LanmanServer - ok 07:10:55.0280 6804 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll 07:10:55.0280 6804 LanmanWorkstation - ok 07:10:55.0404 6804 LBTServ (9582504591a9f405f7505fefb4f64123) C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe 07:10:55.0420 6804 LBTServ - ok 07:10:55.0482 6804 LHidFilt (05d6b85ecc3204931923ab7940b9596e) C:\Windows\system32\DRIVERS\LHidFilt.Sys 07:10:55.0482 6804 LHidFilt - ok 07:10:55.0514 6804 lirsgt (4127e8b6ddb4090e815c1f8852c277d3) C:\Windows\system32\DRIVERS\lirsgt.sys 07:10:55.0514 6804 lirsgt - ok 07:10:55.0545 6804 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys 07:10:55.0545 6804 lltdio - ok 07:10:55.0576 6804 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll 07:10:55.0576 6804 lltdsvc - ok 07:10:55.0607 6804 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll 07:10:55.0607 6804 lmhosts - ok 07:10:55.0638 6804 LMouFilt (053dbcc1082fdf74ab145a71917a6556) C:\Windows\system32\DRIVERS\LMouFilt.Sys 07:10:55.0638 6804 LMouFilt - ok 07:10:55.0670 6804 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys 07:10:55.0670 6804 LSI_FC - ok 07:10:55.0685 6804 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys 07:10:55.0685 6804 LSI_SAS - ok 07:10:55.0716 6804 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys 07:10:55.0716 6804 LSI_SCSI - ok 07:10:55.0732 6804 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys 07:10:55.0732 6804 luafv - ok 07:10:55.0779 6804 LUsbFilt (95dab70d56bbac7ddb7e6d0017d71369) C:\Windows\system32\Drivers\LUsbFilt.Sys 07:10:55.0779 6804 LUsbFilt - ok 07:10:55.0826 6804 Macromedia Licensing Service (d5ba9b816afef5292fe13c9a6267b6ab) C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe 07:10:55.0826 6804 Macromedia Licensing Service - ok 07:10:55.0857 6804 MBAMProtector (6dfe7f2e8e8a337263aa5c92a215f161) C:\Windows\system32\drivers\mbam.sys 07:10:55.0872 6804 MBAMProtector - ok 07:10:55.0982 6804 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe 07:10:56.0028 6804 MBAMService - ok 07:10:56.0106 6804 MBAMSwissArmy (0db7527db188c7d967a37bb51bbf3963) C:\Windows\system32\drivers\mbamswissarmy.sys 07:10:56.0106 6804 MBAMSwissArmy - ok 07:10:56.0138 6804 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll 07:10:56.0153 6804 Mcx2Svc - ok 07:10:56.0169 6804 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys 07:10:56.0169 6804 megasas - ok 07:10:56.0231 6804 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys 07:10:56.0231 6804 MegaSR - ok 07:10:56.0262 6804 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll 07:10:56.0262 6804 MMCSS - ok 07:10:56.0278 6804 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys 07:10:56.0278 6804 Modem - ok 07:10:56.0325 6804 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys 07:10:56.0325 6804 monitor - ok 07:10:56.0340 6804 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys 07:10:56.0340 6804 mouclass - ok 07:10:56.0356 6804 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys 07:10:56.0356 6804 mouhid - ok 07:10:56.0387 6804 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys 07:10:56.0387 6804 MountMgr - ok 07:10:56.0434 6804 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys 07:10:56.0450 6804 mpio - ok 07:10:56.0481 6804 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys 07:10:56.0481 6804 mpsdrv - ok 07:10:56.0559 6804 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys 07:10:56.0559 6804 Mraid35x - ok 07:10:56.0606 6804 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys 07:10:56.0606 6804 MRxDAV - ok 07:10:56.0621 6804 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys 07:10:56.0621 6804 mrxsmb - ok 07:10:56.0668 6804 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys 07:10:56.0684 6804 mrxsmb10 - ok 07:10:56.0715 6804 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys 07:10:56.0715 6804 mrxsmb20 - ok 07:10:56.0762 6804 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys 07:10:56.0762 6804 msahci - ok 07:10:56.0808 6804 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys 07:10:56.0808 6804 msdsm - ok 07:10:56.0855 6804 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe 07:10:56.0855 6804 MSDTC - ok 07:10:56.0918 6804 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys 07:10:56.0918 6804 Msfs - ok 07:10:56.0949 6804 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys 07:10:56.0949 6804 msisadrv - ok 07:10:56.0996 6804 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll 07:10:57.0011 6804 MSiSCSI - ok 07:10:57.0027 6804 msiserver - ok 07:10:57.0074 6804 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys 07:10:57.0074 6804 MSKSSRV - ok 07:10:57.0105 6804 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys 07:10:57.0105 6804 MSPCLOCK - ok 07:10:57.0120 6804 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys 07:10:57.0120 6804 MSPQM - ok 07:10:57.0167 6804 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys 07:10:57.0183 6804 MsRPC - ok 07:10:57.0230 6804 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys 07:10:57.0230 6804 mssmbios - ok 07:10:57.0245 6804 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys 07:10:57.0245 6804 MSTEE - ok 07:10:57.0261 6804 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys 07:10:57.0261 6804 Mup - ok 07:10:57.0354 6804 MyFunCards_5mService (72f8c1568a56c7059cb1074a7e529dc6) C:\PROGRA~1\MYFUNC~2\bar\1.bin\5mbarsvc.exe 07:10:57.0354 6804 MyFunCards_5mService - ok 07:10:57.0417 6804 N360 (e78a365cc3e0fbfc018a33dce01909f8) C:\Program Files\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe 07:10:57.0432 6804 N360 - ok 07:10:57.0464 6804 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll 07:10:57.0479 6804 napagent - ok 07:10:57.0510 6804 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys 07:10:57.0510 6804 NativeWifiP - ok 07:10:57.0807 6804 NAVENG (f11033730b38260b6892e837c457fb4b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120803.020\NAVENG.SYS 07:10:57.0807 6804 NAVENG - ok 07:10:57.0900 6804 NAVEX15 (4e4e7c0259d3bb97de24a636c0e06aba) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120803.020\NAVEX15.SYS 07:10:57.0947 6804 NAVEX15 - ok 07:10:58.0134 6804 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys 07:10:58.0134 6804 NDIS - ok 07:10:58.0181 6804 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys 07:10:58.0181 6804 NdisTapi - ok 07:10:58.0212 6804 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys 07:10:58.0212 6804 Ndisuio - ok 07:10:58.0259 6804 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys 07:10:58.0259 6804 NdisWan - ok 07:10:58.0275 6804 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys 07:10:58.0275 6804 NDProxy - ok 07:10:58.0306 6804 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys 07:10:58.0306 6804 NetBIOS - ok 07:10:58.0337 6804 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys 07:10:58.0337 6804 netbt - ok 07:10:58.0368 6804 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe 07:10:58.0384 6804 Netlogon - ok 07:10:58.0415 6804 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll 07:10:58.0431 6804 Netman - ok 07:10:58.0556 6804 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe 07:10:58.0571 6804 NetMsmqActivator - ok 07:10:58.0618 6804 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe 07:10:58.0618 6804 NetPipeActivator - ok 07:10:58.0680 6804 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll 07:10:58.0696 6804 netprofm - ok 07:10:58.0712 6804 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe 07:10:58.0712 6804 NetTcpActivator - ok 07:10:58.0712 6804 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe 07:10:58.0712 6804 NetTcpPortSharing - ok 07:10:58.0743 6804 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys 07:10:58.0743 6804 nfrd960 - ok 07:10:58.0774 6804 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll 07:10:58.0774 6804 NlaSvc - ok 07:10:58.0914 6804 NMIndexingService (193fa51dddd0bffded1c340f0434999a) C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe 07:10:58.0914 6804 NMIndexingService - ok 07:10:58.0992 6804 Norton PC Checkup Application Launcher - ok 07:10:59.0055 6804 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys 07:10:59.0055 6804 Npfs - ok 07:10:59.0086 6804 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll 07:10:59.0102 6804 nsi - ok 07:10:59.0117 6804 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys 07:10:59.0117 6804 nsiproxy - ok 07:10:59.0242 6804 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys 07:10:59.0289 6804 Ntfs - ok 07:10:59.0336 6804 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys 07:10:59.0336 6804 ntrigdigi - ok 07:10:59.0367 6804 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys 07:10:59.0367 6804 Null - ok 07:10:59.0429 6804 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys 07:10:59.0429 6804 nvraid - ok 07:10:59.0445 6804 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys 07:10:59.0445 6804 nvstor - ok 07:10:59.0492 6804 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys 07:10:59.0492 6804 nv_agp - ok 07:10:59.0554 6804 OA001Ufd (2cf21d5f8f1b74bb1922135ac2b12ddb) C:\Windows\system32\DRIVERS\OA001Ufd.sys 07:10:59.0570 6804 OA001Ufd - ok 07:10:59.0616 6804 OA001Vid (4075063d25af9da64101769854b83787) C:\Windows\system32\DRIVERS\OA001Vid.sys 07:10:59.0616 6804 OA001Vid - ok 07:10:59.0726 6804 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE 07:10:59.0741 6804 odserv - ok 07:10:59.0772 6804 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys 07:10:59.0772 6804 ohci1394 - ok 07:10:59.0819 6804 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE 07:10:59.0835 6804 ose - ok 07:10:59.0897 6804 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll 07:10:59.0913 6804 p2pimsvc - ok 07:10:59.0928 6804 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll 07:10:59.0928 6804 p2psvc - ok 07:10:59.0960 6804 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys 07:10:59.0960 6804 Parport - ok 07:10:59.0991 6804 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys 07:10:59.0991 6804 partmgr - ok 