Unable to connect to legit website due to blocked malicious websites

[duerrl]

I'm working on my daughter's computer, downloaded malwarebytes, did a full scan and had it fix all identified issues. I am getting bubble messages indicating that malwarebytes has blocked access to a potentially malicious website with a series of IP addresses.

After searching the forum, I found a similar thread and wanted to start the "process"; however, when I use IE to search for bleepingcomputer.com, I'm directed to one of these malicious websites. The same thing happens if I type in the web address itself.

What steps should I start with?

[Elise]

Hello and

We need to see some information about what is happening in your machine. Please perform the following scan:

• Download DDS by sUBs from one of the following links. Save it to your desktop.
  • DDS.scr
    
  • DDS.pif
    

  [*]Double click on the DDS icon, allow it to run.

  [*]A small box will open, with an explaination about the tool. No input is needed, the scan is running.

  [*]Notepad will open with the results.

  [*]Follow the instructions that pop up for posting the results.

  [*]Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

[duerrl]

I ran dds.ccr; it said there were two documents, but I only saw one (dds.txt); I'm unable to post the results due to IE security settings and don't seen anything obvious in properties section to enable that ability; any suggestions?

dds.zip.zip

[Elise]

Hi again,

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!

• Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
  Vista/Windows 7 users right-click and select Run As Administrator.
  
• If TDSSKiller does not run, try renaming it.
  
• To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  
• Click the Start Scan button.
  
• Do not use the computer during the scan
  
• If the scan completes with nothing found, click Close to exit.
  
• If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  
• Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  
• A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  
• Copy and paste the contents of that file in your next reply.

[duerrl]

HI Elise -- below are the results:

13:15:31.0634 3360 TDSS rootkit removing tool 2.7.33.0 Apr 24 2012 18:43:43

13:15:33.0637 3360 ============================================================

13:15:33.0637 3360 Current date / time: 2012/05/01 13:15:33.0637

13:15:33.0637 3360 SystemInfo:

13:15:33.0637 3360

13:15:33.0637 3360 OS Version: 6.0.6002 ServicePack: 2.0

13:15:33.0637 3360 Product type: Workstation

13:15:33.0638 3360 ComputerName: LAUREN-PC

13:15:33.0638 3360 UserName: Lauren

13:15:33.0638 3360 Windows directory: C:\Windows

13:15:33.0638 3360 System windows directory: C:\Windows

13:15:33.0638 3360 Processor architecture: Intel x86

13:15:33.0638 3360 Number of processors: 2

13:15:33.0638 3360 Page size: 0x1000

13:15:33.0638 3360 Boot type: Normal boot

13:15:33.0638 3360 ============================================================

13:15:34.0651 3360 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

13:15:34.0694 3360 Drive \Device\Harddisk1\DR1 - Size: 0x776F8000 (1.87 Gb), SectorSize: 0x200, Cylinders: 0xF3, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'

13:15:34.0696 3360 ============================================================

13:15:34.0696 3360 \Device\Harddisk0\DR0:

13:15:34.0697 3360 MBR partitions:

13:15:34.0697 3360 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1388000

13:15:34.0697 3360 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x139C000, BlocksNum 0x23B922A8

13:15:34.0724 3360 \Device\Harddisk1\DR1:

13:15:34.0724 3360 MBR partitions:

13:15:34.0724 3360 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x6, StartLBA 0x3F, BlocksNum 0x3BB521

13:15:34.0724 3360 ============================================================

13:15:34.0777 3360 C: <-> \Device\Harddisk0\DR0\Partition1

13:15:34.0816 3360 D: <-> \Device\Harddisk0\DR0\Partition0

13:15:34.0816 3360 ============================================================

13:15:34.0816 3360 Initialize success

13:15:34.0817 3360 ============================================================

13:15:38.0699 7036 ============================================================

13:15:38.0700 7036 Scan started

13:15:38.0700 7036 Mode: Manual;

13:15:38.0700 7036 ============================================================

13:15:40.0206 7036 ACDaemon (adc420616c501b45d26c0fd3ef1e54e4) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

13:15:40.0209 7036 ACDaemon - ok

13:15:40.0401 7036 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys

13:15:40.0407 7036 ACPI - ok

13:15:40.0506 7036 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

13:15:40.0512 7036 AdobeFlashPlayerUpdateSvc - ok

13:15:40.0609 7036 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys

13:15:40.0650 7036 adp94xx - ok

13:15:40.0721 7036 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys

13:15:40.0730 7036 adpahci - ok

13:15:40.0760 7036 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys

13:15:40.0763 7036 adpu160m - ok

13:15:40.0814 7036 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys

13:15:40.0828 7036 adpu320 - ok

13:15:40.0878 7036 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll

13:15:40.0879 7036 AeLookupSvc - ok

13:15:40.0923 7036 AESTFilters (ef1142512bec12f1c2c87735da1755be) C:\Windows\system32\aestsrv.exe

13:15:40.0925 7036 AESTFilters - ok

13:15:41.0029 7036 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys

13:15:41.0038 7036 AFD - ok

13:15:41.0088 7036 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys

13:15:41.0090 7036 agp440 - ok

13:15:41.0114 7036 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys

13:15:41.0117 7036 aic78xx - ok

13:15:41.0144 7036 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe

13:15:41.0145 7036 ALG - ok

13:15:41.0161 7036 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys

13:15:41.0163 7036 aliide - ok

13:15:41.0185 7036 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys

13:15:41.0188 7036 amdagp - ok

13:15:41.0201 7036 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys

13:15:41.0204 7036 amdide - ok

13:15:41.0223 7036 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys

13:15:41.0225 7036 AmdK7 - ok

13:15:41.0237 7036 AmdK8 (93747dd2a8c397a9ab050db17b6911d0) C:\Windows\system32\drivers\amdk8.sys

13:15:41.0240 7036 AmdK8 - ok

13:15:41.0289 7036 ApfiltrService (a80230bd04f0b8bf05185b369bb1cbb8) C:\Windows\system32\DRIVERS\Apfiltr.sys

13:15:41.0303 7036 ApfiltrService - ok

13:15:41.0353 7036 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll

13:15:41.0354 7036 Appinfo - ok

13:15:41.0466 7036 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

13:15:41.0468 7036 Apple Mobile Device - ok

13:15:41.0496 7036 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys

13:15:41.0499 7036 arc - ok

13:15:41.0543 7036 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys

13:15:41.0546 7036 arcsas - ok

13:15:41.0577 7036 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys

13:15:41.0579 7036 AsyncMac - ok

13:15:41.0624 7036 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys

13:15:41.0625 7036 atapi - ok

13:15:41.0683 7036 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll

13:15:41.0687 7036 AudioEndpointBuilder - ok

13:15:41.0696 7036 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll

13:15:41.0702 7036 Audiosrv - ok

13:15:41.0816 7036 AVG Security Toolbar Service - ok

13:15:41.0871 7036 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys

13:15:41.0873 7036 Beep - ok

13:15:41.0950 7036 BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll

13:15:41.0974 7036 BFE - ok

13:15:42.0332 7036 BHDrvx86 (a503d32ae26f77cb942aed530112edaa) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120413.001\BHDrvx86.sys

13:15:42.0353 7036 BHDrvx86 - ok

13:15:42.0472 7036 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\System32\qmgr.dll

13:15:42.0497 7036 BITS - ok

13:15:42.0577 7036 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys

13:15:42.0579 7036 blbdrive - ok

13:15:42.0699 7036 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe

13:15:42.0713 7036 Bonjour Service - ok

13:15:42.0776 7036 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys

13:15:42.0779 7036 bowser - ok

13:15:42.0839 7036 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys

13:15:42.0842 7036 BrFiltLo - ok

13:15:42.0857 7036 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys

13:15:42.0859 7036 BrFiltUp - ok

13:15:42.0899 7036 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll

13:15:42.0902 7036 Browser - ok

13:15:42.0939 7036 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys

13:15:42.0942 7036 Brserid - ok

13:15:42.0973 7036 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys

13:15:42.0975 7036 BrSerWdm - ok

13:15:43.0008 7036 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys

13:15:43.0010 7036 BrUsbMdm - ok

13:15:43.0021 7036 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys

13:15:43.0023 7036 BrUsbSer - ok

13:15:43.0058 7036 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys

13:15:43.0060 7036 BTHMODEM - ok

13:15:43.0177 7036 ccSet_NIS (599e7f6259a127c174c49938d2aa6a60) C:\Windows\system32\drivers\NIS\1307000.009\ccSetx86.sys

