rysktkr2

ComboFix 12-12-25.02 - Mark 12/25/2012 15:36:24.1.4 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3582.2113 [GMT -8:00] Running from: c:\documents and settings\Mark\Desktop\ComboFix.exe AV: Symantec Endpoint Protection *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\All Users\Application Data\TEMP c:\documents and settings\All Users\Application Data\TEMP\{E8C64028-08E5-4BF0-B1C0-DBAAC6A77DF1}\PostBuild.exe c:\windows\system32\URTTemp c:\windows\system32\URTTemp\regtlib.exe c:\windows\XSxS . . ((((((((((((((((((((((((( Files Created from 2012-11-25 to 2012-12-25 ))))))))))))))))))))))))))))))) . . 2012-12-25 20:17 . 2012-12-25 20:17 -------- d-----w- c:\documents and settings\Mark\Local Settings\Application Data\CRE 2012-12-25 20:17 . 2012-12-25 20:17 -------- d-----w- c:\documents and settings\Mark\Local Settings\Application Data\uTorrentControl_v2 2012-12-25 20:17 . 2012-12-25 20:17 -------- d-----w- c:\documents and settings\Mark\Local Settings\Application Data\Conduit 2012-12-25 20:16 . 2012-12-25 20:17 -------- d-----w- c:\program files\uTorrentControl_v2 2012-12-21 14:05 . 2012-12-21 14:05 9310 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXTBOX.JS 2012-12-21 14:05 . 2012-12-21 14:05 8646 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TILEBOX.JS 2012-12-21 14:05 . 2012-12-21 14:05 6429 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UICORE.JS 2012-12-21 14:05 . 2012-12-21 14:05 63115 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\USERTILE.JS 2012-12-21 14:05 . 2012-12-21 14:05 5927 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXT.JS 2012-12-21 14:05 . 2012-12-21 14:05 4599 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UIRESOURCE.JS 2012-12-21 14:05 . 2012-12-21 14:05 8613 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\SAVEDUSER.JS 2012-12-21 14:05 . 2012-12-21 14:05 6910 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\NEWUSERCOMM.JS 2012-12-21 14:05 . 2012-12-21 14:05 1651 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\QUERYSTRING.JS 2012-12-21 14:05 . 2012-12-21 14:05 8288 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\IMAGE.JS 2012-12-21 14:05 . 2012-12-21 14:05 6208 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LINK.JS 2012-12-21 14:05 . 2012-12-21 14:05 18541 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LOCALIZATION.JS 2012-12-21 14:04 . 2012-12-21 14:04 7271 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\CHECKBOX.JS 2012-12-21 14:04 . 2012-12-21 14:04 51852 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\EXTERNALWRAPPER.JS 2012-12-21 14:04 . 2012-12-21 14:04 23327 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\COMBOBOX.JS 2012-12-21 14:04 . 2012-12-21 14:04 20719 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\DIVWRAPPER.JS 2012-12-21 14:04 . 2012-12-21 14:04 8782 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\BUTTON.JS 2012-12-11 16:49 . 2012-12-11 17:39 -------- d-----w- c:\documents and settings\Mark\Local Settings\Application Data\NPE 2012-12-06 22:14 . 2012-12-06 22:14 -------- d-----w- c:\documents and settings\Mark\Application Data\RoboForm 2012-12-06 22:13 . 2012-12-06 22:13 -------- d-----w- c:\documents and settings\All Users\Application Data\RoboForm 2012-12-06 18:05 . 2012-12-21 13:59 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software 2012-12-06 18:05 . 2012-12-06 18:05 -------- d-----w- c:\program files\AVAST Software 2012-12-05 05:12 . 2012-09-25 07:16 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2012-12-05 04:45 . 2012-12-05 04:45 -------- d-----w- c:\program files\iPod 2012-12-05 04:45 . 2012-12-05 04:46 -------- d-----w- c:\documents and settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1 2012-12-05 04:45 . 2012-12-05 04:46 -------- d-----w- c:\program files\iTunes 2012-11-27 02:22 . 2012-11-27 02:26 -------- dc-h--w- c:\windows\ie8 . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-12-22 21:24 . 2012-06-28 19:56 35144 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2012-12-19 04:38 . 2012-05-05 16:36 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-12-19 04:38 . 2011-05-20 18:21 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-12-19 03:59 . 2009-04-16 19:12 466008 ----a-w- c:\windows\system32\drivers\sptd.sys 2012-12-16 12:23 . 2004-08-04 12:00 290560 ----a-w- c:\windows\system32\atmfd.dll 2012-11-13 01:25 . 2004-08-04 12:00 1866368 ----a-w- c:\windows\system32\win32k.sys 2012-11-02 02:02 . 2004-08-04 12:00 375296 ----a-w- c:\windows\system32\dpnet.dll 2012-11-01 12:17 . 2004-08-04 12:00 916992 ----a-w- c:\windows\system32\wininet.dll 2012-11-01 12:17 . 2004-08-04 12:00 43520 ------w- c:\windows\system32\licmgr10.dll 2012-11-01 12:17 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl 2012-11-01 00:35 . 2004-08-04 12:00 385024 ------w- c:\windows\system32\html.iec 2012-10-02 18:04 . 2004-08-04 12:00 58368 ----a-w- c:\windows\system32\synceng.dll 2012-10-02 18:02 . 2012-10-02 18:03 821736 ----a-w- c:\windows\system32\npDeployJava1.dll 2012-10-02 18:02 . 2011-08-18 22:04 746984 ----a-w- c:\windows\system32\deployJava1.dll 2012-09-30 03:54 . 2011-07-28 14:38 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-09-28 18:32 . 2009-09-13 18:08 5989776 ----a-w- c:\windows\system32\usbaaplrc.dll 2012-09-28 18:32 . 2009-09-13 18:08 44544 ----a-w- c:\windows\system32\drivers\usbaapl.sys 2012-07-27 06:07 . 2012-12-05 07:36 306256 ----a-w- c:\program files\mozilla firefox\plugins\ieatgpc.dll 2012-12-05 07:37 . 2012-12-05 07:36 262112 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{7473b6bd-4691-4744-a82b-7854eb3d70b6}"= "c:\program files\uTorrentControl_v2\prxtbuTor.dll" [2011-05-09 176936] . [HKEY_CLASSES_ROOT\clsid\{7473b6bd-4691-4744-a82b-7854eb3d70b6}] . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7473b6bd-4691-4744-a82b-7854eb3d70b6}] 2011-05-09 09:49 176936 ----a-w- c:\program files\uTorrentControl_v2\prxtbuTor.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{7473b6bd-4691-4744-a82b-7854eb3d70b6}"= "c:\program files\uTorrentControl_v2\prxtbuTor.dll" [2011-05-09 176936] . [HKEY_CLASSES_ROOT\clsid\{7473b6bd-4691-4744-a82b-7854eb3d70b6}] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-17 39408] "Messenger (Yahoo!)"="c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe" [2010-06-01 5252408] "H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000] "LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-06-17 2363392] "AnyDVD"="c:\program files\SlySoft\AnyDVD\AnyDVDtray.exe" [2012-04-27 6065784] "DAEMON Tools Pro Agent"="c:\util\DAEMON Tools Pro\DTAgent.exe" [2012-10-23 3108480] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "V0230Mon.exe"="c:\windows\system32\V0230Mon.exe" [2006-07-19 36961] "NBAgent"="c:\program files\Nero\Nero 10\Nero BackItUp\NBAgent.exe" [2010-02-23 1226024] "AVFX Engine"="c:\program files\Creative\Creative Live! Cam\VideoFX\StartFX.exe" [2006-06-09 24576] "hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-23 150528] "RemoteControl10"="c:\program files\CyberLink\PowerDVD10\PDVD10Serv.exe" [2010-02-03 87336] "BDRegion"="c:\program files\Cyberlink\Shared files\brs.exe" [2010-11-18 75048] "Nero MediaHome 4"="c:\program files\Nero\Nero MediaHome 4\NeroMediaHome.exe" [2008-09-11 3622184] "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-05-21 13895272] "NvMediaCenter"="NvMCTray.dll" [2011-05-21 111208] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008] "UpdatePDRShortCut"="c:\program files\CyberLink\PowerDirector10\MUITransfer\MUIStartMenu.exe" [2010-09-17 222504] "Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2012-07-31 41944] "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2012-07-30 640480] "JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864] "36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2007-11-19 1966080] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-11-29 151952] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2006-10-27 434528] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "Z1"="c:\util\mbar\mbar\mbar.exe" [2012-12-04 1342312] . c:\documents and settings\Mark\Start Menu\Programs\Startup\ Check for TWS Updates.lnk - c:\program files\Jts\WiseUpdt.exe [2011-9-7 194775] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2011-6-24 113664] Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-29 607584] HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2010-5-28 276328] Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-12 83360] TotalMedia Server.lnk - c:\program files\ArcSoft\TotalMedia Theatre 5\TotalMedia Server\TM Server.exe [2011-8-17 519744] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLinkedConnections"= 1 (0x1) . [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system] "DisableRegedit"= 0 (0x0) . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-09-03 21:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0aswBoot.exe /M:7d3c1119dc00 . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys] @="" . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\ArcSoft\\TotalMedia Theatre 5\\TotalMedia Server\\TM Server.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\Calibre2\\calibre.exe"= "c:\\Program Files\\SAMSUNG\\Intelli-studio\\iStudio.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\Program Files\\Mozilla Firefox\\plugin-container.exe"= "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\dwld\\tinyumbrella-6.01.01.exe"= "c:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"= "c:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "50000:UDP"= 50000:UDP:IHA_MessageCenter . R0 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?] R0 stcvsm;stcvsm;c:\windows\system32\drivers\stcvsm.sys [4/11/2009 4:49 PM 113904] R1 archlp;archlp;c:\windows\system32\drivers\archlp.sys [6/27/2009 8:53 AM 96512] R1 ArcSec;archlp;c:\windows\system32\drivers\ArcSec.sys [9/21/2010 8:10 AM 192504] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 9:25 AM 12872] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/17/2010 9:15 AM 66632] R1 sbmount;StorageCraft Image Mount Driver;c:\windows\system32\drivers\sbmount.sys [4/11/2009 4:49 PM 79616] R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2011/03/24 13:54];c:\program files\Cyberlink\PowerDVD10\NavFilter\000.fcl [11/17/2010 8:29 PM 87536] R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2009/05/31 16:45];c:\program files\Cyberlink\PowerDVD9\000.fcl [3/30/2009 4:53 PM 87536] R2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x32.sys [11/18/2010 2:58 PM 20328] R2 IHA_MessageCenter;IHA_MessageCenter;c:\program files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [5/24/2011 3:02 PM 352248] R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [8/25/2011 4:53 PM 13672] R2 NAUpdate;@c:\program files\Nero\Update\NASvc.exe,-200;c:\program files\Nero\Update\NASvc.exe [2/18/2010 2:01 PM 462632] R2 RAInfo;RemotelyAnywhere Kernel Information Provider;c:\program files\RemotelyAnywhere\x86\rainfo.sys [4/17/2007 1:00 PM 12992] R2 RARfsDriver;RemotelyAnywhere Remote File System Driver;c:\windows\system32\drivers\RARfsDriver.sys [4/4/2010 7:20 AM 46000] R2 ShadowProtectSvc;ShadowProtect Service;c:\program files\StorageCraft\ShadowProtect\ShadowProtectSvc.exe [4/11/2009 4:49 PM 1990656] R2 SlingAgentService;SlingAgentService;c:\program files\Sling Media\SlingAgent\SlingAgentService.exe [9/25/2009 1:16 PM 93960] R2 sprtsvc_verizondm;SupportSoft Sprocket Service (verizondm);c:\program files\VERIZONDM\bin\sprtsvc.exe [2/1/2011 4:54 AM 206120] R2 tgsrvc_verizondm;SupportSoft Repair Service (verizondm);c:\program files\VERIZONDM\bin\tgsrvc.exe [2/1/2011 4:54 AM 185640] R2 thdudf;TOSHIBA UDF2.5 Reader File System Driver;c:\windows\system32\drivers\thdudf.sys [5/29/2009 9:02 AM 66944] R2 VSNAPVSS;StorageCraft Shadow Copy Provider;c:\windows\system32\vsnapvss.exe [4/11/2009 4:49 PM 61952] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [12/6/2012 8:03 PM 106656] R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [6/28/2012 11:56 AM 35144] R3 ramirr;ramirr;c:\windows\system32\drivers\ramirr.sys [4/17/2007 1:00 PM 10168] R3 V0230Vfx;V0230Vfx;c:\windows\system32\drivers\V0230Vfx.sys [6/24/2010 11:43 PM 6272] R3 V0230VID;Live! Cam Video IM Pro;c:\windows\system32\drivers\V0230VID.sys [6/24/2010 11:43 PM 500480] S2 gupdate1ca0bc6b51516ae;Google Update Service (gupdate1ca0bc6b51516ae);c:\program files\Google\Update\GoogleUpdate.exe [7/23/2009 10:52 AM 133104] S2 StorageCraft Image Manager;StorageCraft Image Manager;c:\program files\StorageCraft\ImageManager\ImageManager.exe [10/24/2007 2:26 PM 69632] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\ambfilt.sys [8/11/2009 7:45 AM 1684736] S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [7/7/2011 8:11 AM 13192] S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [7/7/2011 8:11 AM 8456] S3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [5/26/2009 8:59 PM 47360] S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/17/2010 9:15 AM 12872] S4 RARfsClientNP;RARfsClientNP; [x] . --- Other Services/Drivers In Memory --- . *Deregistered* - mbamswissarmy *Deregistered* - TrueSight . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 HPService REG_MULTI_SZ HPSLPSVC hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2009-06-17 19:11 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}] 2009-03-08 12:32 128512 ----a-w- c:\windows\system32\advpack.dll . Contents of the 'Scheduled Tasks' folder . 2012-12-25 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 04:38] . 2012-12-20 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 19:34] . 2012-12-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-07-23 18:52] . 2012-12-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-07-23 18:52] . 2012-12-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-1303643608-839522115-1003Core.job - c:\documents and settings\Mark\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-29 18:37] . 2012-12-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-1303643608-839522115-1003UA.job - c:\documents and settings\Mark\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-29 18:37] . 2012-12-25 c:\windows\Tasks\User_Feed_Synchronization-{2CBD512D-8063-47FF-BF6E-5ACAA41EC901}.job - c:\windows\system32\msfeedssync.exe [2007-08-14 12:31] . 2012-12-25 c:\windows\Tasks\User_Feed_Synchronization-{A7972C66-43AF-4964-A40E-32D2946479FE}.job - c:\windows\system32\msfeedssync.exe [2007-08-14 12:31] . . ------- Supplementary Scan ------- . uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3220468 IE: Append to existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert link target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert link target to existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html Trusted Zone: intuit.com\ttlc TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\documents and settings\Mark\Application Data\Mozilla\Firefox\Profiles\p5oo56mt.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p= FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&q= FF - ExtSQL: !HIDDEN! 2010-07-03 11:51; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - ExtSQL: !HIDDEN! 2011-02-08 20:36; smartwebprinting@hp.com; c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 . - - - - ORPHANS REMOVED - - - - . AddRemove-Classifieds Searcher - Free_is1 - c:\program files\Classifieds Searcher - Free\unins000.exe AddRemove-Collectorz.com Movie Collector - c:\progra~1\MOVIEC~1\UNWISE.EXE AddRemove-Greetings Workshop - c:\program files\Greetings Workshop\SETUP\setup.exe AddRemove-{901BAC9F-7721-4215-B62A-D342909C0DBA}_is1 - c:\program files\PDF DRM Removal\unins000.exe AddRemove-Trader Workstation - c:\windows\system32\javaws.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-12-25 15:52 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\{1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}] "ImagePath"="\??\c:\program files\CyberLink\PowerDVD10\NavFilter\000.fcl" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\{B154377D-700F-42cc-9474-23858FBDF4BD}] "ImagePath"="\??\c:\program files\CyberLink\PowerDVD9\000.fcl" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-1960408961-1303643608-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(1000) c:\program files\SUPERAntiSpyware\SASWINLO.dll c:\windows\system32\WININET.dll c:\windows\system32\RARfsClientNP.dll . - - - - - - - > 'lsass.exe'(1060) c:\windows\system32\RARfsClientNP.dll . Completion time: 2012-12-25 15:55:51 ComboFix-quarantined-files.txt 2012-12-25 23:55 . Pre-Run: 122,068,684,800 bytes free Post-Run: 146,752,929,792 bytes free . - - End Of File - - E59420902B8CC1183898BF2309D7E6EB

sorry missed this one in previous post. system-log.txt

Please see attached. mbar-log-2012-12-22 (20-00-33).txt

Hi MrCharlie, Just wanted to provide an update. Malwarebytes anit-rootkit has been running for about 9 hours. It is not stalled but is performing system, memory, and registery scan albeit slow between files.