07:11:00.0006 6804 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys 07:11:00.0006 6804 Parvdm - ok 07:11:00.0038 6804 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll 07:11:00.0038 6804 PcaSvc - ok 07:11:00.0147 6804 PCCUJobMgr (2f86be1818c2d7ac90478e3323ee7fcb) C:\Program Files\Norton PC Checkup\Engine\2.0.12.27\ccSvcHst.exe 07:11:00.0147 6804 PCCUJobMgr - ok 07:11:00.0303 6804 PCD5SRVC{3F6A8B78-EC003E00-05040104} (42ede7d217325ff56cb8a9983cd7f73b) C:\PROGRA~1\DELLSU~1\HWDiag\bin\PCD5SRVC.pkms 07:11:00.0381 6804 PCD5SRVC{3F6A8B78-EC003E00-05040104} - ok 07:11:00.0412 6804 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys 07:11:00.0412 6804 pci - ok 07:11:00.0443 6804 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys 07:11:00.0443 6804 pciide - ok 07:11:00.0474 6804 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys 07:11:00.0474 6804 pcmcia - ok 07:11:00.0537 6804 PCPitstop Scheduling (9c6ae415ec245d7ec696ffd915b41573) C:\Program Files\PCPitstop\PCPitstopScheduleService.exe 07:11:00.0537 6804 PCPitstop Scheduling - ok 07:11:00.0615 6804 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys 07:11:00.0646 6804 PEAUTH - ok 07:11:00.0818 6804 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll 07:11:00.0864 6804 pla - ok 07:11:00.0958 6804 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll 07:11:00.0974 6804 PlugPlay - ok 07:11:01.0036 6804 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll 07:11:01.0036 6804 PNRPAutoReg - ok 07:11:01.0052 6804 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll 07:11:01.0052 6804 PNRPsvc - ok 07:11:01.0098 6804 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll 07:11:01.0114 6804 PolicyAgent - ok 07:11:01.0161 6804 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys 07:11:01.0176 6804 PptpMiniport - ok 07:11:01.0223 6804 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys 07:11:01.0223 6804 Processor - ok 07:11:01.0254 6804 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll 07:11:01.0270 6804 ProfSvc - ok 07:11:01.0317 6804 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe 07:11:01.0317 6804 ProtectedStorage - ok 07:11:01.0364 6804 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys 07:11:01.0364 6804 PSched - ok 07:11:01.0395 6804 PTDMBus (c23d7e6cfdfbdf0139a9315655315fc7) C:\Windows\system32\DRIVERS\PTDMBus.sys 07:11:01.0395 6804 PTDMBus - ok 07:11:01.0442 6804 PTDMMdm (182ed48f0f876e10ed2398fa4cf8e385) C:\Windows\system32\DRIVERS\PTDMMdm.sys 07:11:01.0442 6804 PTDMMdm - ok 07:11:01.0473 6804 PTDMVsp (0f13e2f9c746fa53a0292f6a9b7a34d4) C:\Windows\system32\DRIVERS\PTDMVsp.sys 07:11:01.0473 6804 PTDMVsp - ok 07:11:01.0504 6804 PTDMWFLT (cd358e58e865989667ff3af59a546ece) C:\Windows\system32\DRIVERS\PTDMWFLT.sys 07:11:01.0504 6804 PTDMWFLT - ok 07:11:01.0520 6804 PTDMWWAN (3e1793aea177a1192495d21ff09512bb) C:\Windows\system32\DRIVERS\PTDMWWAN.sys 07:11:01.0520 6804 PTDMWWAN - ok 07:11:01.0629 6804 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys 07:11:01.0644 6804 ql2300 - ok 07:11:01.0691 6804 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys 07:11:01.0707 6804 ql40xx - ok 07:11:01.0738 6804 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll 07:11:01.0754 6804 QWAVE - ok 07:11:01.0769 6804 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys 07:11:01.0769 6804 QWAVEdrv - ok 07:11:01.0785 6804 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys 07:11:01.0785 6804 RasAcd - ok 07:11:01.0847 6804 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll 07:11:01.0847 6804 RasAuto - ok 07:11:01.0863 6804 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys 07:11:01.0878 6804 Rasl2tp - ok 07:11:01.0972 6804 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll 07:11:01.0972 6804 RasMan - ok 07:11:02.0003 6804 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys 07:11:02.0003 6804 RasPppoe - ok 07:11:02.0034 6804 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys 07:11:02.0034 6804 RasSstp - ok 07:11:02.0066 6804 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys 07:11:02.0081 6804 rdbss - ok 07:11:02.0112 6804 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys 07:11:02.0112 6804 RDPCDD - ok 07:11:02.0159 6804 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys 07:11:02.0175 6804 rdpdr - ok 07:11:02.0206 6804 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys 07:11:02.0206 6804 RDPENCDD - ok 07:11:02.0237 6804 RDPWD (79c6df8477250f5c54f7c5ae1d6b814e) C:\Windows\system32\drivers\RDPWD.sys 07:11:02.0237 6804 RDPWD - ok 07:11:02.0315 6804 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll 07:11:02.0315 6804 RemoteAccess - ok 07:11:02.0346 6804 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll 07:11:02.0362 6804 RemoteRegistry - ok 07:11:02.0393 6804 rimmptsk (ea885e7a56f1be1f14c372337c42fe48) C:\Windows\system32\DRIVERS\rimmptsk.sys 07:11:02.0393 6804 rimmptsk - ok 07:11:02.0409 6804 rimsptsk (d7e09bc852684a7b1fc0f74fe090d45a) C:\Windows\system32\DRIVERS\rimsptsk.sys 07:11:02.0409 6804 rimsptsk - ok 07:11:02.0424 6804 rismxdp (b0a7494a9ba7909efac64e05d3f160db) C:\Windows\system32\DRIVERS\rixdptsk.sys 07:11:02.0424 6804 rismxdp - ok 07:11:02.0440 6804 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe 07:11:02.0440 6804 RpcLocator - ok 07:11:02.0502 6804 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll 07:11:02.0518 6804 RpcSs - ok 07:11:02.0534 6804 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys 07:11:02.0549 6804 rspndr - ok 07:11:02.0580 6804 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe 07:11:02.0580 6804 SamSs - ok 07:11:02.0627 6804 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 07:11:02.0627 6804 SASDIFSV - ok 07:11:02.0658 6804 SASENUM (7ce61c25c159f50f9eaf6d77fc83fa35) C:\Program Files\SUPERAntiSpyware\SASENUM.SYS 07:11:02.0658 6804 SASENUM - ok 07:11:02.0674 6804 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys 07:11:02.0674 6804 SASKUTIL - ok 07:11:02.0705 6804 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys 07:11:02.0705 6804 sbp2port - ok 07:11:02.0736 6804 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll 07:11:02.0752 6804 SCardSvr - ok 07:11:02.0814 6804 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll 07:11:02.0830 6804 Schedule - ok 07:11:02.0861 6804 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll 07:11:02.0861 6804 SCPolicySvc - ok 07:11:02.0892 6804 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys 07:11:02.0892 6804 sdbus - ok 07:11:02.0924 6804 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll 07:11:02.0924 6804 SDRSVC - ok 07:11:02.0955 6804 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys 07:11:02.0955 6804 secdrv - ok 07:11:02.0986 6804 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll 07:11:02.0986 6804 seclogon - ok 07:11:03.0002 6804 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll 07:11:03.0002 6804 SENS - ok 07:11:03.0017 6804 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys 07:11:03.0017 6804 Serenum - ok 07:11:03.0048 6804 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys 07:11:03.0048 6804 Serial - ok 07:11:03.0080 6804 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys 07:11:03.0080 6804 sermouse - ok 07:11:03.0142 6804 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll 07:11:03.0142 6804 SessionEnv - ok 07:11:03.0173 6804 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys 07:11:03.0173 6804 sffdisk - ok 07:11:03.0189 6804 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys 07:11:03.0189 6804 sffp_mmc - ok 07:11:03.0189 6804 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys 07:11:03.0204 6804 sffp_sd - ok 07:11:03.0236 6804 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys 07:11:03.0236 6804 sfloppy - ok 07:11:03.0329 6804 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll 07:11:03.0345 6804 ShellHWDetection - ok 07:11:03.0376 6804 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys 07:11:03.0392 6804 sisagp - ok 07:11:03.0501 6804 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys 07:11:03.0516 6804 SiSRaid2 - ok 07:11:03.0704 6804 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys 07:11:03.0735 6804 SiSRaid4 - ok 07:11:04.0140 6804 SkypeUpdate (ddaa5f4a6b958fc313ebd02dd925752f) C:\Program Files\Skype\Updater\Updater.exe 07:11:04.0234 6804 SkypeUpdate - ok 07:11:04.0858 6804 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe 07:11:04.0952 6804 slsvc - ok 07:11:05.0076 6804 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll 07:11:05.0076 6804 SLUINotify - ok 07:11:05.0154 6804 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys 07:11:05.0154 6804 Smb - ok 07:11:05.0186 6804 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe 07:11:05.0186 6804 SNMPTRAP - ok 07:11:05.0264 6804 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys 07:11:05.0264 6804 spldr - ok 07:11:05.0295 6804 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe 07:11:05.0310 6804 Spooler - ok 07:11:05.0435 6804 sprtsvc_ddoctorv2 (c3716ec0d36ad924b6888d794563e647) C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe 07:11:05.0435 6804 sprtsvc_ddoctorv2 - ok 07:11:05.0544 6804 sprtsvc_DellSupportCenter (777115c9cc675bd98127660712d2f784) C:\Program Files\Dell Support Center\bin\sprtsvc.exe 07:11:05.0544 6804 sprtsvc_DellSupportCenter - ok 07:11:05.0669 6804 SpyHunter 4 Service (f9ec94e35f5019a8e82665e1ef4b4d02) C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE 07:11:05.0732 6804 SpyHunter 4 Service - ok 07:11:05.0919 6804 SRTSP (83726cf02eced69138948083e06b6eac) C:\Windows\System32\Drivers\N360\0502020.003\SRTSP.SYS 07:11:05.0934 6804 SRTSP - ok 07:11:05.0981 6804 SRTSPX (4e7eab2e5615d39cf1f1df9c71e5e225) C:\Windows\system32\drivers\N360\0502020.003\SRTSPX.SYS 07:11:05.0981 6804 SRTSPX - ok 07:11:06.0106 6804 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys 07:11:06.0122 6804 srv - ok 07:11:06.0153 6804 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys 07:11:06.0153 6804 srv2 - ok 07:11:06.0168 6804 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys 07:11:06.0184 6804 srvnet - ok 07:11:06.0246 6804 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll 07:11:06.0262 6804 SSDPSRV - ok 07:11:06.0309 6804 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll 07:11:06.0324 6804 SstpSvc - ok 07:11:06.0480 6804 STacSV (ddeb942850278d67edc108d57f774bf8) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\STacSV.exe 07:11:06.0496 6804 STacSV - ok 07:11:06.0558 6804 STHDA (c4be9c3af8af6f2e4cdd22fcabf77a1b) C:\Windows\system32\DRIVERS\stwrt.sys 07:11:06.0574 6804 STHDA - ok 07:11:06.0683 6804 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll 07:11:06.0699 6804 stisvc - ok 07:11:06.0730 6804 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys 07:11:06.0730 6804 swenum - ok 07:11:06.0777 6804 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll 07:11:06.0792 6804 swprv - ok 07:11:06.0808 6804 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys 07:11:06.0808 6804 Symc8xx - ok 07:11:06.0902 6804 SymDS (9bbeb8c6258e72d62e7560e6667aad39) C:\Windows\system32\drivers\N360\0502020.003\SYMDS.SYS 07:11:06.0917 6804 SymDS - ok 07:11:06.0980 6804 SymEFA (d5c02629c02a820a7e71bca3d44294a3) C:\Windows\system32\drivers\N360\0502020.003\SYMEFA.SYS 07:11:06.0995 6804 SymEFA - ok 07:11:07.0058 6804 SymEvent (ab33c3b196197ca467cbdda717860dba) C:\Windows\system32\Drivers\SYMEVENT.SYS 07:11:07.0073 6804 SymEvent - ok 07:11:07.0198 6804 SymIRON (a73399804d5d4a8b20ba60fcf70c9f1f) C:\Windows\system32\drivers\N360\0502020.003\Ironx86.SYS 07:11:07.0198 6804 SymIRON - ok 07:11:07.0245 6804 SYMTDIv (d42a7229e333af725f1445f785e4658d) C:\Windows\System32\Drivers\N360\0502020.003\SYMTDIV.SYS 07:11:07.0307 6804 SYMTDIv - ok 07:11:07.0354 6804 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys 07:11:07.0370 6804 Sym_hi - ok 07:11:07.0385 6804 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys 07:11:07.0385 6804 Sym_u3 - ok 07:11:07.0463 6804 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll 07:11:07.0479 6804 SysMain - ok 07:11:07.0541 6804 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll 07:11:07.0541 6804 TabletInputService - ok 07:11:07.0588 6804 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll 07:11:07.0604 6804 TapiSrv - ok 07:11:07.0682 6804 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll 07:11:07.0682 6804 TBS - ok 07:11:07.0760 6804 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys 07:11:07.0775 6804 Tcpip - ok 07:11:07.0791 6804 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys 07:11:07.0806 6804 Tcpip6 - ok 07:11:07.0822 6804 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys 07:11:07.0822 6804 tcpipreg - ok 07:11:07.0853 6804 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys 07:11:07.0853 6804 TDPIPE - ok 07:11:07.0869 6804 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys 07:11:07.0869 6804 TDTCP - ok 07:11:07.0916 6804 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys 07:11:07.0916 6804 tdx - ok 07:11:07.0947 6804 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys 07:11:07.0947 6804 TermDD - ok 07:11:08.0009 6804 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll 07:11:08.0025 6804 TermService - ok 07:11:08.0056 6804 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll 07:11:08.0072 6804 Themes - ok 07:11:08.0103 6804 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll 07:11:08.0103 6804 THREADORDER - ok 07:11:08.0134 6804 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll 07:11:08.0134 6804 TrkWks - ok 07:11:08.0196 6804 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe 07:11:08.0196 6804 TrustedInstaller - ok 07:11:08.0274 6804 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys 07:11:08.0274 6804 tssecsrv - ok 07:11:08.0290 6804 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys 07:11:08.0290 6804 tunmp - ok 07:11:08.0337 6804 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys 07:11:08.0337 6804 tunnel - ok 07:11:08.0368 6804 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys 07:11:08.0368 6804 uagp35 - ok 07:11:08.0399 6804 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys 07:11:08.0399 6804 udfs - ok 07:11:08.0446 6804 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe 07:11:08.0446 6804 UI0Detect - ok 07:11:08.0493 6804 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys 07:11:08.0493 6804 uliagpkx - ok 07:11:08.0524 6804 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys 07:11:08.0524 6804 uliahci - ok 07:11:08.0555 6804 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys 07:11:08.0555 6804 UlSata - ok 07:11:08.0571 6804 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys 07:11:08.0571 6804 ulsata2 - ok 07:11:08.0602 6804 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys 07:11:08.0602 6804 umbus - ok 07:11:08.0618 6804 Scan interrupted by user! 07:11:08.0618 6804 Scan interrupted by user! 07:11:08.0618 6804 Scan interrupted by user! 07:11:08.0618 6804 ============================================================ 07:11:08.0618 6804 Scan finished 07:11:08.0618 6804 ============================================================ 07:11:08.0618 5784 Detected object count: 0 07:11:08.0618 5784 Actual detected object count: 0 07:11:14.0592 7976 ============================================================ 07:11:14.0592 7976 Scan started 07:11:14.0592 7976 Mode: Manual; SigCheck; TDLFS; 07:11:14.0592 7976 ============================================================ 07:11:14.0826 7976 45083044 - ok 07:11:14.0873 7976 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys 07:11:15.0029 7976 ACPI - ok 07:11:15.0076 7976 AdobeFlashPlayerUpdateSvc (6c40d5ed8951ab7b90d08af655224ee4) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe 07:11:15.0092 7976 AdobeFlashPlayerUpdateSvc - ok 07:11:15.0138 7976 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys 07:11:15.0154 7976 adp94xx - ok 07:11:15.0201 7976 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys 07:11:15.0216 7976 adpahci - ok 07:11:15.0248 7976 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys 07:11:15.0263 7976 adpu160m - ok 07:11:15.0294 7976 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys 07:11:15.0310 7976 adpu320 - ok 07:11:15.0341 7976 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll 07:11:15.0575 7976 AeLookupSvc - ok 07:11:15.0669 7976 AESTFilters (827dbc22c96eecf6d36a13162fabafd3) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\aestsrv.exe 07:11:15.0762 7976 AESTFilters - ok 07:11:15.0809 7976 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys 07:11:15.0887 7976 AFD - ok 07:11:15.0903 7976 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys 07:11:15.0918 7976 agp440 - ok 07:11:15.0965 7976 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys 07:11:15.0981 7976 aic78xx - ok 07:11:15.0996 7976 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe 07:11:16.0121 7976 ALG - ok 07:11:16.0137 7976 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys 07:11:16.0152 7976 aliide - ok 07:11:16.0168 7976 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys 07:11:16.0184 7976 amdagp - ok 07:11:16.0199 7976 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys 07:11:16.0215 7976 amdide - ok 07:11:16.0230 7976 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys 07:11:16.0308 7976 AmdK7 - ok 07:11:16.0324 7976 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys 07:11:16.0402 7976 AmdK8 - ok 07:11:16.0433 7976 apf001 (7b4beb577c5d0171f9b66f390ec29284) C:\Windows\system32\apf001.sys 07:11:16.0511 7976 apf001 - ok 07:11:16.0527 7976 apf003 - ok 07:11:16.0542 7976 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll 07:11:16.0636 7976 Appinfo - ok 07:11:16.0730 7976 Apple Mobile Device (20f6f19fe9e753f2780dc2fa083ad597) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 07:11:16.0730 7976 Apple Mobile Device - ok 07:11:16.0792 7976 Application Updater (f4c5530d92fa7f9a41c19edfc4c51bd4) C:\Program Files\Application Updater\ApplicationUpdater.exe 07:11:16.0823 7976 Application Updater - ok 07:11:16.0870 7976 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys 07:11:16.0886 7976 arc - ok 07:11:16.0901 7976 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys 07:11:16.0917 7976 arcsas - ok 07:11:17.0057 7976 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe 07:11:17.0073 7976 aspnet_state - ok 07:11:17.0104 7976 aswFsBlk (861cb512e4e850e87dd2316f88d69330) C:\Windows\system32\drivers\aswFsBlk.sys 07:11:17.0120 7976 aswFsBlk - ok 07:11:17.0135 7976 aswMonFlt (ff83c93aeee8b0cf4b464ca667a67acd) C:\Windows\system32\drivers\aswMonFlt.sys 07:11:17.0151 7976 aswMonFlt - ok 07:11:17.0182 7976 aswRdr (8db043bf96bb6d334e5b4888e709e1c7) C:\Windows\system32\drivers\aswRdr.sys 07:11:17.0182 7976 aswRdr - ok 07:11:17.0260 7976 aswSnx (17230708a2028cd995656df455f2e303) C:\Windows\system32\drivers\aswSnx.sys 07:11:17.0276 7976 aswSnx - ok 07:11:17.0338 7976 aswSP (dbedd9d43b00630966ef05d2d8d04cee) C:\Windows\system32\drivers\aswSP.sys 07:11:17.0354 7976 aswSP - ok 07:11:17.0400 7976 aswTdi (984cfce2168286c2511695c2f9621475) C:\Windows\system32\drivers\aswTdi.sys 07:11:17.0416 7976 aswTdi - ok 07:11:17.0447 7976 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys 07:11:17.0510 7976 AsyncMac - ok 07:11:17.0541 7976 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys 07:11:17.0556 7976 atapi - ok 07:11:17.0603 7976 atksgt (3c4b9850a2631c2263507400d029057b) C:\Windows\system32\DRIVERS\atksgt.sys 07:11:17.0619 7976 atksgt - ok 07:11:17.0759 7976 ATService (f0da6cc98afbf6f4f65dbcadbd91bc7c) C:\Program Files\Fingerprint Sensor\AtService.exe 07:11:17.0822 7976 ATService - ok 07:11:17.0962 7976 ATSwpWDF (40e3212da94acf9e120c30acebc6ea80) C:\Windows\system32\Drivers\ATSwpWDF.sys 07:11:17.0978 7976 ATSwpWDF - ok 07:11:18.0040 7976 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll 07:11:18.0102 7976 AudioEndpointBuilder - ok 07:11:18.0102 7976 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll 07:11:18.0134 7976 Audiosrv - ok 07:11:18.0227 7976 avast! Antivirus (d16c826f375a44802bf317982e81a7e2) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe 07:11:18.0243 7976 avast! Antivirus - ok 07:11:18.0586 7976 AVGIDSAgent (d67719bcfde5798f5c30d14efed3bcaf) C:\Program Files\AVG\AVG2012\avgidsagent.exe 07:11:18.0836 7976 AVGIDSAgent - ok 07:11:18.0960 7976 AVGIDSDriver (1074f787080068c71303b61fae7e7ca4) C:\Windows\system32\DRIVERS\avgidsdriverx.sys 07:11:18.0976 7976 AVGIDSDriver - ok 07:11:19.0007 7976 AVGIDSFilter (61a7e0b02f82cff3db2445bbe50b3589) C:\Windows\system32\DRIVERS\avgidsfilterx.sys 07:11:19.0023 7976 AVGIDSFilter - ok 07:11:19.0054 7976 AVGIDSHX (d63d83659eedf60b3a3e620281a888e5) C:\Windows\system32\DRIVERS\avgidshx.sys 07:11:19.0070 7976 AVGIDSHX - ok 07:11:19.0101 7976 AVGIDSShim (baf975b72062f53d327788e99d64197e) C:\Windows\system32\DRIVERS\avgidsshimx.sys 07:11:19.0116 7976 AVGIDSShim - ok 07:11:19.0163 7976 Avgldx86 (dda6a2a18841e4c9172bb85958b8d948) C:\Windows\system32\DRIVERS\avgldx86.sys 07:11:19.0179 7976 Avgldx86 - ok 07:11:19.0210 7976 Avgmfx86 (ccdd61545aaea265977e4b1efdc74e8c) C:\Windows\system32\DRIVERS\avgmfx86.sys 07:11:19.0210 7976 Avgmfx86 - ok 07:11:19.0257 7976 Avgrkx86 (1fd90b28d2c3100bf4500199c8ad6358) C:\Windows\system32\DRIVERS\avgrkx86.sys 07:11:19.0257 7976 Avgrkx86 - ok 07:11:19.0304 7976 Avgtdix (1263f2554ace925c237a40b4c568d815) C:\Windows\system32\DRIVERS\avgtdix.sys 07:11:19.0319 7976 Avgtdix - ok 07:11:19.0350 7976 avgtp (684de9d6e62bfb177aabed3c62fdeab3) C:\Windows\system32\drivers\avgtpx86.sys 07:11:19.0366 7976 avgtp - ok 07:11:19.0553 7976 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files\AVG\AVG2012\avgwdsvc.exe 07:11:19.0569 7976 avgwd - ok 07:11:19.0584 7976 BCM42RLY (423c7b87e886ac93d22936ea82665f83) C:\Windows\system32\drivers\BCM42RLY.sys 07:11:19.0600 7976 BCM42RLY - ok 07:11:19.0694 7976 BCM43XX (41a70777e892c3dea606758366566a77) C:\Windows\system32\DRIVERS\bcmwl6.sys 07:11:19.0725 7976 BCM43XX - ok 07:11:19.0834 7976 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys 07:11:19.0912 7976 Beep - ok 07:11:19.0959 7976 Bfel2t0sui (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys 07:11:19.0974 7976 Bfel2t0sui - ok 07:11:20.0318 7976 BHDrvx86 (a9e111a358ac5f7eba7ac61e43fc6725) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120711.002\BHDrvx86.sys 07:11:20.0349 7976 BHDrvx86 - ok 07:11:20.0396 7976 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys 07:11:20.0442 7976 blbdrive - ok 07:11:20.0552 7976 Bonjour Service (1c87705ccb2f60172b0fc86b5d82f00d) C:\Program Files\Bonjour\mDNSResponder.exe 07:11:20.0567 7976 Bonjour Service - ok 07:11:20.0630 7976 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys 07:11:20.0708 7976 bowser - ok 07:11:20.0723 7976 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys 07:11:20.0770 7976 BrFiltLo - ok 07:11:20.0786 7976 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys 07:11:20.0817 7976 BrFiltUp - ok 07:11:20.0910 7976 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll 07:11:20.0973 7976 Browser - ok 07:11:20.0988 7976 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys 07:11:21.0176 7976 Brserid - ok 07:11:21.0207 7976 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys 07:11:21.0269 7976 BrSerWdm - ok 07:11:21.0285 7976 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
  18. Norton Securit Suite alerted me to the Zeroaccess!inf trojan that it was trying to block, but failed. Since then, I've been hit with other rootkits, trojans, malware, spyware, trackware, etc. I can't boot up my computer normally, so I am stuck in Safe Mode with Networking. The attach file option is disabled for me, so I'll have to paste them. Sorry. . DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31 Run by sheila at 0:54:37 on 2012-08-05 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3573.2543 [GMT -4:00] . AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalService C:\Windows\Explorer.EXE C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\AVG Secure Search\vprot.exe C:\Windows\explorer.exe "C:\Windows\System32\svchost.exe" -k LocalServiceDns C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://yahoo.com/?ilc=10&fr=ydwnld-home/ uWindow Title = Windows Internet Explorer provided by Comcast mStart Page = hxxp://www.yahoo.com mDefault_Page_URL = hxxp://www.yahoo.com mWindow Title = Windows Internet Explorer provided by Comcast uInternet Settings,ProxyOverride = *.local;<local> uURLSearchHooks: IObit Toolbar: {0bda0769-fd72-49f4-9266-e1fb004f4d8f} - c:\program files\iobit toolbar\ie\5.6\iobitToolbarIE.dll uURLSearchHooks: H - No File uURLSearchHooks: N/A: {f4c28532-b9d0-4950-a2df-e83f9929242b} - c:\program files\myfuncards_5m\bar\1.bin\5mSrcAs.dll mURLSearchHooks: N/A: {f4c28532-b9d0-4950-a2df-e83f9929242b} - c:\program files\myfuncards_5m\bar\1.bin\5mSrcAs.dll mURLSearchHooks: YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll BHO: IObit Toolbar: {0bda0769-fd72-49f4-9266-e1fb004f4d8f} - c:\program files\iobit toolbar\ie\5.6\iobitToolbarIE.dll BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - c:\program files\avg\avg2012\avgdtiex.dll BHO: Messenger Plus! Community SmartbarEngine: {31ad400d-1b06-4e33-a59a-90c2c140cba0} - mscoree.dll BHO: Web Assistant: {336d0c35-8a85-403a-b9d2-65c292c39087} - c:\program files\web assistant\Extension32.dll BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton security suite\engine\5.2.2.3\coIEPlg.dll BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton security suite\engine\5.2.2.3\ips\IPSBHO.DLL BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\12.1.0.21\AVG Secure Search_toolbar.dll BHO: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll TB: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton security suite\engine\5.2.2.3\coIEPlg.dll TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll TB: Messenger Plus! Community Smartbar: {ae07101b-46d4-4a98-af68-0333ea26e113} - mscoree.dll TB: IObit Toolbar: {0bda0769-fd72-49f4-9266-e1fb004f4d8f} - c:\program files\iobit toolbar\ie\5.6\iobitToolbarIE.dll TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\12.1.0.21\AVG Secure Search_toolbar.dll TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File {e7df6bff-55a5-4eb7-a673-4ed3e9456d39} uRun: [Akamai NetSession Interface] "c:\users\sheila\appdata\local\akamai\netsession_win.exe" uRun: [Google Update] "c:\users\sheila\appdata\local\google\update\GoogleUpdate.exe" /c uRun: [iSUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup mRun: [broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe mRun: [sysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter mRun: [Anti-phishing Domain Advisor] "c:\programdata\anti-phishing domain advisor\visicom_antiphishing.exe" mRun: [AirMac Base Station Agent] "c:\program files\airmac\APAgent.exe" mRun: [MyFunCards_5m Browser Plugin Loader] c:\progra~1\myfunc~2\bar\1.bin\5mbrmon.exe mRun: [<NO NAME>] mRun: [searchSettings] "c:\program files\common files\spigot\search settings\SearchSettings.exe" mRun: [Aeria Ignite] "c:\program files\aeria games\ignite\aeriaignite.exe" silent mRun: [iSUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe" mRun: [vProt] "c:\program files\avg secure search\vprot.exe" mRun: [info Center] c:\program files\pcpitstop\info center\InfoCenter.exe mRun: [PC Pitstop PC Matic Reminder] c:\program files\pcpitstop\pc matic\Reminder-PCMatic.exe mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray StartupFolder: c:\users\sheila\appdata\roaming\micros~1\windows\startm~1\programs\startup\digsby.lnk - c:\program files\digsby\digsby.exe mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files\avg\avg2012\avgdtiex.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL LSP: mswsock.dll DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} - hxxp://utilities.pcpitstop.com/Exterminate2/pcpitstopAntiVirus.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{4AA34806-31D2-46B3-BB14-BF33709D5CA6} : DhcpNameServer = 192.168.1.1 Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\12.1.5\ViProtocol.dll Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll Notify: igfxcui - igfxdev.dll SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL . ================= FIREFOX =================== . FF - ProfilePath - c:\users\sheila\appdata\roaming\mozilla\firefox\profiles\iyyvcftz.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=protectff&ei=UTF-8&p= FF - prefs.js: browser.search.selectedEngine - AVG Secure Search FF - prefs.js: browser.startup.homepage - hxxp://yahoo.com/?ilc=10&fr=ydwnld-home FF - prefs.js: keyword.URL - hxxps://isearch.avg.com/search?cid=%7Bd45d6b46-cdab-4304-9d2e-f564c2d1295c%7D&mid=49203be05ad843ac95931df41e95a489-1a71e38da43c7be14eed47335abb07994792215d&ds=AVG&v=12.1.0.21〈=en&pr=fr&d=2012-08-04%2000%3A10%3A39&sap=ku&q= FF - component: c:\program files\microsoft\search enhancement pack\search helper\firefoxextension\searchhelperextension\components\SEPsearchhelperff.dll FF - plugin: c:\progra~1\meadco~1\npmeadax.dll FF - plugin: c:\program files\common files\avg secure search\sitesafetyinstaller\12.1.5\npsitesafety.dll FF - plugin: c:\program files\foxit software\foxit reader\plugins\npFoxitReaderPlugin.dll FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll FF - plugin: c:\users\sheila\appdata\local\google\update\1.3.21.115\npGoogleUpdate3.dll FF - plugin: c:\users\sheila\appdata\local\yahoo!\browserplus\2.9.8\plugins\npybrowserplus_2.9.8.dll FF - plugin: c:\users\sheila\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_270.dll . ---- FIREFOX POLICIES ---- . FF - user.js: browser.search.defaultEngine - yahoo FF - user.js: browser.search.defaultenginename - yahoo FF - user.js: browser.search.selectedEngine - Yahoo FF - user.