13:15:43.0192 7036 ccSet_NIS - ok

13:15:43.0223 7036 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys

13:15:43.0225 7036 cdfs - ok

13:15:43.0288 7036 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys

13:15:43.0291 7036 cdrom - ok

13:15:43.0335 7036 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll

13:15:43.0337 7036 CertPropSvc - ok

13:15:43.0480 7036 CFUACProxy_officeguardianv2 (e1ae0998df1e5e84b79b5e9700f13946) C:\ProgramData\OfficeGuardianV2\UACProxy.exe

13:15:43.0484 7036 CFUACProxy_officeguardianv2 - ok

13:15:43.0508 7036 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys

13:15:43.0510 7036 circlass - ok

13:15:43.0548 7036 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys

13:15:43.0557 7036 CLFS - ok

13:15:43.0638 7036 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

13:15:43.0640 7036 clr_optimization_v2.0.50727_32 - ok

13:15:43.0745 7036 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

13:15:43.0749 7036 clr_optimization_v4.0.30319_32 - ok

13:15:43.0812 7036 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys

13:15:43.0815 7036 CmBatt - ok

13:15:43.0872 7036 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys

13:15:43.0874 7036 cmdide - ok

13:15:43.0895 7036 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys

13:15:43.0898 7036 Compbatt - ok

13:15:43.0903 7036 COMSysApp - ok

13:15:43.0933 7036 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys

13:15:43.0935 7036 crcdisk - ok

13:15:43.0956 7036 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys

13:15:43.0959 7036 Crusoe - ok

13:15:44.0005 7036 CryptSvc (fb27772beaf8e1d28ccd825c09da939b) C:\Windows\system32\cryptsvc.dll

13:15:44.0021 7036 CryptSvc - ok

13:15:44.0091 7036 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll

13:15:44.0100 7036 DcomLaunch - ok

13:15:44.0159 7036 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys

13:15:44.0160 7036 DfsC - ok

13:15:44.0431 7036 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe

13:15:44.0548 7036 DFSR - ok

13:15:44.0710 7036 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll

13:15:44.0713 7036 Dhcp - ok

13:15:44.0792 7036 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys

13:15:44.0793 7036 disk - ok

13:15:44.0860 7036 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll

13:15:44.0862 7036 Dnscache - ok

13:15:44.0994 7036 DockLoginService (13511564cac5a005255765e322c16967) C:\Program Files\Dell\DellDock\DockLogin.exe

13:15:45.0008 7036 DockLoginService - ok

13:15:45.0053 7036 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll

13:15:45.0066 7036 dot3svc - ok

13:15:45.0102 7036 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll

13:15:45.0104 7036 DPS - ok

13:15:45.0145 7036 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys

13:15:45.0148 7036 drmkaud - ok

13:15:45.0232 7036 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys

13:15:45.0245 7036 DXGKrnl - ok

13:15:45.0326 7036 e1express (908ed85b7806e8af3af5e9b74f7809d4) C:\Windows\system32\DRIVERS\e1e6032.sys

13:15:45.0356 7036 e1express - ok

13:15:45.0402 7036 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys

13:15:45.0416 7036 E1G60 - ok

13:15:45.0464 7036 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll

13:15:45.0468 7036 EapHost - ok

13:15:45.0534 7036 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys

13:15:45.0539 7036 Ecache - ok

13:15:45.0668 7036 eeCtrl (579a6b6135d32b857faf0e3a974535d8) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys

13:15:45.0729 7036 eeCtrl - ok

13:15:45.0806 7036 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys

13:15:45.0833 7036 elxstor - ok

13:15:45.0915 7036 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll

13:15:45.0942 7036 EMDMgmt - ok

13:15:45.0966 7036 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys

13:15:45.0967 7036 ErrDev - ok

13:15:46.0027 7036 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll

13:15:46.0047 7036 EventSystem - ok

13:15:46.0194 7036 EvtEng (e71b03ff6b819ae1a286aa27e956d523) C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

13:15:46.0230 7036 EvtEng - ok

13:15:46.0308 7036 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys

13:15:46.0322 7036 exfat - ok

13:15:46.0373 7036 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys

13:15:46.0387 7036 fastfat - ok

13:15:46.0429 7036 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys

13:15:46.0431 7036 fdc - ok

13:15:46.0463 7036 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll

13:15:46.0468 7036 fdPHost - ok

13:15:46.0503 7036 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll

13:15:46.0505 7036 FDResPub - ok

13:15:46.0527 7036 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys

13:15:46.0530 7036 FileInfo - ok

13:15:46.0547 7036 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys

13:15:46.0549 7036 Filetrace - ok

13:15:46.0571 7036 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys

13:15:46.0573 7036 flpydisk - ok

13:15:46.0612 7036 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys

13:15:46.0636 7036 FltMgr - ok

13:15:46.0778 7036 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll

13:15:46.0793 7036 FontCache - ok

13:15:46.0867 7036 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

13:15:46.0869 7036 FontCache3.0.0.0 - ok

13:15:46.0963 7036 fssfltr (d909075fa72c090f27aa926c32cb4612) C:\Windows\system32\DRIVERS\fssfltr.sys

13:15:46.0966 7036 fssfltr - ok

13:15:47.0223 7036 fsssvc (4ce9dac1518ff7e77bd213e6394b9d77) C:\Program Files\Windows Live\Family Safety\fsssvc.exe

13:15:47.0269 7036 fsssvc - ok

13:15:47.0404 7036 Fs_Rec (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys

13:15:47.0406 7036 Fs_Rec - ok

13:15:47.0436 7036 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys

13:15:47.0438 7036 gagp30kx - ok

13:15:47.0472 7036 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\Drivers\GEARAspiWDM.sys

13:15:47.0474 7036 GEARAspiWDM - ok

13:15:47.0578 7036 GoogleDesktopManager-051210-111108 (9f5f2f0fb0a7f5aa9f16b9a7b6dad89f) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

13:15:47.0579 7036 GoogleDesktopManager-051210-111108 - ok

13:15:47.0631 7036 GoToAssist (d3316f6e3c011435f36e3d6e49b3196c) C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe

13:15:47.0633 7036 GoToAssist - ok

13:15:47.0689 7036 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll

13:15:47.0729 7036 gpsvc - ok

13:15:47.0807 7036 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe

13:15:47.0810 7036 gupdate - ok

13:15:47.0816 7036 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe

13:15:47.0818 7036 gupdatem - ok

13:15:47.0880 7036 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

13:15:47.0885 7036 gusvc - ok

13:15:47.0956 7036 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys

13:15:47.0966 7036 HDAudBus - ok

13:15:48.0007 7036 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys

13:15:48.0011 7036 HidBth - ok

13:15:48.0047 7036 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys

13:15:48.0050 7036 HidIr - ok

13:15:48.0080 7036 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\system32\hidserv.dll

13:15:48.0082 7036 hidserv - ok

13:15:48.0128 7036 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys

13:15:48.0131 7036 HidUsb - ok

13:15:48.0164 7036 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll

13:15:48.0168 7036 hkmsvc - ok

13:15:48.0198 7036 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys

13:15:48.0200 7036 HpCISSs - ok

13:15:48.0305 7036 HSF_DPV (99f85640054ba65190b860d878a7c9ae) C:\Windows\system32\DRIVERS\HSX_DPV.sys

13:15:48.0333 7036 HSF_DPV - ok

13:15:48.0371 7036 HSXHWAZL (cfbc2b81972e298f0e19ee68fa9e73da) C:\Windows\system32\DRIVERS\HSXHWAZL.sys

13:15:48.0384 7036 HSXHWAZL - ok

13:15:48.0453 7036 HTTP (0eeeca26c8d4bde2a4664db058a81937) C:\Windows\system32\drivers\HTTP.sys

13:15:48.0467 7036 HTTP - ok

13:15:48.0513 7036 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys

13:15:48.0516 7036 i2omp - ok

13:15:48.0554 7036 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys

13:15:48.0556 7036 i8042prt - ok

13:15:48.0655 7036 IAANTMON (ae38a12f79a4980ddb88f36514f8a1da) C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

13:15:48.0682 7036 IAANTMON - ok

13:15:48.0740 7036 iaStor (997e8f5939f2d12cd9f2e6b395724c16) C:\Windows\system32\drivers\iastor.sys

