Happili Trojan got me...

hippiechic744 · June 5, 2012

My laptop was running slow, and after a Malwarebytes scan it came up with 4 infected files with the 'happili' trojan. Here are my mbam and dds logs:

MBAM log:

Malwarebytes Anti-Malware 1.61.0.1400

www.malwarebytes.org

Database version: v2012.06.03.06

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

Kristy :: D965GFC1 [administrator]

6/3/2012 4:51:31 PM

mbam-log-2012-06-03 (16-51-31).txt

Scan type: Full scan

Scan options disabled: P2P

Objects scanned: 351921

Time elapsed: 4 hour(s), 13 minute(s), 18 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 4

C:\Documents and Settings\Kristy\Local Settings\Application Data\ApplicationHistory\Adobe\szwtdkl.dll (Trojan.Happili.XGen) -> Quarantined and deleted successfully.

C:\Documents and Settings\Kristy\Local Settings\temp\0.3198980937296608 (Trojan.Happili) -> Quarantined and deleted successfully.

C:\Documents and Settings\Kristy\Local Settings\temp\nsc2E32.tmp\qrnoxrx.dll (Trojan.Happili) -> Quarantined and deleted successfully.

C:\Documents and Settings\Kristy\Local Settings\temp\nsc2E32.tmp\szwtdkl.dll (Trojan.Happili.XGen) -> Quarantined and deleted successfully.

(end)

dds log:

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_29

Run by Kristy at 20:06:39 on 2012-06-04

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.470 [GMT -5:00]

.

AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

AV: Microsoft Security Essentials *Enabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

c:\Program Files\Microsoft Security Essentials\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

C:\WINDOWS\System32\WLTRYSVC.EXE

C:\WINDOWS\System32\bcmwltry.exe

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe

C:\WINDOWS\system32\CTsvcCDA.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\CyberLink\Shared Files\RichVideo.exe

c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\system32\WLTRAY.exe

C:\WINDOWS\stsystra.exe

C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe

C:\WINDOWS\system32\Rundll32.exe

C:\Program Files\Dell\MediaDirect\PCMService.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\CyberLink\PCM4Everio\EverioService.exe

C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\AVAST Software\Avast\avastUI.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\DOCUME~1\Kristy\LOCALS~1\Temp\clclean.0001

C:\Program Files\Dell Support\DSAgnt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Documents and Settings\Kristy\Application Data\Spotify\Data\SpotifyWebHelper.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\WINDOWS\system32\wuauclt.exe

c:\Program Files\Zune\ZuneBusEnum.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.amazon.com/

uInternet Settings,ProxyOverride = <local>

uURLSearchHooks: H - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll

BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll

BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll

TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File

TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File

uRun: [setDefaultMIDI] MIDIDef.exe

uRun: [DellSupport] "c:\program files\dell support\DSAgnt.exe" /startup

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background

uRun: [spotify Web Helper] "c:\documents and settings\kristy\application data\spotify\data\SpotifyWebHelper.exe"

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe

mRun: [sigmatelSysTrayApp] stsystra.exe

mRun: [CTSysVol] c:\program files\creative\sbaudigy\surround mixer\CTSysVol.exe /r

mRun: [MBMon] Rundll32 CTMBHA.DLL,MBMon

mRun: [updReg] c:\windows\UpdReg.EXE

mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start

mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"

mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot

mRun: [EverioService] "c:\program files\cyberlink\pcm4everio\EverioService.exe"

mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui

mRun: [setDefPrt] c:\program files\brother\brmfl04h\BrStDvPt.exe

mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE

IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL

IE: {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - {552781AF-37E4-4FEE-920A-CED9E648EADD} - c:\program files\common files\microsoft shared\encarta search bar\ENCSBAR.DLL

IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll

LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll

Trusted Zone: turbotax.com

DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB

DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab

DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://www.pcpitstop.com/betapit/PCPitStop.CAB

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204

DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www2.snapfish.com/SnapfishActivia.cab

DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab

DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6087.cab

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} - hxxp://littlemissmagic777.spaces.live.com/PhotoUpload/MsnPUpld.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB

DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CBBD6FA7-2384-11D1-A8C9-0040C7116154} - hxxp://leads400.landstar.com/HFAccess/HFDSP.CAB

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://mci.webex.com/client/v_mywebex-wbs-mciprodins/webex/ieatgpc.cab

Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll

Notify: igfxcui - igfxdev.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: {4F07DA45-8170-4859-9B5F-037EF2970034} - No File

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\kristy\application data\mozilla\firefox\profiles\5akt67y1.default\

FF - prefs.js: browser.startup.homepage - hxxp://slickdeals.net/

FF - plugin: c:\documents and settings\kristy\application data\mozilla\firefox\profiles\5akt67y1.default\extensions\{195a3098-0bd5-4e90-ae22-ba1c540afd1e}\plugins\npGarmin.dll

FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\NPcol400.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll

.

---- FIREFOX POLICIES ----

FF - user.js: general.useragent.extra.brc -

.

============= SERVICES / DRIVERS ===============

.

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2011-1-26 239168]

R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2011-1-26 338880]

R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [2011-1-26 656320]

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-3-1 435032]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-3-1 314456]

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 151216]

R1 MpKsle5778334;MpKsle5778334;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{78505797-f2c0-4145-b62f-4e416ff994c3}\MpKsle5778334.sys [2012-6-4 29904]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-3-1 20568]

R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-3-1 44768]

R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-6-4 40776]

S1 gtmynuyg;gtmynuyg;\??\c:\windows\system32\drivers\gtmynuyg.sys --> c:\windows\system32\drivers\gtmynuyg.sys [?]

S1 iawsnhxh;iawsnhxh;\??\c:\windows\system32\drivers\iawsnhxh.sys --> c:\windows\system32\drivers\iawsnhxh.sys [?]

S1 nlshreox;nlshreox;\??\c:\windows\system32\drivers\nlshreox.sys --> c:\windows\system32\drivers\nlshreox.sys [?]

S1 wsbqjhiq;wsbqjhiq;\??\c:\windows\system32\drivers\wsbqjhiq.sys --> c:\windows\system32\drivers\wsbqjhiq.sys [?]

S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-6-3 129976]

S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\pc tools security\pctsAuxs.exe [2011-1-26 366840]

S3 sdCoreService;PC Tools Security Service;c:\program files\pc tools security\pctsSvc.exe [2011-1-26 1150936]

S3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\zune\WMZuneComm.exe [2011-8-5 268512]

.

=============== Created Last 30 ================

.

==================== Find3M ====================

.

============= FINISH: 20:21:12.03 ===============

attach log:

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume2

Install Date: 2/3/2007 1:24:00 PM

System Uptime: 6/4/2012 3:05:17 PM (5 hours ago)

.

Motherboard: Dell Inc. | | 0MG532

Processor: Genuine Intel® CPU T2050 @ 1.60GHz | Microprocessor | 798/133mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 143 GiB total, 54.676 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP2008: 4/17/2012 7:46:37 AM - Software Distribution Service 3.0

RP2009: 4/17/2012 10:04:10 AM - Software Distribution Service 3.0

RP2010: 4/18/2012 7:01:57 AM - Software Distribution Service 3.0

RP2011: 4/18/2012 10:16:36 AM - Software Distribution Service 3.0

RP2012: 4/19/2012 6:59:37 AM - Software Distribution Service 3.0

RP2013: 4/19/2012 7:34:06 PM - Software Distribution Service 3.0

RP2014: 4/20/2012 7:35:54 AM - Software Distribution Service 3.0

RP2015: 4/21/2012 7:23:08 AM - Software Distribution Service 3.0

RP2016: 4/21/2012 7:44:23 AM - Software Distribution Service 3.0

RP2017: 4/22/2012 7:20:02 AM - Software Distribution Service 3.0

RP2018: 4/22/2012 9:53:14 AM - Software Distribution Service 3.0

RP2019: 4/23/2012 7:08:05 AM - Software Distribution Service 3.0

RP2020: 4/23/2012 10:20:50 AM - Software Distribution Service 3.0

RP2021: 4/24/2012 7:04:55 AM - Software Distribution Service 3.0

RP2022: 4/24/2012 11:19:47 AM - Software Distribution Service 3.0

RP2023: 4/25/2012 6:59:18 AM - Software Distribution Service 3.0

RP2024: 4/25/2012 12:59:24 PM - Software Distribution Service 3.0

RP2025: 4/26/2012 6:29:57 AM - Software Distribution Service 3.0

RP2026: 4/26/2012 5:00:31 PM - Software Distribution Service 3.0

RP2027: 4/27/2012 6:44:05 AM - Software Distribution Service 3.0

RP2028: 4/28/2012 7:24:26 AM - Software Distribution Service 3.0

RP2029: 4/29/2012 7:19:49 AM - Software Distribution Service 3.0

RP2030: 4/29/2012 7:44:18 AM - Software Distribution Service 3.0

RP2031: 4/30/2012 7:38:29 AM - Software Distribution Service 3.0

RP2032: 4/30/2012 8:01:06 AM - Software Distribution Service 3.0

RP2033: 4/30/2012 12:33:57 PM - Software Distribution Service 3.0

RP2034: 5/1/2012 6:44:47 AM - Software Distribution Service 3.0

RP2035: 5/1/2012 1:19:30 PM - Software Distribution Service 3.0

RP2036: 5/2/2012 6:27:11 AM - Software Distribution Service 3.0

RP2037: 5/2/2012 7:51:14 PM - Software Distribution Service 3.0

RP2038: 5/3/2012 6:45:33 AM - Software Distribution Service 3.0

RP2039: 5/4/2012 8:00:03 AM - Software Distribution Service 3.0

RP2040: 5/4/2012 8:16:43 AM - Software Distribution Service 3.0

RP2041: 5/5/2012 7:07:19 AM - Software Distribution Service 3.0

RP2042: 5/5/2012 10:38:34 AM - Software Distribution Service 3.0

RP2043: 5/6/2012 5:36:37 AM - Software Distribution Service 3.0

RP2044: 5/6/2012 2:28:34 PM - Software Distribution Service 3.0

RP2045: 5/7/2012 6:34:40 AM - Software Distribution Service 3.0

RP2046: 5/7/2012 5:47:45 PM - Software Distribution Service 3.0

RP2047: 5/8/2012 6:36:48 AM - Software Distribution Service 3.0

RP2048: 5/8/2012 9:35:03 PM - Software Distribution Service 3.0

RP2049: 5/9/2012 7:35:31 AM - Software Distribution Service 3.0

RP2050: 5/10/2012 7:39:19 AM - Software Distribution Service 3.0

RP2051: 5/10/2012 7:55:29 AM - Software Distribution Service 3.0

RP2052: 5/11/2012 6:24:55 AM - Software Distribution Service 3.0

RP2053: 5/11/2012 8:36:39 AM - Software Distribution Service 3.0

RP2054: 5/12/2012 7:31:28 AM - Software Distribution Service 3.0

RP2055: 5/12/2012 10:17:19 AM - Software Distribution Service 3.0

RP2056: 5/13/2012 7:12:10 AM - Software Distribution Service 3.0

RP2057: 5/13/2012 4:46:46 PM - Software Distribution Service 3.0

RP2058: 5/14/2012 6:37:20 AM - Software Distribution Service 3.0

RP2059: 5/14/2012 7:56:19 PM - Software Distribution Service 3.0

RP2060: 5/15/2012 8:12:55 AM - Software Distribution Service 3.0

RP2061: 5/15/2012 8:12:52 PM - Software Distribution Service 3.0

RP2062: 5/16/2012 7:27:07 AM - Software Distribution Service 3.0

RP2063: 5/17/2012 7:21:52 AM - Software Distribution Service 3.0

RP2064: 5/17/2012 7:47:19 AM - Software Distribution Service 3.0

RP2065: 5/18/2012 7:53:10 AM - Software Distribution Service 3.0

RP2066: 5/18/2012 8:25:55 AM - Software Distribution Service 3.0

RP2067: 5/19/2012 7:21:30 AM - Software Distribution Service 3.0

RP2068: 5/19/2012 10:37:03 AM - Software Distribution Service 3.0

RP2069: 5/20/2012 6:14:13 AM - Software Distribution Service 3.0

RP2070: 5/20/2012 3:53:26 PM - Software Distribution Service 3.0

RP2071: 5/21/2012 6:31:38 AM - Software Distribution Service 3.0

RP2072: 5/21/2012 5:18:09 PM - Software Distribution Service 3.0

RP2073: 5/22/2012 6:32:24 AM - Software Distribution Service 3.0

RP2074: 5/23/2012 7:16:21 AM - Software Distribution Service 3.0

RP2075: 5/24/2012 7:12:36 AM - Software Distribution Service 3.0

RP2076: 5/25/2012 6:25:10 AM - Software Distribution Service 3.0

RP2077: 5/26/2012 11:20:13 PM - Software Distribution Service 3.0

RP2078: 5/27/2012 7:18:40 AM - Software Distribution Service 3.0

RP2079: 5/28/2012 7:37:53 AM - Software Distribution Service 3.0

RP2080: 5/28/2012 8:09:34 AM - Software Distribution Service 3.0

RP2081: 5/29/2012 7:33:05 AM - Software Distribution Service 3.0

RP2082: 5/29/2012 9:23:05 AM - Software Distribution Service 3.0

RP2083: 5/30/2012 6:55:57 AM - Software Distribution Service 3.0

RP2084: 5/30/2012 10:41:02 AM - Software Distribution Service 3.0

RP2085: 5/31/2012 8:43:55 AM - Software Distribution Service 3.0

RP2086: 6/1/2012 6:58:04 AM - Software Distribution Service 3.0

RP2087: 6/1/2012 7:49:36 PM - Software Distribution Service 3.0

RP2088: 6/2/2012 7:43:46 AM - Software Distribution Service 3.0

RP2089: 6/3/2012 8:51:11 AM - Software Distribution Service 3.0

RP2090: 6/3/2012 9:18:16 AM - Software Distribution Service 3.0

RP2091: 6/4/2012 7:50:51 AM - Software Distribution Service 3.0

.

==== Installed Programs ======================

.