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=protectff&ei=UTF-8&p= FF - user.js: keyword.URL - hxxp://search.yahoo.com/search?fr=protectawe&ei=UTF-8&p= FF - user.js: browser.search.param.yahoo-fr - chrf-protectff FF - user.js: extensions.BabylonToolbar_i.newTab - false FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=109935&tt=171011_prot FF - user.js: extensions.BabylonToolbar_i.babExt - FF - user.js: extensions.BabylonToolbar_i.srcExt - ss FF - user.js: extensions.BabylonToolbar_i.id - e67b30d700000000000000225f19a80c FF - user.js: extensions.BabylonToolbar_i.hardId - e67b30d700000000000000225f19a80c FF - user.js: extensions.BabylonToolbar_i.instlDay - 15476 FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1716:38:01 FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar FF - user.js: extensions.BabylonToolbar_i.aflt - babsst FF - user.js: extensions.BabylonToolbar_i.smplGrp - none FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9 FF - user.js: extensions.BabylonToolbar_i.instlRef - sst FF - user.js: extensions.funmoods.hmpg - false FF - user.js: extensions.funmoods.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=axl&chnl=axl&cd=2XzutAtN2Y1L1QzutDtDtBtByD0FtCzy0AzztD0CtAtD0DyBtN0D0TzutBtDtCtBtDyDtByC&cr=1914641341 FF - user.js: extensions.funmoods.dfltSrch - false FF - user.js: extensions.funmoods.srchPrvdr - Search FF - user.js: extensions.funmoods.dnsErr - true FF - user.js: extensions.funmoods_i.newTab - false FF - user.js: extensions.funmoods.newTabUrl - hxxp://start.funmoods.com/?f=2&a=axl&chnl=axl&cd=2XzutAtN2Y1L1QzutDtDtBtByD0FtCzy0AzztD0CtAtD0DyBtN0D0TzutBtDtCtBtDyDtByC&cr=1914641341 FF - user.js: extensions.funmoods.tlbrSrchUrl - FF - user.js: extensions.funmoods.id - e67b30d700000000000000225f19a80c FF - user.js: extensions.funmoods.instlDay - 15486 FF - user.js: extensions.funmoods.vrsn - 1.5.23.22 FF - user.js: extensions.funmoods.vrsni - 1.5.23.22 FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.23.2218:37:9 FF - user.js: extensions.funmoods.prtnrId - funmoods FF - user.js: extensions.funmoods.prdct - funmoods FF - user.js: extensions.funmoods.aflt - axl FF - user.js: extensions.funmoods_i.smplGrp - none FF - user.js: extensions.funmoods.tlbrId - base FF - user.js: extensions.funmoods.instlRef - axl FF - user.js: extensions.funmoods.dfltLng - FF - user.js: extensions.funmoods.excTlbr - false FF - user.js: extensions.funmoods.autoRvrt - false FF - user.js: extensions.funmoods.envrmnt - production FF - user.js: extensions.funmoods.isdcmntcmplt - true FF - user.js: extensions.funmoods.mntrvrsn - 1.3.0 FF - user.js: extensions.incredibar_i.newTab - false FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6PQABM6TI6&loc=IB_TB&i=26&search= FF - user.js: extensions.incredibar_i.id - e67b30d700000000000000225f19a80c FF - user.js: extensions.incredibar_i.instlDay - 15507 FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14 FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14 FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1423:05:08 FF - user.js: extensions.incredibar_i.prtnrId - Incredibar FF - user.js: extensions.incredibar_i.prdct - incredibar FF - user.js: extensions.incredibar_i.aflt - orgnl FF - user.js: extensions.incredibar_i.smplGrp - none FF - user.js: extensions.incredibar_i.tlbrId - base FF - user.js: extensions.incredibar_i.instlRef - FF - user.js: extensions.incredibar_i.dfltLng - FF - user.js: extensions.incredibar_i.excTlbr - false FF - user.js: extensions.incredibar_i.ms_url_id - FF - user.js: extensions.incredibar_i.upn2 - 6PQABM6TI6 FF - user.js: extensions.incredibar_i.upn2n - 92543068038237882 FF - user.js: extensions.incredibar_i.productid - 26 FF - user.js: extensions.incredibar_i.installerproductid - 26 FF - user.js: extensions.incredibar_i.did - 10665 FF - user.js: extensions.incredibar_i.ppd - . FF - user.js: extentions.y2layers.installId - 86beee56-1272-479b-8b52-ed5a005d92bf FF - user.js: extentions.y2layers.defaultEnableAppsList - pagerage,ezLooker,buzzdock,toprelatedtopics,twittube . FF - user.js: extensions.autoDisableScopes - 14 user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0); ============= SERVICES / DRIVERS =============== . R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 24896] R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-1-31 31952] R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0502020.003\symds.sys [2012-7-16 340088] R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0502020.003\symefa.sys [2012-7-16 744568] R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-3-19 301248] R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2012-8-4 27496] R3 itecir;ITECIR Infrared Receiver;c:\windows\system32\drivers\itecir.sys [2010-3-8 62496] R3 k57nd60x;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\k57nd60x.sys [2008-1-29 203264] S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-5-26 441176] S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-12-23 309848] S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-2-22 235216] S1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-12-23 41040] S1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\bashdefs\20120711.002\BHDrvx86.sys [2012-7-12 821920] S1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\ipsdefs\20120803.002\IDSvix86.sys [2012-8-3 382624] S1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2010-1-5 12872] S1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-1-5 67656] S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0502020.003\ironx86.sys [2012-7-16 136312] S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\n360\0502020.003\symtdiv.sys [2012-7-16 331384] S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_f6ef8056\AEstSrv.exe [2011-9-6 81920] S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-12-23 19544] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-12-23 54104] S2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-12-23 42184] S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\avgidsagent.exe [2012-7-4 5160568] S2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2012-2-14 193288] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 dldn_device;dldn_device;c:\windows\system32\dldncoms.exe -service --> c:\windows\system32\dldncoms.exe -service [?] S2 dldnCATSCustConnectService;dldnCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\dldnserv.exe [2008-3-4 99568] S2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2010-3-31 21504] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-4-3 135664] S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-8-4 655944] S2 N360;Norton Security Suite;c:\program files\norton security suite\engine\5.2.2.3\ccsvchst.exe [2012-7-16 130008] S2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files\norton pc checkup\engine\2.0.12.27\SymcPCCULaunchSvc.exe [2011-9-6 135608] S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files\norton pc checkup\engine\2.0.12.27\ccSvcHst.exe [2011-9-6 126392] S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-6-7 160944] S2 SpyHunter 4 Service;SpyHunter 4 Service;c:\progra~1\enigma~1\spyhun~1\SH4SER~1.EXE [2012-7-11 763840] S2 vToolbarUpdater12.1.5;vToolbarUpdater12.1.5;c:\program files\common files\avg secure search\vtoolbarupdater\12.1.5\ToolbarUpdater.exe [2012-8-4 830048] S2 Web Assistant Updater;Web Assistant Updater;c:\program files\web assistant\extensionupdaterservice.exe --> c:\program files\web assistant\ExtensionUpdaterService.exe [?] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-6-26 250056] S3 apf001;apf001;c:\windows\system32\apf001.sys [2012-1-20 10872] S3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [2008-10-16 482176] S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 139856] S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [2011-12-23 24144] S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 17232] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-8-3 106656] S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-4-3 135664] S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-9-22 112128] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-8-4 22344] S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-8-5 40776] S3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\drivers\OA001Ufd.sys [2010-4-2 133632] S3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\drivers\OA001Vid.sys [2010-4-2 280096] S3 PCD5SRVC{3F6A8B78-EC003E00-05040104};PCD5SRVC{3F6A8B78-EC003E00-05040104} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\dellsu~1\hwdiag\bin\PCD5SRVC.pkms [2008-11-4 22904] S3 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\pcpitstop\PCPitstopScheduleService.exe [2012-8-4 77312] S3 PTDMBus;PANTECH USB Modem Composite Device Driver ;c:\windows\system32\drivers\PTDMBus.sys [2010-4-9 55056] S3 PTDMMdm;PANTECH USB Modem Drivers ;c:\windows\system32\drivers\PTDMMdm.sys [2010-4-9 160912] S3 PTDMVsp;PANTECH USB Modem Serial Port ;c:\windows\system32\drivers\PTDMVsp.sys [2010-4-9 160912] S3 PTDMWFLT;PTDMWWAN Filter Driver;c:\windows\system32\drivers\PTDMWFLT.sys [2010-4-9 13456] S3 PTDMWWAN;PANTECH USB Modem WWAN Driver;c:\windows\system32\drivers\PTDMWWAN.sys [2010-4-9 118800] S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-1-5 12872] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] S4 Application Updater;Application Updater;c:\program files\application updater\ApplicationUpdater.exe [2012-4-23 785304] S4 ATService;AuthenTec Fingerprint Service;c:\program files\fingerprint sensor\AtService.exe [2008-10-16 1668344] S4 MyFunCards_5mService;MyFunCardsService;c:\progra~1\myfunc~2\bar\1.bin\5mbarsvc.exe [2012-4-4 42528] . =============== Created Last 30 ================ . 