13:15:48.0743 7036 iaStor - ok

13:15:48.0789 7036 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys

13:15:48.0800 7036 iaStorV - ok

13:15:48.0912 7036 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

13:15:48.0942 7036 idsvc - ok

13:15:49.0299 7036 IDSVix86 (b6662611e8fa3a71473c4a9bd0d23755) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120427.001\IDSvix86.sys

13:15:49.0335 7036 IDSVix86 - ok

13:15:49.0611 7036 igfx (c134e69ce901422d1f2d7ea8d69098fe) C:\Windows\system32\DRIVERS\igdkmd32.sys

13:15:49.0711 7036 igfx - ok

13:15:49.0815 7036 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys

13:15:49.0817 7036 iirsp - ok

13:15:49.0878 7036 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll

13:15:49.0887 7036 IKEEXT - ok

13:15:49.0943 7036 IntcHdmiAddService (98d303ccb3415e9202e82043b37d66dc) C:\Windows\system32\drivers\IntcHdmi.sys

13:15:49.0976 7036 IntcHdmiAddService - ok

13:15:50.0010 7036 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\DRIVERS\intelide.sys

13:15:50.0012 7036 intelide - ok

13:15:50.0044 7036 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys

13:15:50.0045 7036 intelppm - ok

13:15:50.0089 7036 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll

13:15:50.0091 7036 IPBusEnum - ok

13:15:50.0105 7036 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys

13:15:50.0108 7036 IpFilterDriver - ok

13:15:50.0153 7036 iphlpsvc (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll

13:15:50.0158 7036 iphlpsvc - ok

13:15:50.0163 7036 IpInIp - ok

13:15:50.0193 7036 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys

13:15:50.0196 7036 IPMIDRV - ok

13:15:50.0214 7036 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys

13:15:50.0216 7036 IPNAT - ok

13:15:50.0326 7036 iPod Service (178fe38b7740f598391eb2f51ae4ccac) C:\Program Files\iPod\bin\iPodService.exe

13:15:50.0348 7036 iPod Service - ok

13:15:50.0390 7036 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys

13:15:50.0392 7036 IRENUM - ok

13:15:50.0422 7036 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys

13:15:50.0424 7036 isapnp - ok

13:15:50.0471 7036 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys

13:15:50.0475 7036 iScsiPrt - ok

13:15:50.0524 7036 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys

13:15:50.0526 7036 iteatapi - ok

13:15:50.0550 7036 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys

13:15:50.0552 7036 iteraid - ok

13:15:50.0577 7036 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys

13:15:50.0579 7036 kbdclass - ok

13:15:50.0604 7036 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys

13:15:50.0607 7036 kbdhid - ok

13:15:50.0657 7036 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe

13:15:50.0659 7036 KeyIso - ok

13:15:50.0737 7036 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys

13:15:50.0782 7036 KSecDD - ok

13:15:50.0873 7036 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll

13:15:50.0912 7036 KtmRm - ok

13:15:51.0016 7036 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\system32\srvsvc.dll

13:15:51.0032 7036 LanmanServer - ok

13:15:51.0118 7036 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll

13:15:51.0166 7036 LanmanWorkstation - ok

13:15:51.0222 7036 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys

13:15:51.0224 7036 lltdio - ok

13:15:51.0265 7036 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll

13:15:51.0311 7036 lltdsvc - ok

13:15:51.0358 7036 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll

13:15:51.0360 7036 lmhosts - ok

13:15:51.0391 7036 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys

13:15:51.0395 7036 LSI_FC - ok

13:15:51.0420 7036 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys

13:15:51.0423 7036 LSI_SAS - ok

13:15:51.0449 7036 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys

13:15:51.0453 7036 LSI_SCSI - ok

13:15:51.0478 7036 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys

13:15:51.0481 7036 luafv - ok

13:15:51.0578 7036 lxdiCATSCustConnectService (f385cb61bb29a55f31fc4c2da698b785) C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxdiserv.exe

13:15:51.0595 7036 lxdiCATSCustConnectService - ok

13:15:51.0615 7036 lxdi_device - ok

13:15:51.0672 7036 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\Windows\system32\drivers\mbam.sys

13:15:51.0674 7036 MBAMProtector - ok

13:15:51.0788 7036 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

13:15:51.0799 7036 MBAMService - ok

13:15:51.0909 7036 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

13:15:51.0961 7036 MDM - ok

13:15:52.0024 7036 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys

13:15:52.0026 7036 mdmxsdk - ok

13:15:52.0065 7036 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys

13:15:52.0068 7036 megasas - ok

13:15:52.0122 7036 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys

13:15:52.0153 7036 MegaSR - ok

13:15:52.0204 7036 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll

13:15:52.0209 7036 MMCSS - ok

13:15:52.0222 7036 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys

13:15:52.0224 7036 Modem - ok

13:15:52.0237 7036 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys

13:15:52.0240 7036 monitor - ok

13:15:52.0281 7036 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys

13:15:52.0284 7036 mouclass - ok

13:15:52.0306 7036 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys

13:15:52.0309 7036 mouhid - ok

13:15:52.0334 7036 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys

13:15:52.0337 7036 MountMgr - ok

13:15:52.0376 7036 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys

13:15:52.0393 7036 mpio - ok

13:15:52.0449 7036 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys

13:15:52.0452 7036 mpsdrv - ok

13:15:52.0514 7036 MpsSvc (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll

13:15:52.0529 7036 MpsSvc - ok

13:15:52.0557 7036 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys

13:15:52.0561 7036 Mraid35x - ok

13:15:52.0600 7036 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys

13:15:52.0616 7036 MRxDAV - ok

13:15:52.0679 7036 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys

13:15:52.0694 7036 mrxsmb - ok

13:15:52.0740 7036 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys

13:15:52.0760 7036 mrxsmb10 - ok

13:15:52.0777 7036 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

13:15:52.0781 7036 mrxsmb20 - ok

13:15:52.0808 7036 msahci (f70590424eefbf5c27a40c67afdb8383) C:\Windows\system32\drivers\msahci.sys

13:15:52.0811 7036 msahci - ok

13:15:52.0848 7036 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys

13:15:52.0853 7036 msdsm - ok

13:15:52.0892 7036 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe

13:15:52.0908 7036 MSDTC - ok

13:15:52.0941 7036 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys

13:15:52.0943 7036 Msfs - ok

13:15:52.0968 7036 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys

13:15:52.0970 7036 msisadrv - ok

13:15:53.0009 7036 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll

13:15:53.0012 7036 MSiSCSI - ok

13:15:53.0017 7036 msiserver - ok

13:15:53.0050 7036 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys

13:15:53.0051 7036 MSKSSRV - ok

13:15:53.0057 7036 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys

13:15:53.0059 7036 MSPCLOCK - ok

13:15:53.0071 7036 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys

13:15:53.0072 7036 MSPQM - ok

13:15:53.0133 7036 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys

13:15:53.0158 7036 MsRPC - ok

13:15:53.0174 7036 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys

13:15:53.0175 7036 mssmbios - ok

13:15:53.0185 7036 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys

13:15:53.0186 7036 MSTEE - ok

13:15:53.0205 7036 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys

13:15:53.0210 7036 Mup - ok

13:15:53.0253 7036 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll

13:15:53.0272 7036 napagent - ok

13:15:53.0313 7036 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys

13:15:53.0327 7036 NativeWifiP - ok

13:15:53.0611 7036 NAVENG (862f55824ac81295837b0ab63f91071f) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120429.009\NAVENG.SYS

13:15:53.0614 7036 NAVENG - ok

13:15:53.0760 7036 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120429.009\NAVEX15.SYS

13:15:53.0835 7036 NAVEX15 - ok

13:15:53.0998 7036 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys

13:15:54.0007 7036 NDIS - ok

13:15:54.0036 7036 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys

13:15:54.0038 7036 NdisTapi - ok

13:15:54.0051 7036 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys

13:15:54.0053 7036 Ndisuio - ok

13:15:54.0089 7036 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys

13:15:54.0104 7036 NdisWan - ok

13:15:54.0151 7036 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys

13:15:54.0153 7036 NDProxy - ok

13:15:54.0188 7036 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys

13:15:54.0190 7036 NetBIOS - ok

13:15:54.0223 7036 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys

13:15:54.0236 7036 netbt - ok

13:15:54.0281 7036 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe

13:15:54.0283 7036 Netlogon - ok

13:15:54.0326 7036 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll

13:15:54.0335 7036 Netman - ok

13:15:54.0364 7036 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll

13:15:54.0367 7036 netprofm - ok

13:15:54.0455 7036 NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

13:15:54.0471 7036 NetTcpPortSharing - ok

13:15:54.0690 7036 NETw4v32 (6522dd40a5f67ced020bd81b856613fb) C:\Windows\system32\DRIVERS\NETw4v32.sys