1300

1300_Help

1300Tour

1300Trb

Adobe AIR

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Reader X (10.1.3)

AiO_Scan

AIOMinimal

AiOSoftware

Amazon Kindle

Amazon MP3 Downloader 1.0.5

AnswerWorks 4.0 Runtime - English

AOLIcon

Apple Application Support

Apple Mobile Device Support

Apple Software Update

AudibleManager

avast! Free Antivirus

AVS Update Manager 1.0

AVS Video Converter 6

AVS4YOU Software Navigator 1.3

BDE v5.01

Bonjour

Broadcom Management Programs

Brother MFL-Pro Suite

Conexant HDA D110 MDC V.92 Modem

Copy

Corel Paint Shop Pro X

Coupon Printer for Windows

Creative Audio Pack

Creative MediaSource 5

CreativeProjects

Critical Update for Windows Media Player 11 (KB959772)

Dell Driver Reset Tool

Dell Photo Printer 720

Dell Support 3.2.1

Dell System Restore

Dell Wireless WLAN Card

Digital Content Portal

Digital Line Detect

Digital Photo Navigator 1.5

Director

DocProc

EarthLink Setup Files

Fax

Free PS Convert driver 8.15

Garmin Trip and Waypoint Manager v5

getPlus®_ocx

H&R Block Deluxe + Efile + State 2009

High Definition Audio Driver Package - KB835221

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Format 11 SDK (KB973442)

Hotfix for Windows Media Player 11 (KB939683)

Hotfix for Windows XP (KB2158563)

Hotfix for Windows XP (KB2443685)

Hotfix for Windows XP (KB2570791)

Hotfix for Windows XP (KB2633952)

Hotfix for Windows XP (KB932716-v2)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB970653-v3)

Hotfix for Windows XP (KB976098-v2)

Hotfix for Windows XP (KB979306)

Hotfix for Windows XP (KB981793)

HP Deskjet 1050 J410 series Basic Device Software

HP Deskjet 1050 J410 series Help

HP Deskjet 1050 J410 series Product Improvement Study

HP Image Zone 3.5

HP Photo Creations

HP PSC & OfficeJet 3.5

HP Update

hpmdtab

HPSystemDiagnostics

InstantShare

Intel® Graphics Media Accelerator Driver

iTunes

Jasc Paint Shop Photo Album

Jasc Paint Shop Pro 8 Dell Edition

Java Auto Updater

Java 6 Update 29

Macromedia Shockwave Player

Malwarebytes Anti-Malware version 1.61.0.1400

MediaDirect

Memories Disc Creator 2.0

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2656353)

Microsoft .NET Framework 1.1 Security Update (KB2656370)

Microsoft .NET Framework 1.1 Security Update (KB979906)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Antimalware

Microsoft Application Error Reporting

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Digital Image Library 9 - Blocker

Microsoft Digital Image Standard 2006

Microsoft Digital Image Standard 2006 Editor

Microsoft Digital Image Standard 2006 Library

Microsoft Encarta Encyclopedia Standard 2006

Microsoft Kernel-Mode Driver Framework Feature Pack 1.9

Microsoft Money 2006

Microsoft Office 2003 Web Components

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Accounting 2007

Microsoft Office Accounting ADP Payroll Addin

Microsoft Office Accounting Equifax Addin

Microsoft Office Accounting Fixed Asset Manager

Microsoft Office Accounting PayPal Addin

Microsoft Office Excel MUI (English) 2007

Microsoft Office File Validation Add-In

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Professional 2007

Microsoft Office Professional 2007 Trial

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Small Business Connectivity Components

Microsoft Office Word MUI (English) 2007

Microsoft Security Essentials

Microsoft Silverlight

Microsoft Software Update for Web Folders (English) 12

Microsoft SQL Server 2005

Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)

Microsoft SQL Server Native Client

Microsoft SQL Server Setup Support Files (English)

Microsoft SQL Server VSS Writer

Microsoft Streets & Trips 2006

Microsoft User-Mode Driver Framework Feature Pack 1.9

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft WinUsb 1.0

Microsoft Word 2002

Microsoft Works

Microsoft Works Suite 2006 Setup Launcher

Microsoft Works Suite Add-in for Microsoft Word

Modem Helper

Mozilla Firefox 12.0 (x86 en-US)

Mozilla Maintenance Service

MSXML 4.0 SP2 (KB927978)

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 4.0 SP2 Parser and SDK

MSXML 6 Service Pack 2 (KB954459)

OGA Notifier 2.0.0048.0

OutlookAddinSetup

Overland

Photo Viewer

PhotoGallery

PowerCinema NE for Everio

PowerDirector Express

PowerProducer

PrintScreen

QFolder

QuickProjects

QuickSet

QuickTime

Readme

RealPlayer

Roxio DLA

Roxio MyDVD LE

Roxio RecordNow Audio

Roxio RecordNow Copy

Roxio RecordNow Data

Scan

SearchAssist

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition

Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition

Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition

Security Update for Microsoft Windows (KB2564958)

Security Update for Step By Step Interactive Training (KB898458)

Security Update for Step By Step Interactive Training (KB923723)

Security Update for Windows Internet Explorer 8 (KB2183461)

Security Update for Windows Internet Explorer 8 (KB2360131)

Security Update for Windows Internet Explorer 8 (KB2416400)

Security Update for Windows Internet Explorer 8 (KB2482017)

Security Update for Windows Internet Explorer 8 (KB2497640)

Security Update for Windows Internet Explorer 8 (KB2510531)

Security Update for Windows Internet Explorer 8 (KB2530548)

Security Update for Windows Internet Explorer 8 (KB2544521)

Security Update for Windows Internet Explorer 8 (KB2559049)

Security Update for Windows Internet Explorer 8 (KB2586448)

Security Update for Windows Internet Explorer 8 (KB2618444)

Security Update for Windows Internet Explorer 8 (KB2647516)

Security Update for Windows Internet Explorer 8 (KB2675157)

Security Update for Windows Internet Explorer 8 (KB971961)

Security Update for Windows Internet Explorer 8 (KB981332)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows Media Encoder (KB2447961)

Security Update for Windows Media Encoder (KB954156)

Security Update for Windows Media Encoder (KB979332)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB911564)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB968816)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player 11 (KB936782)

Security Update for Windows Media Player 11 (KB954154)

Security Update for Windows Media Player 6.4 (KB925398)

Security Update for Windows Media Player 9 (KB917734)

Security Update for Windows Media Player 9 (KB936782)

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2121546)

Security Update for Windows XP (KB2160329)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2259922)

Security Update for Windows XP (KB2279986)

Security Update for Windows XP (KB2286198)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2296199)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2412687)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2436673)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476490)

Security Update for Windows XP (KB2476687)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2479628)

Security Update for Windows XP (KB2479943)

Security Update for Windows XP (KB2481109)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2485376)

Security Update for Windows XP (KB2485663)

Security Update for Windows XP (KB2491683)

Security Update for Windows XP (KB2503658)

Security Update for Windows XP (KB2503665)

Security Update for Windows XP (KB2506212)

Security Update for Windows XP (KB2506223)

Security Update for Windows XP (KB2507618)

Security Update for Windows XP (KB2507938)

Security Update for Windows XP (KB2508272)

Security Update for Windows XP (KB2508429)

Security Update for Windows XP (KB2509553)

Security Update for Windows XP (KB2511455)

Security Update for Windows XP (KB2524375)

Security Update for Windows XP (KB2535512)

Security Update for Windows XP (KB2536276-v2)

Security Update for Windows XP (KB2536276)

Security Update for Windows XP (KB2544893-v2)

Security Update for Windows XP (KB2544893)

Security Update for Windows XP (KB2555917)

Security Update for Windows XP (KB2562937)

Security Update for Windows XP (KB2566454)

Security Update for Windows XP (KB2567053)

Security Update for Windows XP (KB2567680)

Security Update for Windows XP (KB2570222)

Security Update for Windows XP (KB2570947)

Security Update for Windows XP (KB2584146)

Security Update for Windows XP (KB2585542)

Security Update for Windows XP (KB2592799)

Security Update for Windows XP (KB2598479)

Security Update for Windows XP (KB2603381)

Security Update for Windows XP (KB2618451)

Security Update for Windows XP (KB2619339)

Security Update for Windows XP (KB2620712)

Security Update for Windows XP (KB2621440)

Security Update for Windows XP (KB2624667)

Security Update for Windows XP (KB2631813)

Security Update for Windows XP (KB2633171)

Security Update for Windows XP (KB2639417)

Security Update for Windows XP (KB2641653)

Security Update for Windows XP (KB2646524)

Security Update for Windows XP (KB2647518)

Security Update for Windows XP (KB2653956)

Security Update for Windows XP (KB2659262)

Security Update for Windows XP (KB2660465)

Security Update for Windows XP (KB2661637)

Security Update for Windows XP (KB2676562)

Security Update for Windows XP (KB2686509)

Security Update for Windows XP (KB2695962)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB923689)

Security Update for Windows XP (KB938464-v2)

Security Update for Windows XP (KB938464)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950759)

Security Update for Windows XP (KB950760)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951376)

Security Update for Windows XP (KB951698)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB953838)

Security Update for Windows XP (KB953839)

Security Update for Windows XP (KB954211)

Security Update for Windows XP (KB954600)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956390)

Security Update for Windows XP (KB956391)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956841)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB957095)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958215)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958690)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960714)

Security Update for Windows XP (KB960715)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961371)

Security Update for Windows XP (KB961373)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB963027)

Security Update for Windows XP (KB968537)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB969897)

Security Update for Windows XP (KB969898)

Security Update for Windows XP (KB969947)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971486)

Security Update for Windows XP (KB971557)

Security Update for Windows XP (KB971633)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB971961)

Security Update for Windows XP (KB972260)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973346)

Security Update for Windows XP (KB973354)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973525)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974455)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB976325)

Security Update for Windows XP (KB977165)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978251)

Security Update for Windows XP (KB978262)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981349)

Security Update for Windows XP (KB981852)

Security Update for Windows XP (KB981957)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982214)

Security Update for Windows XP (KB982381)

Security Update for Windows XP (KB982665)

Security Update for Windows XP (KB982802)

SkinsHP1

SkinsHP2

Sonic Activation Module

Sonic Update Manager

Sound Blaster ADVANCED MB Drivers

Sound Blaster Audigy ADVANCED MB

Sound Blaster Audigy ADVANCED MB Product Registration

Spotify

Spybot - Search & Destroy

Spyware Doctor 8.0

Sure Cuts A Lot 2.012

Sylvan 3rd Grade Reading Success

Synaptics Pointing Device Driver

TrayApp

TurboTax Deluxe 2007

Unload

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2598290) 32-Bit Edition

Update for Windows Internet Explorer 8 (KB976662)

Update for Windows XP (KB2141007)

Update for Windows XP (KB2345886)

Update for Windows XP (KB2467659)

Update for Windows XP (KB2541763)

Update for Windows XP (KB2607712)

Update for Windows XP (KB2616676)

Update for Windows XP (KB2641690)

Update for Windows XP (KB951072-v2)

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB955839)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971029)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

Update for Windows XP (KB976749)

Update for Windows XP (KB978207)

Update for Windows XP (KB980182)

URL Assistant

WebEx

WebFldrs XP

WebIQ Client Software

WebReg

Windows Driver Package - (mr7910) Image 08/08/2006 1.4.0.0

Windows Driver Package - FTDI CDM Driver Package (10/22/2009 2.06.00)

Windows Genuine Advantage Notifications (KB905474)

Windows Genuine Advantage Validation Tool (KB892130)

Windows Installer 3.1 (KB893803)

Windows Internet Explorer 8

Windows Live OneCare safety scanner

Windows Media Encoder 9 Series

Windows Media Format 11 runtime

Windows Media Player 11

Windows Mobile Device Updater Component

Windows XP Service Pack 3

WinRAR archiver

Works Upgrade

Zune

Zune Language Pack (CHS)

Zune Language Pack (CHT)

Zune Language Pack (CSY)

Zune Language Pack (DAN)

Zune Language Pack (DEU)

Zune Language Pack (ELL)

Zune Language Pack (ESP)

Zune Language Pack (FIN)

Zune Language Pack (FRA)

Zune Language Pack (HUN)

Zune Language Pack (IND)

Zune Language Pack (ITA)

Zune Language Pack (JPN)

Zune Language Pack (KOR)

Zune Language Pack (MSL)

Zune Language Pack (NLD)

Zune Language Pack (NOR)

Zune Language Pack (PLK)

Zune Language Pack (PTB)

Zune Language Pack (PTG)

Zune Language Pack (RUS)

Zune Language Pack (SVE)

.

==== Event Viewer Messages From Past Week ========

.

6/4/2012 5:44:51 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.127.1279.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8403.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

6/3/2012 10:11:25 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

6/3/2012 10:10:25 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 APPDRV aswSnx aswSP aswTdi Fips intelppm MpFilter

6/3/2012 10:10:04 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

5/31/2012 2:44:48 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the ZuneBusEnum service.

5/31/2012 12:00:47 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.127.1045.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8403.0 Error code: 0x80240022 Error description: The program can't check for definition updates.

5/31/2012 1:51:47 PM, error: PlugPlayManager [11] - The device Root\LEGACY_MPKSL99332221\0000 disappeared from the system without first being prepared for removal.

5/30/2012 8:41:00 PM, error: Service Control Manager [7034] - The Zune Bus Enumerator service terminated unexpectedly. It has done this 3 time(s).

5/30/2012 8:40:52 PM, error: Service Control Manager [7031] - The Zune Bus Enumerator service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

5/30/2012 2:45:18 PM, error: Service Control Manager [7031] - The Zune Bus Enumerator service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

5/30/2012 10:13:33 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the ShellHWDetection service.

5/29/2012 7:41:24 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Office XP (KB2509461).

.

==== End Of File ===========================

gringo_pr · June 6, 2012

Hello and Welcome!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

Please do not run any tools unless instructed to do so.
- We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
[*]Please do not attach logs or use code boxes, just copy and paste the text.
- Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
[*]Please read every post completely before doing anything.
- Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
[*]Please provide feedback about your experience as we go.
- A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.

NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

Download Security Check by screen317 from

here.

Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.

Link 1
Link 2
Link 3

1. Close any open browsers or any other programs that are open.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

In your next post I need the following
Log from Combofix
let me know of any problems you may have had
How is the computer doing now?

Gringo

hippiechic744 · June 7, 2012

Hi there, thank you for your help. )

Here are the requested logs:

checkup:

Results of screen317's Security Check version 0.99.41

Windows XP Service Pack 3 x86

Internet Explorer 8

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

avast! Antivirus

Microsoft Security Essentials

Antivirus up to date!

`````````Anti-malware/Other Utilities Check:`````````

Spyware Doctor 8.0

Spybot - Search & Destroy

Malwarebytes Anti-Malware version 1.61.0.1400

Java 6 Update 29

Java version out of date!

Adobe Flash Player 10 Flash Player out of date!

Adobe Flash Player 10.3.183.11 Flash Player out of Date!

Adobe Reader X (10.1.3)

Mozilla Firefox (12.0)