RogueKiller V8.4.0 [Dec 20 2012] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version Started in : Normal mode User : Mark [Admin rights] Mode : Scan -- Date : 12/22/2012 12:08:45 ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [LOADED] ¤¤¤ SSDT[12] : NtAlertResumeThread @ 0x80637C26 -> HOOKED (Unknown @ 0x887AC300) SSDT[13] : NtAlertThread @ 0x80592C38 -> HOOKED (Unknown @ 0x887AC3E0) SSDT[17] : NtAllocateVirtualMemory @ 0x80570BC5 -> HOOKED (Unknown @ 0x8984D780) SSDT[43] : NtCreateMutant @ 0x80584095 -> HOOKED (Unknown @ 0x887A0268) SSDT[53] : NtCreateThread @ 0x80584D41 -> HOOKED (Unknown @ 0x8986C6C8) SSDT[83] : NtFreeVirtualMemory @ 0x805710BF -> HOOKED (Unknown @ 0x887C5640) SSDT[89] : NtImpersonateAnonymousToken @ 0x8059AD05 -> HOOKED (Unknown @ 0x887A0358) SSDT[91] : NtImpersonateThread @ 0x805876C2 -> HOOKED (Unknown @ 0x887AC260) SSDT[108] : NtMapViewOfSection @ 0x8057AC29 -> HOOKED (Unknown @ 0x887AA8D8) SSDT[114] : NtOpenEvent @ 0x80589D69 -> HOOKED (Unknown @ 0x887B15E8) SSDT[123] : NtOpenProcessToken @ 0x805784F6 -> HOOKED (Unknown @ 0x887AF268) SSDT[129] : NtOpenThreadToken @ 0x805746D2 -> HOOKED (Unknown @ 0x887B0430) SSDT[206] : NtResumeThread @ 0x805853B8 -> HOOKED (Unknown @ 0x898214F8) SSDT[213] : NtSetContextThread @ 0x8063628D -> HOOKED (Unknown @ 0x887A5810) SSDT[228] : NtSetInformationProcess @ 0x80574B1F -> HOOKED (Unknown @ 0x887A58D0) SSDT[229] : NtSetInformationThread @ 0x80576ABD -> HOOKED (Unknown @ 0x89821738) SSDT[253] : NtSuspendProcess @ 0x80637B6B -> HOOKED (Unknown @ 0x887B1508) SSDT[254] : NtSuspendThread @ 0x80637A87 -> HOOKED (Unknown @ 0x8879C320) SSDT[257] : NtTerminateProcess @ 0x8058E8B9 -> HOOKED (Unknown @ 0x8984EBF8) SSDT[258] : NtTerminateThread @ 0x8058496E -> HOOKED (Unknown @ 0x8879C400) SSDT[267] : NtUnmapViewOfSection @ 0x8057A7B1 -> HOOKED (Unknown @ 0x887C46D0) SSDT[277] : NtWriteVirtualMemory @ 0x805875F7 -> HOOKED (Unknown @ 0x887FFCD8) ¤¤¤ Extern Hives: ¤¤¤ -> F:\windows\system32\config\SOFTWARE -> F:\Documents and Settings\Administrator\NTUSER.DAT -> F:\Documents and Settings\Administrator.MYPC\NTUSER.DAT -> F:\Documents and Settings\Default User\NTUSER.DAT -> F:\Documents and Settings\LocalService\NTUSER.DAT -> F:\Documents and Settings\Mark\NTUSER.DAT -> F:\Documents and Settings\NetworkService\NTUSER.DAT ¤¤¤ HOSTS File: ¤¤¤ --> C:\windows\system32\drivers\etc\hosts ��1 ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: Hitachi HDS5C3020ALA632 +++++ --- User --- [MBR] 643c28cbc44b82ab1d3fc24bbfdf4f69 [bSP] 57baa9068b859ee8a3cfb5a321dc6037 : Windows XP MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 1907726 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive1: ST3500630AS +++++ --- User --- [MBR] 1406de26d4acd19c9b0ddec378f968d3 [bSP] 93a4ad19c181e7d325737ffc772b14db : Windows XP MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 476929 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive2: WDC WD7500AADS-00L5B1 +++++ --- User --- [MBR] c83fcee3155eb6114d8c84d54c112317 [bSP] eaf482a9766f3000634a695d502e8c7f : Windows XP MBR Code Partition table: 0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 715402 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive3: SATA ST3320620AS SCSI Disk Device +++++ --- User --- [MBR] 0326145d3c46a04484f1aa0bb439fb72 [bSP] 6367311c297c53c8fa575c4c03192a94 : Windows XP MBR Code Partition table: 0 - [XXXXXX] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 63 | Size: 305242 Mo User = LL1 ... OK! Error reading LL2 MBR! Finished : << RKreport[1]_S_12222012_02d1208.txt >> RKreport[1]_S_12222012_02d1208.txt

Hi, Please help according to SEP my PC is infected with Trojan.Gen.2. I keep getting messages that it has been quarantined but not able to get rid of it. Here are my logs: DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.9.2 Run by Mark at 16:16:38 on 2012-12-20 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3582.1418 [GMT -8:00] . AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} AV: Symantec Endpoint Protection *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C} . ============== Running Processes ================ . C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\windows\system32\spoolsv.exe C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\windows\system32\cisvc.exe C:\windows\system32\cidaemon.exe C:\windows\system32\cidaemon.exe C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe C:\Program Files\Java\jre7\bin\jqs.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Nero\Update\NASvc.exe C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe C:\windows\system32\nvsvc32.exe C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe C:\Program Files\RemotelyAnywhere\x86\RaMaint.exe C:\Program Files\RemotelyAnywhere\x86\RemotelyAnywhere.exe C:\Program Files\Cyberlink\Shared files\RichVideo.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\Program Files\StorageCraft\ShadowProtect\ShadowProtectSvc.exe C:\Program Files\Sling Media\SlingAgent\SlingAgentService.exe C:\Program Files\VERIZONDM\bin\sprtsvc.exe C:\Program Files\StorageCraft\ImageManager\ImageManager.exe C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe C:\Program Files\VERIZONDM\bin\tgsrvc.exe C:\windows\System32\vssvc.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\WINDOWS\system32\vsnapvss.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\windows\System32\alg.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\windows\system32\cidaemon.exe C:\windows\Explorer.EXE C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe C:\WINDOWS\system32\V0230Mon.exe C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe C:\Program Files\CyberLink\PowerDVD10\PDVD10Serv.exe C:\Program Files\Cyberlink\Shared files\brs.exe C:\windows\system32\rundll32.exe C:\windows\system32\RunDLL32.exe C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe C:\Program Files\Canon\MyPrinter\BJMyPrt.exe C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\AVAST Software\Avast\avastUI.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\PROGRA~1\MICROS~3\rapimgr.exe C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe C:\windows\system32\ctfmon.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe C:\util\DAEMON Tools Pro\DTAgent.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\ArcSoft\TotalMedia Theatre 5\TotalMedia Server\TM Server.exe C:\Program Files\Microsoft Office\Office10\msoffice.exe C:\windows\system32\wbem\wmiprvse.exe C:\Program Files\Canon\Solution Menu EX\CNSEUPDT.EXE C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe C:\util\DAEMON Tools Pro\DTShellHlp.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\util\PrintKey2000\Printkey2000.exe C:\Program Files\Microsoft Office\Office10\EXCEL.EXE C:\WINDOWS\msagent\AgentSvr.exe C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat.exe C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe C:\Program Files\Winamp\winamp.exe C:\windows\explorer.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\windows\system32\wuauclt.exe C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\windows\system32\svchost.exe -k DcomLaunch C:\windows\system32\svchost.exe -k rpcss C:\windows\System32\svchost.exe -k netsvcs C:\windows\system32\svchost.exe -k NetworkService C:\windows\system32\svchost.exe -k LocalService C:\windows\system32\svchost.exe -k LocalService C:\windows\system32\svchost.exe -k bthsvcs C:\windows\system32\svchost.exe -k hpdevmgmt C:\windows\system32\svchost.exe -k HPService C:\windows\System32\svchost.exe -k HPZ12 C:\windows\System32\svchost.exe -k HPZ12 C:\windows\system32\svchost.exe -k imgsvc C:\windows\System32\svchost.exe -k HTTPFilter . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.yahoo.com/ BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - c:\program files\canon\easy-webprint ex\ewpexbho.dll BHO: avast! EasyPass Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.8313.1002\swg.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll TB: avast! EasyPass Toolbar: {724D43A0-0D85-11D4-9908-00400523E39A} - c:\program files\siber systems\ai roboform\roboform.dll TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll TB: @c:\program files\msn toolbar\platform\5.0.1449.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\5.0.1449.0\npwinext.dll TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll TB: avast! EasyPass Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messen~1\YahooMessenger.exe" -quiet uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe" uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [AnyDVD] c:\program files\slysoft\anydvd\AnyDVDtray.exe uRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe" uRun: [DAEMON Tools Pro Agent] "c:\util\daemon tools pro\DTAgent.exe" -autorun mRun: [V0230Mon.exe] c:\windows\system32\V0230Mon.exe mRun: [NBAgent] "c:\program files\nero\nero 10\nero backitup\NBAgent.exe" /WinStart mRun: [AVFX Engine] c:\program files\creative\creative live! cam\videofx\StartFX.exe mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe mRun: [RemoteControl10] "c:\program files\cyberlink\powerdvd10\PDVD10Serv.exe" mRun: [bDRegion] c:\program files\cyberlink\shared files\brs.exe mRun: [Nero MediaHome 4] "c:\program files\nero\nero mediahome 4\NeroMediaHome.exe" /AUTORUN mRun: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe" mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [updatePDRShortCut] "c:\program files\cyberlink\powerdirector10\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerdirector10" updatewithcreateonce "software\cyberlink\powerdirector\10.0" mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe" mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe" mRun: [JMB36X IDE Setup] c:\windows\raidtool\xInsIDE.exe mRun: [36X Raid Configurer] c:\windows\system32\xRaidSetup.exe boot mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon mRun: [CanonSolutionMenuEx] c:\program files\canon\solution menu ex\CNSEMAIN.EXE /logon mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui mRun: [KernelFaultCheck] c:\windows\system32\dumprep 0 -k StartupFolder: c:\docume~1\mark\startm~1\programs\startup\checkf~1.lnk - c:\program files\jts\WiseUpdt.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\totalm~1.lnk - c:\program files\arcsoft\totalmedia theatre 5\totalmedia server\TM Server.exe uPolicies-Explorer: NoDriveTypeAutoRun = dword:323 uPolicies-Explorer: NoDriveAutoRun = dword:67108863 mPolicies-Explorer: NoDriveAutoRun = dword:67108863 mPolicies-Explorer: NoDriveTypeAutoRun = dword:323 mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1 mPolicies-Explorer: NoDriveTypeAutoRun = dword:323 mPolicies-Explorer: NoDriveAutoRun = dword:67108863 mPolicies-System: DisableRegedit = dword:0 IE: Append to existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert link target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert link target to existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html IE: Customize Menu - c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html IE: Fill Forms - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html IE: Save Forms - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html IE: Show avast! EasyPass Toolbar - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\program files\microsoft activesync\INetRepl.dll IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\program files\microsoft activesync\INetRepl.dll IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\roboform.dll IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\roboform.dll IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1353982215625 TCP: NameServer = 192.168.1.1 TCP: Interfaces\{7E1FF7CE-12D4-48A4-B40B-360FD23B51A6} : DHCPNameServer = 192.168.1.1 Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll AppInit_DLLs= c:\windows\system32\acaptuser32.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe" mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12 . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\mark\application data\mozilla\firefox\profiles\p5oo56mt.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p= FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&q= FF - plugin: c:\documents and settings\mark\application data\mozilla\firefox\profiles\p5oo56mt.default\extensions\{9eb34849-81d3-4841-939d-666d522b889a}\plugins\npSlingPlayer.dll FF - plugin: c:\documents and settings\mark\local settings\application data\google\update\1.3.21.111\npGoogleUpdate3.dll FF - plugin: c:\documents and settings\mark\local settings\application data\yahoo!\browserplus\2.9.8\plugins\npybrowserplus_2.9.8.dll FF - plugin: c:\program files\adobe\acrobat 9.0\acrobat\air\nppdf32.dll FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll FF - plugin: c:\program files\msn toolbar\platform\5.0.1449.0\npwinext.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_135.dll FF - plugin: c:\windows\system32\npDeployJava1.dll FF - plugin: c:\windows\system32\npptools.dll FF - ExtSQL: 2012-12-06 10:06; wrc@avast.com; c:\program files\avast software\avast\webrep\FF FF - ExtSQL: !HIDDEN! 2010-07-03 11:51; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension FF - ExtSQL: !HIDDEN! 2011-02-08 20:36; smartwebprinting@hp.com; c:\program files\hp\digital imaging\smart web printing\MozillaAddOn3 . ============= SERVICES / DRIVERS =============== . R0 stcvsm;stcvsm;c:\windows\system32\drivers\stcvsm.sys [2009-4-11 113904] R1 archlp;archlp;c:\windows\system32\drivers\archlp.sys [2009-6-27 96512] R1 ArcSec;archlp;c:\windows\system32\drivers\ArcSec.sys [2010-9-21 192504] R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-12-6 738504] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-12-6 361032] R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872] R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-2-17 66632] R1 sbmount;StorageCraft Image Mount Driver;c:\windows\system32\drivers\sbmount.sys [2009-4-11 79616] R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2011/03/24 13:54:55];c:\program files\cyberlink\powerdvd10\navfilter\000.fcl [2010-11-17 87536] R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2009/05/31 16:45:32];c:\program files\cyberlink\powerdvd9\000.fcl [2009-3-30 87536] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-12-6 21256] R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-12-6 44808] R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2009-3-30 108392] R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2009-3-30 108392] R2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x32.sys [2010-11-18 20328] R2 IHA_MessageCenter;IHA_MessageCenter;c:\program files\verizon\iha_messagecenter\bin\Verizon_IHAMessageCenter.exe [2011-5-24 352248] R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\common files\intuit\update service v4\IntuitUpdateService.exe [2011-8-25 13672] R2 NAUpdate;@c:\program files\nero\update\nasvc.exe,-200;c:\program files\nero\update\NASvc.exe [2010-2-18 462632] R2 RAInfo;RemotelyAnywhere Kernel Information Provider;c:\program files\remotelyanywhere\x86\rainfo.sys [2007-4-17 12992] R2 RARfsDriver;RemotelyAnywhere Remote File System Driver;c:\windows\system32\drivers\RARfsDriver.sys [2010-4-4 46000] R2 ShadowProtectSvc;ShadowProtect Service;c:\program files\storagecraft\shadowprotect\ShadowProtectSvc.exe [2009-4-11 1990656] R2 SlingAgentService;SlingAgentService;c:\program files\sling media\slingagent\SlingAgentService.exe [2009-9-25 93960] R2 sprtsvc_verizondm;SupportSoft Sprocket Service (verizondm);c:\program files\verizondm\bin\sprtsvc.exe [2011-2-1 206120] R2 StorageCraft Image Manager;StorageCraft Image Manager;c:\program files\storagecraft\imagemanager\ImageManager.exe [2007-10-24 69632] R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2009-3-30 2440120] R2 tgsrvc_verizondm;SupportSoft Repair Service (verizondm);c:\program files\verizondm\bin\tgsrvc.exe [2011-2-1 185640] R2 thdudf;TOSHIBA UDF2.5 Reader File System Driver;c:\windows\system32\drivers\thdudf.sys [2009-5-29 66944] R2 VSNAPVSS;StorageCraft Shadow Copy Provider;c:\windows\system32\vsnapvss.exe [2009-4-11 61952] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-12-6 106656] R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20121219.033\NAVENG.SYS [2012-12-20 92704] R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20121219.033\NAVEX15.SYS [2012-12-20 1601184] R3 ramirr;ramirr;c:\windows\system32\drivers\ramirr.sys [2007-4-17 10168] R3 V0230Vfx;V0230Vfx;c:\windows\system32\drivers\V0230Vfx.sys [2010-6-24 6272] R3 V0230VID;Live! Cam Video IM Pro;c:\windows\system32\drivers\V0230VID.sys [2010-6-24 500480] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 gupdate1ca0bc6b51516ae;Google Update Service (gupdate1ca0bc6b51516ae);c:\program files\google\update\GoogleUpdate.exe [2009-7-23 133104] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\ambfilt.sys [2009-8-11 1684736] S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-7-7 13192] S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-7-7 8456] S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2012-6-28 32072] S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-2-17 12872] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] S4 RARfsClientNP;RARfsClientNP; [x] . =============== File Associations =============== . ShellExec: DigitalTheatre.exe: open="c:\program files\arcsoft\totalmedia theatre\uDTStart.exe" "%1" ShellExec: FRONTPG.EXE: edit=c:\progra~1\micros~2\office10\FRONTPG.EXE ShellExec: sbmntwiz.exe: open="c:\program files\storagecraft\shadowprotect\sbmntwiz.exe"/MOUNT %1 ShellExec: sbmntwiz.exe: Quick.open="c:\program files\storagecraft\shadowprotect\sbmntwiz.exe"/QUICKMOUNT %1 . =============== Created Last 30 ================ . . ==================== Find3M ==================== . 2012-12-19 04:38:50 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-12-19 04:38:43 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-12-19 03:59:17 466008 ----a-w- c:\windows\system32\drivers\sptd.sys 2012-11-13 01:25:12 1866368 ----a-w- c:\windows\system32\win32k.sys 2012-11-06 00:41:17 290560 ----a-w- c:\windows\system32\atmfd.dll 2012-11-02 02:02:42 375296 ----a-w- c:\windows\system32\dpnet.dll 2012-11-01 12:17:54 916992 ----a-w- c:\windows\system32\wininet.dll 2012-11-01 12:17:54 43520 ------w- c:\windows\system32\licmgr10.dll 2012-11-01 12:17:54 1469440 ------w- c:\windows\system32\inetcpl.cpl 2012-11-01 00:35:34 385024 ------w- c:\windows\system32\html.iec 2012-10-02 18:04:21 58368 ----a-w- c:\windows\system32\synceng.dll 2012-10-02 18:02:26 821736 ----a-w- c:\windows\system32\npDeployJava1.dll 2012-10-02 18:02:26 746984 ----a-w- c:\windows\system32\deployJava1.dll 2012-09-28 18:32:56 5989776 ----a-w- c:\windows\system32\usbaaplrc.dll 2012-09-28 18:32:56 44544 ----a-w- c:\windows\system32\drivers\usbaapl.sys . ============= FINISH: 16:22:54.57 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume1 Install Date: 4/11/2009 5:28:54 PM System Uptime: 12/18/2012 10:59:49 PM (42 hours ago) . Motherboard: Gigabyte Technology Co., Ltd. | | P35C-DS3R Processor: Intel® Core2 Quad CPU Q6600 @ 2.40GHz | Socket 775 | 2400/266mhz . ==== Disk Partitions ========================= . A: is Removable C: is FIXED (NTFS) - 1863 GiB total, 114.563 GiB free. E: is CDROM () F: is FIXED (NTFS) - 466 GiB total, 48.925 GiB free. G: is FIXED (NTFS) - 298 GiB total, 49.634 GiB free. H: is CDROM () I: is FIXED (NTFS) - 699 GiB total, 14.171 GiB free. J: is CDROM (CDFS) . ==== Disabled Device Manager Items ============= . Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318} Description: Officejet Pro L7500 Device ID: ROOT\MULTIFUNCTION\0000 Manufacturer: HP Name: Officejet Pro L7500 PNP Device ID: ROOT\MULTIFUNCTION\0000 Service: . ==== System Restore Points =================== . RP1: 12/11/2012 9:29:50 AM - System Checkpoint RP2: 12/12/2012 3:00:32 AM - Software Distribution Service 3.0 RP3: 12/13/2012 3:00:26 AM - Software Distribution Service 3.0 RP4: 12/14/2012 3:00:27 AM - Software Distribution Service 3.0 RP5: 12/15/2012 3:01:24 AM - Software Distribution Service 3.0 RP6: 12/16/2012 3:01:29 AM - Software Distribution Service 3.0 RP7: 12/17/2012 3:00:44 AM - Software Distribution Service 3.0 RP8: 12/18/2012 3:00:36 AM - Software Distribution Service 3.0 RP9: 12/18/2012 7:59:16 PM - SPTD setup V1.83 RP10: 12/19/2012 4:14:01 AM - Software Distribution Service 3.0 RP11: 12/20/2012 3:00:47 AM - Software Distribution Service 3.0 . ==== Installed Programs ====================== . "Nero SoundTrax Help 32 Bit HP CIO Components Installer 3D Home Architect Design Suite Deluxe 8 7-Zip 9.20 7500_7600_7700_Help1 ACDSee 10 Photo Manager ACDSee Pro 3 Activation (Blu-ray Disc Authoring Plug-in) Activation (Blu-ray Video Plug-in) Activation (Gracenote Plug-in) Activation (Nero 9 HD) Activation (Nero BackItUp 4) Activation (Nero MediaHome 4) Activation (Nero Move it) Ad Notifier - For Craigslist.org Adobe Acrobat 9 Pro Extended - English, Français, Deutsch Adobe Acrobat 9.5.2 - CPSID_83708 Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Photoshop 7.0 Adobe Reader 9.2 Adobe SVG Viewer 3.0 Advanced Video FX Engine Advertising Center AnswerWorks 4.0 Runtime - English AnswerWorks 5.0 English Runtime AnyDVD AnyDVD Registration Apple Application Support Apple Mobile Device Support Apple Software Update ArcSoft TotalMedia Theatre ArcSoft TotalMedia Theatre 5 Art Effects for PDR10 Audacity 1.2.6 Auslogics Disk Defrag avast! EasyPass avast! Free Antivirus AviSynth 2.5 Bing Bar Platform Blu-ray Disc Authoring Plug-in Blu-ray Video Plug-in Blu-ray/HD DVD Video Plug-in Bonjour bpd_scan_Carrier BPDSoftware BPDSoftware_Ini BufferChm calibre Calorie GPS Canon Easy-PhotoPrint EX Canon Easy-WebPrint EX Canon iP4200 Canon MG5300 series MP Drivers Canon MG5300 series On-screen Manual Canon MG5300 series User Registration Canon MP Navigator EX 5.0 Canon My Printer Canon Solution Menu EX Canon Utilities Easy-PhotoPrint CCleaner CD-LabelPrint Cinema Craft Encoder SP Cinema Craft Encoder SP3 Cisco Connect Cisco WebEx Meeting Center for Firefox or Chrome Classifieds Searcher Free - version 7.30 Collectorz.com Game Collector Collectorz.com Movie Collector Compatibility Pack for the 2007 Office system CPUID CPU-Z 1.56 Creative Audio Console Creative Live! Cam Center Creative Live! Cam Manager Creative Live! Cam Video IM Pro Driver (1.01.03.0928) Creative Live! Cam Video IM Pro User's Guide (English) Creative Photo Calendar Creative Photo Manager Creative Software AutoUpdate Creative System Information CyberLink BD_3D Advisor 2.0 CyberLink PowerDirector 10 CyberLink PowerDVD 10 CyberLink PowerDVD 9 CyberLink WaveEditor DAEMON Tools Pro Database Conversion Wizard dBpoweramp [Audio Info] Codec dBpoweramp [Calculate Audio CRC] Codec dBpoweramp [iD Tag Update] Codec dBpoweramp [Multi Encoder] Codec dBpoweramp [Tag From Filename] Codec dBpoweramp Batch Ripper dBpoweramp Dalet Codec dBpoweramp DSP Effects dBpoweramp FLAC Codec dBpoweramp Monkeys Audio Codec dBpoweramp Mp2 and BwfMp2 codec dBpoweramp mp3 (Fraunhofer IIS) Codec dBpoweramp Music Converter dBpoweramp Ogg Vorbis Codec dBpoweramp Real Audio (Helix) Encoder dBPoweramp tooLame MP2 codec dBpoweramp Wave64 Codec dBpoweramp WavPack Codec Destinations DeviceDiscovery DocProc DolbyFiles DriverAgent by eSupport.com DTS Plug-in DVD Decrypter (Remove Only) DVD Rebuilder DVDFab 8.2.1.0 (07/09/2012) Qt DVDInfoPro 6.5.1.0 EASEUS Partition Master 8.0.1 Home Edition EasyRecovery Professional ERUNT 1.1j ESET Online Scanner v3 Fax ffdshow v1.1.3882 [2011-06-13] FLAC 1.2.1b (remove only) foobar2000 v1.0.3 Gigabyte Raid Configurer Google Chrome Google Earth Google Earth Plug-in Google Toolbar for Internet Explorer Google Update Helper GoToMeeting 5.0.0.799 GPBaseService2 Gracenote Plug-in Greetings Workshop Haali Media Splitter Hallmark Card Studio 2008 Deluxe Hallmark Card Studio 2009 High-Definition Video Playback 10 High Definition Audio Driver Package - KB835221 HiJackThis honestech VHS to DVD 5.0 Deluxe Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows Media Player 11 (KB939683) Hotfix for Windows XP (KB2158563) Hotfix for Windows XP (KB2443685) Hotfix for Windows XP (KB2570791) Hotfix for Windows XP (KB2633952) Hotfix for Windows XP (KB2756822) Hotfix for Windows XP (KB2779562) Hotfix for Windows XP (KB942288-v3) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB954550-v5) Hotfix for Windows XP (KB961118) Hotfix for Windows XP (KB981793) HP Customer Participation Program 14.0 HP Imaging Device Functions 14.0 HP OfficeJet L7300/L7500/7600/7700 HP Photosmart Essential 3.5 HP Smart Web Printing 4.60 HP Solution Center 14.0 HP Update HP_Network_UserGuide HPDiagnosticAlert HPPhotoSmartDiscLabelContent1 HPPhotosmartEssential HPProductAssistant HPSSupply Huffyuv AVI lossless video codec - MultiThread (Remove Only) IHA_MessageCenter ImagXpress ImgBurn inSSIDer iPhoneBrowser iSEEK AnswerWorks English Runtime iTunes Java 7 Update 9 Java Auto Updater KODAK Gallery Upload Software L7500 Lagarith Lossless Codec (1.3.27) LAME v3.98.2 for Audacity LG ODD Auto Firmware Update LightScribe System Software LiveUpdate 3.3 (Symantec Corporation) Logitech Harmony Remote Software 7 MadOnion.com/PCMark2002 Magic ISO Maker v5.4 (build 0251) Malwarebytes Anti-Malware version 1.65.0.1400 MarketResearch MediaInfo 0.7.58 Menu Templates - Starter Kit Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Security Update (KB2656370) Microsoft .NET Framework 1.1 Security Update (KB2698023) Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 4 Client Profile Microsoft ActiveSync Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Default Manager Microsoft Internationalized Domain Names Mitigation APIs Microsoft National Language Support Downlevel APIs Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Visio MUI (English) 2007 Microsoft Office Visio Professional 2007 Microsoft Office XP Professional with FrontPage Microsoft Primary Interoperability Assemblies 2005 Microsoft Search Enhancement Pack Microsoft Silverlight Microsoft Software Update for Web Folders (English) 12 Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Windows Media Video 9 VCM Movie Templates - Starter Kit Mozilla Firefox 17.0.1 (x86 en-GB) Mozilla Maintenance Service mp3PRO Plug-in Mp3tag v2.49 MPM MSN MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Myibay Auction bid sniper for eBay 1.0.43 Neat Video v2.0 Demo plug-in for Virtual Dub Nero 10 Menu TemplatePack 1 Nero 10 Menu TemplatePack 2 Nero 10 Menu TemplatePack 3 Nero 10 Menu TemplatePack Basic Nero 10 Movie ThemePack 1 Nero 10 Movie ThemePack 2 Nero 10 Movie ThemePack Basic Nero 10 Sample ImagePack Nero 10 Sample Videos Nero 9 Nero 9 HD Nero BackItUp 10 Nero BackItUp 10 Help (CHM) Nero BackItUp 4 Nero Burning ROM 10 Nero BurningROM Nero BurningROM 10 Help (CHM) Nero BurnRights Nero BurnRights 10 Nero BurnRights 10 Help (CHM) Nero Control Center 10 Nero ControlCenter Nero Core Components 10 Nero CoverDesigner Nero CoverDesigner 10 Nero CoverDesigner 10 Help (CHM) Nero CoverDesigner Help Nero Disc Copy Gadget Nero Disc Copy Gadget Help Nero DiscSpeed Nero DiscSpeed 10 Nero DiscSpeed 10 Help (CHM) Nero Dolby Files 10 Nero DriveSpeed Nero Express Nero Express 10 Nero Express 10 Help (CHM) Nero InCD-Reader Nero InfoTool Nero InfoTool 10 Nero InfoTool 10 Help (CHM) Nero Installer Nero MediaHome 4 Nero MediaHome 4 Help Nero MediaHome 4 Trial Nero MediaHub 10 Nero MediaHub 10 Help (CHM) Nero Move it Nero Multimedia Suite 10 Nero PhotoSnap Nero PhotoSnap Help Nero Recode Nero Recode 10 Nero Recode 10 Help (CHM) Nero Recode Help Nero Rescue Agent Nero RescueAgent 10 Nero RescueAgent 10 Help (CHM) Nero RescueAgent Help Nero ShowTime Nero SoundTrax 10 Nero SoundTrax 10 Help (CHM) Nero StartSmart Nero StartSmart 10 Nero StartSmart 10 Help (CHM) Nero StartSmart Help Nero Update Nero Vision Nero Vision 10 Nero Vision 10 Help (CHM) Nero WaveEditor Nero WaveEditor 10 Nero WaveEditor 10 Help (CHM) Nero WaveEditor Help NeroBurningROM NeroExpress neroxml Network NVIDIA Control Panel 275.33 NVIDIA Graphics Driver 275.33 NVIDIA Install Application NVIDIA nView 135.85 NVIDIA nView Desktop Manager NVIDIA Update 1.3.5 NVIDIA Update Components OCR Software by I.R.I.S. 14.0 Omron Health Management Software Opti Drive Control 1.51 Panasonic DVC USB Driver PDF DRM Removal version 1.7.1 PFPortChecker 1.0.32 PowerISO ProductContext Quicken 2012 QuickTime RackTools 3.5 RAR Password Unlocker 4.2.0.0 REALTEK GbE & FE Ethernet PCI-E NIC Driver Realtek High Definition Audio Driver Remote Control USB Driver Rosetta Stone Version 3 SAMSUNG Intelli-studio Scan SecurDisc Viewer Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft Windows (KB2564958) Security Update for Windows Internet Explorer 7 (KB938127-v2) Security Update for Windows Internet Explorer 7 (KB956390) Security Update for Windows Internet Explorer 7 (KB961260) Security Update for Windows Internet Explorer 7 (KB963027) Security Update for Windows Internet Explorer 8 (KB2510531) Security Update for Windows Internet Explorer 8 (KB2544521) Security Update for Windows Internet Explorer 8 (KB2618444) Security Update for Windows Internet Explorer 8 (KB2744842) Security Update for Windows Internet Explorer 8 (KB2761465) Security Update for Windows Internet Explorer 8 (KB982381) Security Update for Windows Media Player (KB2378111) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player (KB954155) Security Update for Windows Media Player (KB973540) Security Update for Windows Media Player (KB975558) Security Update for Windows Media Player (KB978695) Security Update for Windows Media Player 11 (KB954154) Security Update for Windows XP (KB2079403) Security Update for Windows XP (KB2115168) Security Update for Windows XP (KB2121546) Security Update for Windows XP (KB2124261) Security Update for Windows XP (KB2160329) Security Update for Windows XP (KB2229593) Security Update for Windows XP (KB2259922) Security Update for Windows XP (KB2279986) Security Update for Windows XP (KB2286198) Security Update for Windows XP (KB2290570) Security Update for Windows XP (KB2296011) Security Update for Windows XP (KB2296199) Security Update for Windows XP (KB2347290) Security Update for Windows XP (KB2360937) Security Update for Windows XP (KB2387149) Security Update for Windows XP (KB2393802) Security Update for Windows XP (KB2412687) Security Update for Windows XP (KB2419632) Security Update for Windows XP (KB2423089) Security Update for Windows XP (KB2436673) Security Update for Windows XP (KB2440591) Security Update for Windows XP (KB2443105) Security Update for Windows XP (KB2476490) Security Update for Windows XP (KB2476687) Security Update for Windows XP (KB2478960) Security Update for Windows XP (KB2478971) Security Update for Windows XP (KB2479628) Security Update for Windows XP (KB2479943) Security Update for Windows XP (KB2481109) Security Update for Windows XP (KB2483185) Security Update for Windows XP (KB2485376) Security Update for Windows XP (KB2485663) Security Update for Windows XP (KB2503658) Security Update for Windows XP (KB2503665) Security Update for Windows XP (KB2506212) Security Update for Windows XP (KB2506223) Security Update for Windows XP (KB2507618) Security Update for Windows XP (KB2507938) Security Update for Windows XP (KB2508272) Security Update for Windows XP (KB2508429) Security Update for Windows XP (KB2509553) Security Update for Windows XP (KB2511455) Security Update for Windows XP (KB2524375) Security Update for Windows XP (KB2535512) Security Update for Windows XP (KB2536276-v2) Security Update for Windows XP (KB2544893-v2) Security Update for Windows XP (KB2544893) Security Update for Windows XP (KB2555917) Security Update for Windows XP (KB2562937) Security Update for Windows XP (KB2566454) Security Update for Windows XP (KB2567053) Security Update for Windows XP (KB2567680) Security Update for Windows XP (KB2570222) Security Update for Windows XP (KB2570947) Security Update for Windows XP (KB2584146) Security Update for Windows XP (KB2585542) Security Update for Windows XP (KB2592799) Security Update for Windows XP (KB2598479) Security Update for Windows XP (KB2603381) Security Update for Windows XP (KB2618451) Security Update for Windows XP (KB2619339) Security Update for Windows XP (KB2620712) Security Update for Windows XP (KB2621440) Security Update for Windows XP (KB2624667) Security Update for Windows XP (KB2631813) Security Update for Windows XP (KB2633171) Security Update for Windows XP (KB2639417) Security Update for Windows XP (KB2646524) Security Update for Windows XP (KB2653956) Security Update for Windows XP (KB2655992) Security Update for Windows XP (KB2659262) Security Update for Windows XP (KB2661637) Security Update for Windows XP (KB2676562) Security Update for Windows XP (KB2685939) Security Update for Windows XP (KB2686509) Security Update for Windows XP (KB2691442) Security Update for Windows XP (KB2695962) Security Update for Windows XP (KB2698365) Security Update for Windows XP (KB2705219) Security Update for Windows XP (KB2707511) Security Update for Windows XP (KB2709162) Security Update for Windows XP (KB2712808) Security Update for Windows XP (KB2718523) Security Update for Windows XP (KB2719985) Security Update for Windows XP (KB2723135) Security Update for Windows XP (KB2724197) Security Update for Windows XP (KB2727528) Security Update for Windows XP (KB2731847) Security Update for Windows XP (KB2753842) Security Update for Windows XP (KB2758857) Security Update for Windows XP (KB2761226) Security Update for Windows XP (KB2770660) Security Update for Windows XP (KB2779030) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB923789) Security Update for Windows XP (KB938464-v2) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950760) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951698) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB953155) Security Update for Windows XP (KB954459) Security Update for Windows XP (KB954600) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956744) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956841) Security Update for Windows XP (KB956844) Security Update for Windows XP (KB957097) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958687) Security Update for Windows XP (KB958690) Security Update for Windows XP (KB958869) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960715) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB961373) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB969059) Security Update for Windows XP (KB970238) Security Update for Windows XP (KB970430) Security Update for Windows XP (KB970483) Security Update for Windows XP (KB971468) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB972270) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973869) Security Update for Windows XP (KB973904) Security Update for Windows XP (KB974112) Security Update for Windows XP (KB974318) Security Update for Windows XP (KB974392) Security Update for Windows XP (KB974571) Security Update for Windows XP (KB975025) Security Update for Windows XP (KB975467) Security Update for Windows XP (KB975560) Security Update for Windows XP (KB975561) Security Update for Windows XP (KB975562) Security Update for Windows XP (KB975713) Security Update for Windows XP (KB976323) Security Update for Windows XP (KB977816) Security Update for Windows XP (KB977914) Security Update for Windows XP (KB978037) Security Update for Windows XP (KB978338) Security Update for Windows XP (KB978542) Security Update for Windows XP (KB978601) Security Update for Windows XP (KB978706) Security Update for Windows XP (KB979309) Security Update for Windows XP (KB979482) Security Update for Windows XP (KB979559) Security Update for Windows XP (KB979683) Security Update for Windows XP (KB979687) Security Update for Windows XP (KB980195) Security Update for Windows XP (KB980218) Security Update for Windows XP (KB980232) Security Update for Windows XP (KB980436) Security Update for Windows XP (KB981322) Security Update for Windows XP (KB981852) Security Update for Windows XP (KB981957) Security Update for Windows XP (KB981997) Security Update for Windows XP (KB982132) Security Update for Windows XP (KB982214) Security Update for Windows XP (KB982665) ShadowProtect Desktop ShadowProtect ImageManager Shop for HP Supplies SHOUTcast Source DSP Plug-in v2 SightSpeed Skype Toolbars Skype™ 4.2 SlingHealth ActiveX SlingPlayer SmartSound Quicktracks 5 SmartWebPrinting SolutionCenter SoundTrax Sprite Backup Status SUPERAntiSpyware Free Edition Symantec Endpoint Protection System Requirements Lab Toolbox Trader Workstation Trader Workstation 4.0 TrayApp TurboTax 2008 TurboTax 2008 wcaiper TurboTax 2008 WinPerFedFormset TurboTax 2008 WinPerProgramHelp TurboTax 2008 WinPerReleaseEngine TurboTax 2008 WinPerTaxSupport TurboTax 2008 WinPerUserEducation TurboTax 2008 wrapper TurboTax 2009 TurboTax 2009 wcaiper TurboTax 2009 WinPerFedFormset TurboTax 2009 WinPerReleaseEngine TurboTax 2009 WinPerTaxSupport TurboTax 2009 wrapper TurboTax 2010 TurboTax 2010 wcaiper TurboTax 2010 WinPerFedFormset TurboTax 2010 WinPerReleaseEngine TurboTax 2010 WinPerTaxSupport TurboTax 2010 wrapper TurboTax 2011 TurboTax 2011 wcaiper TurboTax 2011 WinPerFedFormset TurboTax 2011 WinPerReleaseEngine TurboTax 2011 WinPerTaxSupport TurboTax 2011 wrapper TurboTax Home & Business 2007 UnloadSupport Unrestrict PDF Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Windows Internet Explorer 8 (KB2598845) Update for Windows XP (KB2141007) Update for Windows XP (KB2345886) Update for Windows XP (KB2467659) Update for Windows XP (KB2492386) Update for Windows XP (KB2541763) Update for Windows XP (KB2616676-v2) Update for Windows XP (KB2641690) Update for Windows XP (KB2661254-v2) Update for Windows XP (KB2718704) Update for Windows XP (KB2736233) Update for Windows XP (KB2749655) Update for Windows XP (KB951978) Update for Windows XP (KB955759) Update for Windows XP (KB955839) Update for Windows XP (KB967715) Update for Windows XP (KB968389) Update for Windows XP (KB971029) Update for Windows XP (KB971737) Update for Windows XP (KB973687) Update for Windows XP (KB973815) USB2.0 VIDBOX NW03 Verizon Download Manager Video Server Wrapper Codec (remove only) VirtualDub Filter Pack 1.0 Vistumbler Vz In Home Agent Warcraft III: All Products WebFldrs XP WebReg WebSlingPlayer ActiveX WIDCOMM Bluetooth Software Widevine Media Transformer Plugin 5.0.0 Winamp WinArchiver Windows Genuine Advantage Notifications (KB905474) Windows Genuine Advantage Validation Tool (KB892130) Windows Internet Explorer 7 Windows Internet Explorer 8 Windows Live ID Sign-in Assistant Windows Media Format 11 runtime Windows Media Player 11 Windows PowerShell 1.0 Windows XP Service Pack 3 WinRAR archiver WinSCP 4.2.7 WinZip XML Paper Specification Shared Components Pack 1.0 Yahoo! BrowserPlus 2.9.8 Yahoo! Detect Yahoo! Messenger Yahoo! Software Update Yahoo! Toolbar . ==== Event Viewer Messages From Past Week ======== . 12/19/2012 8:10:01 PM, error: Srv [2000] - The server's call to a system service failed unexpectedly. 12/13/2012 4:32:20 AM, error: Service Control Manager [7034] - The StorageCraft Image Manager service terminated unexpectedly. It has done this 1 time(s). . ==== End Of File ===========================