13:15:54.0746 7036 NETw4v32 - ok

13:15:54.0874 7036 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys

13:15:54.0876 7036 nfrd960 - ok

13:15:55.0067 7036 NIS (c6948f034d7edabcfa2234d399fc78bc) C:\Program Files\Norton Internet Security\Engine\19.7.0.9\ccSvcHst.exe

13:15:55.0069 7036 NIS - ok

13:15:55.0136 7036 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll

13:15:55.0141 7036 NlaSvc - ok

13:15:55.0171 7036 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys

13:15:55.0175 7036 Npfs - ok

13:15:55.0210 7036 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll

13:15:55.0212 7036 nsi - ok

13:15:55.0235 7036 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys

13:15:55.0237 7036 nsiproxy - ok

13:15:55.0347 7036 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys

13:15:55.0413 7036 Ntfs - ok

13:15:55.0432 7036 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys

13:15:55.0434 7036 ntrigdigi - ok

13:15:55.0477 7036 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\Windows\system32\DRIVERS\NuidFltr.sys

13:15:55.0479 7036 NuidFltr - ok

13:15:55.0488 7036 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys

13:15:55.0490 7036 Null - ok

13:15:55.0518 7036 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys

13:15:55.0522 7036 nvraid - ok

13:15:55.0543 7036 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys

13:15:55.0546 7036 nvstor - ok

13:15:55.0579 7036 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys

13:15:55.0582 7036 nv_agp - ok

13:15:55.0587 7036 NwlnkFlt - ok

13:15:55.0595 7036 NwlnkFwd - ok

13:15:55.0729 7036 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

13:15:55.0741 7036 odserv - ok

13:15:55.0798 7036 OEM02Dev (19cac780b858822055f46c58a111723c) C:\Windows\system32\DRIVERS\OEM02Dev.sys

13:15:55.0807 7036 OEM02Dev - ok

13:15:55.0831 7036 OEM02Vfx (86326062a90494bdd79ce383511d7d69) C:\Windows\system32\DRIVERS\OEM02Vfx.sys

13:15:55.0833 7036 OEM02Vfx - ok

13:15:55.0895 7036 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys

13:15:55.0896 7036 ohci1394 - ok

13:15:55.0944 7036 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

13:15:55.0959 7036 ose - ok

13:15:56.0039 7036 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll

13:15:56.0062 7036 p2pimsvc - ok

13:15:56.0072 7036 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll

13:15:56.0081 7036 p2psvc - ok

13:15:56.0148 7036 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys

13:15:56.0151 7036 Parport - ok

13:15:56.0178 7036 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys

13:15:56.0180 7036 partmgr - ok

13:15:56.0218 7036 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys

13:15:56.0219 7036 Parvdm - ok

13:15:56.0257 7036 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll

13:15:56.0260 7036 PcaSvc - ok

13:15:56.0323 7036 PCDSRVC{E9D79540-57D5953E-06020101}_0 (92fddbed716bf5c3cb766101563cfce5) c:\program files\dell support center\pcdsrvc.pkms

13:15:56.0325 7036 PCDSRVC{E9D79540-57D5953E-06020101}_0 - ok

13:15:56.0389 7036 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys

13:15:56.0403 7036 pci - ok

13:15:56.0424 7036 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys

13:15:56.0427 7036 pciide - ok

13:15:56.0474 7036 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys

13:15:56.0487 7036 pcmcia - ok

13:15:56.0592 7036 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys

13:15:56.0625 7036 PEAUTH - ok

13:15:56.0853 7036 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll

13:15:56.0968 7036 pla - ok

13:15:57.0110 7036 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll

13:15:57.0132 7036 PlugPlay - ok

13:15:57.0206 7036 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll

13:15:57.0213 7036 PNRPAutoReg - ok

13:15:57.0223 7036 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll

13:15:57.0230 7036 PNRPsvc - ok

13:15:57.0283 7036 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll

13:15:57.0290 7036 PolicyAgent - ok

13:15:57.0336 7036 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys

13:15:57.0339 7036 PptpMiniport - ok

13:15:57.0357 7036 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys

13:15:57.0359 7036 Processor - ok

13:15:57.0396 7036 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll

13:15:57.0410 7036 ProfSvc - ok

13:15:57.0471 7036 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe

13:15:57.0473 7036 ProtectedStorage - ok

13:15:57.0508 7036 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys

13:15:57.0510 7036 PSched - ok

13:15:57.0546 7036 PxHelp20 (03e0fe281823ba64b3782f5b38950e73) C:\Windows\system32\Drivers\PxHelp20.sys

13:15:57.0549 7036 PxHelp20 - ok

13:15:57.0656 7036 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys

13:15:57.0687 7036 ql2300 - ok

13:15:57.0732 7036 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys

13:15:57.0749 7036 ql40xx - ok

13:15:57.0791 7036 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll

13:15:57.0797 7036 QWAVE - ok

13:15:57.0824 7036 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys

13:15:57.0825 7036 QWAVEdrv - ok

13:15:58.0000 7036 R300 (e642b131fb74caf4bb8a014f31113142) C:\Windows\system32\DRIVERS\atikmdag.sys

13:15:58.0043 7036 R300 - ok

13:15:58.0164 7036 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys

13:15:58.0166 7036 RasAcd - ok

13:15:58.0208 7036 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll

13:15:58.0213 7036 RasAuto - ok

13:15:58.0235 7036 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys

13:15:58.0239 7036 Rasl2tp - ok

13:15:58.0298 7036 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll

13:15:58.0330 7036 RasMan - ok

13:15:58.0363 7036 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys

13:15:58.0366 7036 RasPppoe - ok

13:15:58.0415 7036 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys

13:15:58.0418 7036 RasSstp - ok

13:15:58.0472 7036 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys

13:15:58.0479 7036 rdbss - ok

13:15:58.0512 7036 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys

13:15:58.0515 7036 RDPCDD - ok

13:15:58.0579 7036 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys

13:15:58.0589 7036 rdpdr - ok

13:15:58.0598 7036 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys

13:15:58.0600 7036 RDPENCDD - ok

13:15:58.0659 7036 RDPWD (79c6df8477250f5c54f7c5ae1d6b814e) C:\Windows\system32\drivers\RDPWD.sys

13:15:58.0672 7036 RDPWD - ok

13:15:58.0795 7036 RegSrvc (2cf574d0965f58e514a2dc94114d7eca) C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

13:15:58.0798 7036 RegSrvc - ok

13:15:58.0833 7036 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll

13:15:58.0836 7036 RemoteAccess - ok

13:15:58.0872 7036 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll

13:15:58.0889 7036 RemoteRegistry - ok

13:15:58.0911 7036 rimmptsk (355aac141b214bef1dbc1483afd9bd50) C:\Windows\system32\DRIVERS\rimmptsk.sys

13:15:58.0914 7036 rimmptsk - ok

13:15:58.0935 7036 rimsptsk (a4216c71dd4f60b26418ccfd99cd0815) C:\Windows\system32\DRIVERS\rimsptsk.sys

13:15:58.0938 7036 rimsptsk - ok

13:15:58.0947 7036 rismxdp (d231b577024aa324af13a42f3a807d10) C:\Windows\system32\DRIVERS\rixdptsk.sys