````````Process Check: objlist.exe by Laurent````````

Windows Defender MSMpEng.exe

AVAST Software Avast AvastSvc.exe

AVAST Software Avast avastUI.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C:: 13% Defragment your hard drive soon!

````````````````````End of Log``````````````````````

Combofix log:

ComboFix 12-06-05.04 - Kristy 06/06/2012 9:04:49.5.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.468 [GMT -5:00]

Running from: D:\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\DOCUME~1\Kristy\LOCALS~1\Temp\clclean.0001.dir.0001\~df394b.tmp

C:\Documents and Settings\All Users\Application Data\TEMP

C:\Documents and Settings\Kristy\Local Settings\temp\clclean.0001.dir.0001\~df394b.tmp

C:\WINDOWS\EventSystem.log

((((((((((((((((((((((((( Files Created from 2012-05-06 to 2012-06-06 )))))))))))))))))))))))))))))))

2012-06-06 13:37:21 . 2012-06-06 13:37:21 56200 ----a-w- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{78505797-F2C0-4145-B62F-4E416FF994C3}\offreg.dll

2012-06-04 12:41:47 . 2012-06-04 12:41:47 29904 ----a-w- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{78505797-F2C0-4145-B62F-4E416FF994C3}\MpKsle5778334.sys

2012-06-04 02:51:09 . 2012-06-04 02:51:14 -------- d-----w- C:\Program Files\Mozilla Maintenance Service

2012-06-03 14:19:21 . 2012-05-08 16:40:12 6737808 ----a-w- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{78505797-F2C0-4145-B62F-4E416FF994C3}\mpengine.dll

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2012-05-08 16:40:12 . 2010-07-21 14:11:32 6737808 ----a-w- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-04-11 13:14:41 . 2004-08-11 23:00:25 2148352 ----a-w- C:\WINDOWS\system32\ntoskrnl.exe

2012-04-11 13:12:06 . 2004-08-11 23:00:37 1862272 ----a-w- C:\WINDOWS\system32\win32k.sys

2012-04-11 12:35:51 . 2004-08-04 04:59:00 2026496 ----a-w- C:\WINDOWS\system32\ntkrnlpa.exe

2012-04-04 20:56:40 . 2009-04-13 23:43:54 22344 ----a-w- C:\WINDOWS\system32\drivers\mbam.sys

2012-06-04 02:49:58 . 2012-06-04 02:49:58 97208 ----a-w- C:\Program Files\mozilla firefox\components\browsercomps.dll

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2011-11-28 18:01:17 122512 ----a-w- C:\Program Files\AVAST Software\Avast\ashShell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SetDefaultMIDI"="MIDIDef.exe" [2004-12-22 10:40:02 24576]

"DellSupport"="C:\Program Files\Dell Support\DSAgnt.exe" [2006-08-29 03:57:12 395776]

"Spotify Web Helper"="C:\Documents and Settings\Kristy\Application Data\Spotify\Data\SpotifyWebHelper.exe" [2012-05-21 11:56:33 932528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 17:48:02 761947]

"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [2006-11-22 23:35:50 1392640]

"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 22:30:44 282624]

"CTSysVol"="C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-10-31 16:51:52 57344]

"MBMon"="CTMBHA.DLL" [2006-06-29 05:12:00 1355042]

"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 07:00:00 90112]

"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-11 09:40:34 86960]

"PCMService"="C:\Program Files\Dell\MediaDirect\PCMService.exe" [2007-05-02 23:16:54 184320]

"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-03-02 21:55:11 185896]

"EverioService"="C:\Program Files\CyberLink\PCM4Everio\EverioService.exe" [2007-11-01 23:13:26 151552]

"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 14:38:42 241664]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2009-11-11 05:08:18 417792]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2009-11-12 22:33:10 141600]

"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2007-03-31 02:00:02 138008]

"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2007-03-31 02:00:16 162584]

"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2007-03-31 01:59:36 138008]

"avast"="C:\Program Files\AVAST Software\Avast\avastUI.exe" [2011-11-28 18:01:24 3744552]

"SetDefPrt"="C:\Program Files\Brother\Brmfl04h\BrStDvPt.exe" [2004-11-11 22:14:38 49152]

"Zune Launcher"="c:\Program Files\Zune\ZuneLauncher.exe" [2011-08-05 17:29:56 159456]

"Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 07:37:53 843712]

"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2010-06-10 02:55:54 49208]

"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 19:06:06 254696]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2011-07-27 11:13:08 434080]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\

Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2007-1-25 24576]

HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2003-9-16 237568]

Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"C:\\Program Files\\Dell\\MediaDirect\\PCMService.exe"=

"C:\\Program Files\\CyberLink\\PCM4Everio\\PCM4Everio.exe"=

"C:\\Program Files\\CyberLink\\PCM4Everio\\EverioService.exe"=

"C:\\Program Files\\CyberLink\\PowerDirector Express\\PDX.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\WINDOWS\\system32\\ftp.exe"=

"C:\\Program Files\\iTunes\\iTunes.exe"=

"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"C:\\WINDOWS\\system32\\sessmgr.exe"=

"C:\\WINDOWS\\system32\\LEXPPS.EXE"=

"C:\\Documents and Settings\\Kristy\\Application Data\\Spotify\\spotify.exe"=

R0 PCTCore;PCTools KDS;C:\WINDOWS\system32\drivers\PCTCore.sys [1/26/2011 8:10:25 PM 239168]

R0 pctDS;PC Tools Data Store;C:\WINDOWS\system32\drivers\pctDS.sys [1/26/2011 8:10:38 PM 338880]

R0 pctEFA;PC Tools Extended File Attributes;C:\WINDOWS\system32\drivers\pctEFA.sys [1/26/2011 8:10:38 PM 656320]

R1 aswSnx;aswSnx;C:\WINDOWS\system32\drivers\aswSnx.sys [3/1/2011 10:10:36 PM 435032]

R1 aswSP;aswSP;C:\WINDOWS\system32\drivers\aswSP.sys [3/1/2011 10:10:44 PM 314456]

R1 MpKsle5778334;MpKsle5778334;C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{78505797-F2C0-4145-B62F-4E416FF994C3}\MpKsle5778334.sys [6/4/2012 7:41:47 AM 29904]

R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\drivers\aswFsBlk.sys [3/1/2011 10:10:45 PM 20568]

S1 gtmynuyg;gtmynuyg;\??\C:\WINDOWS\system32\drivers\gtmynuyg.sys --> C:\WINDOWS\system32\drivers\gtmynuyg.sys [?]

S1 iawsnhxh;iawsnhxh;\??\C:\WINDOWS\system32\drivers\iawsnhxh.sys --> C:\WINDOWS\system32\drivers\iawsnhxh.sys [?]

S1 nlshreox;nlshreox;\??\C:\WINDOWS\system32\drivers\nlshreox.sys --> C:\WINDOWS\system32\drivers\nlshreox.sys [?]

S1 wsbqjhiq;wsbqjhiq;\??\C:\WINDOWS\system32\drivers\wsbqjhiq.sys --> C:\WINDOWS\system32\drivers\wsbqjhiq.sys [?]

S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [6/3/2012 9:51:09 PM 129976]

S3 sdAuxService;PC Tools Auxiliary Service;C:\Program Files\PC Tools Security\pctsAuxs.exe [1/26/2011 8:10:04 PM 366840]

S3 WMZuneComm;Zune Windows Mobile Connectivity Service;C:\Program Files\Zune\WMZuneComm.exe [8/5/2011 12:30:02 PM 268512]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - MPKSLE5778334

Contents of the 'Scheduled Tasks' folder

2012-06-03 C:\WINDOWS\Tasks\At1.job

- C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\HPCustPartic.exe [2010-11-17 03:12:22 . 2010-11-17 03:12:22]

2012-06-04 C:\WINDOWS\Tasks\At2.job

- C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\HPCustPartic.exe [2010-11-17 03:12:22 . 2010-11-17 03:12:22]

2012-06-03 C:\WINDOWS\Tasks\At3.job

- C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\HPCustPartic.exe [2010-11-17 03:12:22 . 2010-11-17 03:12:22]

2012-06-02 C:\WINDOWS\Tasks\At4.job

- C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\HPCustPartic.exe [2010-11-17 03:12:22 . 2010-11-17 03:12:22]

2012-06-04 C:\WINDOWS\Tasks\MP Scheduled Scan.job

- c:\Program Files\Microsoft Security Essentials\MpCmdRun.exe [2010-03-26 02:40:42 . 2010-03-26 02:40:42]

------- Supplementary Scan -------

uStart Page = hxxp://www.amazon.com/

uInternet Settings,ProxyOverride = <local>

IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000

LSP: C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll

Trusted Zone: turbotax.com

FF - ProfilePath - C:\Documents and Settings\Kristy\Application Data\Mozilla\Firefox\Profiles\5akt67y1.default\

FF - prefs.js: browser.startup.homepage - hxxp://slickdeals.net/

FF - user.js: general.useragent.extra.brc -

- - - - ORPHANS REMOVED - - - -

ShellExecuteHooks-{4F07DA45-8170-4859-9B5F-037EF2970034} - (no file)

gringo_pr · June 7, 2012

Greetings

I would like to know if you are still getting redirected and if so I want to know which browsers are redirecting - please verify all that are installed

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.

Download TDSSKiller and save it to your Desktop.
doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
If an infected file is detected, the default action will be Cure, click on Continue.
If a suspicious file is detected, the default action will be Skip, click on Continue.
It may ask you to reboot the computer to complete the process. Click on Reboot Now.
If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.

Double click the aswMBR.exe icon to run it
it will ask to download extra definitions - ALLOW IT
Click the Scan button to start the scan
On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo

hippiechic744 · June 8, 2012

I haven't been using that laptop because I thought it was infected, but Firefox and IE are installed.

TDSSKiller log:

07:34:48.0484 3536 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16

07:34:48.0640 3536 ============================================================

07:34:48.0640 3536 Current date / time: 2012/06/07 07:34:48.0640

07:34:48.0640 3536 SystemInfo:

07:34:48.0640 3536

07:34:48.0640 3536 OS Version: 5.1.2600 ServicePack: 3.0

07:34:48.0640 3536 Product type: Workstation

07:34:48.0640 3536 ComputerName: D965GFC1

07:34:48.0640 3536 UserName: Kristy

07:34:48.0640 3536 Windows directory: C:\WINDOWS

07:34:48.0640 3536 System windows directory: C:\WINDOWS

07:34:48.0640 3536 Processor architecture: Intel x86

07:34:48.0640 3536 Number of processors: 2

07:34:48.0640 3536 Page size: 0x1000

07:34:48.0640 3536 Boot type: Normal boot

07:34:48.0640 3536 ============================================================

07:34:53.0484 3536 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054

07:34:53.0484 3536 ============================================================

07:34:53.0484 3536 \Device\Harddisk0\DR0:

07:34:53.0484 3536 MBR partitions:

07:34:53.0484 3536 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x17886, BlocksNum 0x11E8F510

07:34:53.0515 3536 ============================================================

07:34:53.0578 3536 C: <-> \Device\Harddisk0\DR0\Partition0

07:34:53.0578 3536 ============================================================

07:34:53.0578 3536 Initialize success

07:34:53.0578 3536 ============================================================

07:34:57.0359 2440 ============================================================

07:34:57.0359 2440 Scan started

07:34:57.0359 2440 Mode: Manual;

07:34:57.0359 2440 ============================================================

07:34:59.0921 2440 Aavmker4 (b6de0336f9f4b687b4ff57939f7b657a) C:\WINDOWS\system32\drivers\Aavmker4.sys

07:34:59.0921 2440 Aavmker4 - ok

07:34:59.0937 2440 Abiosdsk - ok

07:35:00.0000 2440 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS

07:35:00.0000 2440 abp480n5 - ok

07:35:00.0359 2440 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

07:35:00.0375 2440 ACPI - ok

07:35:00.0484 2440 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

07:35:00.0500 2440 ACPIEC - ok

07:35:00.0578 2440 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys

07:35:00.0578 2440 adpu160m - ok

07:35:00.0750 2440 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

07:35:00.0765 2440 aec - ok

07:35:00.0828 2440 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys

07:35:00.0828 2440 AFD - ok

07:35:00.0968 2440 AFS2K (0ebb674888cbdefd5773341c16dd6a07) C:\WINDOWS\system32\drivers\AFS2K.sys

07:35:00.0968 2440 AFS2K - ok

07:35:01.0125 2440 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys

07:35:01.0125 2440 agp440 - ok

07:35:01.0187 2440 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys

07:35:01.0187 2440 agpCPQ - ok

07:35:01.0281 2440 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys

07:35:01.0312 2440 Aha154x - ok

07:35:01.0359 2440 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys

07:35:01.0359 2440 aic78u2 - ok

07:35:01.0421 2440 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys

07:35:01.0437 2440 aic78xx - ok

07:35:01.0531 2440 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll

07:35:01.0562 2440 Alerter - ok

07:35:01.0625 2440 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe

07:35:01.0640 2440 ALG - ok

07:35:01.0703 2440 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys

07:35:01.0703 2440 AliIde - ok

07:35:01.0734 2440 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys

07:35:01.0734 2440 alim1541 - ok

07:35:01.0765 2440 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys

07:35:01.0765 2440 amdagp - ok

07:35:01.0796 2440 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys

07:35:01.0812 2440 amsint - ok

07:35:01.0906 2440 APPDRV (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS

07:35:01.0937 2440 APPDRV - ok

07:35:02.0250 2440 Apple Mobile Device (4b5ae15e5c73eb4dc8dbec2788230d41) C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

07:35:02.0250 2440 Apple Mobile Device - ok

07:35:02.0421 2440 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll

07:35:02.0484 2440 AppMgmt - ok

07:35:02.0734 2440 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

07:35:02.0765 2440 Arp1394 - ok

07:35:02.0812 2440 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys

07:35:02.0828 2440 asc - ok

07:35:02.0875 2440 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys

07:35:02.0890 2440 asc3350p - ok

07:35:02.0984 2440 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys

07:35:03.0000 2440 asc3550 - ok

07:35:03.0187 2440 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

07:35:03.0359 2440 aspnet_state - ok

07:35:03.0421 2440 aswFsBlk (054df24c92b55427e0757cfff160e4f2) C:\WINDOWS\system32\drivers\aswFsBlk.sys

07:35:03.0421 2440 aswFsBlk - ok

07:35:03.0453 2440 aswMon2 (ef0e9ad83380724bd6fbbb51d2d0f5b8) C:\WINDOWS\system32\drivers\aswMon2.sys

07:35:03.0468 2440 aswMon2 - ok

07:35:03.0515 2440 aswRdr (352d5a48ebab35a7693b048679304831) C:\WINDOWS\system32\drivers\aswRdr.sys

07:35:03.0515 2440 aswRdr - ok

07:35:03.0671 2440 aswSnx (8d34d2b24297e27d93e847319abfdec4) C:\WINDOWS\system32\drivers\aswSnx.sys

07:35:03.0687 2440 aswSnx - ok

07:35:03.0750 2440 aswSP (010012597333da1f46c3243f33f8409e) C:\WINDOWS\system32\drivers\aswSP.sys

07:35:03.0765 2440 aswSP - ok

07:35:03.0812 2440 aswTdi (f9f84364416658e9786235904d448d37) C:\WINDOWS\system32\drivers\aswTdi.sys

07:35:03.0812 2440 aswTdi - ok

07:35:03.0859 2440 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

07:35:03.0859 2440 AsyncMac - ok

07:35:03.0890 2440 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

07:35:03.0890 2440 atapi - ok

07:35:03.0921 2440 Atdisk - ok

07:35:03.0953 2440 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

07:35:03.0953 2440 Atmarpc - ok

07:35:04.0031 2440 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll

07:35:04.0031 2440 AudioSrv - ok

07:35:04.0093 2440 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

07:35:04.0093 2440 audstub - ok

07:35:04.0296 2440 avast! Antivirus (996e6d052438e8d8dfd501f31560b2e0) C:\Program Files\AVAST Software\Avast\AvastSvc.exe

07:35:04.0312 2440 avast! Antivirus - ok

07:35:04.0406 2440 BCM43XX (b89bcf0a25aeb3b47030ac83287f894a) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys

07:35:04.0437 2440 BCM43XX - ok

07:35:04.0468 2440 bcm4sbxp (6489310d11971f6ba6c7f49be0baf6e0) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys

07:35:04.0484 2440 bcm4sbxp - ok

07:35:04.0546 2440 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

07:35:04.0562 2440 Beep - ok

07:35:04.0687 2440 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll

07:35:05.0703 2440 BITS - ok

07:35:06.0703 2440 Bonjour Service (3f56903e124e820aeece6d471583c6c1) C:\Program Files\Bonjour\mDNSResponder.exe

07:35:06.0718 2440 Bonjour Service - ok

07:35:06.0781 2440 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll

07:35:06.0796 2440 Browser - ok

07:35:07.0062 2440 catchme - ok

07:35:07.0156 2440 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys

07:35:07.0171 2440 cbidf - ok

07:35:07.0171 2440 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

07:35:07.0187 2440 cbidf2k - ok

07:35:07.0265 2440 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys

07:35:07.0281 2440 cd20xrnt - ok

07:35:07.0343 2440 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

07:35:07.0343 2440 Cdaudio - ok

07:35:07.0437 2440 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

07:35:07.0437 2440 Cdfs - ok

07:35:07.0578 2440 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys

07:35:07.0593 2440 Cdrom - ok

07:35:07.0609 2440 Changer - ok

07:35:07.0718 2440 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe

07:35:07.0750 2440 CiSvc - ok

07:35:07.0765 2440 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe

07:35:07.0812 2440 ClipSrv - ok

07:35:08.0203 2440 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

07:35:08.0640 2440 clr_optimization_v2.0.50727_32 - ok

07:35:08.0750 2440 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys

07:35:08.0765 2440 CmBatt - ok

07:35:08.0859 2440 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys

07:35:08.0875 2440 CmdIde - ok

07:35:08.0937 2440 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys

07:35:08.0953 2440 Compbatt - ok

07:35:08.0953 2440 COMSysApp - ok

07:35:09.0046 2440 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys

07:35:09.0062 2440 Cpqarray - ok