Eset did not detect any threats. Stills seems to be running slugish but I am able to type now and am able to open CD tray. 13:13:12.0702 3016 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47 13:13:13.0186 3016 ============================================================ 13:13:13.0186 3016 Current date / time: 2012/10/16 13:13:13.0186 13:13:13.0186 3016 SystemInfo: 13:13:13.0186 3016 13:13:13.0186 3016 OS Version: 6.1.7600 ServicePack: 0.0 13:13:13.0186 3016 Product type: Workstation 13:13:13.0186 3016 ComputerName: DSHTPC 13:13:13.0186 3016 UserName: Mark 13:13:13.0186 3016 Windows directory: C:\Windows 13:13:13.0186 3016 System windows directory: C:\Windows 13:13:13.0186 3016 Processor architecture: Intel x86 13:13:13.0186 3016 Number of processors: 4 13:13:13.0202 3016 Page size: 0x1000 13:13:13.0202 3016 Boot type: Normal boot 13:13:13.0202 3016 ============================================================ 13:13:14.0514 3016 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050 13:13:14.0514 3016 Drive \Device\Harddisk1\DR1 - Size: 0x7AC00000 (1.92 Gb), SectorSize: 0x200, Cylinders: 0xFA, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W' 13:13:14.0514 3016 ============================================================ 13:13:14.0514 3016 \Device\Harddisk0\DR0: 13:13:14.0514 3016 MBR partitions: 13:13:14.0514 3016 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000 13:13:14.0514 3016 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x746D3800 13:13:14.0514 3016 \Device\Harddisk1\DR1: 13:13:14.0514 3016 MBR partitions: 13:13:14.0514 3016 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x6, StartLBA 0xF3, BlocksNum 0x3D5F0D 13:13:14.0514 3016 ============================================================ 13:13:14.0545 3016 C: <-> \Device\Harddisk0\DR0\Partition2 13:13:14.0545 3016 ============================================================ 13:13:14.0545 3016 Initialize success 13:13:14.0545 3016 ============================================================ 13:13:54.0608 3244 ============================================================ 13:13:54.0608 3244 Scan started 13:13:54.0608 3244 Mode: Manual; 13:13:54.0608 3244 ============================================================ 13:13:54.0842 3244 ================ Scan system memory ======================== 13:13:54.0842 3244 System memory - ok 13:13:54.0842 3244 ================ Scan services ============================= 13:13:54.0967 3244 [ 6D2ACA41739BFE8CB86EE8E85F29697D ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys 13:13:54.0967 3244 1394ohci - ok 13:13:54.0999 3244 [ F0E07D144C8685B8774BC32FC8DA4DF0 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys 13:13:54.0999 3244 ACPI - ok 13:13:55.0014 3244 [ 98D81CA942D19F7D9153B095162AC013 ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys 13:13:55.0030 3244 AcpiPmi - ok 13:13:55.0108 3244 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe 13:13:55.0108 3244 AdobeFlashPlayerUpdateSvc - ok 13:13:55.0139 3244 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys 13:13:55.0170 3244 adp94xx - ok 13:13:55.0186 3244 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys 13:13:55.0202 3244 adpahci - ok 13:13:55.0217 3244 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys 13:13:55.0233 3244 adpu320 - ok 13:13:55.0249 3244 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 13:13:55.0249 3244 AeLookupSvc - ok 13:13:55.0280 3244 [ 0DB7A48388D54D154EBEC120461A0FCD ] AFD C:\Windows\system32\drivers\afd.sys 13:13:55.0280 3244 AFD - ok 13:13:55.0280 3244 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\DRIVERS\agp440.sys 13:13:55.0295 3244 agp440 - ok 13:13:55.0295 3244 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys 13:13:55.0295 3244 aic78xx - ok 13:13:55.0327 3244 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe 13:13:55.0358 3244 ALG - ok 13:13:55.0358 3244 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\DRIVERS\aliide.sys 13:13:55.0374 3244 aliide - ok 13:13:55.0405 3244 [ B90A4332CF4C6580C845266A656DE4AB ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe 13:13:55.0405 3244 AMD External Events Utility - ok 13:13:55.0405 3244 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\DRIVERS\amdagp.sys 13:13:55.0420 3244 amdagp - ok 13:13:55.0436 3244 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\DRIVERS\amdide.sys 13:13:55.0452 3244 amdide - ok 13:13:55.0467 3244 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys 13:13:55.0467 3244 AmdK8 - ok 13:13:55.0655 3244 [ 7844984A5E1E6F18D93AF9E9BCC65436 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys 13:13:55.0795 3244 amdkmdag - ok 13:13:55.0811 3244 [ 202DEF509D76105B08741D36C3A7E4D7 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys 13:13:55.0811 3244 amdkmdap - ok 13:13:55.0842 3244 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys 13:13:55.0842 3244 AmdPPM - ok 13:13:55.0889 3244 [ 19CE906B4CDC11FC4FEF5745F33A63B6 ] amdsata C:\Windows\system32\drivers\amdsata.sys 13:13:55.0905 3244 amdsata - ok 13:13:55.0920 3244 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys 13:13:55.0936 3244 amdsbs - ok 13:13:55.0952 3244 [ 869E67D66BE326A5A9159FBA8746FA70 ] amdxata C:\Windows\system32\drivers\amdxata.sys 13:13:55.0952 3244 amdxata - ok 13:13:55.0967 3244 [ FEB834C02CE1E84B6A38F953CA067706 ] AppID C:\Windows\system32\drivers\appid.sys 13:13:55.0967 3244 AppID - ok 13:13:55.0999 3244 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll 13:13:56.0014 3244 AppIDSvc - ok 13:13:56.0045 3244 [ 7DEAD9E3F65DCB2794F2711003BBF650 ] Appinfo C:\Windows\System32\appinfo.dll 13:13:56.0045 3244 Appinfo - ok 13:13:56.0077 3244 [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt C:\Windows\System32\appmgmts.dll 13:13:56.0092 3244 AppMgmt - ok 13:13:56.0108 3244 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys 13:13:56.0124 3244 arc - ok 13:13:56.0139 3244 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys 13:13:56.0155 3244 arcsas - ok 13:13:56.0170 3244 AsrCDDrv - ok 13:13:56.0186 3244 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 13:13:56.0202 3244 AsyncMac - ok 13:13:56.0217 3244 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\DRIVERS\atapi.sys 13:13:56.0217 3244 atapi - ok 13:13:56.0264 3244 [ 6ADC42CF4A6AB84975CA63DCCFAAF5D8 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW73.sys 13:13:56.0264 3244 AtiHDAudioService - ok 13:13:56.0280 3244 [ 36A49B49E982450AC117EDA6AB35BDF5 ] AtiHdmiService C:\Windows\system32\drivers\AtiHdmi.sys 13:13:56.0295 3244 AtiHdmiService - ok 13:13:56.0452 3244 [ 7844984A5E1E6F18D93AF9E9BCC65436 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys 13:13:56.0483 3244 atikmdag - ok 13:13:56.0514 3244 [ 510C873BFA135AA829F4180352772734 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 13:13:56.0514 3244 AudioEndpointBuilder - ok 13:13:56.0514 3244 [ 510C873BFA135AA829F4180352772734 ] Audiosrv C:\Windows\System32\Audiosrv.dll 13:13:56.0514 3244 Audiosrv - ok 13:13:56.0530 3244 [ DD6A431B43E34B91A767D1CE33728175 ] AxInstSV C:\Windows\System32\AxInstSV.dll 13:13:56.0530 3244 AxInstSV - ok 13:13:56.0561 3244 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys 13:13:56.0561 3244 b06bdrv - ok 13:13:56.0592 3244 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys 13:13:56.0608 3244 b57nd60x - ok 13:13:56.0639 3244 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll 13:13:56.0655 3244 BDESVC - ok 13:13:56.0670 3244 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys 13:13:56.0670 3244 Beep - ok 13:13:56.0686 3244 [ 85AC71C045CEB054ED48A7841AAE0C11 ] BFE C:\Windows\System32\bfe.dll 13:13:56.0702 3244 BFE - ok 13:13:56.0733 3244 [ 53F476476F55A27F580661BDE09C4EC4 ] BITS C:\Windows\system32\qmgr.dll 13:13:56.0764 3244 BITS - ok 13:13:56.0780 3244 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys 13:13:56.0780 3244 blbdrive - ok 13:13:56.0827 3244 [ 9A5C671B7FBAE4865149BB11F59B91B2 ] bowser C:\Windows\system32\DRIVERS\bowser.sys 13:13:56.0827 3244 bowser - ok 13:13:56.0842 3244 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys 13:13:56.0858 3244 BrFiltLo - ok 13:13:56.0858 3244 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys 13:13:56.0874 3244 BrFiltUp - ok 13:13:56.0920 3244 [ 77361D72A04F18809D0EFB6CCEB74D4B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys 13:13:56.0936 3244 BridgeMP - ok 13:13:56.0983 3244 [ A0E691DC6589D4D2CBE373171D1A49E5 ] Browser C:\Windows\System32\browser.dll 13:13:56.0983 3244 Browser - ok 13:13:56.0999 3244 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys 13:13:57.0014 3244 Brserid - ok 13:13:57.0014 3244 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys 13:13:57.0030 3244 BrSerWdm - ok 13:13:57.0045 3244 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys 13:13:57.0045 3244 BrUsbMdm - ok 13:13:57.0061 3244 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys 13:13:57.0077 3244 BrUsbSer - ok 13:13:57.0092 3244 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys 13:13:57.0092 3244 BTHMODEM - ok 13:13:57.0139 3244 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll 13:13:57.0155 3244 bthserv - ok 13:13:57.0202 3244 catchme - ok 13:13:57.0264 3244 [ 27D036FB3D22CA8A6662FE960D1A937D ] ccEvtMgr C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe 13:13:57.0280 3244 ccEvtMgr - ok 13:13:57.0280 3244 [ 27D036FB3D22CA8A6662FE960D1A937D ] ccSetMgr C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe 13:13:57.0280 3244 ccSetMgr - ok 13:13:57.0295 3244 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 13:13:57.0311 3244 cdfs - ok 13:13:57.0327 3244 [ BA6E70AA0E6091BC39DE29477D866A77 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys 13:13:57.0327 3244 cdrom - ok 13:13:57.0342 3244 [ 628A9E30EC5E18DD5DE6BE4DBDC12198 ] CertPropSvc C:\Windows\System32\certprop.dll 13:13:57.0358 3244 CertPropSvc - ok 13:13:57.0358 3244 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys 13:13:57.0374 3244 circlass - ok 13:13:57.0405 3244 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys 13:13:57.0405 3244 CLFS - ok 13:13:57.0436 3244 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 13:13:57.0483 3244 clr_optimization_v2.0.50727_32 - ok 13:13:57.0577 3244 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 13:13:57.0577 3244 clr_optimization_v4.0.30319_32 - ok 13:13:57.0592 3244 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys 13:13:57.0608 3244 CmBatt - ok 13:13:57.0608 3244 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys 13:13:57.0624 3244 cmdide - ok 13:13:57.0670 3244 [ DB5E008B3744DD60C8498CBBF2A1CFA6 ] CNG C:\Windows\system32\Drivers\cng.sys 13:13:57.0670 3244 CNG - ok 13:13:57.0670 3244 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys 13:13:57.0686 3244 Compbatt - ok 13:13:57.0702 3244 [ F1724BA27E97D627F808FB0BA77A28A6 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys 13:13:57.0702 3244 CompositeBus - ok 13:13:57.0702 3244 COMSysApp - ok 13:13:57.0702 3244 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys 13:13:57.0717 3244 crcdisk - ok 13:13:57.0764 3244 [ F2FDE6C8DBAAD44CC58D1E07E4AF4EED ] CryptSvc C:\Windows\system32\cryptsvc.dll 13:13:57.0780 3244 CryptSvc - ok 13:13:57.0811 3244 [ 27C9490BDD0AE48911AB8CF1932591ED ] CSC C:\Windows\system32\drivers\csc.sys 13:13:57.0811 3244 CSC - ok 13:13:57.0827 3244 [ 56FB5F222EA30D3D3FC459879772CB73 ] CscService C:\Windows\System32\cscsvc.dll 13:13:57.0842 3244 CscService - ok 13:13:57.0874 3244 [ B82CD39E336973359D7C9BF911E8E84F ] DcomLaunch C:\Windows\system32\rpcss.dll 13:13:57.0889 3244 DcomLaunch - ok 13:13:57.0905 3244 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll 13:13:57.0936 3244 defragsvc - ok 13:13:57.0967 3244 [ 83D1ECEA8FAAE75604C0FA49AC7AD996 ] DfsC C:\Windows\system32\Drivers\dfsc.sys 13:13:57.0967 3244 DfsC - ok 13:13:57.0999 3244 [ C56495FBD770712367CAD35E5DE72DA6 ] Dhcp C:\Windows\system32\dhcpcore.dll 13:13:57.0999 3244 Dhcp - ok 13:13:58.0014 3244 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys 13:13:58.0014 3244 discache - ok 13:13:58.0045 3244 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys 13:13:58.0045 3244 Disk - ok 13:13:58.0061 3244 [ B15BE77A2BACF9C3177D27518AFE26A9 ] Dnscache C:\Windows\System32\dnsrslvr.dll 13:13:58.0077 3244 Dnscache - ok 13:13:58.0077 3244 [ 4408C85C21EEA48EB0CE486BAEEF0502 ] dot3svc C:\Windows\System32\dot3svc.dll 13:13:58.0108 3244 dot3svc - ok 13:13:58.0124 3244 [ 7FA81C6E11CAA594ADB52084DA73A1E5 ] DPS C:\Windows\system32\dps.dll 13:13:58.0124 3244 DPS - ok 13:13:58.0155 3244 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 13:13:58.0186 3244 drmkaud - ok 13:13:58.0249 3244 [ 687AF6BB383885FF6A64071B189A7F3E ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys 13:13:58.0249 3244 dtsoftbus01 - ok 13:13:58.0295 3244 [ 1679A4669326CB1A67CC95658D273234 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 13:13:58.0295 3244 DXGKrnl - ok 13:13:58.0311 3244 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll 13:13:58.0311 3244 EapHost - ok 13:13:58.0389 3244 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys 13:13:58.0545 3244 ebdrv - ok 13:13:58.0608 3244 [ 85B8B4032A895A746D46A288A9B30DED ] eeCtrl C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys 13:13:58.0608 3244 eeCtrl - ok 13:13:58.0639 3244 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] EFS C:\Windows\System32\lsass.exe 13:13:58.0639 3244 EFS - ok 13:13:58.0702 3244 [ 1697C39978CD69F6FBC15302EDCECE1F ] ehRecvr C:\Windows\ehome\ehRecvr.exe 13:13:58.0795 3244 ehRecvr - ok 13:13:58.0827 3244 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe 13:13:58.0874 3244 ehSched - ok 13:13:58.0905 3244 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys 13:13:58.0936 3244 elxstor - ok 13:13:58.0999 3244 [ B5A8A04A6E5B4E86B95B1553AA918F5F ] EraserUtilRebootDrv C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 13:13:58.0999 3244 EraserUtilRebootDrv - ok 13:13:59.0030 3244 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys 13:13:59.0030 3244 ErrDev - ok 13:13:59.0077 3244 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll 13:13:59.0092 3244 EventSystem - ok 13:13:59.0124 3244 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys 13:13:59.0139 3244 exfat - ok 13:13:59.0155 3244 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys 13:13:59.0155 3244 fastfat - ok 13:13:59.0170 3244 [ F7EA23CC5E6BF2181F3F399D54F6EFC1 ] Fax C:\Windows\system32\fxssvc.exe 13:13:59.0186 3244 Fax - ok 13:13:59.0186 3244 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys 13:13:59.0202 3244 fdc - ok 13:13:59.0217 3244 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll 13:13:59.0217 3244 fdPHost - ok 13:13:59.0217 3244 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll 13:13:59.0233 3244 FDResPub - ok 13:13:59.0249 3244 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 13:13:59.0249 3244 FileInfo - ok 13:13:59.0264 3244 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys 13:13:59.0280 3244 Filetrace - ok 13:13:59.0280 3244 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys 13:13:59.0311 3244 flpydisk - ok 13:13:59.0327 3244 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 13:13:59.0327 3244 FltMgr - ok 13:13:59.0358 3244 [ 7FE4995528A7529A761875151EE3D512 ] FontCache C:\Windows\system32\FntCache.dll 13:13:59.0374 3244 FontCache - ok 13:13:59.0420 3244 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe 13:13:59.0420 3244 FontCache3.0.0.0 - ok 13:13:59.0436 3244 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys 13:13:59.0436 3244 FsDepends - ok 13:13:59.0452 3244 [ 500A9814FD9446A8126858A5A7F7D273 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 13:13:59.0452 3244 Fs_Rec - ok 13:13:59.0483 3244 [ DAFBD9FE39197495AED6D51F3B85B5D2 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys 13:13:59.0483 3244 fvevol - ok 13:13:59.0499 3244 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys 13:13:59.0514 3244 gagp30kx - ok 13:13:59.0545 3244 [ 8BA3C04702BF8F927AB36AE8313CA4EE ] gpsvc C:\Windows\System32\gpsvc.dll 13:13:59.0545 3244 gpsvc - ok 13:13:59.0608 3244 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe 13:13:59.0608 3244 gupdate - ok 13:13:59.0624 3244 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe 13:13:59.0624 3244 gupdatem - ok 13:13:59.0670 3244 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe 13:13:59.0670 3244 gusvc - ok 13:13:59.0702 3244 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys 13:13:59.0717 3244 hcw85cir - ok 13:13:59.0749 3244 [ 3530CAD25DEBA7DC7DE8BB51632CBC5F ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 13:13:59.0764 3244 HdAudAddService - ok 13:13:59.0795 3244 [ 717A2207FD6F13AD3E664C7D5A43C7BF ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys 13:13:59.0795 3244 HDAudBus - ok 13:13:59.0811 3244 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys 13:13:59.0827 3244 HidBatt - ok 13:13:59.0842 3244 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys 13:13:59.0842 3244 HidBth - ok 13:13:59.0858 3244 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys 13:13:59.0874 3244 HidIr - ok 13:13:59.0874 3244 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\System32\hidserv.dll 13:13:59.0889 3244 hidserv - ok 13:13:59.0889 3244 [ 25072FB35AC90B25F9E4E3BACF774102 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys 13:13:59.0889 3244 HidUsb - ok 13:13:59.0905 3244 [ 741C2A45CA8407E374AABA3E330B7872 ] hkmsvc C:\Windows\system32\kmsvc.dll 13:13:59.0905 3244 hkmsvc - ok 13:13:59.0936 3244 [ A768CA158BB06782A2835B907F4873C3 ] HomeGroupListener C:\Windows\system32\ListSvc.dll 13:13:59.0936 3244 HomeGroupListener - ok 13:13:59.0983 3244 [ FB08DEC5EF43D0C66D83B8E9694E7549 ] HomeGroupProvider C:\Windows\system32\provsvc.dll 13:13:59.0983 3244 HomeGroupProvider - ok 13:13:59.0999 3244 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys 13:14:00.0014 3244 HpSAMD - ok 13:14:00.0045 3244 [ C531C7FD9E8B62021112787C4E2C5A5A ] HTTP C:\Windows\system32\drivers\HTTP.sys 13:14:00.0045 3244 HTTP - ok 13:14:00.0077 3244 [ 8305F33CDE89AD6C7A0763ED0B5A8D42 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys 13:14:00.0077 3244 hwpolicy - ok 13:14:00.0092 3244 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys 13:14:00.0108 3244 i8042prt - ok 13:14:00.0139 3244 [ 71F1A494FEDF4B33C02C4A6A28D6D9E9 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys 13:14:00.0170 3244 iaStorV - ok 13:14:00.0217 3244 [ 5AF815EB5BC9802E5A064E2BA62BFC0C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 13:14:00.0295 3244 idsvc - ok 13:14:00.0327 3244 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys 13:14:00.0342 3244 iirsp - ok 13:14:00.0374 3244 [ FAC0EE6562B121B1399D6E855583F7A5 ] IKEEXT C:\Windows\System32\ikeext.dll 13:14:00.0374 3244 IKEEXT - ok 13:14:00.0483 3244 [ 5CEEF2CCCB4FE00D3FFBFEB12BCFA07F ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys 13:14:00.0514 3244 IntcAzAudAddService - ok 13:14:00.0514 3244 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\DRIVERS\intelide.sys 13:14:00.0530 3244 intelide - ok 13:14:00.0545 3244 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 13:14:00.0545 3244 intelppm - ok 13:14:00.0561 3244 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll 13:14:00.0577 3244 IPBusEnum - ok 13:14:00.0592 3244 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 13:14:00.0592 3244 IpFilterDriver - ok 13:14:00.0608 3244 [ 477397B432A256A50EE7E4339EB9EA14 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 13:14:00.0608 3244 iphlpsvc - ok 13:14:00.0624 3244 [ E4454B6C37D7FFD5649611F6496308A7 ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys 13:14:00.0639 3244 IPMIDRV - ok 13:14:00.0655 3244 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys 13:14:00.0655 3244 IPNAT - ok 13:14:00.0686 3244 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys 13:14:00.0686 3244 IRENUM - ok 13:14:00.0686 3244 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys 13:14:00.0702 3244 isapnp - ok 13:14:00.0717 3244 [ ED46C223AE46C6866AB77CDC41C404B7 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys 13:14:00.0733 3244 iScsiPrt - ok 13:14:00.0749 3244 [ 484836413C2348244C8008C962240C8D ] JRAID C:\Windows\system32\DRIVERS\jraid.sys 13:14:00.0749 3244 JRAID - ok 13:14:00.0764 3244 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys 13:14:00.0764 3244 kbdclass - ok 13:14:00.0780 3244 [ 3D9F0EBF350EDCFD6498057301455964 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys 13:14:00.0780 3244 kbdhid - ok 13:14:00.0795 3244 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] KeyIso C:\Windows\system32\lsass.exe 13:14:00.0795 3244 KeyIso - ok 13:14:00.0827 3244 [ 52FC17C8589F11747D01D3CF592673D0 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 13:14:00.0827 3244 KSecDD - ok 13:14:00.0874 3244 [ 3E5474B03568CFAB834DA3C38E8C9EFA ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys 13:14:00.0874 3244 KSecPkg - ok 13:14:00.0920 3244 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll 13:14:00.0952 3244 KtmRm - ok 13:14:00.0999 3244 [ 8F6BF790D3168224C16F2AF68A84438C ] LanmanServer C:\Windows\System32\srvsvc.dll 13:14:00.0999 3244 LanmanServer - ok 13:14:01.0030 3244 [ B9891F885DCF1F0513A51CB58493CB1F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 13:14:01.0030 3244 LanmanWorkstation - ok 13:14:01.0124 3244 [ 910344E2A984010435AE84783B25E5EB ] LBTServ C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe 13:14:01.0155 3244 LBTServ - ok 13:14:01.0202 3244 [ 01CC7FB6E790EF044B411377F3A1FF41 ] LHidFilt C:\Windows\system32\DRIVERS\LHidFilt.Sys 13:14:01.0202 3244 LHidFilt - ok 13:14:01.0295 3244 [ 010FD2B41E75A98E3A4D23F44405F5C9 ] LiveUpdate C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE 13:14:01.0327 3244 LiveUpdate - ok 13:14:01.0342 3244 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 13:14:01.0342 3244 lltdio - ok 13:14:01.0358 3244 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll 13:14:01.0389 3244 lltdsvc - ok 13:14:01.0389 3244 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll 13:14:01.0389 3244 lmhosts - ok 13:14:01.0405 3244 [ A2E7EAE8898D7B4B8C302B8F4E836BB5 ] LMouFilt C:\Windows\system32\DRIVERS\LMouFilt.Sys 13:14:01.0405 3244 LMouFilt - ok 13:14:01.0452 3244 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys 13:14:01.0452 3244 LSI_FC - ok 13:14:01.0467 3244 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys 13:14:01.0483 3244 LSI_SAS - ok 13:14:01.0499 3244 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys 13:14:01.0514 3244 LSI_SAS2 - ok 13:14:01.0530 3244 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys 13:14:01.0545 3244 LSI_SCSI - ok 13:14:01.0561 3244 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys 13:14:01.0561 3244 luafv - ok 13:14:01.0608 3244 [ 0DB7527DB188C7D967A37BB51BBF3963 ] MBAMSwissArmy C:\Windows\system32\drivers\mbamswissarmy.sys 13:14:01.0624 3244 MBAMSwissArmy - ok 13:14:01.0655 3244 [ E2B0887816ED336685954E3D8FDAA51D ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 13:14:01.0670 3244 Mcx2Svc - ok 13:14:01.0686 3244 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys 13:14:01.0702 3244 megasas - ok 13:14:01.0717 3244 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys 13:14:01.0733 3244 MegaSR - ok 13:14:01.0749 3244 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll 13:14:01.0749 3244 MMCSS - ok 13:14:01.0780 3244 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys 13:14:01.0780 3244 Modem - ok 13:14:01.0795 3244 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys 13:14:01.0795 3244 monitor - ok 13:14:01.0811 3244 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys 13:14:01.0811 3244 mouclass - ok 13:14:01.0827 3244 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 13:14:01.0827 3244 mouhid - ok 13:14:01.0858 3244 [ 921C18727C5920D6C0300736646931C2 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys 13:14:01.0858 3244 mountmgr - ok 13:14:01.0889 3244 [ 15D5398EED42C2504BB3D4FC875C15D1 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe 13:14:01.0905 3244 Suspicious file (Forged): C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe. Real md5: 15D5398EED42C2504BB3D4FC875C15D1, Fake md5: 7BE95894F0C854C987B96F8BB6B196DA 13:14:01.0905 3244 MozillaMaintenance ( ForgedFile.Multi.Generic ) - warning 13:14:01.0905 3244 MozillaMaintenance - detected ForgedFile.Multi.Generic (1) 13:14:01.0920 3244 [ 2AF5997438C55FB79D33D015C30E1974 ] mpio C:\Windows\system32\DRIVERS\mpio.sys 13:14:01.0936 3244 mpio - ok 13:14:01.0952 3244 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 13:14:01.0952 3244 mpsdrv - ok 13:14:01.0983 3244 [ 5CD996CECF45CBC3E8D109C86B82D69E ] MpsSvc C:\Windows\system32\mpssvc.dll 13:14:01.0983 3244 MpsSvc - ok 13:14:01.0999 3244 [ B1BE47008D20E43DA3ADC37C24CDB89D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 13:14:02.0014 3244 MRxDAV - ok 13:14:02.0061 3244 [ CA7570E42522E24324A12161DB14EC02 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 13:14:02.0061 3244 mrxsmb - ok 13:14:02.0077 3244 [ F965C3AB2B2AE5C378F4562486E35051 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 13:14:02.0092 3244 mrxsmb10 - ok 13:14:02.0108 3244 [ 25C38264A3C72594DD21D355D70D7A5D ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 13:14:02.0108 3244 mrxsmb20 - ok 13:14:02.0124 3244 [ 4326D168944123F38DD3B2D9C37A0B12 ] msahci C:\Windows\system32\DRIVERS\msahci.sys 13:14:02.0139 3244 msahci - ok 13:14:02.0139 3244 [ 455029C7174A2DBB03DBA8A0D8BDDD9A ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys 13:14:02.0155 3244 msdsm - ok 13:14:02.0186 3244 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe 13:14:02.0217 3244 MSDTC - ok 13:14:02.0233 3244 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys 13:14:02.0233 3244 Msfs - ok 13:14:02.0249 3244 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys 13:14:02.0249 3244 mshidkmdf - ok 13:14:02.0249 3244 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys 13:14:02.0249 3244 msisadrv - ok 13:14:02.0280 3244 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 13:14:02.0295 3244 MSiSCSI - ok 13:14:02.0295 3244 msiserver - ok 13:14:02.0311 3244 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 13:14:02.0327 3244 MSKSSRV - ok 13:14:02.0342 3244 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 13:14:02.0342 3244 MSPCLOCK - ok 13:14:02.0342 3244 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 13:14:02.0358 3244 MSPQM - ok 13:14:02.0358 3244 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 13:14:02.0358 3244 MsRPC - ok 13:14:02.0374 3244 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys 13:14:02.0374 3244 mssmbios - ok 13:14:02.0374 3244 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 13:14:02.0374 3244 MSTEE - ok 13:14:02.0389 3244 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys 13:14:02.0389 3244 MTConfig - ok 13:14:02.0420 3244 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys 13:14:02.0420 3244 Mup - ok 13:14:02.0452 3244 [ 80284F1985C70C86F0B5F86DA2DFE1DF ] napagent C:\Windows\system32\qagentRT.dll 13:14:02.0467 3244 napagent - ok 13:14:02.0499 3244 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 13:14:02.0499 3244 NativeWifiP - ok 13:14:02.0608 3244 [ 8E4C77AD9BB279900C00F870CC0C674B ] NAVENG C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20121015.002\NAVENG.SYS 13:14:02.0608 3244 NAVENG - ok 13:14:02.0670 3244 [ 826F699B69E88A3920C70F344DD42D88 ] NAVEX15 C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20121015.002\NAVEX15.SYS 13:14:02.0686 3244 NAVEX15 - ok 13:14:02.0717 3244 [ 23759D175A0A9BAAF04D05047BC135A8 ] NDIS C:\Windows\system32\drivers\ndis.sys 13:14:02.0717 3244 NDIS - ok 13:14:02.0733 3244 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys 13:14:02.0749 3244 NdisCap - ok 13:14:02.0780 3244 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 13:14:02.0780 3244 NdisTapi - ok 13:14:02.0795 3244 [ B30AE7F2B6D7E343B0DF32E6C08FCE75 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 13:14:02.0795 3244 Ndisuio - ok 13:14:02.0795 3244 [ 267C415EADCBE53C9CA873DEE39CF3A4 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 13:14:02.0795 3244 NdisWan - ok 13:14:02.0811 3244 [ AF7E7C63DCEF3F8772726F86039D6EB4 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 13:14:02.0811 3244 NDProxy - ok 13:14:02.0811 3244 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 13:14:02.0811 3244 NetBIOS - ok 13:14:02.0827 3244 [ DD52A733BF4CA5AF84562A5E2F963B91 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys 13:14:02.0827 3244 NetBT - ok 13:14:02.0842 3244 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] Netlogon C:\Windows\system32\lsass.exe 13:14:02.0842 3244 Netlogon - ok 13:14:02.0874 3244 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll 13:14:02.0889 3244 Netman - ok 13:14:02.0905 3244 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll 13:14:02.0905 3244 netprofm - ok 13:14:02.0952 3244 [ FE2AA5A684B0DD9B1FAE57B7817C198B ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe 13:14:02.0967 3244 NetTcpPortSharing - ok 13:14:02.0967 3244 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys 13:14:02.0983 3244 nfrd960 - ok 13:14:02.0999 3244 [ 2226496E34BD40734946A054B1CD657F ] NlaSvc C:\Windows\System32\nlasvc.dll 13:14:03.0014 3244 NlaSvc - ok 13:14:03.0014 3244 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys 13:14:03.0030 3244 Npfs - ok 13:14:03.0030 3244 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll 13:14:03.0045 3244 nsi - ok 13:14:03.0045 3244 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 13:14:03.0045 3244 nsiproxy - ok 13:14:03.0108 3244 [ 5126C5402C730C2A953275D8497A4715 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 13:14:03.0124 3244 Ntfs - ok 13:14:03.0139 3244 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys 13:14:03.0139 3244 Null - ok 13:14:03.0155 3244 [ F1B0BED906F97E16F6D0C3629D2F21C6 ] nvraid C:\Windows\system32\drivers\nvraid.sys 13:14:03.0170 3244 nvraid - ok 13:14:03.0217 3244 [ 4520B63899E867F354EE012D34E11536 ] nvstor C:\Windows\system32\drivers\nvstor.sys 13:14:03.0233 3244 nvstor - ok 13:14:03.0249 3244 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys 13:14:03.0264 3244 nv_agp - ok 13:14:03.0280 3244 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys 13:14:03.0280 3244 ohci1394 - ok 13:14:03.0311 3244 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll 13:14:03.0311 3244 p2pimsvc - ok 13:14:03.0327 3244 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll 13:14:03.0342 3244 p2psvc - ok 13:14:03.0358 3244 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys 13:14:03.0358 3244 Parport - ok 13:14:03.0389 3244 [ 66D3415C159741ADE7038A277EFFF99F ] partmgr C:\Windows\system32\drivers\partmgr.sys 13:14:03.0389 3244 partmgr - ok 13:14:03.0405 3244 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys 13:14:03.0420 3244 Parvdm - ok 13:14:03.0436 3244 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll 13:14:03.0436 3244 PcaSvc - ok 13:14:03.0452 3244 [ C858CB77C577780ECC456A892E7E7D0F ] pci C:\Windows\system32\DRIVERS\pci.sys 13:14:03.0467 3244 pci - ok 13:14:03.0483 3244 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\DRIVERS\pciide.sys 13:14:03.0483 3244 pciide - ok 13:14:03.0499 3244 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys 13:14:03.0514 3244 pcmcia - ok 13:14:03.0530 3244 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys 13:14:03.0530 3244 pcw - ok 13:14:03.0545 3244 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys 13:14:03.0561 3244 PEAUTH - ok 13:14:03.0592 3244 [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll 13:14:03.0639 3244 PeerDistSvc - ok 13:14:03.0686 3244 [ 9C1BFF7910C89A1D12E57343475840CB ] pla C:\Windows\system32\pla.dll 13:14:03.0733 3244 pla - ok 13:14:03.0780 3244 [ 71DEF5EC79774C798342D0EA16E41780 ] PlugPlay C:\Windows\system32\umpnpmgr.dll 13:14:03.0780 3244 PlugPlay - ok 13:14:03.0795 3244 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll 13:14:03.0811 3244 PNRPAutoReg - ok 13:14:03.0811 3244 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll 13:14:03.0811 3244 PNRPsvc - ok 13:14:03.0842 3244 [ 48E1B75C6DC0232FD92BAAE4BD344721 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 13:14:03.0858 3244 PolicyAgent - ok 13:14:03.0889 3244 [ DBFF83F709A91049621C1D35DD45C92C ] Power C:\Windows\system32\umpo.dll 13:14:03.0889 3244 Power - ok 13:14:03.0920 3244 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 13:14:03.0920 3244 PptpMiniport - ok 13:14:03.0967 3244 [ 46A7BB412D7F0BA1813FC191D460F991 ] PRISM_USB C:\Windows\system32\DRIVERS\PRISMUSB.sys 13:14:03.0983 3244 PRISM_USB - ok 13:14:04.0014 3244 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys 13:14:04.0030 3244 Processor - ok 13:14:04.0061 3244 [ AEA3BDBDBA667AA6F678CB38907E4F5E ] ProfSvc C:\Windows\system32\profsvc.dll 13:14:04.0077 3244 ProfSvc - ok 13:14:04.0077 3244 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] ProtectedStorage C:\Windows\system32\lsass.exe 13:14:04.0077 3244 ProtectedStorage - ok 13:14:04.0108 3244 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys 13:14:04.0108 3244 Psched - ok 13:14:04.0155 3244 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys 13:14:04.0202 3244 ql2300 - ok 13:14:04.0217 3244 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys 13:14:04.0249 3244 ql40xx - ok 13:14:04.0264 3244 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll 13:14:04.0280 3244 QWAVE - ok 13:14:04.0295 3244 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 13:14:04.0295 3244 QWAVEdrv - ok 13:14:04.0311 3244 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 13:14:04.0311 3244 RasAcd - ok 13:14:04.0327 3244 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys 13:14:04.0327 3244 RasAgileVpn - ok 13:14:04.0327 3244 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll 13:14:04.0342 3244 RasAuto - ok 13:14:04.0358 3244 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 13:14:04.0358 3244 Rasl2tp - ok 13:14:04.0374 3244 [ 0CE66EC736B7FC526D78F7624C7D2A94 ] RasMan C:\Windows\System32\rasmans.dll 13:14:04.0374 3244 RasMan - ok 13:14:04.0374 3244 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 13:14:04.0374 3244 RasPppoe - ok 13:14:04.0405 3244 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 13:14:04.0405 3244 RasSstp - ok 13:14:04.0420 3244 [ 835D7E81BF517A3B72384BDCC85E1CE6 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 13:14:04.0420 3244 rdbss - ok 13:14:04.0436 3244 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys 13:14:04.0452 3244 rdpbus - ok 13:14:04.0452 3244 [ 1E016846895B15A99F9A176A05029075 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 13:14:04.0452 3244 RDPCDD - ok 13:14:04.0483 3244 [ C5FF95883FFEF704D50C40D21CFB3AB5 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys 13:14:04.0499 3244 RDPDR - ok 13:14:04.0514 3244 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 13:14:04.0514 3244 RDPENCDD - ok 13:14:04.0530 3244 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys 13:14:04.0530 3244 RDPREFMP - ok 13:14:04.0561 3244 [ C5B8D47A4688DE9D335204EA757C2240 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 13:14:04.0577 3244 RDPWD - ok 13:14:04.0608 3244 [ 4EA225BF1CF05E158853F30A99CA29A7 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys 13:14:04.0608 3244 rdyboost - ok 13:14:04.0639 3244 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll 13:14:04.0639 3244 RemoteAccess - ok 13:14:04.0655 3244 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll 13:14:04.0655 3244 RemoteRegistry - ok 13:14:04.0670 3244 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll 13:14:04.0670 3244 RpcEptMapper - ok 13:14:04.0686 3244 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe 13:14:04.0717 3244 RpcLocator - ok 13:14:04.0764 3244 [ B82CD39E336973359D7C9BF911E8E84F ] RpcSs C:\Windows\system32\rpcss.dll 13:14:04.0764 3244 RpcSs - ok 13:14:04.0780 3244 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 13:14:04.0780 3244 rspndr - ok 13:14:04.0780 3244 RTHDMIAzAudService - ok 13:14:04.0827 3244 [ 3983CEA05BB855351D75F5482B6C42CE ] RTL8167 C:\Windows\system32\DRIVERS\Rt86win7.sys 13:14:04.0827 3244 RTL8167 - ok 13:14:04.0858 3244 [ F2FEC929E9FA9902F0BB52A4522068D4 ] RtNdPt60 C:\Windows\system32\DRIVERS\RtNdPt60.sys 13:14:04.0858 3244 RtNdPt60 - ok 13:14:04.0874 3244 [ 2E87C315ACC3F60905BC3F24288F53D6 ] RTTEAMPT C:\Windows\system32\DRIVERS\RtTeam60.sys 13:14:04.0889 3244 RTTEAMPT - ok 13:14:04.0905 3244 [ E6472A4007FB17D27D4091ABD657A291 ] RTVLANPT C:\Windows\system32\DRIVERS\RtVlan60.sys 13:14:04.0920 3244 RTVLANPT - ok 13:14:04.0936 3244 [ 5423D8437051E89DD34749F242C98648 ] s3cap C:\Windows\system32\DRIVERS\vms3cap.sys 13:14:04.0936 3244 s3cap - ok 13:14:04.0936 3244 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] SamSs C:\Windows\system32\lsass.exe 13:14:04.0936 3244 SamSs - ok 13:14:04.0967 3244 [ 34EE0C44B724E3E4CE2EFF29126DE5B5 ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys 13:14:04.0983 3244 sbp2port - ok 13:14:04.0999 3244 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll 13:14:05.0014 3244 SCardSvr - ok 13:14:05.0014 3244 [ A95C54B2AC3CC9C73FCDF9E51A1D6B51 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys 13:14:05.0030 3244 scfilter - ok 13:14:05.0077 3244 [ DF1E5C82E4D09CF8105CC644980C4803 ] Schedule C:\Windows\system32\schedsvc.dll 13:14:05.0077 3244 Schedule - ok 13:14:05.0092 3244 [ 628A9E30EC5E18DD5DE6BE4DBDC12198 ] SCPolicySvc C:\Windows\System32\certprop.dll 13:14:05.0092 3244 SCPolicySvc - ok 13:14:05.0108 3244 [ 5FD90ABDBFAEE85986802622CBB03446 ] SDRSVC C:\Windows\System32\SDRSVC.dll 13:14:05.0124 3244 SDRSVC - ok 13:14:05.0139 3244 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys 13:14:05.0139 3244 secdrv - ok 13:14:05.0155 3244 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll 13:14:05.0155 3244 seclogon - ok 13:14:05.0170 3244 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\system32\sens.dll 13:14:05.0170 3244 SENS - ok 13:14:05.0202 3244 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll 13:14:05.0217 3244 SensrSvc - ok 13:14:05.0217 3244 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys 13:14:05.0217 3244 Serenum - ok 13:14:05.0249 3244 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys 13:14:05.0249 3244 Serial - ok 13:14:05.0264 3244 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys 13:14:05.0280 3244 sermouse - ok 13:14:05.0295 3244 [ 8F55CE568C543D5ADF45C409D16718FC ] SessionEnv C:\Windows\system32\sessenv.dll 13:14:05.0311 3244 SessionEnv - ok 13:14:05.0327 3244 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys 13:14:05.0327 3244 sffdisk - ok 13:14:05.0358 3244 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\DRIVERS\sffp_mmc.sys 13:14:05.0374 3244 sffp_mmc - ok 13:14:05.0374 3244 [ 4F1E5B0FE7C8050668DBFADE8999AEFB ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys 13:14:05.0389 3244 sffp_sd - ok 13:14:05.0405 3244 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys 13:14:05.0420 3244 sfloppy - ok 13:14:05.0452 3244 [ ABD45D0857BBBB12075F53243DA2AA41 ] SGHIDI C:\Windows\system32\drivers\TG_iMON.sys 13:14:05.0467 3244 SGHIDI - ok 13:14:05.0483 3244 [ 532F78BA55B3C8556C8998CB59A00471 ] SGIR C:\Windows\system32\drivers\iMON_PAD.sys 13:14:05.0499 3244 SGIR - ok 13:14:05.0514 3244 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll 13:14:05.0514 3244 SharedAccess - ok 13:14:05.0530 3244 [ CD2E48FA5B29EE2B3B5858056D246EF2 ] ShellHWDetection C:\Windows\System32\shsvcs.dll 13:14:05.0530 3244 ShellHWDetection - ok 13:14:05.0545 3244 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\DRIVERS\sisagp.sys 13:14:05.0561 3244 sisagp - ok 13:14:05.0577 3244 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys 13:14:05.0592 3244 SiSRaid2 - ok 13:14:05.0608 3244 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys 13:14:05.0624 3244 SiSRaid4 - ok 13:14:05.0655 3244 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys 13:14:05.0670 3244 Smb - ok 13:14:05.0749 3244 [ A58C1A086D9C09C6572C948F22CC0E94 ] SmcService C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe 13:14:05.0795 3244 SmcService - ok 13:14:05.0842 3244 [ D2C222441255131E29DE351475F98F6D ] SNAC C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE 13:14:05.0905 3244 SNAC - ok 13:14:05.0952 3244 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe 13:14:05.0952 3244 SNMPTRAP - ok 13:14:05.0999 3244 [ E621BB5839CF45FA477F48092EDD2B40 ] SPBBCDrv C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys 13:14:06.0030 3244 SPBBCDrv - ok 13:14:06.0061 3244 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys 13:14:06.0061 3244 spldr - ok 13:14:06.0108 3244 [ E17323B0AA9FB3FF9945731D736EDA2F ] Spooler C:\Windows\System32\spoolsv.exe 13:14:06.0108 3244 Spooler - ok 13:14:06.0186 3244 [ 4C287F9069FEDBD791178876EE9DE536 ] sppsvc C:\Windows\system32\sppsvc.exe 13:14:06.0249 3244 sppsvc - ok 13:14:06.0264 3244 [ D8E3E19EEBDAB49DD4A8D3062EAD4EC7 ] sppuinotify C:\Windows\system32\sppuinotify.dll 13:14:06.0280 3244 sppuinotify - ok 13:14:06.0295 3244 [ D390675B8CE45E5FB359338E5E649329 ] sptd C:\Windows\system32\Drivers\sptd.sys 13:14:06.0311 3244 sptd - ok 13:14:06.0311 3244 [ 2ABF82C8452AB0B9FFC74A2D5DA91989 ] SRTSP C:\Windows\system32\Drivers\SRTSP.SYS 13:14:06.0327 3244 SRTSP - ok 13:14:06.0327 3244 [ E2F9E5887BEA5BD8784D337E06EDA31B ] SRTSPL C:\Windows\system32\Drivers\SRTSPL.SYS 13:14:06.0342 3244 SRTSPL - ok 13:14:06.0342 3244 [ 3B974C158FABD910186F98DF8D3E23F3 ] SRTSPX C:\Windows\system32\Drivers\SRTSPX.SYS 13:14:06.0358 3244 SRTSPX - ok 13:14:06.0389 3244 [ C4A027B8C0BD3FC0699F41FA5E9E0C87 ] srv C:\Windows\system32\DRIVERS\srv.sys 13:14:06.0389 3244 srv - ok 13:14:06.0405 3244 [ 414BB592CAD8A79649D01F9D94318FB3 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 13:14:06.0405 3244 srv2 - ok 13:14:06.0436 3244 [ FF207D67700AA18242AAF985D3E7D8F4 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 13:14:06.0436 3244 srvnet - ok 13:14:06.0452 3244 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 13:14:06.0467 3244 SSDPSRV - ok 13:14:06.0467 3244 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll 13:14:06.0483 3244 SstpSvc - ok 13:14:06.0499 3244 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys 13:14:06.0514 3244 stexstor - ok 13:14:06.0545 3244 [ A22825E7BB7018E8AF3E229A5AF17221 ] StiSvc C:\Windows\System32\wiaservc.dll 13:14:06.0561 3244 StiSvc - ok 13:14:06.0592 3244 [ 957E346CA948668F2496A6CCF6FF82CC ] storflt C:\Windows\system32\DRIVERS\vmstorfl.sys 13:14:06.0592 3244 storflt - ok 13:14:06.0608 3244 [ D5751969DC3E4B88BF482AC8EC9FE019 ] storvsc C:\Windows\system32\DRIVERS\storvsc.sys 13:14:06.0624 3244 storvsc - ok 13:14:06.0655 3244 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\DRIVERS\swenum.sys 13:14:06.0655 3244 swenum - ok 13:14:06.0670 3244 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll 13:14:06.0670 3244 swprv - ok 13:14:06.0733 3244 [ BA2FB8F8AB24D0279CAA98A4C118150E ] Symantec AntiVirus C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe 13:14:06.0749 3244 Symantec AntiVirus - ok 13:14:06.0749 3244 [ A54FF04BD6E75DC4D8CB6F3E352635E0 ] SymEvent C:\Windows\system32\Drivers\SYMEVENT.SYS 13:14:06.0764 3244 SymEvent - ok 13:14:06.0780 3244 [ 04105C8DA62353589C29BDAEB8D88BD8 ] SysMain C:\Windows\system32\sysmain.dll 13:14:06.0795 3244 SysMain - ok 13:14:06.0795 3244 [ FCFB6C552FBC0DA299799CBD50AD9FD4 ] TabletInputService C:\Windows\System32\TabSvc.dll 13:14:06.0811 3244 TabletInputService - ok 13:14:06.0811 3244 [ 2F46B0C70A4ADC8C90CF825DA3B4FEAF ] TapiSrv C:\Windows\System32\tapisrv.dll 13:14:06.0827 3244 TapiSrv - ok 13:14:06.0842 3244 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll 13:14:06.0842 3244 TBS - ok 13:14:06.0889 3244 [ 55E9965552741F3850CB22CBBA9671ED ] Tcpip C:\Windows\system32\drivers\tcpip.sys 13:14:06.0905 3244 Tcpip - ok 13:14:06.0936 3244 [ 55E9965552741F3850CB22CBBA9671ED ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys 13:14:06.0952 3244 TCPIP6 - ok 13:14:06.0967 3244 [ E64444523ADD154F86567C469BC0B17F ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 13:14:06.0967 3244 tcpipreg - ok 13:14:06.0983 3244 [ 1875C1490D99E70E449E3AFAE9FCBADF ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 13:14:06.0999 3244 TDPIPE - ok 13:14:07.0045 3244 [ 7156308896D34EA75A582F9A09E50C17 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 13:14:07.0061 3244 TDTCP - ok 13:14:07.0077 3244 [ CB39E896A2A83702D1737BFD402B3542 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 13:14:07.0077 3244 tdx - ok 13:14:07.0077 3244 [ C36F41EE20E6999DBF4B0425963268A5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys 13:14:07.0077 3244 TermDD - ok 13:14:07.0108 3244 [ A01E50A04D7B1960B33E92B9080E6A94 ] TermService C:\Windows\System32\termsrv.dll 13:14:07.0139 3244 TermService - ok 13:14:07.0155 3244 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll 13:14:07.0155 3244 Themes - ok 13:14:07.0155 3244 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll 13:14:07.0155 3244 THREADORDER - ok 13:14:07.0170 3244 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll 13:14:07.0170 3244 TrkWks - ok 13:14:07.0202 3244 [ 41A4C781D2286208D397D72099304133 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 13:14:07.0217 3244 TrustedInstaller - ok 13:14:07.0217 3244 [ 98AE6FA07D12CB4EC5CF4A9BFA5F4242 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 13:14:07.0233 3244 tssecsrv - ok 13:14:07.0249 3244 [ 3E461D890A97F9D4C168F5FDA36E1D00 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 13:14:07.0249 3244 tunnel - ok 13:14:07.0264 3244 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys 13:14:07.0280 3244 uagp35 - ok 13:14:07.0295 3244 [ 09CC3E16F8E5EE7168E01CF8FCBE061A ] udfs C:\Windows\system32\DRIVERS\udfs.sys 13:14:07.0295 3244 udfs - ok 13:14:07.0311 3244 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe 13:14:07.0342 3244 UI0Detect - ok 13:14:07.0374 3244 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys 13:14:07.0389 3244 uliagpkx - ok 13:14:07.0405 3244 [ 049B3A50B3D646BAEEEE9EEC9B0668DC ] umbus C:\Windows\system32\DRIVERS\umbus.sys 13:14:07.0405 3244 umbus - ok 13:14:07.0436 3244 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys 13:14:07.0436 3244 UmPass - ok 13:14:07.0467 3244 [ 8ECACA5454844F66386F7BE4AE0D7CD1 ] UmRdpService C:\Windows\System32\umrdp.dll 13:14:07.0499 3244 UmRdpService - ok 13:14:07.0514 3244 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll 13:14:07.0530 3244 upnphost - ok 13:14:07.0561 3244 [ C31AE588E403042632DC796CF09E30B0 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 13:14:07.0561 3244 usbccgp - ok 13:14:07.0577 3244 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys 13:14:07.0592 3244 usbcir - ok 13:14:07.0608 3244 [ E4C436D914768CE965D5E659BA7EEBD8 ] usbehci C:\Windows\system32\drivers\usbehci.sys 13:14:07.0608 3244 usbehci - ok 13:14:07.0639 3244 [ BDCD7156EC37448F08633FD899823620 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 13:14:07.0655 3244 usbhub - ok 13:14:07.0686 3244 [ EB2D819A639015253C871CDA09D91D58 ] usbohci C:\Windows\system32\drivers\usbohci.sys 13:14:07.0702 3244 usbohci - ok 13:14:07.0717 3244 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys 13:14:07.0717 3244 usbprint - ok 13:14:07.0733 3244 [ 1C4287739A93594E57E2A9E6A3ED7353 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 13:14:07.0733 3244 USBSTOR - ok 13:14:07.0749 3244 [ 22480BF4E5A09192E5E30BA4DDE79FA4 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys 13:14:07.0749 3244 usbuhci - ok 13:14:07.0764 3244 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll 13:14:07.0764 3244 UxSms - ok 13:14:07.0780 3244 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] VaultSvc C:\Windows\system32\lsass.exe 13:14:07.0780 3244 VaultSvc - ok 13:14:07.0795 3244 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys 13:14:07.0795 3244 vdrvroot - ok 13:14:07.0811 3244 [ 8C4E7C49D3641BC9E299E466A7F8867D ] vds C:\Windows\System32\vds.exe 13:14:07.0858 3244 vds - ok 13:14:07.0874 3244 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 13:14:07.0874 3244 vga - ok 13:14:07.0889 3244 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys 13:14:07.0889 3244 VgaSave - ok 13:14:07.0905 3244 [ 3BE6E1F3A4F1AFEC8CEE0D7883F93583 ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys 13:14:07.0920 3244 vhdmp - ok 13:14:07.0952 3244 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\DRIVERS\viaagp.sys 13:14:07.0967 3244 viaagp - ok 13:14:07.0983 3244 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys 13:14:07.0999 3244 ViaC7 - ok 13:14:08.0014 3244 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\DRIVERS\viaide.sys 13:14:08.0014 3244 viaide - ok 13:14:08.0045 3244 [ 379B349F65F453D2A6E75EA6B7448E49 ] vmbus C:\Windows\system32\DRIVERS\vmbus.sys 13:14:08.0061 3244 vmbus - ok 13:14:08.0077 3244 [ EC2BBAB4B84D0738C6C83D2234DC36FE ] VMBusHID C:\Windows\system32\DRIVERS\VMBusHID.sys 13:14:08.0092 3244 VMBusHID - ok 13:14:08.0092 3244 [ 384E5A2AA49934295171E499F86BA6F3 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys 13:14:08.0092 3244 volmgr - ok 13:14:08.0108 3244 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 13:14:08.0108 3244 volmgrx - ok 13:14:08.0124 3244 [ 58DF9D2481A56EDDE167E51B334D44FD ] volsnap C:\Windows\system32\DRIVERS\volsnap.sys 13:14:08.0124 3244 volsnap - ok 13:14:08.0139 3244 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys 13:14:08.0155 3244 vsmraid - ok 13:14:08.0186 3244 [ 7EA2BCD94D9CFAF4C556F5CC94532A6C ] VSS C:\Windows\system32\vssvc.exe 13:14:08.0202 3244 VSS - ok 13:14:08.0202 3244 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys 13:14:08.0217 3244 vwifibus - ok 13:14:08.0233 3244 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll 13:14:08.0249 3244 W32Time - ok 13:14:08.0249 3244 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys 13:14:08.0264 3244 WacomPen - ok 13:14:08.0280 3244 [ 692A712062146E96D28BA0B7D75DE31B ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys 13:14:08.0280 3244 WANARP - ok 13:14:08.0280 3244 [ 692A712062146E96D28BA0B7D75DE31B ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 13:14:08.0280 3244 Wanarpv6 - ok 13:14:08.0358 3244 [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe 13:14:08.0405 3244 WatAdminSvc - ok 13:14:08.0436 3244 [ 7790B77FE1E5EE47DCC66247095BB4C9 ] wbengine C:\Windows\system32\wbengine.exe 13:14:08.0467 3244 wbengine - ok 13:14:08.0483 3244 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll 13:14:08.0499 3244 WbioSrvc - ok 13:14:08.0530 3244 [ 6D9B75275C3E3A5F51AEF81AFFADB2B6 ] wcncsvc C:\Windows\System32\wcncsvc.dll 13:14:08.0530 3244 wcncsvc - ok 13:14:08.0545 3244 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 13:14:08.0561 3244 WcsPlugInService - ok 13:14:08.0577 3244 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys 13:14:08.0592 3244 Wd - ok 13:14:08.0608 3244 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 13:14:08.0624 3244 Wdf01000 - ok 13:14:08.0624 3244 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll 13:14:08.0624 3244 WdiServiceHost - ok 13:14:08.0639 3244 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll 13:14:08.0639 3244 WdiSystemHost - ok 13:14:08.0686 3244 [ BB5EC38F8D4600119B4720BC5D4211F1 ] WebClient C:\Windows\System32\webclnt.dll 13:14:08.0702 3244 WebClient - ok 13:14:08.0717 3244 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll 13:14:08.0733 3244 Wecsvc - ok 13:14:08.0749 3244 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll 13:14:08.0749 3244 wercplsupport - ok 13:14:08.0764 3244 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll 13:14:08.0780 3244 WerSvc - ok 13:14:08.0795 3244 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys 13:14:08.0795 3244 WfpLwf - ok 13:14:08.0795 3244 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys 13:14:08.0811 3244 WIMMount - ok 13:14:08.0858 3244 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll 13:14:08.0889 3244 WinDefend - ok 13:14:08.0905 3244 WinHttpAutoProxySvc - ok 13:14:08.0983 3244 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 13:14:08.0983 3244 Winmgmt - ok 13:14:09.0014 3244 [ C4F5D3901D1B41D602DDC196E0B95B51 ] WinRM C:\Windows\system32\WsmSvc.dll 13:14:09.0061 3244 WinRM - ok 13:14:09.0092 3244 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll 13:14:09.0108 3244 Wlansvc - ok 13:14:09.0139 3244 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys 13:14:09.0139 3244 WmiAcpi - ok 13:14:09.0155 3244 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 13:14:09.0202 3244 wmiApSrv - ok 13:14:09.0233 3244 [ 77FBD400984CF72BA0FC4B3489D65F74 ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe 13:14:09.0233 3244 WMPNetworkSvc - ok 13:14:09.0249 3244 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll 13:14:09.0249 3244 WPCSvc - ok 13:14:09.0264 3244 [ B7F658A2EBC07129538AD9AB35212637 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 13:14:09.0280 3244 WPDBusEnum - ok 13:14:09.0280 3244 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 13:14:09.0295 3244 ws2ifsl - ok 13:14:09.0327 3244 [ A661A76333057B383A06E65F0073222F ] wscsvc C:\Windows\system32\wscsvc.dll 13:14:09.0342 3244 wscsvc - ok 13:14:09.0342 3244 WSearch - ok 13:14:09.0420 3244 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll 13:14:09.0467 3244 wuauserv - ok 13:14:09.0483 3244 [ 6F9B6C0C93232CFF47D0F72D6DB1D21E ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 13:14:09.0483 3244 WudfPf - ok 13:14:09.0499 3244 [ F91FF1E51FCA30B3C3981DB7D5924252 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 13:14:09.0499 3244 WUDFRd - ok 13:14:09.0514 3244 [ DDEE3682FE97037C45F4D7AB467CB8B6 ] wudfsvc C:\Windows\System32\WUDFSvc.dll 13:14:09.0514 3244 wudfsvc - ok 13:14:09.0530 3244 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll 13:14:09.0545 3244 WwanSvc - ok 13:14:09.0608 3244 [ 74EC37B9EAF9FCA015B933A526825C7A ] {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC} C:\Program Files\CyberLink\PowerDVD10\NavFilter\000.fcl 13:14:09.0608 3244 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC} - ok 13:14:09.0624 3244 ================ Scan global =============================== 13:14:09.0639 3244 [ 9A595DF601070DA78C40481120DD2C06 ] C:\Windows\system32\basesrv.dll 13:14:09.0670 3244 [ 43B34CADB516800794BDF486E493ED32 ] C:\Windows\system32\winsrv.dll 13:14:09.0670 3244 [ 43B34CADB516800794BDF486E493ED32 ] C:\Windows\system32\winsrv.dll 13:14:09.0686 3244 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll 13:14:09.0717 3244 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe 13:14:09.0717 3244 [Global] - ok 13:14:09.0717 3244 ================ Scan MBR ================================== 13:14:09.0733 3244 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0 13:14:10.0045 3244 \Device\Harddisk0\DR0 - ok 13:14:10.0045 3244 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1 13:14:10.0061 3244 \Device\Harddisk1\DR1 - ok 13:14:10.0061 3244 ================ Scan VBR ================================== 13:14:10.0061 3244 [ 39B9B1441D7DDBA758DD1855A5BE2AEF ] \Device\Harddisk0\DR0\Partition1 13:14:10.0061 3244 \Device\Harddisk0\DR0\Partition1 - ok 13:14:10.0077 3244 [ E6CF5A395C8335ABB12B2100B2151427 ] \Device\Harddisk0\DR0\Partition2 13:14:10.0077 3244 \Device\Harddisk0\DR0\Partition2 - ok 13:14:10.0077 3244 [ 6DC014BEEB54F979753F812F6B4BFEA9 ] \Device\Harddisk1\DR1\Partition1 13:14:10.0077 3244 \Device\Harddisk1\DR1\Partition1 - ok 13:14:10.0077 3244 ============================================================ 13:14:10.0077 3244 Scan finished 13:14:10.0077 3244 ============================================================ 13:14:10.0092 2972 Detected object count: 1 13:14:10.0092 2972 Actual detected object count: 1 13:18:05.0202 2972 MozillaMaintenance ( ForgedFile.Multi.Generic ) - skipped by user 13:18:05.0202 2972 MozillaMaintenance ( ForgedFile.Multi.Generic ) - User select action: Skip 13:18:10.0483 3080 Deinitialize success # AdwCleaner v2.005 - Logfile created 10/16/2012 at 14:34:29 # Updated 14/10/2012 by Xplode # Operating system : Windows 7 Ultimate (32 bits) # User : Mark - DSHTPC # Boot Mode : Normal # Running from : C:\Users\Mark\Desktop\adwcleaner.exe # Option [search] ***** [services] ***** ***** [Files / Folders] ***** Folder Found : C:\ProgramData\WeCareReminder Folder Found : C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\44xw4471.default\extensions\wecarereminder@bryan Folder Found : C:\Users\Mark\AppData\Roaming\OpenCandy ***** [Registry] ***** Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} Key Found : HKCU\Software\wecarereminder Key Found : HKLM\SOFTWARE\Classes\AppID\{4FBBF769-ECEB-420A-B536-133B1D505C36} Key Found : HKLM\SOFTWARE\Classes\AppID\IEHelperv2.5.0.DLL Key Found : HKLM\SOFTWARE\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} Key Found : HKLM\SOFTWARE\Classes\CLSID\{F773BB94-6C19-4643-A570-0E429103D1C3} Key Found : HKLM\SOFTWARE\Classes\IEHelperv250.WeCareReminder Key Found : HKLM\SOFTWARE\Classes\IEHelperv250.WeCareReminder.1 Key Found : HKLM\SOFTWARE\Classes\Interface\{F773BB94-6C19-4643-A570-0E429103D1C3} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{B12920CF-BE13-4C09-890D-1B6EFFFE2FBE} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AC5B6CDA-8F90-4740-9A8C-28AC5D3C73FE} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} Key Found : HKU\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16421 [OK] Registry is clean. -\\ Mozilla Firefox v13.0.1 (en-US) Profile name : default File : C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\44xw4471.default\prefs.js [OK] File is clean. ************************* AdwCleaner[R1].txt - [2368 octets] - [16/10/2012 14:34:29] ########## EOF - C:\AdwCleaner[R1].txt - [2428 octets] ########## Health Results of screen317's Security Check version 0.99.51 Windows 7 x86 (UAC is enabled) Out of date service pack!! Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Symantec Endpoint Protection WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.65.0.1400 Java version out of Date! Adobe Flash Player 11.4.402.287 Mozilla Firefox 13.0.1 Firefox out of Date! ````````Process Check: objlist.exe by Laurent```````` Norton ccSvcHst.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 0% ````````````````````End of Log``````````````````````