13:15:58.0949 7036 rismxdp - ok

13:15:58.0972 7036 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe

13:15:58.0974 7036 RpcLocator - ok

13:15:59.0037 7036 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll

13:15:59.0043 7036 RpcSs - ok

13:15:59.0082 7036 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys

13:15:59.0085 7036 rspndr - ok

13:15:59.0128 7036 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe

13:15:59.0130 7036 SamSs - ok

13:15:59.0151 7036 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys

13:15:59.0154 7036 sbp2port - ok

13:15:59.0321 7036 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

13:15:59.0351 7036 SBSDWSCService - ok

13:15:59.0388 7036 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll

13:15:59.0393 7036 SCardSvr - ok

13:15:59.0492 7036 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll

13:15:59.0531 7036 Schedule - ok

13:15:59.0554 7036 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll

13:15:59.0555 7036 SCPolicySvc - ok

13:15:59.0644 7036 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys

13:15:59.0648 7036 sdbus - ok

13:15:59.0684 7036 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll

13:15:59.0700 7036 SDRSVC - ok

13:15:59.0740 7036 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

13:15:59.0742 7036 secdrv - ok

13:15:59.0753 7036 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll

13:15:59.0758 7036 seclogon - ok

13:15:59.0782 7036 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll

13:15:59.0788 7036 SENS - ok

13:15:59.0834 7036 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys

13:15:59.0837 7036 Serenum - ok

13:15:59.0900 7036 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys

13:15:59.0917 7036 Serial - ok

13:15:59.0955 7036 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys

13:15:59.0958 7036 sermouse - ok

13:16:00.0047 7036 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll

13:16:00.0066 7036 SessionEnv - ok

13:16:00.0100 7036 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys

13:16:00.0103 7036 sffdisk - ok

13:16:00.0120 7036 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys

13:16:00.0123 7036 sffp_mmc - ok

13:16:00.0169 7036 sffp_sd (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\DRIVERS\sffp_sd.sys

13:16:00.0172 7036 sffp_sd - ok

13:16:00.0196 7036 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys

13:16:00.0199 7036 sfloppy - ok

13:16:00.0262 7036 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll

13:16:00.0287 7036 SharedAccess - ok

13:16:00.0361 7036 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll

13:16:00.0371 7036 ShellHWDetection - ok

13:16:00.0402 7036 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys

13:16:00.0405 7036 sisagp - ok

13:16:00.0421 7036 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys

13:16:00.0423 7036 SiSRaid2 - ok

13:16:00.0439 7036 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys

13:16:00.0442 7036 SiSRaid4 - ok

13:16:00.0721 7036 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe

13:16:00.0802 7036 slsvc - ok

13:16:00.0924 7036 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll

13:16:00.0928 7036 SLUINotify - ok

13:16:00.0986 7036 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys

13:16:00.0989 7036 Smb - ok

13:16:01.0025 7036 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe

13:16:01.0028 7036 SNMPTRAP - ok

13:16:01.0059 7036 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys

13:16:01.0061 7036 spldr - ok

13:16:01.0100 7036 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe

13:16:01.0116 7036 Spooler - ok

13:16:01.0171 7036 sprtsvc_dellsupportcenter - ok

13:16:01.0355 7036 SRTSP (9dd258ee034afd36259cb7357e19d0b1) C:\Windows\System32\Drivers\NIS\1307000.009\SRTSP.SYS

13:16:01.0393 7036 SRTSP - ok

13:16:01.0433 7036 SRTSPX (0cc3a10f363436c7b478419eb73f8d91) C:\Windows\system32\drivers\NIS\1307000.009\SRTSPX.SYS

13:16:01.0436 7036 SRTSPX - ok

13:16:01.0506 7036 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys

13:16:01.0525 7036 srv - ok

13:16:01.0578 7036 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys

13:16:01.0582 7036 srv2 - ok

13:16:01.0638 7036 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys

13:16:01.0652 7036 srvnet - ok

13:16:01.0690 7036 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll

13:16:01.0698 7036 SSDPSRV - ok

13:16:01.0739 7036 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll

13:16:01.0745 7036 SstpSvc - ok

13:16:01.0845 7036 STacSV (71679f24d0d0b2c6403bb5ac57026e99) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c09c50a2\STacSV.exe

13:16:01.0859 7036 STacSV - ok

13:16:01.0936 7036 STHDA (68a0d39e357dd7a234b1d4f1e844c615) C:\Windows\system32\drivers\stwrt.sys

13:16:01.0945 7036 STHDA - ok

13:16:02.0003 7036 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll

13:16:02.0012 7036 stisvc - ok

13:16:02.0088 7036 stllssvr (1d0063597c3666404fcf97698abeb019) C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

13:16:02.0091 7036 stllssvr - ok

13:16:02.0133 7036 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys

13:16:02.0135 7036 swenum - ok

13:16:02.0183 7036 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll

13:16:02.0200 7036 swprv - ok

13:16:02.0228 7036 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys

13:16:02.0230 7036 Symc8xx - ok

13:16:02.0385 7036 SymDS (690fa0e61b90084c4d9a721bd4f3d779) C:\Windows\system32\drivers\NIS\1307000.009\SYMDS.SYS

13:16:02.0401 7036 SymDS - ok

13:16:02.0538 7036 SymEFA (4e55148a2e044d02245cbcdbb266b98c) C:\Windows\system32\drivers\NIS\1307000.009\SYMEFA.SYS

13:16:02.0560 7036 SymEFA - ok

13:16:02.0643 7036 SymEvent (74e2521e96176a4449570e50be91954d) C:\Windows\system32\Drivers\SYMEVENT.SYS

13:16:02.0658 7036 SymEvent - ok

13:16:02.0695 7036 SymIRON (2c356cca706505cf63cbe39d532b9236) C:\Windows\system32\drivers\NIS\1307000.009\Ironx86.SYS

13:16:02.0709 7036 SymIRON - ok

13:16:02.0750 7036 SYMTDIv (40c6e6417c8b7d7fcf82cfbe71525795) C:\Windows\System32\Drivers\NIS\1307000.009\SYMTDIV.SYS

13:16:02.0766 7036 SYMTDIv - ok

13:16:02.0786 7036 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys

13:16:02.0789 7036 Sym_hi - ok

13:16:02.0807 7036 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys

13:16:02.0809 7036 Sym_u3 - ok

13:16:02.0877 7036 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll

13:16:02.0888 7036 SysMain - ok

13:16:02.0923 7036 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll

13:16:02.0926 7036 TabletInputService - ok

13:16:02.0974 7036 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll

13:16:02.0979 7036 TapiSrv - ok

13:16:03.0001 7036 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll

13:16:03.0006 7036 TBS - ok

13:16:03.0148 7036 Tcpip (16731b631f28f63cd9f4cb60940e7ddd) C:\Windows\system32\drivers\tcpip.sys

13:16:03.0174 7036 Tcpip - ok

13:16:03.0188 7036 Tcpip6 (16731b631f28f63cd9f4cb60940e7ddd) C:\Windows\system32\DRIVERS\tcpip.sys

13:16:03.0195 7036 Tcpip6 - ok

13:16:03.0241 7036 tcpipreg (3fc13f09af9be487c7b4fac4070a036c) C:\Windows\system32\drivers\tcpipreg.sys

13:16:03.0243 7036 tcpipreg - ok

13:16:03.0269 7036 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys

13:16:03.0271 7036 TDPIPE - ok

13:16:03.0284 7036 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys

13:16:03.0286 7036 TDTCP - ok

13:16:03.0313 7036 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys

13:16:03.0316 7036 tdx - ok

13:16:03.0388 7036 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys

13:16:03.0391 7036 TermDD - ok

13:16:03.0444 7036 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll

13:16:03.0477 7036 TermService - ok

13:16:03.0556 7036 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll

13:16:03.0560 7036 Themes - ok

13:16:03.0611 7036 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll

13:16:03.0612 7036 THREADORDER - ok

13:16:03.0648 7036 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll

13:16:03.0652 7036 TrkWks - ok

13:16:03.0711 7036 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe

13:16:03.0712 7036 TrustedInstaller - ok

13:16:03.0746 7036 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys

13:16:03.0747 7036 tssecsrv - ok

13:16:03.0777 7036 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys

13:16:03.0779 7036 tunmp - ok

13:16:03.0812 7036 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys

13:16:03.0813 7036 tunnel - ok

13:16:03.0837 7036 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys

13:16:03.0840 7036 uagp35 - ok

13:16:03.0884 7036 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys

13:16:03.0895 7036 udfs - ok

13:16:03.0929 7036 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe

13:16:03.0933 7036 UI0Detect - ok

13:16:03.0957 7036 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys

13:16:03.0959 7036 uliagpkx - ok

13:16:03.0988 7036 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys

13:16:03.0993 7036 uliahci - ok

13:16:04.0018 7036 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys

13:16:04.0021 7036 UlSata - ok

13:16:04.0046 7036 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys

13:16:04.0062 7036 ulsata2 - ok

13:16:04.0087 7036 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys

13:16:04.0089 7036 umbus - ok

13:16:04.0116 7036 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll

13:16:04.0126 7036 upnphost - ok

13:16:04.0154 7036 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\Windows\system32\Drivers\usbaapl.sys