07:35:09.0296 2440 Creative Labs Licensing Service (7db5e3f44d797bd38b8e336ccc2e49d5) C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe

07:35:09.0328 2440 Creative Labs Licensing Service - ok

07:35:09.0468 2440 Creative Service for CDROM Access (3c8b6609712f4ff78e521f6dcfc4032b) C:\WINDOWS\system32\CTsvcCDA.exe

07:35:09.0484 2440 Creative Service for CDROM Access - ok

07:35:09.0796 2440 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll

07:35:09.0812 2440 CryptSvc - ok

07:35:09.0953 2440 ctsfm2k (8db84de3aab34a8b4c2f644eff41cd76) C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys

07:35:09.0968 2440 ctsfm2k - ok

07:35:10.0171 2440 CTUSFSYN (4ee8822adb764edd28ce44e808097995) C:\WINDOWS\system32\drivers\ctusfsyn.sys

07:35:10.0203 2440 CTUSFSYN - ok

07:35:10.0484 2440 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys

07:35:10.0531 2440 dac2w2k - ok

07:35:10.0593 2440 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys

07:35:10.0609 2440 dac960nt - ok

07:35:11.0000 2440 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll

07:35:11.0125 2440 DcomLaunch - ok

07:35:11.0281 2440 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll

07:35:11.0312 2440 Dhcp - ok

07:35:11.0421 2440 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

07:35:11.0484 2440 Disk - ok

07:35:11.0625 2440 DLABOIOM (e2d0de31442390c35e3163c87cb6a9eb) C:\WINDOWS\system32\DLA\DLABOIOM.SYS

07:35:11.0640 2440 DLABOIOM - ok

07:35:11.0843 2440 DLACDBHM (d979bebcf7edcc9c9ee1857d1a68c67b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS

07:35:11.0843 2440 DLACDBHM - ok

07:35:11.0875 2440 DLADResN (83545593e297f50a8e2524b4c071a153) C:\WINDOWS\system32\DLA\DLADResN.SYS

07:35:11.0890 2440 DLADResN - ok

07:35:11.0984 2440 DLAIFS_M (96e01d901cdc98c7817155cc057001bf) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS

07:35:12.0015 2440 DLAIFS_M - ok

07:35:12.0062 2440 DLAOPIOM (0a60a39cc5e767980a31ca5d7238dfa9) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS

07:35:12.0062 2440 DLAOPIOM - ok

07:35:12.0078 2440 DLAPoolM (9fe2b72558fc808357f427fd83314375) C:\WINDOWS\system32\DLA\DLAPoolM.SYS

07:35:12.0078 2440 DLAPoolM - ok

07:35:12.0125 2440 DLARTL_N (7ee0852ae8907689df25049dcd2342e8) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS

07:35:12.0140 2440 DLARTL_N - ok

07:35:12.0328 2440 DLAUDFAM (f08e1dafac457893399e03430a6a1397) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS

07:35:12.0375 2440 DLAUDFAM - ok

07:35:12.0453 2440 DLAUDF_M (e7d105ed1e694449d444a9933df8e060) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS

07:35:12.0500 2440 DLAUDF_M - ok

07:35:12.0515 2440 dmadmin - ok

07:35:13.0281 2440 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

07:35:13.0437 2440 dmboot - ok

07:35:13.0578 2440 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

07:35:13.0609 2440 dmio - ok

07:35:13.0703 2440 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

07:35:13.0718 2440 dmload - ok

07:35:13.0781 2440 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll

07:35:13.0812 2440 dmserver - ok

07:35:13.0859 2440 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

07:35:13.0875 2440 DMusic - ok

07:35:13.0968 2440 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll

07:35:13.0968 2440 Dnscache - ok

07:35:14.0265 2440 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll

07:35:14.0296 2440 Dot3svc - ok

07:35:14.0640 2440 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys

07:35:14.0640 2440 dpti2o - ok

07:35:14.0734 2440 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

07:35:14.0750 2440 drmkaud - ok

07:35:14.0906 2440 DRVMCDB (fd0f95981fef9073659d8ec58e40aa3c) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS

07:35:14.0921 2440 DRVMCDB - ok

07:35:15.0000 2440 DRVNDDM (b4869d320428cdc5ec4d7f5e808e99b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS

07:35:15.0015 2440 DRVNDDM - ok

07:35:15.0234 2440 DSproct (2ac2372ffad9adc85672cc8e8ae14be9) C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys

07:35:15.0265 2440 DSproct - ok

07:35:15.0453 2440 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys

07:35:15.0468 2440 E100B - ok

07:35:15.0546 2440 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll

07:35:15.0562 2440 EapHost - ok

07:35:15.0640 2440 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll

07:35:15.0656 2440 ERSvc - ok

07:35:15.0796 2440 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe

07:35:15.0859 2440 Eventlog - ok

07:35:16.0109 2440 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll

07:35:16.0156 2440 EventSystem - ok

07:35:16.0406 2440 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

07:35:16.0468 2440 Fastfat - ok

07:35:16.0703 2440 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll

07:35:16.0734 2440 FastUserSwitchingCompatibility - ok

07:35:17.0000 2440 Fax (e97d6a8684466df94ff3bc24fb787a07) C:\WINDOWS\system32\fxssvc.exe

07:35:17.0078 2440 Fax - ok

07:35:17.0203 2440 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

07:35:17.0218 2440 Fdc - ok

07:35:17.0328 2440 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

07:35:17.0375 2440 Fips - ok

07:35:17.0421 2440 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

07:35:17.0421 2440 Flpydisk - ok

07:35:17.0734 2440 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

07:35:17.0750 2440 FltMgr - ok

07:35:18.0125 2440 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

07:35:18.0140 2440 FontCache3.0.0.0 - ok

07:35:18.0234 2440 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

07:35:18.0234 2440 Fs_Rec - ok

07:35:18.0375 2440 FTDIBUS (b7aa8283ec551d3a3b924e520e0621a7) C:\WINDOWS\system32\drivers\ftdibus.sys

07:35:18.0390 2440 FTDIBUS - ok

07:35:18.0562 2440 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

07:35:18.0578 2440 Ftdisk - ok

07:35:18.0781 2440 FTSER2K (596d31583ce332b5514520d74837f434) C:\WINDOWS\system32\drivers\ftser2k.sys

07:35:18.0812 2440 FTSER2K - ok

07:35:18.0906 2440 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

07:35:18.0953 2440 GEARAspiWDM - ok

07:35:19.0015 2440 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

07:35:19.0031 2440 Gpc - ok

07:35:19.0140 2440 grmnusb (d956358054e99e6ffac69cd87e893a89) C:\WINDOWS\system32\drivers\grmnusb.sys

07:35:19.0171 2440 grmnusb - ok

07:35:19.0187 2440 gtmynuyg - ok

07:35:19.0375 2440 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

07:35:19.0406 2440 HDAudBus - ok

07:35:19.0593 2440 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll

07:35:19.0609 2440 helpsvc - ok

07:35:19.0625 2440 HidServ - ok

07:35:19.0812 2440 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll

07:35:19.0843 2440 hkmsvc - ok

07:35:19.0937 2440 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys

07:35:19.0937 2440 hpn - ok

07:35:20.0015 2440 HPZid412 (287a63bd8509bd78e7978823b38afa81) C:\WINDOWS\system32\DRIVERS\HPZid412.sys

07:35:20.0109 2440 HPZid412 - ok

07:35:20.0140 2440 HPZipr12 (0b4fda2657c3e0315eaa57f9c6d4fd1f) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys

07:35:20.0156 2440 HPZipr12 - ok

07:35:20.0265 2440 HPZius12 (29559db25258b60510a60c4e470fce32) C:\WINDOWS\system32\DRIVERS\HPZius12.sys

07:35:20.0312 2440 HPZius12 - ok

07:35:21.0250 2440 HSF_DPV (e8ec1767ea315a39a0dd8989952ca0e9) C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys

07:35:21.0390 2440 HSF_DPV - ok

07:35:21.0859 2440 HSXHWAZL (61478fa42ee04562e7f11f4dca87e9c8) C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys

07:35:21.0906 2440 HSXHWAZL - ok

07:35:22.0234 2440 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

07:35:22.0281 2440 HTTP - ok

07:35:22.0343 2440 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll

07:35:22.0375 2440 HTTPFilter - ok

07:35:22.0437 2440 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys

07:35:22.0453 2440 i2omgmt - ok

07:35:22.0484 2440 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys

07:35:22.0500 2440 i2omp - ok

07:35:22.0562 2440 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

07:35:22.0578 2440 i8042prt - ok

07:35:29.0015 2440 ialm (e8c7cc369c2fb657e0792af70df529e6) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys

07:35:30.0500 2440 ialm - ok

07:35:32.0234 2440 iawsnhxh - ok

07:35:32.0609 2440 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

07:35:32.0625 2440 IDriverT - ok

07:35:33.0515 2440 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

07:35:33.0765 2440 idsvc - ok

07:35:33.0890 2440 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

07:35:33.0906 2440 Imapi - ok

07:35:34.0078 2440 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe

07:35:34.0125 2440 ImapiService - ok

07:35:34.0218 2440 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys

07:35:34.0234 2440 ini910u - ok

07:35:34.0375 2440 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys

07:35:34.0390 2440 IntelIde - ok

07:35:34.0468 2440 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

07:35:34.0484 2440 intelppm - ok

07:35:34.0546 2440 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

07:35:34.0562 2440 Ip6Fw - ok

07:35:34.0656 2440 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

07:35:34.0671 2440 IpFilterDriver - ok

07:35:34.0718 2440 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

07:35:34.0718 2440 IpInIp - ok

07:35:34.0890 2440 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

07:35:34.0921 2440 IpNat - ok

07:35:35.0734 2440 iPod Service (7a3611564fce7c8be50b03f58cb3eb7d) C:\Program Files\iPod\bin\iPodService.exe

07:35:35.0859 2440 iPod Service - ok

07:35:35.0968 2440 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

07:35:35.0984 2440 IPSec - ok

07:35:36.0015 2440 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

07:35:36.0031 2440 IRENUM - ok

07:35:36.0156 2440 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

07:35:36.0156 2440 isapnp - ok

07:35:36.0515 2440 JavaQuickStarterService (381b25dc8e958d905b33130d500bbf29) C:\Program Files\Java\jre6\bin\jqs.exe

07:35:36.0515 2440 JavaQuickStarterService - ok

07:35:36.0625 2440 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\KBDCLASS.SYS

07:35:36.0640 2440 Kbdclass - ok

07:35:36.0828 2440 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

07:35:36.0906 2440 kmixer - ok

07:35:37.0078 2440 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

07:35:37.0109 2440 KSecDD - ok

07:35:37.0250 2440 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll

07:35:37.0265 2440 lanmanserver - ok

07:35:37.0546 2440 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll

07:35:37.0609 2440 lanmanworkstation - ok

07:35:37.0625 2440 lbrtfdc - ok

07:35:38.0203 2440 LexBceS (e19c8550b4c6c67fabffd998eacf440a) C:\WINDOWS\system32\LEXBCES.EXE

07:35:38.0281 2440 LexBceS - ok

07:35:38.0375 2440 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll

07:35:38.0390 2440 LmHosts - ok

07:35:38.0453 2440 mdmxsdk (e246a32c445056996074a397da56e815) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys

07:35:38.0484 2440 mdmxsdk - ok

07:35:38.0546 2440 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll

07:35:38.0562 2440 Messenger - ok

07:35:38.0656 2440 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

07:35:38.0671 2440 mnmdd - ok

07:35:38.0796 2440 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe

07:35:38.0828 2440 mnmsrvc - ok

07:35:38.0937 2440 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

07:35:38.0937 2440 Modem - ok

07:35:40.0296 2440 monfilt (9fa7207d1b1adead88ae8eed9cdbbaa5) C:\WINDOWS\system32\drivers\monfilt.sys

07:35:40.0609 2440 monfilt - ok

07:35:41.0671 2440 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

07:35:41.0687 2440 Mouclass - ok

07:35:41.0765 2440 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

07:35:41.0781 2440 MountMgr - ok

07:35:42.0203 2440 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

07:35:42.0234 2440 MozillaMaintenance - ok

07:35:42.0500 2440 MpFilter (c98301ad8173a2235a9ab828955c32bb) C:\WINDOWS\system32\DRIVERS\MpFilter.sys

07:35:42.0531 2440 MpFilter - ok

07:35:42.0796 2440 MpKsle5778334 - ok

07:35:42.0953 2440 mr7910 (6aa46f9896d3c9e5a00e01bb416c707b) C:\WINDOWS\system32\DRIVERS\mr7910.sys

07:35:42.0984 2440 mr7910 - ok

07:35:43.0093 2440 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys

07:35:43.0109 2440 mraid35x - ok

07:35:43.0421 2440 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

07:35:43.0453 2440 MRxDAV - ok

07:35:43.0875 2440 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

07:35:43.0984 2440 MRxSmb - ok

07:35:44.0046 2440 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe

07:35:44.0078 2440 MSDTC - ok

07:35:44.0171 2440 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

07:35:44.0171 2440 Msfs - ok

07:35:44.0187 2440 MSIServer - ok

07:35:44.0250 2440 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

07:35:44.0265 2440 MSKSSRV - ok

07:35:44.0375 2440 MsMpSvc (578c809bf745608646ea338a9ac48158) c:\Program Files\Microsoft Security Essentials\MsMpEng.exe

07:35:44.0390 2440 MsMpSvc - ok

07:35:44.0421 2440 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

07:35:44.0421 2440 MSPCLOCK - ok

07:35:44.0562 2440 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

07:35:44.0578 2440 MSPQM - ok

07:35:44.0687 2440 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

07:35:44.0703 2440 mssmbios - ok

07:35:44.0890 2440 MSSQL$MSSMLBIZ - ok

07:35:45.0046 2440 MSSQLServerADHelper (1d89eb4e2a99cabd4e81225f4f4c4b25) c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe

07:35:45.0062 2440 MSSQLServerADHelper - ok

07:35:45.0265 2440 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

07:35:45.0265 2440 Mup - ok

07:35:45.0734 2440 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll

07:35:45.0828 2440 napagent - ok

07:35:46.0203 2440 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

07:35:46.0265 2440 NDIS - ok

07:35:46.0328 2440 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

07:35:46.0343 2440 NdisTapi - ok

07:35:46.0421 2440 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

07:35:46.0437 2440 Ndisuio - ok

07:35:46.0562 2440 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

07:35:46.0593 2440 NdisWan - ok

07:35:46.0718 2440 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

07:35:46.0718 2440 NDProxy - ok

07:35:46.0781 2440 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

07:35:46.0781 2440 NetBIOS - ok

07:35:46.0921 2440 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

07:35:46.0921 2440 NetBT - ok

07:35:47.0328 2440 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe

07:35:47.0343 2440 NetDDE - ok

07:35:47.0343 2440 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe

07:35:47.0359 2440 NetDDEdsdm - ok

07:35:47.0421 2440 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

07:35:47.0421 2440 Netlogon - ok

07:35:47.0796 2440 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll

07:35:47.0828 2440 Netman - ok

07:35:48.0843 2440 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

07:35:48.0953 2440 NetTcpPortSharing - ok

07:35:49.0140 2440 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

07:35:49.0187 2440 NIC1394 - ok

07:35:49.0593 2440 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll

07:35:49.0687 2440 Nla - ok

07:35:49.0687 2440 nlshreox - ok

07:35:50.0015 2440 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

07:35:50.0031 2440 Npfs - ok

07:35:51.0093 2440 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

07:35:51.0328 2440 Ntfs - ok

07:35:51.0390 2440 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

07:35:51.0390 2440 NtLmSsp - ok

07:35:51.0890 2440 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll

07:35:52.0031 2440 NtmsSvc - ok

07:35:52.0109 2440 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

07:35:52.0125 2440 Null - ok

07:35:54.0125 2440 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

07:35:54.0468 2440 nv - ok

07:35:55.0687 2440 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

07:35:55.0687 2440 NwlnkFlt - ok

07:35:55.0734 2440 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

07:35:55.0750 2440 NwlnkFwd - ok

07:35:56.0625 2440 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

07:35:56.0937 2440 odserv - ok

07:35:57.0046 2440 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

07:35:57.0062 2440 ohci1394 - ok

07:35:57.0312 2440 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

07:35:57.0390 2440 ose - ok

07:35:57.0625 2440 ossrv (103a9b117a7d9903111955cdafe65ac6) C:\WINDOWS\system32\DRIVERS\ctoss2k.sys

07:35:57.0656 2440 ossrv - ok

07:35:57.0765 2440 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

07:35:57.0781 2440 Parport - ok

07:35:57.0812 2440 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

07:35:57.0828 2440 PartMgr - ok

07:35:57.0890 2440 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

07:35:57.0890 2440 ParVdm - ok

07:35:57.0984 2440 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

07:35:58.0000 2440 PCI - ok

07:35:58.0000 2440 PCIDump - ok

07:35:58.0078 2440 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

07:35:58.0078 2440 PCIIde - ok

07:35:58.0265 2440 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

07:35:58.0312 2440 Pcmcia - ok

07:35:58.0656 2440 PCTCore (6ef125721a9f1f7dbf3229786f7decd0) C:\WINDOWS\system32\drivers\PCTCore.sys

07:35:58.0687 2440 PCTCore - ok

07:35:59.0062 2440 pctDS (f820b4c61d1e591325b679d479d4eea4) C:\WINDOWS\system32\drivers\pctDS.sys

07:35:59.0140 2440 pctDS - ok

07:35:59.0921 2440 pctEFA (acc8c15f3d59f17c5d903ff1de3b43d3) C:\WINDOWS\system32\drivers\pctEFA.sys

07:36:00.0156 2440 pctEFA - ok

07:36:00.0171 2440 PDCOMP - ok

07:36:00.0187 2440 PDFRAME - ok

07:36:00.0203 2440 PDRELI - ok

07:36:00.0218 2440 PDRFRAME - ok

07:36:00.0312 2440 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys

07:36:00.0312 2440 perc2 - ok

07:36:00.0375 2440 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys

07:36:00.0375 2440 perc2hib - ok

07:36:00.0484 2440 PfModNT (ede8241b75dadef090aadb6c81c8e1d7) C:\WINDOWS\system32\drivers\PfModNT.sys

07:36:00.0500 2440 PfModNT - ok

07:36:00.0656 2440 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe

07:36:00.0671 2440 PlugPlay - ok

07:36:00.0812 2440 Pml Driver HPZ12 (5c1cadd1cb67c0b9d8a84ec6e4d6b5cc) C:\WINDOWS\system32\HPZipm12.exe

07:36:00.0828 2440 Pml Driver HPZ12 - ok

07:36:01.0281 2440 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

07:36:01.0296 2440 PolicyAgent - ok

07:36:01.0671 2440 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

07:36:01.0687 2440 PptpMiniport - ok

07:36:01.0703 2440 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

07:36:01.0703 2440 ProtectedStorage - ok

07:36:01.0937 2440 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

07:36:01.0953 2440 Ptilink - ok

07:36:02.0078 2440 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys

07:36:02.0093 2440 PxHelp20 - ok

07:36:02.0234 2440 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys

07:36:02.0250 2440 ql1080 - ok

07:36:02.0359 2440 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys

07:36:02.0484 2440 Ql10wnt - ok

07:36:02.0593 2440 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys

07:36:02.0625 2440 ql12160 - ok

07:36:02.0734 2440 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys

07:36:02.0734 2440 ql1240 - ok

07:36:02.0890 2440 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys

07:36:02.0906 2440 ql1280 - ok

07:36:03.0031 2440 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

07:36:03.0046 2440 RasAcd - ok

07:36:03.0250 2440 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll

07:36:03.0312 2440 RasAuto - ok

07:36:03.0390 2440 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

07:36:03.0390 2440 Rasl2tp - ok

07:36:03.0578 2440 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll

07:36:03.0593 2440 RasMan - ok

07:36:03.0656 2440 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

07:36:03.0671 2440 RasPppoe - ok

07:36:03.0765 2440 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

07:36:03.0781 2440 Raspti - ok

07:36:04.0031 2440 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

07:36:04.0078 2440 Rdbss - ok

07:36:04.0093 2440 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

07:36:04.0109 2440 RDPCDD - ok

07:36:04.0328 2440 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

07:36:04.0343 2440 rdpdr - ok

07:36:04.0578 2440 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys

07:36:04.0578 2440 RDPWD - ok

07:36:04.0906 2440 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe

07:36:04.0953 2440 RDSessMgr - ok

07:36:05.0062 2440 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

07:36:05.0062 2440 redbook - ok

07:36:05.0218 2440 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll

07:36:05.0234 2440 RemoteAccess - ok

07:36:05.0359 2440 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll

07:36:05.0375 2440 RemoteRegistry - ok

07:36:05.0828 2440 RichVideo (4d05898896ec49cf663dda61041ab096) C:\Program Files\CyberLink\Shared Files\RichVideo.exe

07:36:05.0843 2440 RichVideo - ok

07:36:06.0015 2440 rimmptsk (24ed7af20651f9fa1f249482e7c1f165) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys

07:36:06.0031 2440 rimmptsk - ok

07:36:06.0125 2440 rimsptsk (1bdba2d2d402415a78a4ba766dfe0f7b) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys

07:36:06.0187 2440 rimsptsk - ok

07:36:06.0203 2440 RimUsb - ok

07:36:06.0296 2440 RimVSerPort (d9b34325ee5df78b8f28a3de9f577c7d) C:\WINDOWS\system32\DRIVERS\RimSerial.sys

07:36:06.0312 2440 RimVSerPort - ok

07:36:06.0640 2440 rismxdp (f774ecd11a064f0debb2d4395418153c) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys

07:36:06.0718 2440 rismxdp - ok

07:36:06.0796 2440 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys

07:36:06.0812 2440 ROOTMODEM - ok

07:36:06.0953 2440 RoxLiveShare9 - ok

07:36:07.0171 2440 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe

07:36:07.0234 2440 RpcLocator - ok

07:36:07.0609 2440 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll

07:36:07.0640 2440 RpcSs - ok

07:36:07.0937 2440 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe

07:36:07.0968 2440 RSVP - ok

07:36:08.0031 2440 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

07:36:08.0046 2440 SamSs - ok

07:36:08.0171 2440 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe

07:36:08.0234 2440 SCardSvr - ok

07:36:08.0421 2440 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll

07:36:08.0500 2440 Schedule - ok

07:36:09.0125 2440 sdAuxService (a1089ac7683826e6c7c9fab9723dd80f) C:\Program Files\PC Tools Security\pctsAuxs.exe

07:36:09.0218 2440 sdAuxService - ok

07:36:09.0921 2440 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys

07:36:09.0937 2440 sdbus - ok

07:36:11.0546 2440 sdCoreService (ed6c2efeb47524bff4d5e5109fb1a2bb) C:\Program Files\PC Tools Security\pctsSvc.exe

07:36:11.0937 2440 sdCoreService - ok

07:36:12.0953 2440 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

07:36:12.0984 2440 Secdrv - ok

07:36:13.0281 2440 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll

07:36:13.0343 2440 seclogon - ok

07:36:13.0406 2440 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll

07:36:13.0437 2440 SENS - ok

07:36:13.0593 2440 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

07:36:13.0625 2440 serenum - ok

07:36:13.0734 2440 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

07:36:13.0734 2440 Serial - ok

07:36:13.0812 2440 sffdisk (0fa803c64df0914b41f807ea276bf2a6) C:\WINDOWS\system32\DRIVERS\sffdisk.sys

07:36:13.0843 2440 sffdisk - ok

07:36:13.0890 2440 sffp_sd (c17c331e435ed8737525c86a7557b3ac) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys

07:36:13.0906 2440 sffp_sd - ok

07:36:14.0031 2440 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

07:36:14.0046 2440 Sfloppy - ok

07:36:14.0390 2440 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll

07:36:14.0453 2440 SharedAccess - ok

07:36:14.0640 2440 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll

07:36:14.0656 2440 ShellHWDetection - ok

07:36:14.0671 2440 Simbad - ok

07:36:14.0984 2440 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys

07:36:15.0000 2440 sisagp - ok

07:36:15.0062 2440 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys

07:36:15.0078 2440 Sparrow - ok

07:36:15.0171 2440 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

07:36:15.0187 2440 splitter - ok

07:36:15.0281 2440 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe

07:36:15.0296 2440 Spooler - ok

07:36:15.0750 2440 SQLBrowser (86ebd8b1f23e743aad21f4d5b4d40985) c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe

07:36:15.0781 2440 SQLBrowser - ok

07:36:15.0890 2440 SQLWriter (d89083c4eb02daca8f944b0e05e57f9d) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

07:36:15.0906 2440 SQLWriter - ok

07:36:16.0078 2440 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

07:36:16.0218 2440 sr - ok

07:36:16.0546 2440 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll

07:36:16.0578 2440 srservice - ok

07:36:17.0046 2440 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

07:36:17.0062 2440 Srv - ok

07:36:17.0265 2440 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll

07:36:17.0281 2440 SSDPSRV - ok

07:36:18.0296 2440 STHDA (3ad78e22210d3fbd9f76de84a8df19b5) C:\WINDOWS\system32\drivers\sthda.sys

07:36:18.0765 2440 STHDA - ok

07:36:19.0171 2440 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll

07:36:19.0281 2440 stisvc - ok

07:36:19.0546 2440 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

07:36:19.0562 2440 swenum - ok

07:36:19.0609 2440 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

07:36:19.0625 2440 swmidi - ok

07:36:19.0640 2440 SwPrv - ok

07:36:19.0734 2440 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys

07:36:19.0750 2440 symc810 - ok

07:36:19.0890 2440 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys

07:36:19.0937 2440 symc8xx - ok

07:36:20.0093 2440 symlcbrd (b226f8a4d780acdf76145b58bb791d5b) C:\WINDOWS\system32\drivers\symlcbrd.sys

07:36:20.0109 2440 symlcbrd - ok

07:36:20.0140 2440 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys

07:36:20.0156 2440 sym_hi - ok

07:36:20.0187 2440 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys

07:36:20.0203 2440 sym_u3 - ok

07:36:20.0296 2440 SynTP (fa2daa32bed908023272a0f77d625dae) C:\WINDOWS\system32\DRIVERS\SynTP.sys

07:36:20.0312 2440 SynTP - ok

07:36:20.0406 2440 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

07:36:20.0421 2440 sysaudio - ok

07:36:20.0531 2440 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe

07:36:20.0546 2440 SysmonLog - ok

07:36:21.0171 2440 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll

07:36:21.0203 2440 TapiSrv - ok

07:36:21.0296 2440 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

07:36:21.0312 2440 Tcpip - ok

07:36:21.0656 2440 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

07:36:21.0687 2440 TDPIPE - ok

07:36:21.0828 2440 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

07:36:21.0843 2440 TDTCP - ok

07:36:21.0937 2440 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

07:36:21.0953 2440 TermDD - ok

07:36:22.0171 2440 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll

07:36:22.0218 2440 TermService - ok

07:36:22.0703 2440 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll

07:36:22.0734 2440 Themes - ok

07:36:22.0796 2440 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe

07:36:22.0812 2440 TlntSvr - ok

07:36:22.0921 2440 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys

07:36:22.0921 2440 TosIde - ok

07:36:23.0531 2440 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll

07:36:23.0562 2440 TrkWks - ok

07:36:23.0656 2440 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

07:36:23.0671 2440 Udfs - ok

07:36:23.0750 2440 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys

07:36:23.0765 2440 ultra - ok

07:36:23.0875 2440 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

07:36:23.0890 2440 Update - ok

07:36:24.0218 2440 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll

07:36:24.0250 2440 upnphost - ok

07:36:24.0312 2440 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe

07:36:24.0375 2440 UPS - ok

07:36:24.0656 2440 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

07:36:24.0656 2440 usbccgp - ok

07:36:24.0703 2440 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

07:36:24.0703 2440 usbehci - ok

07:36:24.0781 2440 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

07:36:24.0812 2440 usbhub - ok

07:36:24.0812 2440 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

07:36:24.0859 2440 usbprint - ok

07:36:24.0890 2440 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

07:36:24.0906 2440 usbscan - ok

07:36:24.0984 2440 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

07:36:25.0000 2440 USBSTOR - ok

07:36:25.0031 2440 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

07:36:25.0031 2440 usbuhci - ok

07:36:25.0046 2440 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

07:36:25.0093 2440 VgaSave - ok

07:36:25.0171 2440 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys

07:36:25.0187 2440 viaagp - ok

07:36:25.0203 2440 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys

07:36:25.0234 2440 ViaIde - ok

07:36:25.0500 2440 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

07:36:25.0515 2440 VolSnap - ok

07:36:25.0890 2440 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe

07:36:25.0921 2440 VSS - ok

07:36:25.0984 2440 w32time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll

07:36:26.0062 2440 w32time - ok

07:36:26.0156 2440 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

07:36:26.0171 2440 Wanarp - ok

07:36:26.0187 2440 wanatw - ok

07:36:26.0375 2440 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys

07:36:26.0406 2440 Wdf01000 - ok

07:36:26.0421 2440 WDICA - ok

07:36:26.0468 2440 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

07:36:26.0484 2440 wdmaud - ok

07:36:26.0578 2440 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll

07:36:26.0593 2440 WebClient - ok

07:36:27.0375 2440 winachsf (ba6b6fb242a6ba4068c8b763063beb63) C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys

07:36:27.0671 2440 winachsf - ok

07:36:27.0796 2440 WinDriver6 (032793a8e6288c4c60ff30542eeab22b) C:\WINDOWS\system32\drivers\windrvr6.sys

07:36:27.0812 2440 WinDriver6 - ok

07:36:27.0921 2440 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll

07:36:27.0937 2440 winmgmt - ok

07:36:28.0015 2440 WinUSB (fd600b032e741eb6aab509fc630f7c42) C:\WINDOWS\system32\DRIVERS\WinUSB.sys

07:36:28.0031 2440 WinUSB - ok

07:36:28.0046 2440 wltrysvc - ok

07:36:28.0109 2440 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll

07:36:28.0125 2440 WmdmPmSN - ok

07:36:28.0453 2440 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll

07:36:28.0468 2440 Wmi - ok

07:36:28.0531 2440 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys

07:36:28.0546 2440 WmiAcpi - ok

07:36:28.0625 2440 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe

07:36:28.0640 2440 WmiApSrv - ok

07:36:29.0093 2440 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe

07:36:29.0187 2440 WMPNetworkSvc - ok

07:36:29.0421 2440 WMZuneComm (017695393afffed8de58abd1b085be6d) c:\Program Files\Zune\WMZuneComm.exe

07:36:29.0437 2440 WMZuneComm - ok

07:36:29.0921 2440 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys

07:36:29.0953 2440 WS2IFSL - ok

07:36:29.0968 2440 wsbqjhiq - ok

07:36:30.0046 2440 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll

07:36:30.0062 2440 wscsvc - ok

07:36:30.0171 2440 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll

07:36:30.0250 2440 wuauserv - ok

07:36:30.0359 2440 WudfPf (eaa6324f51214d2f6718977ec9ce0def) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

07:36:30.0359 2440 WudfPf - ok

07:36:30.0421 2440 WudfRd (f91ff1e51fca30b3c3981db7d5924252) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

07:36:30.0437 2440 WudfRd - ok

07:36:30.0546 2440 WudfSvc (ddee3682fe97037c45f4d7ab467cb8b6) C:\WINDOWS\System32\WUDFSvc.dll

07:36:30.0578 2440 WudfSvc - ok

07:36:30.0687 2440 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll

07:36:30.0765 2440 WZCSVC - ok

07:36:30.0843 2440 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll

07:36:30.0906 2440 xmlprov - ok

07:36:30.0968 2440 zumbus (ae279cd76b38fc079eec3ca6d65a5926) C:\WINDOWS\system32\DRIVERS\zumbus.sys

07:36:30.0984 2440 zumbus - ok

07:36:31.0281 2440 ZuneBusEnum (37f339b64f19e2775284ed7161b96683) c:\Program Files\Zune\ZuneBusEnum.exe

07:36:31.0296 2440 ZuneBusEnum - ok

07:36:39.0640 2440 ZuneNetworkSvc (1076df9ade4e13ea3bf39d2165aeb903) c:\Program Files\Zune\ZuneNss.exe

07:36:40.0281 2440 ZuneNetworkSvc - ok

07:36:40.0484 2440 ZuneWlanCfgSvc (de1cdb333a402b279f04d627122fa08e) c:\Program Files\Zune\ZuneWlanCfgSvc.exe

07:36:40.0500 2440 ZuneWlanCfgSvc - ok

07:36:40.0546 2440 MBR (0x1B8) (5cb90281d1a59b251f6603134774eec3) \Device\Harddisk0\DR0

07:36:41.0750 2440 \Device\Harddisk0\DR0 - ok

07:36:41.0765 2440 Boot (0x1200) (b0abe7ee760d01d5ec454b02b7ac74ee) \Device\Harddisk0\DR0\Partition0

07:36:41.0765 2440 \Device\Harddisk0\DR0\Partition0 - ok

07:36:41.0765 2440 ============================================================

07:36:41.0765 2440 Scan finished

07:36:41.0765 2440 ============================================================

07:36:45.0812 2188 Detected object count: 0

07:36:45.0812 2188 Actual detected object count: 0

aswMBR log:

Run date: 2012-06-08 14:54:17

-----------------------------

14:54:17.859 OS Version: Windows 5.1.2600 Service Pack 3

14:54:17.859 Number of processors: 2 586 0xE08

14:54:17.859 ComputerName: D965GFC1 UserName: Kristy

14:54:19.515 Initialize success

14:54:19.890 AVAST engine defs: 12060602

14:54:25.640 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3

14:54:25.640 Disk 0 Vendor: Hitachi_HTS541616J9SA00 SB4OC74P Size: 152627MB BusType: 3

14:54:25.671 Disk 0 MBR read successfully

14:54:25.671 Disk 0 MBR scan

14:54:25.687 Disk 0 unknown MBR code

14:54:25.687 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 47 MB offset 63

14:54:25.703 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 146718 MB offset 96390

14:54:25.703 Disk 0 Partition - 00 0F Extended LBA 2047 MB offset 300592215

14:54:25.734 Disk 0 Partition 3 00 DB CP/M / CTOS Dell 8.0 3804 MB offset 304785180

14:54:25.750 Disk 0 Partition 4 00 DD MSWIN4.1 2047 MB offset 300592278

14:54:25.750 Disk 0 scanning sectors +312576705

14:54:25.859 Disk 0 scanning C:\WINDOWS\system32\drivers

14:54:47.437 Service scanning

14:55:21.406 Modules scanning

14:55:37.546 Module: C:\WINDOWS\System32\DLA\DLADResN.SYS **SUSPICIOUS**

14:55:39.359 Disk 0 trace - called modules:

14:55:39.375 ntkrnlpa.exe CLASSPNP.SYS disk.sys PCTCore.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS

14:55:39.390 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86d14ab8]

14:55:39.390 3 CLASSPNP.SYS[f75fdfd7] -> nt!IofCallDriver -> [0x86d5b920]

14:55:39.390 5 PCTCore.sys[f73c2099] -> nt!IofCallDriver -> \Device\00000071[0x86ddb1f8]

14:55:39.406 7 ACPI.sys[f7474620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x86d5f030]

14:55:40.515 AVAST engine scan C:\WINDOWS

14:56:10.375 AVAST engine scan C:\WINDOWS\system32

15:02:28.265 AVAST engine scan C:\WINDOWS\system32\drivers

15:03:04.031 AVAST engine scan C:\Documents and Settings\Kristy

15:33:20.531 AVAST engine scan C:\Documents and Settings\All Users

15:36:29.765 Scan finished successfully

15:48:25.046 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Kristy\Desktop\MBR.dat"