Not sure why font size came out so small so I will repost . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows 7 Ultimate Boot Device: \Device\HarddiskVolume1 Install Date: 12/17/2009 9:34:13 AM System Uptime: 10/14/2012 3:41:12 PM (20 hours ago) . Motherboard: ASRock | | P55 Deluxe Processor: Intel® Core i5 CPU 750 @ 2.67GHz | CPUSocket | 2668/133mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 931 GiB total, 724.745 GiB free. D: is CDROM (UDF) E: is CDROM () F: is Removable . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP188: 9/1/2012 12:00:03 AM - Scheduled Checkpoint RP189: 9/8/2012 7:12:50 PM - Scheduled Checkpoint RP190: 9/14/2012 11:51:16 PM - Windows Update RP191: 9/22/2012 12:00:03 AM - Scheduled Checkpoint RP192: 9/22/2012 3:00:11 AM - Windows Update RP193: 9/29/2012 7:01:00 PM - Scheduled Checkpoint RP194: 10/7/2012 12:00:04 AM - Scheduled Checkpoint RP195: 10/10/2012 3:00:12 AM - Windows Update RP197: 10/13/2012 10:36:08 AM - ComboFix created restore point RP198: 10/14/2012 3:00:10 AM - Windows Update . ==== Installed Programs ====================== . ACDSee 10 Photo Manager Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin AMD Accelerated Video Transcoding AMD APP SDK Runtime AMD Catalyst Install Manager AMD Drag and Drop Transcoding AMD Media Foundation Decoders ATI Catalyst Registration Catalyst Control Center Catalyst Control Center - Branding Catalyst Control Center Graphics Previews Common Catalyst Control Center InstallProxy Catalyst Control Center Localization All ccc-utility CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish Collectorz.com Game Collector Collectorz.com Movie Collector COTM Reminder by We-Care.com v4.1.17.2 CyberLink PowerDVD 10 D-Link 11Mbps Wireless LAN for Windows DAEMON Tools Lite EasyRecovery Professional eReg Google Toolbar for Internet Explorer Google Update Helper Java Auto Updater JMicron JMB36X Driver LiveUpdate 3.3 (Symantec Corporation) Logitech SetPoint 6.32 Malwarebytes Anti-Malware version 1.65.0.1400 Microsoft .NET Framework 4 Client Profile Microsoft Office XP Professional with FrontPage Microsoft Silverlight Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 Mozilla Firefox 13.0.1 (x86 en-US) Mozilla Maintenance Service Realtek Ethernet Diagnostic Utility Realtek High Definition Audio Driver SAMSUNG Intelli-studio Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Symantec Endpoint Protection The Lord of the Rings FREE Trial Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) VLC media player 2.0.2 Winamp Winamp Application Detect WinRAR archiver . ==== Event Viewer Messages From Past Week ======== . 10/14/2012 4:02:51 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service LiveUpdate with arguments "" in order to run the server: {03E0E6C2-363B-11D3-B536-00902771A435} 10/14/2012 4:02:43 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the LiveUpdate service to connect. 10/14/2012 4:02:43 PM, Error: Service Control Manager [7000] - The LiveUpdate service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 10/14/2012 3:42:07 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: sptd 10/14/2012 3:41:13 PM, Error: sptd [4] - Driver detected an internal error in its data structures for . 10/14/2012 3:40:40 PM, Error: Service Control Manager [7023] - 10/14/2012 3:38:28 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SmcService service. 10/14/2012 3:37:46 PM, Error: Service Control Manager [7043] - The Windows Update service did not shut down properly after receiving a preshutdown control. 10/14/2012 3:35:39 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WerSvc service. 10/13/2012 11:07:07 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80004004: Security Update for Windows 7 (KB2731847). 10/13/2012 10:41:49 AM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. . ==== End Of File =========================== . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 9.0.8112.16421 Run by Mark at 11:14:31 on 2012-10-15 Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3255.2263 [GMT -7:00] . AV: Symantec Endpoint Protection *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Symantec Endpoint Protection *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\atieclxx.exe C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\System32\spoolsv.exe C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\CyberLink\PowerDVD10\PDVD10Serv.exe C:\Program Files\CyberLink\Shared files\brs.exe C:\Program Files\Logitech\SetPointP\SetPoint.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE C:\Windows\system32\taskhost.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe C:\Windows\system32\mmc.exe C:\Windows\system32\mmc.exe C:\Windows\system32\mmc.exe C:\Windows\system32\WUDFHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . mURLSearchHooks: H - No File BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: WeCareReminder Class: {d824f0de-3d60-4f57-9eb1-66033ecd8abb} - c:\programdata\wecarereminder\IEHelperv2.5.0.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s mRun: [JMB36X IDE Setup] c:\windows\raidtool\xInsIDE.exe mRun: [ATICustomerCare] "c:\program files\ati\aticustomercare\ATICustomerCare.exe" mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe" mRun: [RemoteControl10] "c:\program files\cyberlink\powerdvd10\PDVD10Serv.exe" mRun: [bDRegion] c:\program files\cyberlink\shared files\brs.exe mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "c:\program files\amd avt\bin\kdbsync.exe" aml mRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000 DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab TCP: Interfaces\{2FF4A191-1B08-43AC-A5B8-4A6C6F686024} : DhcpNameServer = 192.168.1.1 68.238.64.12 Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\users\mark\appdata\roaming\mozilla\firefox\profiles\44xw4471.default\ FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157 . ============= SERVICES / DRIVERS =============== . R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2012-7-7 242240] R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2011/07/10 19:55:37];c:\program files\cyberlink\powerdvd10\navfilter\000.fcl [2010-3-13 87536] R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-6-11 217600] R2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\drivers\RtNdPt60.sys [2009-12-17 27648] R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2009-10-29 2477304] R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2012-6-11 8733696] R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2012-6-11 295936] R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2012-2-23 86544] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-9-22 106656] R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-3-2 139776] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-12-17 135664] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-7-15 250808] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888] S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-12-17 135664] S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-9-29 40776] S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-7-5 113120] S3 PRISM_USB;Instant Wireless USB Network Adapter ver.2.5 Driver;c:\windows\system32\drivers\PRISMUSB.sys [2002-2-18 50264] S3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.2);c:\windows\system32\drivers\RtTeam60.sys [2009-12-17 35840] S3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);c:\windows\system32\drivers\RtVlan60.sys [2009-12-17 19968] S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-7-5 1343400] . =============== Created Last 30 ================ . 2012-10-13 17:44:15 -------- d-sh--w- C:\$RECYCLE.BIN 2012-10-10 04:39:29 172544 ----a-w- c:\windows\system32\wintrust.dll 2012-10-10 04:39:22 2048 ----a-w- c:\windows\system32\tzres.dll 2012-10-02 00:41:06 -------- d-----w- c:\programdata\Kaspersky Lab 2012-09-30 00:49:59 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2012-09-21 23:12:41 -------- d-----w- C:\found.001 . ==================== Find3M ==================== . 2012-10-09 03:51:16 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-10-09 03:51:16 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-09-08 00:04:46 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-08-31 17:21:56 1210736 ----a-w- c:\windows\system32\drivers\ntfs.sys 2012-08-30 17:18:33 3958128 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-08-30 17:18:33 3902832 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-08-24 06:59:17 1800704 ----a-w- c:\windows\system32\jscript9.dll 2012-08-24 06:51:27 1129472 ----a-w- c:\windows\system32\wininet.dll 2012-08-24 06:51:02 1427968 ----a-w- c:\windows\system32\inetcpl.cpl 2012-08-24 06:47:26 142848 ----a-w- c:\windows\system32\ieUnatt.exe 2012-08-24 06:47:12 420864 ----a-w- c:\windows\system32\vbscript.dll 2012-08-24 06:43:58 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-08-18 11:23:05 169984 ----a-w- c:\windows\system32\winsrv.dll 2012-08-18 11:21:20 293376 ----a-w- c:\windows\system32\KernelBase.dll 2012-08-18 11:18:47 271360 ----a-w- c:\windows\system32\conhost.exe 2012-08-18 09:07:02 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll 2012-08-18 09:07:02 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2012-08-18 09:07:02 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2012-08-18 09:07:02 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll 2012-08-10 23:54:04 541184 ----a-w- c:\windows\system32\kerberos.dll 2012-08-02 17:05:42 490496 ----a-w- c:\windows\system32\d3d10level9.dll 2012-07-18 17:10:29 2344448 ----a-w- c:\windows\system32\win32k.sys . ============= FINISH: 11:15:13.18 ===============

Here is the log: ComboFix 12-10-12.01 - Mark 10/13/2012 10:37:39.1.4 - x86 Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3255.1910 [GMT -7:00] Running from: F:\ComboFix.exe AV: Symantec Endpoint Protection *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855} SP: Symantec Endpoint Protection *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((( Files Created from 2012-09-13 to 2012-10-13 ))))))))))))))))))))))))))))))) . . 2012-10-13 17:41 . 2012-10-13 17:41 -------- d-----w- c:\users\Public\AppData\Local\temp 2012-10-13 17:41 . 2012-10-13 17:41 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-10-10 04:39 . 2012-08-24 17:10 172544 ----a-w- c:\windows\system32\wintrust.dll 2012-10-10 04:39 . 2012-09-14 18:30 2048 ----a-w- c:\windows\system32\tzres.dll 2012-10-02 00:41 . 2012-10-02 00:41 -------- d-----w- c:\programdata\Kaspersky Lab 2012-09-30 00:49 . 2012-09-30 00:50 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2012-09-21 23:12 . 2012-09-21 23:12 -------- d-----w- C:\found.001 2012-09-15 06:09 . 2012-08-02 17:05 490496 ----a-w- c:\windows\system32\d3d10level9.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-10-09 03:51 . 2012-07-15 20:55 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-10-09 03:51 . 2011-07-17 03:08 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-09-08 00:04 . 2012-06-28 03:28 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-07-18 17:10 . 2012-08-18 00:20 2344448 ----a-w- c:\windows\system32\win32k.sys 2012-07-15 20:54 . 2012-07-15 20:54 53248 ----a-r- c:\users\Mark\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe 2012-07-15 20:53 . 2012-07-15 20:53 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys 2012-09-28 03:42 . 2011-12-17 20:11 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2012-04-17 3671872] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-07-14 39408] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-08-19 7711264] "JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864] "ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2009-06-15 307200] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2009-10-29 115560] "RemoteControl10"="c:\program files\CyberLink\PowerDVD10\PDVD10Serv.exe" [2010-02-03 87336] "BDRegion"="c:\program files\Cyberlink\Shared files\brs.exe" [2010-03-13 75048] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-06-11 641704] "EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1387288] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-12 83360] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] 2011-09-27 19:03 66328 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus] @="Service" . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x] R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x] R3 AsrCDDrv;AsrCDDrv;c:\windows\system32\Drivers\AsrCDDrv.sys [x] R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x] R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x] R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x] R3 PRISM_USB;Instant Wireless USB Network Adapter ver.2.5 Driver;c:\windows\system32\DRIVERS\PRISMUSB.sys [x] R3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtTeam60.sys [x] R3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtVlan60.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x] S2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2011/07/10 19:55];c:\program files\CyberLink\PowerDVD10\NavFilter\000.fcl [x] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x] S2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\DRIVERS\RtNdPt60.sys [x] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x] S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [x] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x] . . Contents of the 'Scheduled Tasks' folder . 2012-10-13 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-15 03:51] . 2012-10-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-12-17 18:27] . 2012-10-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-12-17 18:27] . . ------- Supplementary Scan ------- . IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000 FF - ProfilePath - c:\users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\44xw4471.default\ FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157 . . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\{1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}] "ImagePath"="\??\c:\program files\CyberLink\PowerDVD10\NavFilter\000.fcl" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.032" . [HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ani\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.ani" . [HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.apd\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.apd" . [HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.arw" . [HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.bay" . [HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.bmp" . [HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.bw" . [HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.cr2" . [HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.crw" . [HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.cs1" . [HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cur\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.cur" . [HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.dcr" . [HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.dcx" . [HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.dib" . [HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.djv" . [HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.djvu" . [HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.dng" . [HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.emf" . [HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.eps" . [HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.erf" . [HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.fff" . [HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.fpx" . [HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.gif" . [HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.hdr" . [HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icl\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.icl" . [HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.icn" . [HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ico\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.ico" . [HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice] @Denied: (2) (LocalSystem) @Denied: (2) (S-1-5-21-2725046493-622747726-3050739882-1000) "Progid"="ACDSee 10.0.iff" . [HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.ilbm" . [HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.int" . [HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.inta" . [HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.iw4" . [HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.j2c" . [HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.j2k" . [HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.jfif" . [HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.jif" . [HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.jp2" . [HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.jpc" . [HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.jpe" . [HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.jpeg" . [HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.jpg" . [HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.jpk" . [HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.jpx" . [HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.lbm" . [HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.mef" . [HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.mos" . [HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.mrw" . [HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.nef" . [HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.orf" . [HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.pbm" . [HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.pcd" . [HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.pct" . [HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.pcx" . [HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.pef" . [HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pgm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.pgm" . [HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.pic" . [HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.pict" . [HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.pix" . [HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.png" . [HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.ppm" . [HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.psd" . [HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.psp" . [HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.pspimage" . [HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.raf" . [HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.ras" . [HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice] @Denied: (2) (LocalSystem) @Denied: (2) (S-1-5-21-2725046493-622747726-3050739882-1000) "Progid"="ACDSee 10.0.raw" . [HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.rgb" . [HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.rgba" . [HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.rle" . [HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.rsb" . [HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sgi\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.sgi" . [HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.sr2" . [HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.srf" . [HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.tga" . [HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.thm" . [HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.tif" . [HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.tiff" . [HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.ttc" . [HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.ttf" . [HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v10o\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.v10o" . [HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v10p\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.v10p" . [HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v10pf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.v10pf" . [HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.wbm" . [HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.wbmp" . [HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.wmf" . [HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xbm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.xbm" . [HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.xif" . [HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.xmp" . [HKEY_USERS\S-1-5-21-2725046493-622747726-3050739882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 10.0.xpm" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2012-10-13 10:44:31 ComboFix-quarantined-files.txt 2012-10-13 17:44 ComboFix2.txt 2012-07-04 16:41 . Pre-Run: 777,377,026,048 bytes free Post-Run: 777,675,153,408 bytes free . - - End Of File - - E8B13B9889C5E6CFB86D41BA8805AF2A

Sorry I haven't got back to you. I have been on travel all week and don't have access to the computer. I will be back Saturday and will post logs then.