13:16:04.0157 7036 USBAAPL - ok

13:16:04.0187 7036 usbbus (5aadc9297c39aa249cd994acdba19034) C:\Windows\system32\DRIVERS\lgusbbus.sys

13:16:04.0189 7036 usbbus - ok

13:16:04.0297 7036 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys

13:16:04.0300 7036 usbccgp - ok

13:16:04.0322 7036 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys

13:16:04.0326 7036 usbcir - ok

13:16:04.0358 7036 UsbDiag (4650ffe04e5922399b0e932319e6b215) C:\Windows\system32\DRIVERS\lgusbdiag.sys

13:16:04.0360 7036 UsbDiag - ok

13:16:04.0431 7036 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys

13:16:04.0434 7036 usbehci - ok

13:16:04.0487 7036 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys

13:16:04.0532 7036 usbhub - ok

13:16:04.0559 7036 USBModem (2666fe171e0c2e7085ccd5fe0bac09e3) C:\Windows\system32\DRIVERS\lgusbmodem.sys

13:16:04.0561 7036 USBModem - ok

13:16:04.0586 7036 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys

13:16:04.0589 7036 usbohci - ok

13:16:04.0611 7036 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys

13:16:04.0614 7036 usbprint - ok

13:16:04.0665 7036 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys

13:16:04.0669 7036 usbscan - ok

13:16:04.0732 7036 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS

13:16:04.0734 7036 USBSTOR - ok

13:16:04.0793 7036 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys

13:16:04.0796 7036 usbuhci - ok

13:16:04.0835 7036 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll

13:16:04.0841 7036 UxSms - ok

13:16:04.0912 7036 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe

13:16:04.0933 7036 vds - ok

13:16:04.0965 7036 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys

13:16:04.0969 7036 vga - ok

13:16:04.0997 7036 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys

13:16:05.0000 7036 VgaSave - ok

13:16:05.0023 7036 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys

13:16:05.0026 7036 viaagp - ok

13:16:05.0050 7036 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys

13:16:05.0052 7036 ViaC7 - ok

13:16:05.0115 7036 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys

13:16:05.0117 7036 viaide - ok

13:16:05.0202 7036 Viewpoint Manager Service (5f974fde801c73952770736becde11e7) C:\Program Files\Viewpoint\Common\ViewpointService.exe

13:16:05.0203 7036 Viewpoint Manager Service - ok

13:16:05.0216 7036 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys

13:16:05.0219 7036 volmgr - ok

13:16:05.0260 7036 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys

13:16:05.0279 7036 volmgrx - ok

13:16:05.0345 7036 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys

13:16:05.0401 7036 volsnap - ok

13:16:05.0443 7036 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys

13:16:05.0481 7036 vsmraid - ok

13:16:05.0587 7036 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe

13:16:05.0622 7036 VSS - ok

13:16:05.0671 7036 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll

13:16:05.0678 7036 W32Time - ok

13:16:05.0750 7036 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys

13:16:05.0752 7036 WacomPen - ok

13:16:05.0771 7036 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

13:16:05.0773 7036 Wanarp - ok

13:16:05.0777 7036 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

13:16:05.0779 7036 Wanarpv6 - ok

13:16:05.0829 7036 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll

13:16:05.0845 7036 wcncsvc - ok

13:16:05.0872 7036 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll

13:16:05.0876 7036 WcsPlugInService - ok

13:16:05.0899 7036 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys

13:16:05.0902 7036 Wd - ok

13:16:05.0955 7036 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys

13:16:05.0977 7036 Wdf01000 - ok

13:16:06.0007 7036 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll

13:16:06.0012 7036 WdiServiceHost - ok

13:16:06.0021 7036 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll

13:16:06.0026 7036 WdiSystemHost - ok

13:16:06.0077 7036 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll

13:16:06.0111 7036 WebClient - ok

13:16:06.0183 7036 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll

13:16:06.0198 7036 Wecsvc - ok

13:16:06.0219 7036 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll

13:16:06.0226 7036 wercplsupport - ok

13:16:06.0266 7036 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll

13:16:06.0281 7036 WerSvc - ok

13:16:06.0373 7036 winachsf (72cc6a8ca7891031d6380db5025c773c) C:\Windows\system32\DRIVERS\HSX_CNXT.sys

13:16:06.0406 7036 winachsf - ok

13:16:06.0512 7036 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll

13:16:06.0521 7036 WinDefend - ok

13:16:06.0528 7036 WinHttpAutoProxySvc - ok

13:16:06.0594 7036 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll

13:16:06.0609 7036 Winmgmt - ok

13:16:06.0741 7036 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll

13:16:06.0769 7036 WinRM - ok

13:16:06.0831 7036 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll

13:16:06.0843 7036 Wlansvc - ok

13:16:06.0942 7036 wlcrasvc (6067acef367e79914af628fa1e9b5330) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe

13:16:06.0944 7036 wlcrasvc - ok

13:16:07.0152 7036 wlidsvc (0a70f4022ec2e14c159efc4f69aa2477) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

13:16:07.0196 7036 wlidsvc - ok

13:16:07.0312 7036 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys

13:16:07.0313 7036 WmiAcpi - ok

13:16:07.0378 7036 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe

13:16:07.0393 7036 wmiApSrv - ok

13:16:07.0539 7036 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe

13:16:07.0559 7036 WMPNetworkSvc - ok

13:16:07.0584 7036 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll

13:16:07.0589 7036 WPCSvc - ok

13:16:07.0640 7036 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll

13:16:07.0645 7036 WPDBusEnum - ok

13:16:07.0716 7036 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys

13:16:07.0719 7036 WpdUsb - ok

13:16:08.0004 7036 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

13:16:08.0019 7036 WPFFontCache_v0400 - ok

13:16:08.0058 7036 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys

13:16:08.0060 7036 ws2ifsl - ok

13:16:08.0095 7036 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\System32\wscsvc.dll

13:16:08.0100 7036 wscsvc - ok

13:16:08.0105 7036 WSearch - ok

13:16:08.0302 7036 wuauserv (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll

13:16:08.0348 7036 wuauserv - ok

13:16:08.0487 7036 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys

13:16:08.0491 7036 WUDFRd - ok

13:16:08.0546 7036 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll

13:16:08.0552 7036 wudfsvc - ok

13:16:08.0595 7036 XAudio (dab33cfa9dd24251aaa389ff36b64d4b) C:\Windows\system32\DRIVERS\xaudio.sys

13:16:08.0597 7036 XAudio - ok

13:16:08.0641 7036 XAudioService (cd5f291a1161f15896d1a4d63daff5df) C:\Windows\system32\DRIVERS\xaudio.exe

13:16:08.0678 7036 XAudioService - ok

13:16:08.0746 7036 yukonwlh (04e268adfc81964c49dc0c082d520f7e) C:\Windows\system32\DRIVERS\yk60x86.sys

13:16:08.0755 7036 yukonwlh - ok

13:16:08.0777 7036 MBR (0x1B8) (faf3db026c90f586e5993588661e2612) \Device\Harddisk0\DR0

13:16:08.0803 7036 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected

13:16:08.0803 7036 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)

13:16:08.0809 7036 MBR (0x1B8) (ddae9d649db12f6aff24483f2c298989) \Device\Harddisk1\DR1

13:16:08.0814 7036 \Device\Harddisk1\DR1 - ok

13:16:08.0853 7036 Boot (0x1200) (1c87bb41b794aa77b498067de1159056) \Device\Harddisk0\DR0\Partition0

13:16:08.0855 7036 \Device\Harddisk0\DR0\Partition0 - ok

13:16:08.0871 7036 Boot (0x1200) (30f3e47d2d87c4a1987714e2f79baf1e) \Device\Harddisk0\DR0\Partition1

13:16:08.0873 7036 \Device\Harddisk0\DR0\Partition1 - ok

13:16:08.0878 7036 Boot (0x1200) (5bd9a2b23482849f59196504c6739bfe) \Device\Harddisk1\DR1\Partition0