15:48:25.046 The log file has been saved successfully to "C:\Documents and Settings\Kristy\Desktop\aswMBR.txt"

gringo_pr · June 9, 2012

go ahead and go online and check them out and see which one or both are redirecting

gringo

hippiechic744 · June 9, 2012

Neither one seems to be redirecting, but it's still running incredibly slow.

gringo_pr · June 9, 2012

Hello hippiechic744

I want you to reset the DMA you can do this by this script here - Reset DMA

If you have problems when you click on the link try to right click on the link and select "Save Target As" and then save to your desktop.

Once it is on your desktop right click on the file and select "Run"

If you still can't run it then you can go here "Reset DMA" to see what I want to do

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.

Double click on OTL.exe to run it.
Under Output, ensure that Minimal Output is selected.
Under Extra Registry section, select Use SafeList.
Click the Scan All Users checkbox.
Click on Run Scan at the top left hand corner.
When done, two Notepad files will open.
- OTL.txt <-- Will be opened and the that I need posted back here
- Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
[*]Please post the contents of OTL.txt in your next reply.

Gringo

hippiechic744 · June 9, 2012

<p>Everything was as it should be with the DMA. Here is the OTL log:</p>

<div>OTL logfile created on: 6/9/2012 2:42:48 PM - Run 1</div>

<div>OTL by OldTimer - Version 3.2.48.0 Folder = C:\Documents and Settings\Kristy\Desktop</div>

<div>Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation</div>

<div>Internet Explorer (Version = 8.0.6001.18702)</div>

<div>Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy</div>

<div>1014.37 Mb Total Physical Memory | 433.07 Mb Available Physical Memory | 42.69% Memory free</div>

<div>2.38 Gb Paging File | 1.82 Gb Available in Paging File | 76.18% Paging File free</div>

<div>Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]</div>

<div>%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files</div>

<div>Drive C: | 143.28 Gb Total Space | 54.93 Gb Free Space | 38.34% Space Free | Partition Type: NTFS</div>

<div>Computer Name: D965GFC1 | User Name: Kristy | Logged in as Administrator.</div>

<div>Boot Mode: Normal | Scan Mode: All users</div>

<div>Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days</div>

<div>========== Processes (SafeList) ==========</div>

<div>PRC - C:\Documents and Settings\Kristy\Desktop\OTL.exe (OldTimer Tools)</div>

<div>PRC - C:\Documents and Settings\Kristy\Local Settings\temp\clclean.0001 (Macrovision Europe Ltd.)</div>

<div>PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)</div>

<div>PRC - C:\Documents and Settings\Kristy\Application Data\Spotify\Data\SpotifyWebHelper.exe ()</div>

<div>PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)</div>

<div>PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)</div>

<div>PRC - C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)</div>

<div>PRC - c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)</div>

<div>PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)</div>

<div>PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)</div>

<div>PRC - C:\Program Files\CyberLink\PCM4Everio\EverioService.exe (CyberLink Corp.)</div>

<div>PRC - C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)</div>

<div>PRC - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe (Creative Labs)</div>

<div>PRC - C:\Program Files\Dell Support\DSAgnt.exe (Gteko Ltd.)</div>

<div>PRC - C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)</div>

<div>PRC - C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)</div>

<div>========== Modules (No Company Name) ==========</div>

<div>MOD - C:\Program Files\AVAST Software\Avast\defs\12060901\algo.dll ()</div>

<div>MOD - C:\Documents and Settings\Kristy\Local Settings\temp\clclean.0001.dir.0001\~df394b.tmp ()</div>

<div>MOD - C:\Program Files\AVAST Software\Avast\defs\12060602\algo.dll ()</div>

<div>MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()</div>

<div>MOD - C:\Documents and Settings\Kristy\Application Data\Spotify\Data\SpotifyWebHelper.exe ()</div>

<div>MOD - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()</div>

<div>MOD - C:\Program Files\WinRAR\RarExt.dll ()</div>

<div>MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()</div>

<div>MOD - C:\Program Files\Common Files\Apple\Apple Application Support\ASL.dll ()</div>

<div>MOD - C:\Program Files\CyberLink\PCM4Everio\Kernel\common\CLEverioDetector.dll ()</div>

<div>MOD - C:\WINDOWS\system32\bcm1xsup.dll ()</div>

<div>MOD - C:\WINDOWS\system32\CTMBHA.DLL ()</div>

<div>MOD - C:\WINDOWS\system32\spool\prtprocs\w32x86\DLBCPP5C.DLL ()</div>

<div>MOD - C:\WINDOWS\system32\pdfmonnt.dll ()</div>

<div>========== Win32 Services (SafeList) ==========</div>

<div>SRV - (RoxLiveShare9) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe File not found</div>

<div>SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found</div>

<div>SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)</div>

<div>SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)</div>

<div>SRV - (ZuneWlanCfgSvc) -- c:\Program Files\Zune\ZuneWlanCfgSvc.exe (Microsoft Corporation)</div>

<div>SRV - (WMZuneComm) -- c:\Program Files\Zune\WMZuneComm.exe (Microsoft Corporation)</div>

<div>SRV - (ZuneNetworkSvc) -- c:\Program Files\Zune\ZuneNss.exe (Microsoft Corporation)</div>

<div>SRV - (ZuneBusEnum) -- c:\Program Files\Zune\ZuneBusEnum.exe (Microsoft Corporation)</div>

<div>SRV - (sdCoreService) -- C:\Program Files\PC Tools Security\pctsSvc.exe (PC Tools)</div>

<div>SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)</div>

<div>SRV - (sdAuxService) -- C:\Program Files\PC Tools Security\pctsAuxs.exe (PC Tools)</div>

<div>SRV - (Creative Labs Licensing Service) -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe (Creative Labs)</div>

<div>SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\hpzipm12.exe (HP)</div>

<div>========== Driver Services (SafeList) ==========</div>

<div>DRV - (wsbqjhiq) -- C:\WINDOWS\system32\drivers\wsbqjhiq.sys File not found</div>

<div>DRV - (WDICA) -- File not found</div>

<div>DRV - (wanatw) WAN Miniport (ATW) -- system32\DRIVERS\wanatw4.sys File not found</div>

<div>DRV - (RimUsb) -- System32\Drivers\RimUsb.sys File not found</div>

<div>DRV - (PDRFRAME) -- File not found</div>

<div>DRV - (PDRELI) -- File not found</div>

<div>DRV - (PDFRAME) -- File not found</div>

<div>DRV - (PDCOMP) -- File not found</div>

<div>DRV - (PCIDump) -- File not found</div>

<div>DRV - (nlshreox) -- C:\WINDOWS\system32\drivers\nlshreox.sys File not found</div>

<div>DRV - (MpKsle5778334) -- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{78505797-F2C0-4145-B62F-4E416FF994C3}\MpKsle5778334.sys File not found</div>

<div>DRV - (lbrtfdc) -- File not found</div>

<div>DRV - (iawsnhxh) -- C:\WINDOWS\system32\drivers\iawsnhxh.sys File not found</div>

<div>DRV - (gtmynuyg) -- C:\WINDOWS\system32\drivers\gtmynuyg.sys File not found</div>

<div>DRV - (Changer) -- File not found</div>

<div>DRV - (catchme) -- C:\DOCUME~1\Kristy\LOCALS~1\Temp\catchme.sys File not found</div>

<div>DRV - (aswMBR) -- C:\DOCUME~1\Kristy\LOCALS~1\Temp\aswMBR.sys File not found</div>

<div>DRV - (aswSnx) -- C:\WINDOWS\System32\drivers\aswSnx.sys (AVAST Software)</div>

<div>DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (AVAST Software)</div>

<div>DRV - (aswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (AVAST Software)</div>

<div>DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (AVAST Software)</div>

<div>DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (AVAST Software)</div>

<div>DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (AVAST Software)</div>

<div>DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (AVAST Software)</div>

<div>DRV - (WinDriver6) -- C:\WINDOWS\system32\drivers\windrvr6.sys (Jungo)</div>

<div>DRV - (PCTCore) -- C:\WINDOWS\system32\drivers\PCTCore.sys (PC Tools)</div>

<div>DRV - (pctEFA) -- C:\WINDOWS\system32\drivers\pctEFA.sys (PC Tools)</div>

<div>DRV - (pctDS) -- C:\WINDOWS\system32\drivers\pctDS.sys (PC Tools)</div>

<div>DRV - (FTDIBUS) -- C:\WINDOWS\system32\drivers\ftdibus.sys (FTDI Ltd.)</div>

<div>DRV - (FTSER2K) -- C:\WINDOWS\system32\drivers\ftser2k.sys (FTDI Ltd.)</div>

<div>DRV - (symlcbrd) -- C:\WINDOWS\system32\drivers\symlcbrd.sys (Symantec Corporation)</div>

<div>DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation)</div>

<div>DRV - (WinUSB) -- C:\WINDOWS\system32\drivers\winusb.sys (Microsoft Corporation)</div>

<div>DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation)</div>

<div>DRV - (mr7910) -- C:\WINDOWS\system32\drivers\mr7910.sys (Mars Semiconductor Corp.)</div>

<div>DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)</div>

<div>DRV - (DSproct) -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys (GTek Technologies Ltd.)</div>

<div>DRV - (monfilt) -- C:\WINDOWS\system32\drivers\monfilt.sys (Creative Technology Ltd.)</div>

<div>DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Sonic Solutions)</div>

<div>DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Sonic Solutions)</div>

<div>DRV - (DLAIFS_M) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Sonic Solutions)</div>

<div>DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Sonic Solutions)</div>

<div>DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Sonic Solutions)</div>

<div>DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Sonic Solutions)</div>

<div>DRV - (DLADResN) -- C:\WINDOWS\system32\DLA\DLADResN.SYS (Sonic Solutions)</div>

<div>DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Sonic Solutions)</div>

<div>DRV - (DLARTL_N) -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS (Sonic Solutions)</div>

<div>DRV - (APPDRV) -- C:\WINDOWS\system32\drivers\APPDRV.SYS (Dell Inc)</div>

<div>DRV - (rimmptsk) -- C:\WINDOWS\system32\drivers\rimmptsk.sys (REDC)</div>

<div>DRV - (rismxdp) -- C:\WINDOWS\system32\drivers\rixdptsk.sys (REDC)</div>

<div>DRV - (rimsptsk) -- C:\WINDOWS\system32\drivers\rimsptsk.sys (REDC)</div>

<div>DRV - (CTUSFSYN) -- C:\WINDOWS\system32\drivers\ctusfsyn.sys (Creative Technology Ltd.)</div>

<div>DRV - (ctsfm2k) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys (Creative Technology Ltd)</div>

<div>DRV - (ossrv) -- C:\WINDOWS\system32\drivers\ctoss2k.sys (Creative Technology Ltd.)</div>

<div>DRV - (PfModNT) -- C:\WINDOWS\system32\drivers\PfModNT.sys (Creative Technology Ltd.)</div>

<div>DRV - (AFS2K) -- C:\WINDOWS\System32\drivers\AFS2K.SYS (Oak Technology Inc.)</div>

<div>========== Standard Registry (SafeList) ==========</div>

<div>========== Internet Explorer ==========</div>

<div>IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6070125</div>

<div>IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6070125</div>

<div>IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}</div>

<div>IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}</div>

<div>IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6070125</div>

<div>IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0</div>

<div>IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6070125</div>

<div>IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0</div>

<div>IE - HKU\S-1-5-21-801177909-1084739238-922619174-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.amazon.com/</div>

<div>IE - HKU\S-1-5-21-801177909-1084739238-922619174-1005\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found</div>

<div>IE - HKU\S-1-5-21-801177909-1084739238-922619174-1005\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}</div>

<div>IE - HKU\S-1-5-21-801177909-1084739238-922619174-1005\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC</div>

<div>IE - HKU\S-1-5-21-801177909-1084739238-922619174-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0</div>

<div>IE - HKU\S-1-5-21-801177909-1084739238-922619174-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local></div>

<div>========== FireFox ==========</div>

<div>FF - prefs.js..browser.search.update: false</div>

<div>FF - prefs.js..browser.startup.homepage: "http://slickdeals.net/"</div>

<div>FF - prefs.js..extensions.enabledItems: wrc@avast.com:6.0.1367</div>

<div>FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:3.0.1.0</div>

<div>FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26</div>

<div>FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0</div>

<div>FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29</div>

<div>FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()</div>

<div>FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found</div>

<div>FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()</div>

<div>FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)</div>

<div>FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)</div>

<div>FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)</div>

<div>FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.46: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)</div>

<div>FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.46: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)</div>

<div>FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.46: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)</div>

<div>FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found</div>

<div>FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)</div>

<div>FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()</div>

<div>FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008/03/02 16:55:35 | 000,000,000 | ---D | M]</div>

<div>FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/02/12 14:23:28 | 000,000,000 | ---D | M]</div>

<div>FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/03 21:50:47 | 000,000,000 | ---D | M]</div>

<div>FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/06/03 21:50:46 | 000,000,000 | ---D | M]</div>

<div>[2008/08/28 11:38:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Kristy\Application Data\Mozilla\Extensions</div>

<div>[2012/06/01 19:49:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Kristy\Application Data\Mozilla\Firefox\Profiles\5akt67y1.default\extensions</div>

<div>[2011/11/14 09:14:09 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Documents and Settings\Kristy\Application Data\Mozilla\Firefox\Profiles\5akt67y1.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}</div>

<div>[2010/04/30 20:39:23 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Kristy\Application Data\Mozilla\Firefox\Profiles\5akt67y1.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}</div>

<div>[2012/06/03 21:51:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions</div>

<div>[2012/06/03 21:49:58 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll</div>

<div>[2012/02/19 09:25:59 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files\mozilla firefox\plugins\NPcol400.dll</div>

<div>[2011/03/18 13:32:12 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll</div>

<div>[2011/10/03 06:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll</div>

<div>[2011/03/18 13:32:14 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll</div>

<div>[2012/06/03 21:49:18 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml</div>

<div>[2012/06/03 21:49:18 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml</div>

<div>O1 HOSTS File: ([2012/06/06 09:41:13 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts</div>

<div>O1 - Hosts: 127.0.0.1 localhost</div>

<div>O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)</div>

<div>O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)</div>

<div>O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)</div>

<div>O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)</div>

<div>O3 - HKU\S-1-5-21-801177909-1084739238-922619174-1005\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.</div>

<div>O3 - HKU\S-1-5-21-801177909-1084739238-922619174-1005\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.</div>

<div>O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)</div>

<div>O4 - HKLM..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)</div>

<div>O4 - HKLM..\Run: [EverioService] C:\Program Files\CyberLink\PCM4Everio\EverioService.exe (CyberLink Corp.)</div>

<div>O4 - HKLM..\Run: [MBMon] C:\WINDOWS\System32\CTMBHA.DLL ()</div>

<div>O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)</div>

<div>O4 - HKLM..\Run: [setDefPrt] C:\Program Files\Brother\Brmfl04h\BrStDvPt.exe (Brother Industories, Ltd.)</div>

<div>O4 - HKLM..\Run: [sigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)</div>

<div>O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)</div>

<div>O4 - HKLM..\Run: [updReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)</div>

<div>O4 - HKLM..\Run: [Zune Launcher] c:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)</div>

<div>O4 - HKU\S-1-5-21-801177909-1084739238-922619174-1005..\Run: [DellSupport] C:\Program Files\Dell Support\DSAgnt.exe (Gteko Ltd.)</div>

<div>O4 - HKU\S-1-5-21-801177909-1084739238-922619174-1005..\Run: [setDefaultMIDI] C:\WINDOWS\MIDIDEF.EXE (Creative Technology Ltd)</div>

<div>O4 - HKU\S-1-5-21-801177909-1084739238-922619174-1005..\Run: [spotify Web Helper] C:\Documents and Settings\Kristy\Application Data\Spotify\Data\SpotifyWebHelper.exe ()</div>

<div>O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present</div>

<div>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1</div>

<div>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0</div>

<div>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863</div>

<div>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323</div>

<div>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0</div>