Just to be more clear the PC that had ZA is networked with the PC I posted the log to on this thread.

My wife and I went on vacation and one of our kids was using my PC and it got infected with ZeroAccess malware among others. At this time the PC that I am posting began having symptoms of malware. It sometimes hangs, can't type, cd no longer ejects, etc.

Logs in normal mode: . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 9.0.8112.16421 Run by Mark at 15:08:31 on 2012-10-04 Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3255.2131 [GMT -7:00] . AV: Symantec Endpoint Protection *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Symantec Endpoint Protection *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe C:\Windows\system32\atieclxx.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Windows\system32\taskhost.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\taskeng.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\CyberLink\PowerDVD10\PDVD10Serv.exe C:\Program Files\CyberLink\Shared files\brs.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe C:\Program Files\Logitech\SetPointP\SetPoint.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe C:\Windows\system32\PrintIsolationHost.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . mURLSearchHooks: H - No File BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: WeCareReminder Class: {d824f0de-3d60-4f57-9eb1-66033ecd8abb} - c:\programdata\wecarereminder\IEHelperv2.5.0.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s mRun: [JMB36X IDE Setup] c:\windows\raidtool\xInsIDE.exe mRun: [ATICustomerCare] "c:\program files\ati\aticustomercare\ATICustomerCare.exe" mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe" mRun: [RemoteControl10] "c:\program files\cyberlink\powerdvd10\PDVD10Serv.exe" mRun: [bDRegion] c:\program files\cyberlink\shared files\brs.exe mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "c:\program files\amd avt\bin\kdbsync.exe" aml mRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000 DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{2FF4A191-1B08-43AC-A5B8-4A6C6F686024} : DhcpNameServer = 192.168.1.1 68.238.64.12 TCP: Interfaces\{69EEA09C-0A33-418A-9A80-4B6773F36C49} : DhcpNameServer = 192.168.1.1 68.238.64.12 TCP: Interfaces\{7AA9D918-AA53-4E3F-8448-B3BDC1EFD192} : DhcpNameServer = 192.168.1.1 Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\users\mark\appdata\roaming\mozilla\firefox\profiles\44xw4471.default\ FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157 FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_278.dll . ============= SERVICES / DRIVERS =============== . R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2012-7-7 242240] R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2011/07/10 19:55:37];c:\program files\cyberlink\powerdvd10\navfilter\000.fcl [2010-3-13 87536] R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-6-11 217600] R2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\drivers\RtNdPt60.sys [2009-12-17 27648] R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2009-10-29 2477304] R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2012-6-11 8733696] R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2012-6-11 295936] R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2012-2-23 86544] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-9-22 106656] R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-3-2 139776] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-12-17 135664] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-7-15 250288] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888] S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-12-17 135664] S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-9-29 40776] S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-7-5 113120] S3 PRISM_USB;Instant Wireless USB Network Adapter ver.2.5 Driver;c:\windows\system32\drivers\PRISMUSB.sys [2002-2-18 50264] S3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.2);c:\windows\system32\drivers\RtTeam60.sys [2009-12-17 35840] S3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);c:\windows\system32\drivers\RtVlan60.sys [2009-12-17 19968] S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-7-5 1343400] . =============== Created Last 30 ================ . 2012-10-02 00:41:06 -------- d-----w- c:\programdata\Kaspersky Lab 2012-09-30 00:49:59 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2012-09-21 23:12:41 -------- d-sh--w- C:\found.001 2012-09-21 22:51:14 9573296 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe 2012-09-15 06:09:27 490496 ----a-w- c:\windows\system32\d3d10level9.dll . ==================== Find3M ==================== . 2012-09-23 04:28:36 73136 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-09-23 04:28:36 696240 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-09-08 00:04:46 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-08-24 06:59:17 1800704 ----a-w- c:\windows\system32\jscript9.dll 2012-08-24 06:51:27 1129472 ----a-w- c:\windows\system32\wininet.dll 2012-08-24 06:51:02 1427968 ----a-w- c:\windows\system32\inetcpl.cpl 2012-08-24 06:47:26 142848 ----a-w- c:\windows\system32\ieUnatt.exe 2012-08-24 06:47:12 420864 ----a-w- c:\windows\system32\vbscript.dll 2012-08-24 06:43:58 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-07-18 17:10:29 2344448 ----a-w- c:\windows\system32\win32k.sys 2012-07-15 20:53:53 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys 2012-07-07 19:43:08 242240 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys . ============= FINISH: 15:09:22.62 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows 7 Ultimate Boot Device: \Device\HarddiskVolume1 Install Date: 12/17/2009 9:34:13 AM System Uptime: 10/4/2012 3:05:23 PM (0 hours ago) . Motherboard: ASRock | | P55 Deluxe Processor: Intel® Core i5 CPU 750 @ 2.67GHz | CPUSocket | 2507/133mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 931 GiB total, 721.826 GiB free. D: is CDROM (CDFS) E: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP183: 7/27/2012 1:23:12 AM - Scheduled Checkpoint RP184: 8/17/2012 5:43:07 PM - Scheduled Checkpoint RP185: 8/18/2012 3:00:12 AM - Windows Update RP187: 8/24/2012 2:59:28 PM - Installed EasyRecovery Professional RP188: 9/1/2012 12:00:03 AM - Scheduled Checkpoint RP189: 9/8/2012 7:12:50 PM - Scheduled Checkpoint RP190: 9/14/2012 11:51:16 PM - Windows Update RP191: 9/22/2012 12:00:03 AM - Scheduled Checkpoint RP192: 9/22/2012 3:00:11 AM - Windows Update RP193: 9/29/2012 7:01:00 PM - Scheduled Checkpoint . ==== Installed Programs ====================== . ACDSee 10 Photo Manager Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin AMD Accelerated Video Transcoding AMD APP SDK Runtime AMD Catalyst Install Manager AMD Drag and Drop Transcoding AMD Media Foundation Decoders ATI Catalyst Registration Catalyst Control Center Catalyst Control Center - Branding Catalyst Control Center Graphics Previews Common Catalyst Control Center InstallProxy Catalyst Control Center Localization All ccc-utility CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish Collectorz.com Game Collector Collectorz.com Movie Collector COTM Reminder by We-Care.com v4.1.17.2 CyberLink PowerDVD 10 D-Link 11Mbps Wireless LAN for Windows DAEMON Tools Lite EasyRecovery Professional eReg Google Toolbar for Internet Explorer Google Update Helper Java Auto Updater JMicron JMB36X Driver LiveUpdate 3.3 (Symantec Corporation) Logitech SetPoint 6.32 Malwarebytes Anti-Malware version 1.65.0.1400 Microsoft .NET Framework 4 Client Profile Microsoft Office XP Professional with FrontPage Microsoft Silverlight Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 Mozilla Firefox 13.0.1 (x86 en-US) Mozilla Maintenance Service Realtek Ethernet Diagnostic Utility Realtek High Definition Audio Driver SAMSUNG Intelli-studio Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Symantec Endpoint Protection The Lord of the Rings FREE Trial Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) VLC media player 2.0.2 Winamp Winamp Application Detect WinRAR archiver . ==== Event Viewer Messages From Past Week ======== . 9/29/2012 5:51:50 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume \Device\HarddiskVolume2. 9/29/2012 5:30:46 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service LiveUpdate with arguments "" in order to run the server: {03E0E6C2-363B-11D3-B536-00902771A435} 9/29/2012 5:30:09 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the LiveUpdate service to connect. 9/29/2012 5:30:09 PM, Error: Service Control Manager [7000] - The LiveUpdate service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 9/29/2012 5:25:30 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect. 10/4/2012 3:07:23 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: sptd 10/4/2012 3:05:24 PM, Error: sptd [4] - Driver detected an internal error in its data structures for . 10/4/2012 3:03:45 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start. 10/3/2012 5:40:56 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F} 10/3/2012 5:40:56 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF} 10/3/2012 5:40:52 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 10/3/2012 5:40:52 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 10/3/2012 5:40:44 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 10/3/2012 5:40:36 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache eeCtrl spldr sptd SRTSP SRTSPX Wanarpv6 10/3/2012 5:40:36 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} 10/3/2012 5:33:39 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Font Cache Service service to connect. 10/3/2012 5:33:39 PM, Error: Service Control Manager [7000] - The Windows Font Cache Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 10/3/2012 5:33:09 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect. . ==== End Of File ===========================

Hi, I believe my PC is infected with malware. All kinds of strange things are happening on it. It is running very sluggish sometimes hangs. The keyboard sometimes does not allow me to type although the mouse works. The CD drive no longer ejects. I ran DDS one time and saved the logs to the desktop to only have them disappear. I was able to save them to flash drive: . DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK Internet Explorer: 9.0.8112.16421 Run by Mark at 17:45:35 on 2012-10-03 Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3255.2765 [GMT -7:00] . AV: Symantec Endpoint Protection *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Symantec Endpoint Protection *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8} . ============== Running Processes =============== . svchost.exe svchost.exe svchost.exe svchost.exe svchost.exe svchost.exe svchost.exe svchost.exe svchost.exe C:\Windows\system32\NOTEPAD.EXE C:\Windows\system32\conhost.exe . ============== Pseudo HJT Report =============== . mURLSearchHooks: H - No File BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: WeCareReminder Class: {d824f0de-3d60-4f57-9eb1-66033ecd8abb} - c:\programdata\wecarereminder\IEHelperv2.5.0.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s mRun: [JMB36X IDE Setup] c:\windows\raidtool\xInsIDE.exe mRun: [ATICustomerCare] "c:\program files\ati\aticustomercare\ATICustomerCare.exe" mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe" mRun: [RemoteControl10] "c:\program files\cyberlink\powerdvd10\PDVD10Serv.exe" mRun: [bDRegion] c:\program files\cyberlink\shared files\brs.exe mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "c:\program files\amd avt\bin\kdbsync.exe" aml mRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000 DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{2FF4A191-1B08-43AC-A5B8-4A6C6F686024} : DhcpNameServer = 192.168.1.1 68.238.64.12 TCP: Interfaces\{69EEA09C-0A33-418A-9A80-4B6773F36C49} : DhcpNameServer = 192.168.1.1 68.238.64.12 TCP: Interfaces\{7AA9D918-AA53-4E3F-8448-B3BDC1EFD192} : DhcpNameServer = 192.168.1.1 Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\users\mark\appdata\roaming\mozilla\firefox\profiles\44xw4471.default\ FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157 FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_278.dll . ============= SERVICES / DRIVERS =============== . R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2012-7-7 242240] R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2009-10-29 2477304] R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-3-2 139776] S2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2011/07/10 19:55:37];c:\program files\cyberlink\powerdvd10\navfilter\000.fcl [2010-3-13 87536] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-6-11 217600] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-12-17 135664] S2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\drivers\RtNdPt60.sys [2009-12-17 27648] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-7-15 250288] S3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2012-6-11 8733696] S3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2012-6-11 295936] S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2012-2-23 86544] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-9-22 106656] S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-12-17 135664] S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-9-29 40776] S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-7-5 113120] S3 PRISM_USB;Instant Wireless USB Network Adapter ver.2.5 Driver;c:\windows\system32\drivers\PRISMUSB.sys [2002-2-18 50264] S3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.2);c:\windows\system32\drivers\RtTeam60.sys [2009-12-17 35840] S3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);c:\windows\system32\drivers\RtVlan60.sys [2009-12-17 19968] S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-7-5 1343400] . =============== Created Last 30 ================ . 2012-10-02 00:41:06 -------- d-----w- c:\programdata\Kaspersky Lab 2012-09-30 00:49:59 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2012-09-21 23:12:41 -------- d-sh--w- C:\found.001 2012-09-21 22:51:14 9573296 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe 2012-09-15 06:09:27 490496 ----a-w- c:\windows\system32\d3d10level9.dll . ==================== Find3M ==================== . 2012-09-23 04:28:36 73136 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-09-23 04:28:36 696240 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-09-08 00:04:46 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-08-24 06:59:17 1800704 ----a-w- c:\windows\system32\jscript9.dll 2012-08-24 06:51:27 1129472 ----a-w- c:\windows\system32\wininet.dll 2012-08-24 06:51:02 1427968 ----a-w- c:\windows\system32\inetcpl.cpl 2012-08-24 06:47:26 142848 ----a-w- c:\windows\system32\ieUnatt.exe 2012-08-24 06:47:12 420864 ----a-w- c:\windows\system32\vbscript.dll 2012-08-24 06:43:58 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-07-18 17:10:29 2344448 ----a-w- c:\windows\system32\win32k.sys 2012-07-15 20:53:53 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys 2012-07-07 19:43:08 242240 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys . ============= FINISH: 17:45:42.43 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows 7 Ultimate Boot Device: \Device\HarddiskVolume1 Install Date: 12/17/2009 9:34:13 AM System Uptime: 10/3/2012 5:39:37 PM (0 hours ago) . Motherboard: ASRock | | P55 Deluxe Processor: Intel® Core i5 CPU 750 @ 2.67GHz | CPUSocket | 2660/133mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 931 GiB total, 721.816 GiB free. D: is CDROM (CDFS) E: is CDROM () F: is Removable . ==== Disabled Device Manager Items ============= . Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1} Description: Security Processor Loader Driver Device ID: ROOT\LEGACY_SPLDR\0000 Manufacturer: Name: Security Processor Loader Driver PNP Device ID: ROOT\LEGACY_SPLDR\0000 Service: spldr . ==== System Restore Points =================== . RP183: 7/27/2012 1:23:12 AM - Scheduled Checkpoint RP184: 8/17/2012 5:43:07 PM - Scheduled Checkpoint RP185: 8/18/2012 3:00:12 AM - Windows Update RP187: 8/24/2012 2:59:28 PM - Installed EasyRecovery Professional RP188: 9/1/2012 12:00:03 AM - Scheduled Checkpoint RP189: 9/8/2012 7:12:50 PM - Scheduled Checkpoint RP190: 9/14/2012 11:51:16 PM - Windows Update RP191: 9/22/2012 12:00:03 AM - Scheduled Checkpoint RP192: 9/22/2012 3:00:11 AM - Windows Update RP193: 9/29/2012 7:01:00 PM - Scheduled Checkpoint . ==== Installed Programs ====================== . ACDSee 10 Photo Manager Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin AMD Accelerated Video Transcoding AMD APP SDK Runtime AMD Catalyst Install Manager AMD Drag and Drop Transcoding AMD Media Foundation Decoders ATI Catalyst Registration Catalyst Control Center Catalyst Control Center - Branding Catalyst Control Center Graphics Previews Common Catalyst Control Center InstallProxy Catalyst Control Center Localization All ccc-utility CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish Collectorz.com Game Collector Collectorz.com Movie Collector COTM Reminder by We-Care.com v4.1.17.2 CyberLink PowerDVD 10 D-Link 11Mbps Wireless LAN for Windows DAEMON Tools Lite EasyRecovery Professional eReg Google Toolbar for Internet Explorer Google Update Helper Java Auto Updater JMicron JMB36X Driver LiveUpdate 3.3 (Symantec Corporation) Logitech SetPoint 6.32 Malwarebytes Anti-Malware version 1.65.0.1400 Microsoft .NET Framework 4 Client Profile Microsoft Office XP Professional with FrontPage Microsoft Silverlight Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 Mozilla Firefox 13.0.1 (x86 en-US) Mozilla Maintenance Service Realtek Ethernet Diagnostic Utility Realtek High Definition Audio Driver SAMSUNG Intelli-studio Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Symantec Endpoint Protection The Lord of the Rings FREE Trial Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) VLC media player 2.0.2 Winamp Winamp Application Detect WinRAR archiver . ==== Event Viewer Messages From Past Week ======== . 9/29/2012 5:51:50 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume \Device\HarddiskVolume2. 9/29/2012 5:30:46 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service LiveUpdate with arguments "" in order to run the server: {03E0E6C2-363B-11D3-B536-00902771A435} 9/29/2012 5:30:09 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the LiveUpdate service to connect. 9/29/2012 5:30:09 PM, Error: Service Control Manager [7000] - The LiveUpdate service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 9/29/2012 5:25:30 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect. 10/3/2012 5:42:44 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start. 10/3/2012 5:40:56 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F} 10/3/2012 5:40:56 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF} 10/3/2012 5:40:52 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 10/3/2012 5:40:52 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 10/3/2012 5:40:44 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 10/3/2012 5:40:36 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache eeCtrl spldr sptd SRTSP SRTSPX Wanarpv6 10/3/2012 5:40:36 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} 10/3/2012 5:39:38 PM, Error: sptd [4] - Driver detected an internal error in its data structures for . 10/3/2012 5:33:39 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Font Cache Service service to connect. 10/3/2012 5:33:39 PM, Error: Service Control Manager [7000] - The Windows Font Cache Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 10/3/2012 5:33:09 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect. 10/3/2012 5:29:24 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: sptd . ==== End Of File ===========================