2012-08-05 04:33:54 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2012-08-05 00:27:41 -------- d-----w- c:\program files\PCPitstop 2012-08-05 00:11:33 -------- d-----w- c:\programdata\Sophos 2012-08-05 00:10:23 73728 ----a-r- c:\users\sheila\appdata\roaming\microsoft\installer\{b829e117-d072-41ea-9606-9826a38d34c1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe 2012-08-05 00:10:22 73728 ----a-r- c:\users\sheila\appdata\roaming\microsoft\installer\{b829e117-d072-41ea-9606-9826a38d34c1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe 2012-08-05 00:10:22 73728 ----a-r- c:\users\sheila\appdata\roaming\microsoft\installer\{b829e117-d072-41ea-9606-9826a38d34c1}\ARPPRODUCTICON.exe 2012-08-05 00:09:58 -------- d-----w- c:\program files\Sophos 2012-08-04 23:47:47 -------- d-----w- c:\users\sheila\appdata\roaming\Malwarebytes 2012-08-04 23:47:40 -------- d-----w- c:\programdata\Malwarebytes 2012-08-04 23:47:38 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-08-04 23:47:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-08-04 12:03:14 -------- d-----w- C:\TDSSKiller_Quarantine 2012-08-04 08:57:31 110080 ----a-r- c:\users\sheila\appdata\roaming\microsoft\installer\{cc1f6da0-21d2-425a-b1b6-5b164a598450}\IconF7A21AF7.exe 2012-08-04 08:57:31 110080 ----a-r- c:\users\sheila\appdata\roaming\microsoft\installer\{cc1f6da0-21d2-425a-b1b6-5b164a598450}\IconD7F16134.exe 2012-08-04 08:57:31 110080 ----a-r- c:\users\sheila\appdata\roaming\microsoft\installer\{cc1f6da0-21d2-425a-b1b6-5b164a598450}\IconCF33A0CE.exe 2012-08-04 08:57:26 -------- d-----w- C:\sh4ldr 2012-08-04 08:57:26 -------- d-----w- c:\program files\Enigma Software Group 2012-08-04 08:56:54 -------- d-----w- c:\windows\CC1F6DA021D2425AB1B65B164A598450.TMP 2012-08-04 08:51:09 73696 ----a-w- c:\program files\mozilla firefox\breakpadinjector.dll 2012-08-04 08:51:09 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll 2012-08-04 08:51:09 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll 2012-08-04 08:51:09 18912 ----a-w- c:\program files\mozilla firefox\AccessibleMarshal.dll 2012-08-04 08:51:09 118240 ----a-w- c:\program files\mozilla firefox\crashreporter.exe 2012-08-04 08:51:08 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll 2012-08-04 05:28:02 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2012-08-04 05:28:02 278528 ----a-w- c:\windows\system32\schannel.dll 2012-08-04 05:28:02 204288 ----a-w- c:\windows\system32\ncrypt.dll 2012-08-04 04:32:03 -------- d-----w- c:\users\sheila\appdata\roaming\AVG2012 2012-08-04 04:10:30 27496 ----a-w- c:\windows\system32\drivers\avgtpx86.sys 2012-08-04 04:09:29 -------- d-----w- c:\program files\AVG Secure Search 2012-08-04 04:04:37 -------- d-----w- c:\windows\system32\drivers\AVG 2012-08-04 03:41:43 2422272 ----a-w- c:\windows\system32\wucltux.dll 2012-08-04 03:40:33 6891424 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{39b4c142-238b-4852-bcd4-4593264c2630}\mpengine.dll 2012-08-04 03:40:33 33792 ----a-w- c:\windows\system32\wuapp.exe 2012-08-04 03:40:33 171904 ----a-w- c:\windows\system32\wuwebv.dll 2012-08-04 02:36:49 -------- d-----w- c:\programdata\DriverGenius 2012-08-04 02:36:14 -------- d-----w- c:\program files\Driver-Soft 2012-08-03 08:22:11 -------- d-----w- c:\windows\system32\wbem\repository 2012-08-03 08:20:33 -------- d-----w- c:\windows\Registration 2012-08-03 06:43:36 -------- d-----w- c:\users\sheila\appdata\roaming\iolo 2012-08-03 06:43:36 -------- d-----w- c:\programdata\iolo 2012-08-03 06:29:10 -------- d-----w- c:\users\sheila\appdata\roaming\Qwiklinx 2012-08-03 06:29:10 -------- d-----w- c:\program files\Qwiklinx 2012-08-03 06:28:15 -------- d-----w- c:\program files\Shop to Win 36 2012-08-03 06:28:14 -------- d-----w- c:\program files\BabylonToolbar 2012-08-03 06:28:04 -------- d-----w- c:\users\sheila\appdata\local\Wajam 2012-08-03 06:27:54 -------- d-----w- c:\users\sheila\appdata\roaming\RadarSync 2012-08-03 06:27:54 -------- d-----w- c:\program files\Wajam 2012-08-03 06:19:46 -------- d-----w- c:\program files\Driver Checker 2012-08-03 05:03:44 -------- d-----w- c:\users\sheila\appdata\local\ElevatedDiagnostics 2012-08-03 04:53:29 -------- d-----w- c:\programdata\RegAce 2012-08-03 04:53:16 -------- d-----w- c:\users\sheila\appdata\local\APN 2012-08-03 04:41:55 -------- d-----w- c:\program files\Fix RegCleaner 2012-08-01 22:48:29 -------- d-----w- c:\windows\system32\%APPDATA% 2012-07-31 21:54:39 -------- d-----w- c:\users\sheila\appdata\local\AVG Secure Search 2012-07-31 21:54:23 -------- d-----w- c:\programdata\AVG Secure Search 2012-07-31 21:54:10 -------- d-----w- c:\program files\common files\AVG Secure Search 2012-07-31 21:53:24 -------- d--h--w- C:\$AVG 2012-07-31 21:53:23 -------- d-----w- c:\programdata\AVG2012 2012-07-31 21:52:51 -------- d-----w- c:\program files\AVG 2012-07-31 21:50:58 -------- d-----w- c:\programdata\MFAData 2012-07-31 20:44:51 -------- d-----w- c:\program files\Promosoft Corporation 2012-07-31 20:36:05 -------- d-----w- c:\users\sheila\appdata\roaming\YourFileDownloader 2012-07-31 20:20:46 -------- d-----w- c:\users\sheila\appdata\roaming\SpeedyPC Software 2012-07-31 20:20:46 -------- d-----w- c:\users\sheila\appdata\roaming\DriverCure 2012-07-31 20:20:42 -------- d-----w- c:\program files\common files\SpeedyPC Software 2012-07-31 20:20:41 -------- d-----w- c:\programdata\SpeedyPC Software 2012-07-31 20:20:41 -------- d-----w- c:\program files\SpeedyPC Software 2012-07-31 09:51:40 -------- d-----w- c:\users\sheila\appdata\roaming\IObit 2012-07-31 09:44:28 -------- d-----w- c:\users\sheila\appdata\local\Promosoft Corporation 2012-07-16 19:51:23 331384 ----a-w- c:\windows\system32\drivers\n360\0502020.003\symtdiv.sys 2012-07-16 19:51:23 299640 ----a-w- c:\windows\system32\drivers\n360\0502020.003\symnets.sys 2012-07-16 19:51:22 744568 ----a-w- c:\windows\system32\drivers\n360\0502020.003\symefa.sys 2012-07-16 19:51:22 516216 ----a-w- c:\windows\system32\drivers\n360\0502020.003\srtsp.sys 2012-07-16 19:51:22 50168 ----a-w- c:\windows\system32\drivers\n360\0502020.003\srtspx.sys 2012-07-16 19:51:22 340088 ----a-w- c:\windows\system32\drivers\n360\0502020.003\symds.sys 2012-07-16 19:51:21 136312 ----a-r- c:\windows\system32\drivers\n360\0502020.003\ironx86.sys 2012-07-16 19:50:31 -------- d-----w- c:\windows\system32\drivers\n360\0502020.003 2012-07-13 11:00:08 192592 ----a-w- c:\program files\mozilla firefox\maintenanceservice_installer.exe 2012-07-13 11:00:08 114144 ----a-w- c:\program files\mozilla firefox\maintenanceservice.exe 2012-07-13 11:00:07 770384 ----a-w- c:\program files\mozilla firefox\msvcr100.dll 2012-07-13 11:00:07 421200 ----a-w- c:\program files\mozilla firefox\msvcp100.dll 2012-07-12 08:57:30 -------- d-----w- c:\program files\x86 2012-07-12 08:55:18 -------- d-----w- c:\program files\OApps 2012-07-12 08:55:15 -------- d-----w- c:\program files\TorrentSearch 2012-07-12 08:54:49 -------- d-----w- c:\users\sheila\Xoliul Shader 2012-07-12 08:54:00 -------- d-----w- c:\program files\intellidownload 2012-07-10 17:37:14 184886 ----a-w- C:\torrent.exe 2012-07-10 13:04:40 -------- d-----w- c:\users\sheila\appdata\local\Aeria Games 2012-07-10 13:03:31 -------- d-----w- c:\programdata\Aeria Games 2012-07-10 12:49:28 -------- d-sh--w- c:\windows\system32\AI_RecycleBin 2012-07-10 12:49:22 -------- d-----w- c:\program files\Aeria Games 2012-07-10 08:46:47 -------- d-----w- C:\New Folder . ==================== Find3M ==================== . 2012-08-04 07:20:21 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-08-04 07:20:21 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-05-31 16:25:14 237072 ------w- c:\windows\system32\MpSigStub.exe 2012-05-18 00:39:20 16304 ------w- c:\windows\system32\apl003.sys . ============= FINISH: 0:57:53.47 =============== Description: Microsoft 6to4 Adapter Device ID: ROOT\*6TO4MP\0005 Manufacturer: Microsoft Name: 6TO4 Adapter PNP Device ID: ROOT\*6TO4MP\0005 Service: tunnel . Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318} Description: Microsoft 6to4 Adapter Device ID: ROOT\*6TO4MP\0006 Manufacturer: Microsoft Name: 6TO4 Adapter PNP Device ID: ROOT\*6TO4MP\0006 Service: tunnel . Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318} Description: Device ID: ROOT\*6TO4MP\0009 Manufacturer: Name: PNP Device ID: ROOT\*6TO4MP\0009 Service: . Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318} Description: Microsoft ISATAP Adapter Device ID: ROOT\*ISATAP\0019 Manufacturer: Microsoft Name: isatap.{4AA34806-31D2-46B3-BB14-BF33709D5CA6} PNP Device ID: ROOT\*ISATAP\0019 Service: tunnel . Class GUID: {4d36e97d-e325-11ce-bfc1-08002be10318} Description: Consumer IR Devices Device ID: ROOT\SYSTEM\0001 Manufacturer: Microsoft Name: Consumer IR Devices PNP Device ID: ROOT\SYSTEM\0001 Service: circlass . ==== System Restore Points =================== . . ==== Installed Programs ====================== . Update for Microsoft Office 2007 (KB2508958) 7-Zip 9.20 ABBYY FineReader 6.0 Sprint Adobe AIR Adobe Download Assistant Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Shockwave Player 11.6 Advanced Audio FX Engine Aeria Ignite AirMac Akamai NetSession Interface Anti-phishing Domain Advisor Apple Application Support Apple Mobile Device Support Apple Software Update AuthenTec Fingerprint Software avast! Free Antivirus AVerMedia HC82 Express-Card Hybrid Analog AVerMedia MCE Encoder 3.2.1.62 AVG 2012 Bonjour Broadcom Gigabit NetLink Controller Cisco EAP-FAST Module Cisco LEAP Module Cisco PEAP Module Comcast High-Speed Internet Install Wizard CyberLink DVD Suite Dell 5530 Wireless Broadband Package Dell Driver Download Manager Dell Support Center (Support Software) Dell V105 Dell Video Chat Dell Webcam Central Dell Wireless WLAN Card Utility Desktop Doctor Digsby Ditto 3.17.0.17 Driver Genius Professional Edition DriverBoost EdenEternal eReg Foxit Reader 5.1 fTalk Funmoods Web Search Game Booster 3 GIMP 2.6.11 Google Chrome Google SketchUp 8 Google Update Helper Grand Fantasia Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) IDT Audio Integrated Webcam Driver (1.06.03.0309) Intel® Graphics Media Accelerator Driver Intel® TV Wizard IObit Toolbar v5.6 iPhone Configuration Utility ITECIR Driver Java Auto Updater Java 6 Update 31 JISHOP 6.1 Live! Cam Avatar Creator Logitech SetPoint 6.30 Macromedia Fireworks MX 2004 Malwarebytes Anti-Malware version 1.62.0.1300 Messenger Plus! 5 Messenger Plus! Community Smartbar Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Security Update (KB2656353) Microsoft .NET Framework 1.1 Security Update (KB2656370) Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Extended Microsoft Application Error Reporting Microsoft Default Manager Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Access MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office File Validation Add-In Microsoft