<div>O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present</div>

<div>O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323</div>

<div>O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863</div>

<div>O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present</div>

<div>O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323</div>

<div>O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863</div>

<div>O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present</div>

<div>O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145</div>

<div>O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present</div>

<div>O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145</div>

<div>O7 - HKU\S-1-5-21-801177909-1084739238-922619174-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present</div>

<div>O7 - HKU\S-1-5-21-801177909-1084739238-922619174-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323</div>

<div>O7 - HKU\S-1-5-21-801177909-1084739238-922619174-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863</div>

<div>O7 - HKU\S-1-5-21-801177909-1084739238-922619174-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0</div>

<div>O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)</div>

<div>O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)</div>

<div>O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)</div>

<div>O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)</div>

<div>O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)</div>

<div>O15 - HKU\S-1-5-21-801177909-1084739238-922619174-1005\..Trusted Domains: turbotax.com ([]https in Trusted sites)</div>

<div>O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell.com/systemprofiler/SysPro.CAB (SysProWmi Class)</div>

<div>O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)</div>

<div>O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop.com/betapit/PCPitStop.CAB (PCPitstop Utility)</div>

<div>O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)</div>

<div>O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www2.snapfish.com/SnapfishActivia.cab (Snapfish Activia)</div>

<div>O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1006.cab (MySpace Uploader Control)</div>

<div>O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6087.cab (Windows Live Safety Center Base Module)</div>

<div>O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)</div>

<div>O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} http://littlemissmagic777.spaces.live.com/PhotoUpload/MsnPUpld.cab (Windows Live Photo Upload Control)</div>

<div>O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)</div>

<div>O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)</div>

<div>O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell.com/systemprofiler/DellSystemLite.CAB (DellSystemLite.Scanner)</div>

<div>O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)</div>

<div>O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)</div>

<div>O16 - DPF: {CBBD6FA7-2384-11D1-A8C9-0040C7116154} http://leads400.landstar.com/HFAccess/HFDSP.CAB (HostFront ActiveX Display)</div>

<div>O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)</div>

<div>O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://mci.webex.com/client/v_mywebex-wbs-mciprodins/webex/ieatgpc.cab (GpcContainer Class)</div>

<div>O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)</div>

<div>O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)</div>

<div>O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)</div>

<div>O24 - Desktop WallPaper: C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Wallpaper1.bmp</div>

<div>O24 - Desktop BackupWallPaper: C:\Documents and Settings\Kristy\Local Settings\Application Data\Microsoft\Wallpaper1.bmp</div>

<div>O28 - HKLM ShellExecuteHooks: {4F07DA45-8170-4859-9B5F-037EF2970034} - No CLSID value found.</div>

<div>O32 - HKLM CDRom: AutoRun - 1</div>

<div>O32 - AutoRun File - [2004/08/11 18:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]</div>

<div>O34 - HKLM BootExecute: (autocheck autochk *)</div>

<div>O35 - HKLM\..comfile [open] -- "%1" %*</div>

<div>O35 - HKLM\..exefile [open] -- "%1" %*</div>

<div>O37 - HKLM\...com [@ = ComFile] -- "%1" %*</div>

<div>O37 - HKLM\...exe [@ = exefile] -- "%1" %*</div>

<div>O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)</div>

<div>O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)</div>

<div>========== Files/Folders - Created Within 30 Days ==========</div>

<div>[2012/06/09 14:28:35 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Kristy\Desktop\OTL.exe</div>

<div>[2012/06/09 07:34:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood</div>

<div>[2012/06/07 07:33:25 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Kristy\Desktop\aswMBR.exe</div>

<div>[2012/06/06 08:49:43 | 000,000,000 | RHSD | C] -- C:\cmdcons</div>

<div>[2012/06/06 08:46:29 | 000,000,000 | ---D | C] -- C:\ComboFix</div>

<div>[2012/06/06 08:39:59 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe</div>

<div>[2012/06/06 08:39:59 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe</div>

<div>[2012/06/06 08:39:59 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe</div>

<div>[2012/06/06 08:39:59 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe</div>

<div>[2012/06/06 08:37:34 | 000,000,000 | ---D | C] -- C:\Qoobox</div>

<div>[2012/06/04 17:38:02 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Kristy\Desktop\dds.scr</div>

<div>[2012/06/03 21:51:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Mozilla</div>

<div>[2012/06/03 21:51:09 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service</div>

<div>========== Files - Modified Within 30 Days ==========</div>

<div>[2012/06/09 14:35:14 | 000,003,083 | ---- | M] () -- C:\Documents and Settings\Kristy\Desktop\resetdma.vbs</div>

<div>[2012/06/09 14:29:13 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kristy\Desktop\OTL.exe</div>

<div>[2012/06/09 14:00:01 | 000,000,464 | ---- | M] () -- C:\WINDOWS\tasks\At4.job</div>

<div>[2012/06/09 07:34:47 | 000,772,132 | ---- | M] () -- C:\WINDOWS\System32\drivers\Cat.DB</div>

<div>[2012/06/08 15:48:25 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Kristy\Desktop\MBR.dat</div>

<div>[2012/06/08 14:53:10 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job</div>

<div>[2012/06/08 14:52:52 | 000,484,534 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat</div>

<div>[2012/06/08 14:52:52 | 000,088,502 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat</div>

<div>[2012/06/08 14:49:14 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl</div>

<div>[2012/06/08 14:47:51 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat</div>

<div>[2012/06/08 14:47:44 | 1063,714,816 | -HS- | M] () -- C:\hiberfil.sys</div>

<div>[2012/06/07 07:34:12 | 000,000,306 | ---- | M] () -- C:\Documents and Settings\Kristy\Desktop\Shortcut to tdsskiller.exe.lnk</div>

<div>[2012/06/07 07:33:50 | 000,000,292 | ---- | M] () -- C:\Documents and Settings\Kristy\Desktop\Shortcut to aswMBR.exe.lnk</div>

<div>[2012/06/07 07:24:52 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Kristy\Desktop\aswMBR.exe</div>

<div>[2012/06/06 09:41:13 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts</div>

<div>[2012/06/06 08:26:48 | 000,000,315 | ---- | M] () -- C:\Documents and Settings\Kristy\Desktop\Shortcut to SecurityCheck.exe.lnk</div>

<div>[2012/06/06 08:26:39 | 000,000,300 | ---- | M] () -- C:\Documents and Settings\Kristy\Desktop\Shortcut to ComboFix.exe.lnk</div>

<div>[2012/06/04 19:55:56 | 000,134,144 | ---- | M] () -- C:\Documents and Settings\Kristy\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini</div>

<div>[2012/06/04 17:50:48 | 000,000,426 | ---- | M] () -- C:\WINDOWS\brwmark.ini</div>

<div>[2012/06/04 17:35:23 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Kristy\Desktop\dds.scr</div>

<div>[2012/06/04 09:07:57 | 000,004,624 | ---- | M] () -- C:\Documents and Settings\Kristy\Application Data\wklnhst.dat</div>

<div>[2012/06/03 20:40:02 | 000,000,464 | ---- | M] () -- C:\WINDOWS\tasks\At2.job</div>

<div>[2012/06/03 16:52:23 | 000,000,464 | ---- | M] () -- C:\WINDOWS\tasks\At3.job</div>

<div>[2012/06/03 10:10:10 | 000,000,464 | ---- | M] () -- C:\WINDOWS\tasks\At1.job</div>

<div>[2012/05/30 13:38:01 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat</div>

<div>[2012/05/23 08:22:33 | 000,013,174 | ---- | M] () -- C:\Documents and Settings\Kristy\Desktop\black_cat_4_background_wall_paper_wallpaper.svg</div>

<div>[2012/05/23 08:10:28 | 000,032,776 | ---- | M] () -- C:\Documents and Settings\Kristy\Desktop\fsvgfotw_2010_07_10.zip</div>

<div>[2012/05/19 10:32:01 | 000,046,629 | ---- | M] () -- C:\Documents and Settings\Kristy\My Documents\svgcuts_2011_05_16.zip</div>

<div>[2012/05/12 17:48:50 | 000,337,056 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT</div>

<div>[2012/05/12 07:49:56 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK</div>

<div>========== Files Created - No Company Name ==========</div>

<div>[2012/06/09 14:35:19 | 000,003,083 | ---- | C] () -- C:\Documents and Settings\Kristy\Desktop\resetdma.vbs</div>

<div>[2012/06/08 15:48:25 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Kristy\Desktop\MBR.dat</div>

<div>[2012/06/07 07:34:12 | 000,000,306 | ---- | C] () -- C:\Documents and Settings\Kristy\Desktop\Shortcut to tdsskiller.exe.lnk</div>

<div>[2012/06/07 07:33:50 | 000,000,292 | ---- | C] () -- C:\Documents and Settings\Kristy\Desktop\Shortcut to aswMBR.exe.lnk</div>

<div>[2012/06/06 08:50:01 | 000,260,272 | RHS- | C] () -- C:\cmldr</div>

<div>[2012/06/06 08:39:59 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe</div>

<div>[2012/06/06 08:39:59 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe</div>

<div>[2012/06/06 08:39:59 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe</div>

<div>[2012/06/06 08:39:59 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe</div>

<div>[2012/06/06 08:39:59 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe</div>

<div>[2012/06/06 08:26:48 | 000,000,315 | ---- | C] () -- C:\Documents and Settings\Kristy\Desktop\Shortcut to SecurityCheck.exe.lnk</div>

<div>[2012/06/06 08:26:38 | 000,000,300 | ---- | C] () -- C:\Documents and Settings\Kristy\Desktop\Shortcut to ComboFix.exe.lnk</div>

<div>[2012/06/04 07:40:10 | 1063,714,816 | -HS- | C] () -- C:\hiberfil.sys</div>

<div>[2012/05/23 08:22:30 | 000,013,174 | ---- | C] () -- C:\Documents and Settings\Kristy\Desktop\black_cat_4_background_wall_paper_wallpaper.svg</div>

<div>[2012/05/23 08:10:51 | 000,032,776 | ---- | C] () -- C:\Documents and Settings\Kristy\Desktop\fsvgfotw_2010_07_10.zip</div>

<div>[2012/05/19 10:32:22 | 000,046,629 | ---- | C] () -- C:\Documents and Settings\Kristy\My Documents\svgcuts_2011_05_16.zip</div>

<div>[2012/02/15 09:03:05 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll</div>

<div>[2011/07/18 18:42:58 | 000,000,040 | ---- | C] () -- C:\WINDOWS\opt_2460.ini</div>

<div>[2011/07/18 18:42:57 | 000,000,051 | ---- | C] () -- C:\WINDOWS\brmx2001.ini</div>

<div>[2011/07/08 21:18:12 | 000,000,825 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini</div>

<div>[2011/07/08 21:18:12 | 000,000,152 | ---- | C] () -- C:\WINDOWS\brpcfx.ini</div>

<div>[2011/07/08 21:18:12 | 000,000,065 | ---- | C] () -- C:\WINDOWS\System32\BD2820.dat</div>

<div>[2011/07/08 21:18:11 | 000,000,426 | ---- | C] () -- C:\WINDOWS\brwmark.ini</div>

<div>[2011/07/08 21:18:11 | 000,000,052 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI</div>

<div>[2011/07/08 21:16:15 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\BROSNMP.DLL</div>

<div>[2011/07/08 21:15:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brdfxspd.dat</div>

<div>[2011/01/31 20:42:03 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI</div>

<div>[2011/01/31 20:32:18 | 000,004,624 | ---- | C] () -- C:\Documents and Settings\Kristy\Application Data\wklnhst.dat</div>

<div>[2010/11/12 21:06:40 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4814.dll</div>

<div>[2010/07/18 17:32:29 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Hdaduw.dat</div>

<div>[2010/07/18 17:32:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Ywizisapam.bin</div>

gringo_pr · June 9, 2012

Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

Double-click OTL.exe to start the program.

Copy and Paste the following code into the

textbox. Do not include the word Code


:OTL
IE - HKU\S-1-5-21-801177909-1084739238-922619174-1005\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
O3 - HKU\S-1-5-21-801177909-1084739238-922619174-1005\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKU\S-1-5-21-801177909-1084739238-922619174-1005\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O28 - HKLM ShellExecuteHooks: {4F07DA45-8170-4859-9B5F-037EF2970034} - No CLSID value found.
:Files
C:\windows\tasks\At*.job
ipconfig /flushdns /c
:Commands
[PURITY]
[emptyjava]
[EMPTYFLASH]

Then click the Run Fix button at the top.
Click .
OTL may ask to reboot the machine. Please do so if asked.
The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo

hippiechic744 · June 10, 2012

Ran the fix, here is the log. It is running much faster now!! )

========== OTL ==========

Registry value HKEY_USERS\S-1-5-21-801177909-1084739238-922619174-1005\Software\Microsoft\Internet Explorer\URLSearchHooks\\{472734EA-242A-422b-ADF8-83D1E48CC825} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{472734EA-242A-422b-ADF8-83D1E48CC825}\ not found.

Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=\ deleted successfully.

Registry value HKEY_USERS\S-1-5-21-801177909-1084739238-922619174-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}\ not found.

Registry value HKEY_USERS\S-1-5-21-801177909-1084739238-922619174-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4069E3A-68F1-403E-B40E-20066696354B}\ not found.

Starting removal of ActiveX control {7530BFB8-7293-4D34-9923-61A11451AFC5}

C:\WINDOWS\Downloaded Program Files\OnlineScanner.inf moved successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.

Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}

C:\WINDOWS\Downloaded Program Files\erma.inf moved successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{4F07DA45-8170-4859-9B5F-037EF2970034} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4F07DA45-8170-4859-9B5F-037EF2970034}\ not found.

========== FILES ==========

C:\windows\tasks\At1.job moved successfully.

C:\windows\tasks\At2.job moved successfully.

C:\windows\tasks\At3.job moved successfully.

C:\windows\tasks\At4.job moved successfully.

< ipconfig /flushdns /c >

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

C:\Documents and Settings\Kristy\Desktop\cmd.bat deleted successfully.

C:\Documents and Settings\Kristy\Desktop\cmd.txt deleted successfully.

========== COMMANDS ==========

[EMPTYJAVA]

User: Administrator

User: All Users

User: Default User

User: Kristy

->Java cache emptied: 48523702 bytes

User: LocalService

->Java cache emptied: 0 bytes

User: Michael

User: NetworkService

->Java cache emptied: 0 bytes

Total Java Files Cleaned = 46.00 mb

[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User

->Flash cache emptied: 56468 bytes

User: Kristy

->Flash cache emptied: 566 bytes

User: LocalService

->Flash cache emptied: 0 bytes

User: Michael

User: NetworkService

->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.48.0 log created on 06102012_105609

gringo_pr · June 10, 2012

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

 ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe

This will let ComboFix run again.

Restart if you have to.

Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

In your next post I need the following

report from Combofix
let me know of any problems you may have had
How is the computer doing now after running the script?

Gringo

hippiechic744 · June 11, 2012

It's running really nicely now, no problems to report!! You're a wizard. )

Combofix log:

ComboFix 12-06-05.04 - Kristy 06/11/2012 10:29:50.6.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.642 [GMT -5:00]

Running from: c:\documents and settings\Kristy\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\Kristy\Desktop\CFScript.txt

AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

.

- REDUCED FUNCTIONALITY MODE -

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\docume~1\Kristy\LOCALS~1\Temp\clclean.0001.dir.0000\~df394b.tmp

c:\documents and settings\Kristy\Local Settings\temp\clclean.0001.dir.0000\~df394b.tmp

c:\documents and settings\Kristy\WINDOWS

.

---- Previous Run -------

.

c:\docume~1\Kristy\LOCALS~1\Temp\clclean.0001.dir.0001\~df394b.tmp

c:\documents and settings\All Users\Application Data\TEMP

c:\documents and settings\Kristy\Local Settings\temp\clclean.0001.dir.0001\~df394b.tmp

c:\windows\EventSystem.log

.

((((((((((((((((((((((((( Files Created from 2012-05-11 to 2012-06-11 )))))))))))))))))))))))))))))))

.

2012-06-11 00:34 . 2012-05-08 16:40 6737808 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6244D2CE-E639-4F49-A67F-EBB0DD7A76ED}\mpengine.dll

2012-06-10 15:56 . 2012-06-10 15:56 -------- d-----w- C:\_OTL

2012-06-04 02:51 . 2012-06-04 02:51 -------- d-----w- c:\program files\Mozilla Maintenance Service

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-06-10 15:47 . 2007-10-02 19:04 230808 ----a-r- c:\windows\system32\cpnprt2.cid

2012-05-31 13:22 . 2004-08-11 23:00 599040 ----a-w- c:\windows\system32\crypt32.dll

2012-05-08 16:40 . 2010-07-21 14:11 6737808 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-04-11 13:14 . 2004-08-11 23:00 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-04-11 13:12 . 2004-08-11 23:00 1862272 ----a-w- c:\windows\system32\win32k.sys