13:16:08.0879 7036 \Device\Harddisk1\DR1\Partition0 - ok

13:16:08.0880 7036 ============================================================

13:16:08.0880 7036 Scan finished

13:16:08.0880 7036 ============================================================

13:16:08.0895 3896 Detected object count: 1

13:16:08.0895 3896 Actual detected object count: 1

13:16:34.0631 3896 \Device\Harddisk0\DR0\# - copied to quarantine

13:16:34.0632 3896 \Device\Harddisk0\DR0 - copied to quarantine

13:16:34.0671 3896 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine

13:16:34.0684 3896 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine

13:16:34.0690 3896 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine

13:16:34.0696 3896 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine

13:16:34.0735 3896 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine

13:16:34.0752 3896 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine

13:16:34.0762 3896 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine

13:16:34.0765 3896 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine

13:16:34.0767 3896 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine

13:16:34.0770 3896 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine

13:16:34.0775 3896 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine

13:16:34.0779 3896 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine

13:16:34.0793 3896 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot

13:16:34.0794 3896 \Device\Harddisk0\DR0 - ok

13:16:34.0862 3896 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure

13:16:41.0492 4852 Deinitialize success

[Elise]

Unfortunately you had a nasty rootkit on your computer. It is gone now, but please make sure to review the following information.

BACKDOOR WARNING

------------------------------

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and cleaned, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

COMBOFIX

---------------

Please download ComboFix from one of these locations:

• 
  

Bleepingcomputer
ForoSpyware

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  
• Double click on Combofix.exe and follow the prompts.
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  

**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply.

[duerrl]

Elise -- she uses the computer for surfing the internet, facebook and schoolwork. It's unlikely she did anything of a financial nature except pay for something with a credit card; I check the credit card activity often so I'm not concerned about that. However, could the hackers have gotten access to her passwords?

I ensured that the Norton firewall is on; it's likely the infection happened before Norton was loaded on the computer. Will this firewall prevent future backdoor infections?

Lynne

[Elise]

The could, theoretically, but if they actually would, is another matter. This rootkit infects thousands of systems. While banking information is something that might be interesting (note that this rootkit is not a banking/info stealer), the chance that non-sensitive passwords like facebook log in data would be compromised. However, as the chance exists its safe practice to change them nevertheless.

A firewall may help preventing infection, although no security setup is 100% safe. Once done I'll give you some general prevention information.

[duerrl]

Okay -- before I clean it, I should do a back-up, correct -- for her music, apps, pictures, etc?

[Elise]

In this case as the main rootkit is already gone not necessarily. Its safe enough to continue without backing up first. It is also better to back up when the computer is confirmed clean in order to avoid inadvertently backing up infected files.

[duerrl]

Elise -- here's the log from Combofix

ComboFix 12-05-01.02 - Lauren 05/01/2012 15:55:06.1.2 - x86

Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.3573.2133 [GMT -4:00]

Running from: c:\users\Lauren\Downloads\ComboFix.exe

AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files\RetrogamerEI

c:\program files\RetrogamerEI\Installr\2.bin\k7EIPlug.dll

c:\program files\RetrogamerEI\Installr\2.bin\NPk7EISb.dll

c:\programdata\PCDr\5907\Downloads\15fc9c67-6e4d-42b6-b215-fee7bb01b1c7.dll

.

c:\windows\System32\auditpol.exe . . . is infected!!

.

.

((((((((((((((((((((((((( Files Created from 2012-04-01 to 2012-05-01 )))))))))))))))))))))))))))))))

.

.

2012-05-01 20:37 . 2012-05-01 20:37 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-05-01 19:02 . 2012-05-01 19:02 -------- d-----w- c:\programdata\Clickfree

2012-05-01 17:16 . 2012-05-01 17:16 -------- d-----w- C:\TDSSKiller_Quarantine

2012-04-30 07:02 . 2012-02-29 15:11 5120 ----a-w- c:\windows\system32\wmi.dll

2012-04-30 07:02 . 2012-02-29 15:11 172032 ----a-w- c:\windows\system32\wintrust.dll

2012-04-30 07:02 . 2012-02-29 15:09 157696 ----a-w- c:\windows\system32\imagehlp.dll

2012-04-30 07:02 . 2012-02-29 13:32 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys

2012-04-30 07:01 . 2012-04-30 07:01 -------- d-sh--w- c:\windows\system32\%APPDATA%

2012-04-30 02:47 . 2012-04-30 02:47 -------- d-----w- c:\users\Lauren\AppData\Roaming\AVG10

2012-04-30 02:17 . 2012-04-30 07:20 -------- d-----w- c:\windows\system32\drivers\NIS\1307000.009

2012-04-30 01:30 . 2012-04-30 01:30 -------- d-----w- c:\users\Lauren\AppData\Roaming\PC Cleaners

2012-04-30 01:29 . 2012-04-30 01:30 -------- d-----w- c:\users\Lauren\AppData\Roaming\PCPro

2012-04-30 01:29 . 2012-04-30 01:29 4106512 ----a-w- c:\windows\uninst.exe

2012-04-30 01:29 . 2012-04-30 01:29 -------- d-----w- c:\program files\PC Cleaners

2012-04-30 01:29 . 2012-04-30 01:29 -------- d-----w- c:\programdata\PC1Data

2012-04-29 23:20 . 2012-03-01 11:01 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat

2012-04-29 23:12 . 2012-04-29 23:12 -------- d-----w- c:\users\Lauren\AppData\Roaming\Malwarebytes

2012-04-29 23:12 . 2012-04-29 23:12 -------- d-----w- c:\programdata\Malwarebytes

2012-04-29 23:12 . 2012-04-30 01:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-04-29 23:12 . 2012-04-04 19:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-04-29 23:02 . 2012-04-29 23:02 -------- d-----w- C:\3fc3aa01a3ea053fe3626e44628bb41d

2012-04-29 22:58 . 2010-04-05 20:00 221568 ----a-w- c:\windows\system32\drivers\netio.sys

2012-04-29 22:38 . 2012-04-29 22:38 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-04-02 01:31 . 2012-04-02 01:31 -------- d-----w- c:\program files\SystemRequirementsLab

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-04-29 22:38 . 2011-06-14 04:29 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-03-27 02:25 . 2012-03-27 02:25 141944 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS

2012-02-14 15:45 . 2012-03-14 17:09 219648 ----a-w- c:\windows\system32\d3d10_1core.dll

2012-02-14 15:45 . 2012-03-14 17:09 160768 ----a-w- c:\windows\system32\d3d10_1.dll

2012-02-13 14:12 . 2012-03-14 17:09 1172480 ----a-w- c:\windows\system32\d3d10warp.dll

2012-02-13 13:47 . 2012-03-14 17:09 683008 ----a-w- c:\windows\system32\d2d1.dll

2012-02-13 13:44 . 2012-03-14 17:09 1068544 ----a-w- c:\windows\system32\DWrite.dll

2012-02-07 15:02 . 2012-02-07 15:02 1070352 ----a-w- c:\windows\system32\MSCOMCTL.OCX

2012-02-02 15:16 . 2012-03-14 17:09 2044416 ----a-w- c:\windows\system32\win32k.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2010-09-02 13351304]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-08-29 68856]

"SacReminderHDDV2"="c:\programdata\Clickfree\C2SMB_M\reminder\SacReminder.exe" [2010-11-18 501584]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2008-02-29 17920]

"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-05-04 167936]

"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2008-03-04 36864]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-03-06 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-03-06 166424]

"Persistence"="c:\windows\system32\igfxpers.exe" [2008-03-06 133656]

"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]

"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-07-08 30192]

"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-12-21 184320]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-12-14 47904]

"lxdimon.exe"="c:\program files\Lexmark 3500-4500 Series\lxdimon.exe" [2007-05-07 435120]

"lxdiamon"="c:\program files\Lexmark 3500-4500 Series\lxdiamon.exe" [2007-03-05 20480]

"FaxCenterServer"="c:\program files\\Lexmark Fax Solutions\fm3032.exe" [2007-05-07 312240]

"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]

"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2008-02-15 405504]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-12-08 421736]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]

"PC Cleaners"="c:\program files\PC Cleaners\PCCleaners.exe" [2012-04-30 51433232]

.

c:\users\Lauren\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-5-13 1058088]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-8-29 50688]

Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2009-7-10 323584]

.