Office InfoPath MUI (English) 2007 Microsoft Office Outlook Connector Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Professional Plus 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Publisher MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Silverlight Microsoft UI Engine Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 MobileMe Control Panel Mozilla Firefox 15.0 (x86 en-US) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Nero 7 Essentials neroxml Norton PC Checkup Norton Security Scan Norton Security Suite NVIDIA PhysX Paint.NET v3.5.10 Pando Media Booster PANTECH PC USB Modem Software PC Matic 1.1.0.48 PC Pitstop Exterminate2 2.0 PC Pitstop Info Center 1.0.0.13 Process Tamer 2.11.01 QuickTime RICOH Media Driver ver.2.07.01.04 RICOH R5U8xx Media Driver ver.3.62.02 SeaTools for Windows Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Security Update for Microsoft Office 2007 suites (KB2596666) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition Skype Click to Call Skype™ 5.10 Smilebox Sophos Virus Removal Tool SpyHunter SUPERAntiSpyware Free Edition swMSM System Requirements Lab for Intel Unity Web Player Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Extended (KB2533523) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2598306) 32-Bit Edition Update for Microsoft Office Access 2007 Help (KB963663) Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office Infopath 2007 Help (KB963662) Update for Microsoft Office Outlook 2007 Help (KB963677) Update for Microsoft Office Powerpoint 2007 Help (KB963669) Update for Microsoft Office Publisher 2007 Help (KB963667) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Word 2007 Help (KB963665) VideoFileDownload Web Assistant 2.0.0.460 Windows Driver Package - AuthenTec Inc. (ATSwpWDF) Biometric (10/02/2008 8.1.2.37) Windows Driver Package - ITE Tech.Inc. (itecir) HIDClass (12/18/2007 5.0.0004.6) Windows Live Mesh ActiveX Control for Remote Connections WinRAR 4.00 (32-bit) Wizard101 Yahoo! BrowserPlus 2.9.8 Yahoo! Messenger Yahoo! Software Update Yahoo! Toolbar Yontoo 1.10.02 . ==== Event Viewer Messages From Past Week ======== . 8/5/2012 12:32:10 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service SkypeUpdate with arguments "/ComService" in order to run the server: {CC957078-B838-47C4-A7CF-626E7A82FC58} 8/5/2012 12:31:15 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 8/5/2012 12:31:05 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: 8/5/2012 12:31:05 AM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed. 8/5/2012 12:31:05 AM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed. 8/5/2012 12:31:05 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start. 8/5/2012 12:30:57 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF} 8/5/2012 12:30:48 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 8/5/2012 12:30:20 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} 8/5/2012 12:29:53 AM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\bcmihvsrv.dll Error Code: 21 8/5/2012 12:29:05 AM, Error: EventLog [6008] - The previous system shutdown at 12:27:10 AM on 8/5/2012 was unexpected. 8/5/2012 12:16:48 AM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service. 8/5/2012 12:16:48 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the dldnCATSCustConnectService service to connect. 8/5/2012 12:16:48 AM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. 8/5/2012 12:16:48 AM, Error: Service Control Manager [7000] - The dldnCATSCustConnectService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 8/4/2012 9:14:49 AM, Error: EventLog [6008] - The previous system shutdown at 9:12:37 AM on 8/4/2012 was unexpected. 8/4/2012 9:09:27 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: aswSnx aswSP aswTdi Avgldx86 Avgmfx86 BHDrvx86 eeCtrl IDSVix86 SASDIFSV SASKUTIL spldr SRTSPX SymIRON SYMTDIv Wanarpv6 8/4/2012 9:07:37 AM, Error: EventLog [6008] - The previous system shutdown at 9:04:13 AM on 8/4/2012 was unexpected. 8/4/2012 8:27:07 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 8/4/2012 5:06:52 AM, Error: EventLog [6008] - The previous system shutdown at 5:05:10 AM on 8/4/2012 was unexpected. 8/4/2012 5:01:09 AM, Error: EventLog [6008] - The previous system shutdown at 4:59:15 AM on 8/4/2012 was unexpected. 8/4/2012 4:45:14 AM, Error: EventLog [6008] - The previous system shutdown at 4:42:50 AM on 8/4/2012 was unexpected. 8/4/2012 2:59:00 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334} 8/4/2012 2:54:18 AM, Error: EventLog [6008] - The previous system shutdown at 2:52:55 AM on 8/4/2012 was unexpected. 8/4/2012 2:44:26 AM, Error: Service Control Manager [7043] - The AVGIDSAgent service did not shut down properly after receiving a preshutdown control. 8/4/2012 2:43:53 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the avgwd service. 8/4/2012 2:43:16 AM, Error: Service Control Manager [7023] - 8/4/2012 2:38:43 AM, Error: EventLog [6008] - The previous system shutdown at 2:35:32 AM on 8/4/2012 was unexpected. 8/4/2012 2:30:32 AM, Error: EventLog [6008] - The previous system shutdown at 2:24:16 AM on 8/4/2012 was unexpected. 8/4/2012 2:04:51 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070020: Security Update for Microsoft .NET Framework 3.0 SP2 on Windows Vista SP2 and Windows Server 2008 SP2 x86 (KB2656409). 8/4/2012 2:04:39 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB2656409 (Security Update) into Staging(Staging) state 8/4/2012 2:04:39 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB2656409 (Security Update) into Resolved(Resolved) state 8/4/2012 10:01:48 PM, Error: Service Control Manager [7034] - The Application Information service terminated unexpectedly. It has done this 1 time(s). 8/4/2012 10:01:48 PM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 8/4/2012 10:01:48 PM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 8/4/2012 10:01:48 PM, Error: Service Control Manager [7031] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 8/3/2012 9:38:26 AM, Error: EventLog [6008] - The previous system shutdown at 9:35:42 AM on 8/3/2012 was unexpected. 8/3/2012 9:33:08 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Font Cache Service service to connect. 8/3/2012 9:33:08 AM, Error: Service Control Manager [7000] - The Windows Font Cache Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 8/3/2012 9:28:41 AM, Error: EventLog [6008] - The previous system shutdown at 9:26:27 AM on 8/3/2012 was unexpected. 8/3/2012 9:01:35 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: aswSnx aswSP aswTdi BHDrvx86 eeCtrl IDSVix86 SASDIFSV SASKUTIL spldr SRTSPX SymIRON SYMTDIv Wanarpv6 8/3/2012 8:59:30 PM, Error: EventLog [6008] - The previous system shutdown at 8:57:28 PM on 8/3/2012 was unexpected. 8/3/2012 6:52:03 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wcncsvc with arguments "" in order to run the server: {375FF000-DD27-11D9-8F9C-0002B3988E81} 8/3/2012 6:52:03 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F} 8/3/2012 6:34:05 AM, Error: EventLog [6008] - The previous system shutdown at 6:32:06 AM on 8/3/2012 was unexpected. 8/3/2012 6:30:06 AM, Error: EventLog [6008] - The previous system shutdown at 6:26:46 AM on 8/3/2012 was unexpected. 8/3/2012 5:56:54 AM, Error: Service Control Manager [7023] - The IKE and AuthIP IPsec Keying Modules service terminated with the following error: Load failed 8/3/2012 5:07:32 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046} 8/3/2012 3:32:52 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.3 for the Network Card with network address 0021707F1DF2 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message). 8/3/2012 3:20:23 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx86 8/3/2012 3:16:07 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start. 8/3/2012 3:15:44 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD aswRdr aswSnx aswSP aswTdi BHDrvx86 DfsC eeCtrl IDSVix86 NetBIOS netbt nsiproxy PSched RasAcd rdbss SASDIFSV SASKUTIL Smb spldr SRTSPX SymIRON SYMTDIv tdx Wanarpv6 8/3/2012 3:15:44 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 8/3/2012 3:15:44 AM, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning. 8/3/2012 3:15:44 AM, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start. 8/3/2012 3:15:44 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 8/3/2012 3:15:44 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning. 8/3/2012 3:15:44 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 8/3/2012 3:15:44 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 8/3/2012 3:15:44 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning. 8/3/2012 3:15:44 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 8/3/2012 3:15:44 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 8/3/2012 3:15:44 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning. 8/3/2012 3:15:44 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 8/3/2012 3:15:25 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89} 8/3/2012 3:15:25 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E} 8/3/2012 2:09:52 AM, Error: EventLog [6008] - The previous system shutdown at 2:07:20 AM on 8/3/2012 was unexpected. 8/3/2012 2:04:13 AM, Error: EventLog [6008] - The previous system shutdown at 2:02:02 AM on 8/3/2012 was unexpected. 8/3/2012 2:01:33 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Dnscache service. 8/3/2012 2:00:53 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.2 for the Network Card with network address 0021707F1DF2 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message). 