2012-04-11 12:35 . 2004-08-04 04:59 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-04-04 20:56 . 2009-04-13 23:43 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-06-04 02:49 . 2012-06-04 02:49 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

((((((((((((((((((((((((((((( SnapShot@2012-06-06_14.42.29 )))))))))))))))))))))))))))))))))))))))))

.

+ 2012-06-10 16:12 . 2012-06-10 16:12 16384 c:\windows\Temp\Perflib_Perfdata_628.dat

- 2004-08-11 23:00 . 2012-06-04 12:46 88502 c:\windows\system32\perfc009.dat

+ 2004-08-11 23:00 . 2012-06-10 16:17 88502 c:\windows\system32\perfc009.dat

- 2007-01-25 18:10 . 2011-11-09 21:50 45056 c:\windows\Installer\{911B0409-6000-11D3-8CFE-0050048383C9}\wordicon.exe

+ 2007-01-25 18:10 . 2012-06-07 12:33 45056 c:\windows\Installer\{911B0409-6000-11D3-8CFE-0050048383C9}\wordicon.exe

- 2007-01-25 18:10 . 2011-11-09 21:50 22528 c:\windows\Installer\{911B0409-6000-11D3-8CFE-0050048383C9}\unbndico.exe

+ 2007-01-25 18:10 . 2012-06-07 12:33 22528 c:\windows\Installer\{911B0409-6000-11D3-8CFE-0050048383C9}\unbndico.exe

- 2007-01-25 18:10 . 2011-11-09 21:50 16384 c:\windows\Installer\{911B0409-6000-11D3-8CFE-0050048383C9}\PEicons.exe

+ 2007-01-25 18:10 . 2012-06-07 12:33 16384 c:\windows\Installer\{911B0409-6000-11D3-8CFE-0050048383C9}\PEicons.exe

- 2007-01-25 18:10 . 2011-11-09 21:50 34304 c:\windows\Installer\{911B0409-6000-11D3-8CFE-0050048383C9}\misc.exe

+ 2007-01-25 18:10 . 2012-06-07 12:33 34304 c:\windows\Installer\{911B0409-6000-11D3-8CFE-0050048383C9}\misc.exe

- 2007-01-25 18:10 . 2011-11-09 21:50 3584 c:\windows\Installer\{911B0409-6000-11D3-8CFE-0050048383C9}\opwicon.exe

+ 2007-01-25 18:10 . 2012-06-07 12:33 3584 c:\windows\Installer\{911B0409-6000-11D3-8CFE-0050048383C9}\opwicon.exe

- 2007-01-25 18:10 . 2011-11-09 21:50 8192 c:\windows\Installer\{911B0409-6000-11D3-8CFE-0050048383C9}\mspicons.exe

+ 2007-01-25 18:10 . 2012-06-07 12:33 8192 c:\windows\Installer\{911B0409-6000-11D3-8CFE-0050048383C9}\mspicons.exe

- 2007-01-25 18:10 . 2011-11-09 21:50 2560 c:\windows\Installer\{911B0409-6000-11D3-8CFE-0050048383C9}\cagicon.exe

+ 2007-01-25 18:10 . 2012-06-07 12:33 2560 c:\windows\Installer\{911B0409-6000-11D3-8CFE-0050048383C9}\cagicon.exe

- 2004-08-11 23:00 . 2012-06-04 12:46 484534 c:\windows\system32\perfh009.dat

+ 2004-08-11 23:00 . 2012-06-10 16:17 484534 c:\windows\system32\perfh009.dat

+ 2011-09-03 10:17 . 2012-05-31 13:22 599040 c:\windows\system32\dllcache\crypt32.dll

- 2011-09-03 10:17 . 2011-09-28 07:06 599040 c:\windows\system32\dllcache\crypt32.dll

+ 2011-02-25 19:25 . 2011-02-25 19:25 7968256 c:\windows\Installer\235bf69.msp

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2011-11-28 18:01 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SetDefaultMIDI"="MIDIDef.exe" [2004-12-22 24576]

"DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2006-08-29 395776]

"Spotify Web Helper"="c:\documents and settings\Kristy\Application Data\Spotify\Data\SpotifyWebHelper.exe" [2012-05-21 932528]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]

"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-11-22 1392640]

"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 282624]

"CTSysVol"="c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-10-31 57344]

"MBMon"="CTMBHA.DLL" [2006-06-29 1355042]

"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-11 86960]

"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-05-02 184320]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-03-02 185896]

"EverioService"="c:\program files\CyberLink\PCM4Everio\EverioService.exe" [2007-11-01 151552]

"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-03-31 138008]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-03-31 162584]

"Persistence"="c:\windows\system32\igfxpers.exe" [2007-03-31 138008]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]

"SetDefPrt"="c:\program files\Brother\Brmfl04h\BrStDvPt.exe" [2004-11-11 49152]

"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 159456]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2011-07-27 434080]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-1-25 24576]

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2003-9-16 237568]

Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\Program Files\\Dell\\MediaDirect\\PCMService.exe"=

"c:\\Program Files\\CyberLink\\PCM4Everio\\PCM4Everio.exe"=

"c:\\Program Files\\CyberLink\\PCM4Everio\\EverioService.exe"=

"c:\\Program Files\\CyberLink\\PowerDirector Express\\PDX.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\WINDOWS\\system32\\ftp.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\WINDOWS\\system32\\sessmgr.exe"=

"c:\\WINDOWS\\system32\\LEXPPS.EXE"=

"c:\\Documents and Settings\\Kristy\\Application Data\\Spotify\\spotify.exe"=

.

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [1/26/2011 8:10 PM 239168]

R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [1/26/2011 8:10 PM 338880]

R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [1/26/2011 8:10 PM 656320]

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [3/1/2011 10:10 PM 435032]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [3/1/2011 10:10 PM 314456]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [3/1/2011 10:10 PM 20568]

S1 gtmynuyg;gtmynuyg;\??\c:\windows\system32\drivers\gtmynuyg.sys --> c:\windows\system32\drivers\gtmynuyg.sys [?]

S1 iawsnhxh;iawsnhxh;\??\c:\windows\system32\drivers\iawsnhxh.sys --> c:\windows\system32\drivers\iawsnhxh.sys [?]

S1 MpKsle5778334;MpKsle5778334;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{78505797-F2C0-4145-B62F-4E416FF994C3}\MpKsle5778334.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{78505797-F2C0-4145-B62F-4E416FF994C3}\MpKsle5778334.sys [?]

S1 nlshreox;nlshreox;\??\c:\windows\system32\drivers\nlshreox.sys --> c:\windows\system32\drivers\nlshreox.sys [?]

S1 wsbqjhiq;wsbqjhiq;\??\c:\windows\system32\drivers\wsbqjhiq.sys --> c:\windows\system32\drivers\wsbqjhiq.sys [?]

S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [6/3/2012 9:51 PM 129976]

S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\PC Tools Security\pctsAuxs.exe [1/26/2011 8:10 PM 366840]

S3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [8/5/2011 12:30 PM 268512]

.

Contents of the 'Scheduled Tasks' folder

.

2012-06-10 c:\windows\Tasks\MP Scheduled Scan.job

- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2010-03-26 02:40]

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.amazon.com/

uInternet Settings,ProxyOverride = <local>

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000

LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll

Trusted Zone: turbotax.com

FF - ProfilePath - c:\documents and settings\Kristy\Application Data\Mozilla\Firefox\Profiles\5akt67y1.default\

FF - prefs.js: browser.startup.homepage - hxxp://slickdeals.net/

FF - user.js: general.useragent.extra.brc -

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-06-11 10:36

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (LocalSystem)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,31,0f,74,50,b6,78,5c,4d,a0,a6,a9,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,31,0f,74,50,b6,78,5c,4d,a0,a6,a9,\

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(656)

c:\windows\system32\igfxdev.dll

.

- - - - - - - > 'lsass.exe'(716)

c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll

.

Completion time: 2012-06-11 10:48:25

ComboFix-quarantined-files.txt 2012-06-11 15:48

.

Pre-Run: 58,849,239,040 bytes free

Post-Run: 58,917,322,752 bytes free

.

- - End Of File - - 46308B517ABC93865514D19E8A656CFE

gringo_pr · June 11, 2012

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove
- Java™ 6 Update 29

Please download and install

Revo Uninstaller FreeDouble click Revo Uninstaller to run it.
From the list of programs double click on The Program to remove
When prompted if you want to uninstall click Yes.
Be sure the Moderate option is selected then click Next.
The program will run, If prompted again click Yes
when the built-in uninstaller is finished click on Next.
Once the program has searched for leftovers click Next.
Check/tick the bolded items only on the list then click Delete
when prompted click on Yes and then on next.
put a check on any folders that are found and select delete
when prompted select yes then on next
Once done click Finish.

.

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.
You can download it from

http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from

here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.
Note: When installing FoxitReader, be careful not to install anything to do with AskBar.

Install Java:

Please go here to install Java

click on the Free Java Download Button
click on Agree and start Free download
click on Run
click on run again
click on install
when install is complete click on close

Clean Out Temp Files

This small application you may want to keep and use once a week to keep the computer clean.
Download CCleaner from here http://www.ccleaner.com/
- Run the installer to install the application.
- When it gives you the option to install Yahoo toolbar uncheck the box next to it.
- Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
- Click Run Cleaner.
- Close CCleaner.

: Malwarebytes' Anti-Malware :

I would like you to rerun MBAM
Double-click mbam icon
go to the update tab at the top
click on check for updates
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
When completed, a log will open in Notepad. please copy and paste the log into your next reply
- If you accidentally close it, the log file is saved here and will be named like this:
- C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.

Click OK to either and let MBAM proceed with the disinfection process.

If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

Go Here to download HijackThis Installer
Save HijackThis Installer to your desktop.
Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
By default it will install to C:\Program Files\Trend Micro\HijackThis .
Click on Install.
It will create a HijackThis icon on the desktop.
Once installed it will launch Hijackthis.
Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**

sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe

(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit

(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit

and select to run as administrator

"information and logs"

In your next post I need the following

Log From MBAM
report from Hijackthis
let me know of any problems you may have had
How is the computer doing now?

Gringo

gringo_pr · June 14, 2012

Greetings

I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools

Gringo

hippiechic744 · June 14, 2012

We have been having internet connection issues, I'm still working on this.

hippiechic744 · June 15, 2012

Mbam log:

Malwarebytes Anti-Malware 1.61.0.1400

www.malwarebytes.org

Database version: v2012.06.14.10

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

Kristy :: D965GFC1 [administrator]

6/14/2012 5:01:25 PM

mbam-log-2012-06-14 (17-01-25).txt

Scan type: Full scan

Scan options disabled: P2P

Objects scanned: 338376

Time elapsed: 2 hour(s), 46 minute(s), 20 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

HijackThis logLogfile of Trend Micro HijackThis v2.0.4

Scan saved at 7:57:33 PM, on 6/14/2012

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

c:\Program Files\Microsoft Security Essentials\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\WLTRYSVC.EXE

C:\WINDOWS\System32\bcmwltry.exe

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe

C:\WINDOWS\system32\CTsvcCDA.exe

C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe

C:\Program Files\CyberLink\Shared Files\RichVideo.exe

c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\system32\WLTRAY.exe

C:\WINDOWS\stsystra.exe

C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe

C:\WINDOWS\system32\Rundll32.exe

C:\Program Files\Dell\MediaDirect\PCMService.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\CyberLink\PCM4Everio\EverioService.exe

C:\DOCUME~1\Kristy\LOCALS~1\Temp\clclean.0001

C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

C:\Program Files\Real\RealPlayer\RealPlay.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\AVAST Software\Avast\avastUI.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\Zune\ZuneLauncher.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Dell Support\DSAgnt.exe

C:\Documents and Settings\Kristy\Application Data\Spotify\Data\SpotifyWebHelper.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\msiexec.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.amazon.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6070125

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll

O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll

O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe

O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe

O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r

O4 - HKLM\..\Run: [MBMon] Rundll32 CTMBHA.DLL,MBMon

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [EverioService] "C:\Program Files\CyberLink\PCM4Everio\EverioService.exe"

O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

O4 - HKLM\..\Run: [setDefPrt] C:\Program Files\Brother\Brmfl04h\BrStDvPt.exe

O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKCU\..\Run: [setDefaultMIDI] MIDIDef.exe

O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup

O4 - HKCU\..\Run: [spotify Web Helper] "C:\Documents and Settings\Kristy\Application Data\Spotify\Data\SpotifyWebHelper.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')

O4 - Global Startup: Digital Line Detect.lnk = ?

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish.com/SnapfishActivia.cab

O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6087.cab

O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://littlemissmagic777.spaces.live.com/PhotoUpload/MsnPUpld.cab

O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} (DellSystemLite.Scanner) - http://support.dell.com/systemprofiler/DellSystemLite.CAB

O16 - DPF: {CBBD6FA7-2384-11D1-A8C9-0040C7116154} (HostFront ActiveX Display) - http://leads400.landstar.com/HFAccess/HFDSP.CAB

O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://mci.webex.com/client/v_mywebex-wbs-mciprodins/webex/ieatgpc.cab

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\PC Tools Security\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\PC Tools Security\pctsSvc.exe

O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--

End of file - 11532 bytes

:

gringo_pr · June 15, 2012

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional

These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

Run HijackThis
Click on the Scan button
Put a check beside all of the items listed below (if present):
- O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe
  O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
  O4 - HKLM\..\Run: [MBMon] Rundll32 CTMBHA.DLL,MBMon
  O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE
  O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
  O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
  O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
  O4 - HKLM\..\Run: [EverioService] "C:\Program Files\CyberLink\PCM4Everio\EverioService.exe"
  O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
  O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
  O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
  O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe
  O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
  O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
  O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
  O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
  O4 - HKCU\..\Run: [setDefaultMIDI] MIDIDef.exe
  O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
  O4 - HKCU\..\Run: [spotify Web Helper] "C:\Documents and Settings\Kristy\Application Data\Spotify\Data\SpotifyWebHelper.exe"
  O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
  O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
[*] Close all open windows and browsers/email, etc...
[*] Click on the "Fix Checked" button
[*] When completed, close the application.
- NOTE**You can research each of those lines
>here< and see if you want to keep them or not
just copy the name between the brackets and paste into the search space
O4 - HKLM\..\Run: [IntelliPoint]

NOTE**

sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe

(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit

(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit

and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

Turn off the real time scanner of any existing antivirus program while performing the online scan
click on the ESET Online Scanner button
Tick the box next to YES, I accept the Terms of Use.
- Click Start
[*]When asked, allow the ActiveX control to install
- Click Start
[*]Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
[*]Click on Advanced Settings, ensure the options
- Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
[*]Click Scan
[*]Wait for the scan to finish
[*] Click on copy to clipboard or copy and paste the results here in this topic

Copy and paste that log as a reply to this topic

Gringo

gringo_pr · June 17, 2012

Greetings

I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools

Gringo

gringo_pr · June 20, 2012

Hello

48 Hour bump

It has been more than 48 hours since my last post.

do you still need help with this?
do you need more time?
are you having problems following my instructions?
if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo

LDTate · June 23, 2012

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Happili Trojan got me...

Recommended Posts

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Recently Browsing 0 members

Important Information