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-5-13 1058088]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]

2008-08-29 05:36 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-29 253088]

S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2007-11-12 73728]

.

.

--- Other Services/Drivers In Memory ---

.

*Deregistered* - EraserUtilDrv11122

*Deregistered* - PCDSRVC{E9D79540-57D5953E-06020101}_0

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

.

Contents of the 'Scheduled Tasks' folder

.

2012-05-01 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-29 22:38]

.

2012-05-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 05:44]

.

2012-05-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 05:44]

.

2012-03-10 c:\windows\Tasks\PCDoctorBackgroundMonitorTask-Delay.job

- c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 05:40]

.

2012-04-29 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job

- c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 05:40]

.

2012-05-01 c:\windows\Tasks\SystemToolsDailyTest.job

- c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 05:40]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.aol.com/?mtmhp=1

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.1.1 71.242.0.12

.

- - - - ORPHANS REMOVED - - - -

.

BHO-{28387537-e3f9-4ed7-860c-11e69af4a8a0} - (no file)

BHO-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)

BHO-{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - (no file)

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

Toolbar-{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - (no file)

Toolbar-10 - (no file)

Toolbar-{28387537-e3f9-4ed7-860c-11e69af4a8a0} - (no file)

WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

HKLM-Run-AVG_TRAY - c:\program files\AVG\AVG2012\avgtray.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-05-01 16:37

Windows 6.0.6002 Service Pack 2 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NIS]

"ImagePath"="\"c:\program files\Norton Internet Security\Engine\19.7.0.9\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\19.7.0.9\diMaster.dll\" /prefetch:1"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (LocalSystem)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,9c,c6,33,e5,b3,da,75,49,a8,1c,88,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,9c,c6,33,e5,b3,da,75,49,a8,1c,88,\

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

Completion time: 2012-05-01 16:40:26

ComboFix-quarantined-files.txt 2012-05-01 20:40

.

Pre-Run: 205,577,142,272 bytes free

Post-Run: 205,545,185,280 bytes free

.

- - End Of File - - FEE5DC7BCDE3173428620B28D195C27E

[Elise]

Please go to http://www.virustotal.com and upload this file: c:\windows\System32\auditpol.exe

Link me to the scan results (copy the URL once done).

[duerrl]

https://www.virustotal.com/file/9da73f73f9e86f1b319f99edc6474e3bd042b89ee170a592f89d52c7cd788a08/analysis/1335965820/

[duerrl]

https://www.virustotal.com/file/9da73f73f9e86f1b319f99edc6474e3bd042b89ee170a592f89d52c7cd788a08/analysis/1335965820/

[Elise]

How are things running at this point, what problems do you still have left?

Please rerun DDS and post me attach.txt (no need to post dds.txt).

[duerrl]

Elise -- everything seems to be running fine since I've followed your advice. Attached is the 2nd attach.txt file.

Lynne

Attach1.zip

[Elise]

I'm glad to hear that Lynne!

P2P WARNING

-------------------

Going over your logs I noticed that you have LimeWire installed.

• Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  
• They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  
• Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  
• The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.

It is pretty much certain that if you continue to use P2P programs, you will get infected again.

I would recommend that you uninstall LimeWire, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Add/Remove Programs.

If you wish to keep it, please do not use it until your computer is cleaned.

Your version of Adobe Reader is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Adobe components and update:

• Download the latest version of Adobe Reader Version X. and save it to your desktop.
  
• Uncheck the "Free McAfee Security plan Plus" option or any other Toolbar you are offered
  
• Click the download button at the bottom.
  
• If you use Internet Explorer and do not wish to install the ActiveX element, simply click on the click here to download link on the next page.
  
• Remove all older version of Adobe Reader: Go to Add/remove and uninstall all versions of Adobe Reader, Acrobat Reader and Adobe Acrobat.
  If you are unsure of how to use Add or Remove Programs, the please see this tutorial:How To Remove An Installed Program From Your Computer
  
• Then from your desktop double-click on Adobe Reader to install the newest version.
  If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  
• When the "Adobe Setup - Welcome" window opens, click the Install > button.
  
• If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
  

Your Adobe Reader is now up to date!

Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.

• Download the latest version of Java Runtime Environment (JRE) Version 7u3.
  
• Look for "JDK 7u3 (JDK or JRE).
  
• Click the "Download JRE" button at the right.
  
• Read the License Agreement, and then check the box that says: "Accept License Agreement".
  
  • Select "Windows x86 Offline" and click on jre-7-windows-i586.exe
    

  [*]Save it to your desktop

  [*]Close any programs you may have running - especially your web browser.

  [*]Uninstall all older versions of Java (any item with Java Runtime Environment, JRE or J2SE in the name).

  [*]Reboot your computer once all Java components are removed.

  [*]Install the newest version by double clicking (run as Administrator for Windows Vista/Seven) the downloaded file.

Please launch MBAM, update it and run a full scan. Post me the resulting log.

[duerrl]

Updated Adobe and Java; she needs Limewire because she has almost 2,000 music files on it, unless you can suggest a way for her to save the files. Here is the scan log:

Malwarebytes Anti-Malware (Trial) 1.61.0.1400

www.malwarebytes.org

Database version: v2012.05.02.06

Windows Vista Service Pack 2 x86 NTFS

Internet Explorer 9.0.8112.16421

Lauren :: LAUREN-PC [administrator]

Protection: Enabled

5/2/2012 2:01:28 PM

mbam-log-2012-05-02 (14-01-28).txt

Scan type: Full scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 352738

Time elapsed: 1 hour(s), 46 minute(s), 55 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

[Elise]

Regarding LimeWire, please be sure to read this topic.

ESET ONLINE SCANNER

----------------------------

I'd like us to scan your machine with ESET OnlineScan

1. Hold down Control and click on this link to open ESET OnlineScan in a new window.
   
2. Click the button.
   
3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
   1. 
      
   2. Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
      
   3. Double click on the
      icon on your desktop.
      
      
   4. Check "YES, I accept the Terms of Use."
      
   5. Click the Start button.
      
   6. Accept any security warnings from your browser.
      
   7. Under scan settings, check "Scan Archives" and "Remove found threats"
      
   8. Click Advanced settings and select the following:
      • Scan potentially unwanted applications
        
      • Scan for potentially unsafe applications
        
      • Enable Anti-Stealth technology

[*]ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

[*]When the scan completes, click List Threats

[*]Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

[*]Click the Back button.

[*]Click the Finish button.

[duerrl]

Here are the results of the ESET scan.

eset.txt

[Elise]

These were only leftovers, which means the computer is clean now.

ALL CLEAN

--------------

Your machine appears to be clean, please take the time to read below on how to secure the machine and take the necessary steps to keep it clean

Please do the following to remove the remaining programs from your PC:

• Delete the tools used during the disinfection:
  • Click start > run and type combofix /uninstall, press enter. This will remove Combofix from your computer.
    

Please read these advices, in order to prevent reinfecting your PC:

1. Install and update the following programs regularly:
   • an outbound firewall. If you are connected to the internet through a router, you are already behind a hardware firewall and as such you do not need an extra software firewall.
     A comprehensive tutorial and a list of possible firewalls can be found here.
     
   • an AntiVirus Software
     It is imperative that you update your AntiVirus Software on regular basis.If you do not update your AntiVirus Software then it will not be able to catch the latest threats.
     
   • an Anti-Spyware program
     Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
     SUPERAntiSpyware is another good scanner with high detection and removal rates.
     Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
     
   • Spyware Blaster
     A tutorial for Spywareblaster can be found here. If you wish, the commercial version provides automatic updating.
     

[*]Keep Windows (and your other Microsoft software) up to date!

I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.

Therefore, please, visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!

[*]Keep your other software up to date as well

Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on yourmachine.

[*]Stay up to date!

The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variants every single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing.

Some more links you might find of interest:

• Miekies' prevention suggestions
  
• So How did I get infected?
  
• Microsoft - 'Security at home'
  
• Calendar of Updates: See which updates have been released.
  
• How to backup your Data with Cobian Backup:because you never know, when your harddisk might fail :wink:
  
• Commonly Used Freeware Replacements: a nice list of freeware programs in all categories, that are regarded as useful by the users of this forum.
  
• osalt: Find (free) open source alternatives to known commercial software.

Please reply to this topic if you have read the above information. If your computer is working fine, this topic will be closed afterwards.

[duerrl]

Elise -- I can't thank you enough for all of your help.

Regards,

Lynne

[Elise]

You are most welcome Lynne!

I will request this topic to be closed.