8/3/2012 11:43:54 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-zh-tw-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state 8/3/2012 11:43:54 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-zh-hk-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state 8/3/2012 11:43:54 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-zh-cn-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state 8/3/2012 11:43:54 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-uk-ua-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state 8/3/2012 11:43:54 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-tr-tr-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state 8/3/2012 11:43:54 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-th-th-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state 8/3/2012 11:43:54 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-sv-se-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state 8/3/2012 11:43:54 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-sr-latn-cs-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state 8/3/2012 11:43:54 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-sl-si-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state 8/3/2012 11:43:54 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-sk-sk-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state 8/3/2012 11:43:54 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-ru-ru-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state 8/3/2012 11:43:54 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-ro-ro-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state 8/3/2012 11:43:54 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-pt-pt-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state 8/3/2012 11:43:54 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-pt-br-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state 8/3/2012 11:43:54 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-ps-ps-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state 8/3/2012 11:43:54 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-pl-pl-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state 8/3/2012 11:43:54 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-nl-nl-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state 8/3/2012 11:43:54 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-nb-no-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state 8/3/2012 11:43:54 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-lv-lv-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state 8/3/2012 11:43:54 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-lt-lt-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state 8/3/2012 11:43:54 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-ko-kr-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state 8/3/2012 11:43:54 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-ja-jp-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state 8/3/2012 11:43:54 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-it-it-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state 8/3/2012 11:43:54 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-hu-hu-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state 8/3/2012 11:43:54 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-hr-hr-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state 8/3/2012 11:43:54 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-he-il-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state 8/3/2012 11:43:54 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-fr-fr-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state 8/3/2012 11:43:54 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-fi-fi-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state 8/3/2012 11:43:54 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-et-ee-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state 8/3/2012 11:43:54 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-es-es-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state 8/3/2012 11:43:54 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-en-us-LP from package WUClient-SelfUpdate-Aux-Package-en-us-MiniLP(Feature Pack) into Staged(Staged) state 8/3/2012 11:43:54 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-el-gr-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state 8/3/2012 11:43:54 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-de-de-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state 8/3/2012 11:43:54 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-da-dk-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state 8/3/2012 11:43:54 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-cs-cz-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state 8/3/2012 11:43:54 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-bg-bg-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state 8/3/2012 11:43:54 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-ar-sa-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state 8/3/2012 11:43:54 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update AuxResourcesLP from package WindowsUpdateClient-SelfUpdate-Aux-Package(Language Pack) into Staged(Staged) state 8/3/2012 11:43:54 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update AuxComp from package WindowsUpdateClient-SelfUpdate-Aux-Package(Update) into Staged(Staged) state 8/3/2012 11:43:54 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update Aux from package WindowsUpdateClient-SelfUpdate-Aux-AuxComp-Package_en-US(Language Pack) into Staged(Staged) state 8/3/2012 11:43:54 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update Aux from package WindowsUpdateClient-SelfUpdate-Aux-AuxComp-Package(Update) into Staged(Staged) state 8/3/2012 11:43:54 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package WUClient-SelfUpdate-Aux-Package-en-us-MiniLP (Feature Pack) into Install Requested(Install Requested) state 8/3/2012 11:43:54 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package WindowsUpdateClient-SelfUpdate-Aux-Package (Update) into Install Requested(Install Requested) state 8/3/2012 11:43:54 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package WindowsUpdateClient-SelfUpdate-Aux-Package (Language Pack) into Install Requested(Install Requested) state 8/3/2012 11:43:54 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package WindowsUpdateClient-SelfUpdate-Aux-AuxComp-Package_en-US (Language Pack) into Install Requested(Install Requested) state 8/3/2012 11:43:54 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package WindowsUpdateClient-SelfUpdate-Aux-AuxComp-Package (Update) into Install Requested(Install Requested) state 8/3/2012 11:43:53 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-Neutral from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Staged(Staged) state 8/3/2012 11:43:53 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-en-us-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Staged(Staged) state 8/3/2012 11:43:53 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KBWUClient-SelfUpdate-Aux (Feature Pack) into Install Requested(Install Requested) state 8/3/2012 11:34:32 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting. 8/3/2012 11:30:37 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect. 8/3/2012 1:57:20 AM, Error: Service Control Manager [7022] - The Windows Audio service hung on starting. 8/3/2012 1:57:20 AM, Error: Service Control Manager [7022] - The avast! Antivirus service hung on starting. 8/2/2012 5:51:49 PM, Error: EventLog [6008] - The previous system shutdown at 5:49:52 PM on 8/2/2012 was unexpected. 7/31/2012 5:51:52 AM, Error: Service Control Manager [7030] - The Advanced SystemCare Service 5 service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. 7/31/2012 5:29:01 AM, Error: EventLog [6008] - The previous system shutdown at 5:27:33 AM on 7/31/2012 was unexpected. 7/31/2012 5:24:47 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.4 for the Network Card with network address 0021707F1DF2 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message). 7/31/2012 5:24:32 AM, Error: EventLog [6008] - The previous system shutdown at 5:21:04 AM on 7/31/2012 was unexpected. 7/31/2012 5:19:09 PM, Error: EventLog [6008] - The previous system shutdown at 5:14:20 PM on 7/31/2012 was unexpected. 7/31/2012 5:14:04 AM, Error: EventLog [6008] - The previous system shutdown at 5:11:19 AM on 7/31/2012 was unexpected. 7/31/2012 5:12:40 PM, Error: EventLog [6008] - The previous system shutdown at 5:08:04 PM on 7/31/2012 was unexpected. 7/31/2012 4:07:56 PM, Error: EventLog [6008] - The previous system shutdown at 4:06:15 PM on 7/31/2012 was unexpected. 7/31/2012 3:35:31 PM, Error: EventLog [6008] - The previous system shutdown at 3:32:48 PM on 7/31/2012 was unexpected. 7/31/2012 3:33:30 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect. 7/31/2012 3:33:30 PM, Error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 7/30/2012 6:22:16 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running. 7/30/2012 6:22:16 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Remote Access Connection Manager service, but this action failed with the following error: An instance of the service is already running. 7/30/2012 5:01:05 PM, Error: Service Control Manager [7034] - The SupportSoft Sprocket Service (DellSupportCenter) service terminated unexpectedly. It has done this 1 time(s). 7/30/2012 4:59:54 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Norton PC Checkup Application Launcher service to connect. 7/30/2012 4:59:54 PM, Error: Service Control Manager [7000] - The Norton PC Checkup Application Launcher service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 7/30/2012 4:51:07 PM, Error: EventLog [6008] - The previous system shutdown at 4:48:55 PM on 7/30/2012 was unexpected. 45083044 aswSnx aswSP aswTdi Avgldx86 Avgmfx86 BHDrvx86 eeCtrl IDSVix86 SASDIFSV SASKUTIL spldr SRTSPX SymIRON SYMTDIv Wanarpv6 45083044 aswSnx aswSP aswTdi Avgldx86 Avgmfx86 BHDrvx86 eeCtrl IDSVix86 SASDIFSV SASKUTIL spldr SRTSPX SymIRON SYMTDIv Wanarpv6 45083044 aswSnx aswSP aswTdi Avgldx86 Avgmfx86 BHDrvx86 eeCtrl IDSVix86 SASDIFSV SASKUTIL spldr SRTSPX SymIRON SYMTDIv Wanarpv6 45083044 aswSnx aswSP aswTdi Avgldx86 Avgmfx86 BHDrvx86 eeCtrl IDSVix86 SASDIFSV SASKUTIL spldr SRTSPX SymIRON SYMTDIv Wanarpv6 45083044 . ==== End Of File ===========================
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.