Jump to content

Need help with infected computer


Recommended Posts

I hope somebody can help me with my laptop. I'm losing my mind.

Last week someone used my information to fraudulently open a credit card. I didn't think it was a computer virus, but slowly I started having more problems with Firefox slowing down. This is an on-and-off problem with Firefox, so I didn't panic right away, as I should have. I had been running Norton 360 & Malwarebytes, & not coming up with anything more harmful than tracking cookies.

The last couple of days I have hardly been able to use the Internet. It's slow, pages won't load at all, etc. I tried to download Kaspersky, & it didn't work. Now I can't uninstall it, either. My mouse will jump sometimes, but I don't know if it's related to the freezing or not. I've had to run Malwarebytes & Norton in Safe Mode, because I couldn't get the computer to operate correctly. I figured that way there was a lot more restrictions on what a possible virus could be doing. Tried to download HijackThis & another program unsuccessfully. One time I restarted & only got a dark screen. I got a popup saying atbroker.exe could not be found, & some other thing. I had to force shut down my computer. I tried doing a System Restore to see if that would solve everything, but it didn't.

At first I still wasn't finding anything. Finally overnight Malwarebytes found 2 PUP files for some toolbar, & Norton 360 found a bloodhound.malpe file. From what little I could read when my internet will work, this could be a virus or not. Had the programs remove those files, & I shut down the computer. This morning I ran the scans at work (no internet connection) in Safe Mode, & didn't find anything again, just 3 cookies. I'm running them now in regular mode, since I've read it's best that way. I'm skeptical as to whether or not anything malicious will be found.

I am really hoping someone will help me. I've become so paranoid about this whole situation. I'm even worried that someone hacked into my wireless home network, or that my cell phones will be infected as well. I tried to do the only things I knew how to do, but it's not enough. I'm thinking of shutting down the scans right now just so I'm not online. Which reminds me, the Diagnose & Repair option for my internet connection also does not work. Please tell me what to do. I wanted to back up my files to my external hard drive but I don't want to contaminate those files as well.

Link to post
Share on other sites

Sorry, here are those logs. I apparently don't read very well :( About the script blocking, I had to Google it, I didn't know (still don't) what it meant. I read that Norton doesn't have that option anymore (to turn it off)? If I need to do the scans again, I will. Thank you for your help.

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.0

Run by mom's toy at 22:27:23 on 2012-08-06

Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.2813.2002 [GMT -6:00]

.

AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\system32\Ati2evxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\Ati2evxx.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\WLANExt.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe

C:\Program Files\Acer\Empowering Technology\Service\ETService.exe

C:\Windows\system32\svchost.exe -k hpdevmgmt

C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

C:\Program Files\Norton 360\Engine\6.2.1.5\ccSvcHst.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\system32\taskeng.exe

C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe

C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Program Files\Norton 360\Engine\6.2.1.5\ccSvcHst.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Google\Update\GoogleUpdate.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\Macromed\Flash\FlashUtil32_11_3_300_270_ActiveX.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.myspanishlab.com/

uWindow Title = Windows Internet Explorer provided by Yahoo!

mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vb32&d=1208&m=aspire_5515

mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vb32&d=1208&m=aspire_5515

uInternet Settings,ProxyOverride = *.local

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll

BHO: Virtual Account Numbers Helper: {17424104-1444-4810-85d7-b4da413c5a9a} - c:\program files\virtual account numbers\CitiVANHelper.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\engine\6.2.1.5\coIEPlg.dll

BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\engine\6.2.1.5\ips\IPSBHO.DLL

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre7\bin\ssv.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll

BHO: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - No File

BHO: SimpleAdblock Class: {ffcb3198-32f3-4e8b-9539-4324694ed664} - c:\program files\common files\simple adblock\SimpleAdblock.dll

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File

TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\engine\6.2.1.5\coIEPlg.dll

TB: Virtual Account Numbers: {7a21a046-b886-4a62-9d69-ef2059b0a27b} - c:\program files\virtual account numbers\CitiVANToolbar.dll

TB: {8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94} - No File

EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll

EB: {4A62FAC4-1670-430B-8C6B-9C7B53F51798} - No File

uRun: [DW6] "c:\program files\the weather channel fw\desktop\DesktopWeather.exe"

uRun: [RegistryBooster] "c:\program files\uniblue\registrybooster\launcher.exe" delay 20000

uRun: [DW7] "c:\program files\the weather channel\the weather channel app\TWCApp.exe"

uRun: [KSS] "c:\program files\kaspersky lab\kaspersky security scan 2.0\kss.exe" /autorun

mRun: [eRecoveryService]

mRun: [Windows Defender] "%ProgramFiles%\Windows Defender\MSASCui.exe" -hide

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

Trusted Zone: real.com\rhap-app-4-0

Trusted Zone: real.com\rhapreg

Trusted Zone: rhapsody.com\rhap-app-4-0

Trusted Zone: rhapsody.com\rhapreg

Trusted Zone: usafed.org\mfa

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

TCP: DhcpNameServer = 192.168.1.254

TCP: Interfaces\{1D69327A-41BE-45F5-9F83-B01C419E94E5} : DhcpNameServer = 192.168.1.254

TCP: Interfaces\{D00B9979-42B9-4910-94EB-250C116767D1} : DhcpNameServer = 216.136.95.2 64.163.94.250

mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12

Hosts: 127.0.0.1 www.spywareinfo.com

.

============= SERVICES / DRIVERS ===============

.

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0602010.005\symds.sys [2012-5-18 340088]

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0602010.005\symefa.sys [2012-5-18 905336]

R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_6.1.2.10\definitions\bashdefs\20120711.002\BHDrvx86.sys [2012-7-12 821920]

R1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\n360\0602010.005\ccsetx86.sys [2012-5-18 132744]

R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_6.1.2.10\definitions\ipsdefs\20120805.001\IDSvix86.sys [2012-8-6 382624]

R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0602010.005\ironx86.sys [2012-5-18 149624]

R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\n360\0602010.005\symtdiv.sys [2012-5-18 345208]

R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-4-3 63928]

R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\newtech infosystems\nti backup now 5\client\Agentsvc.exe [2008-3-3 16384]

R2 ETService;Empowering Technology Service;c:\program files\acer\empowering technology\service\ETService.exe [2008-12-13 24576]

R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]

R2 N360;Norton 360;c:\program files\norton 360\engine\6.2.1.5\ccsvchst.exe [2012-5-18 138232]

R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\newtech infosystems\nti backup now 5\BackupSvc.exe [2008-4-25 45056]

R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\newtech infosystems\nti backup now 5\SchedulerSvc.exe [2008-4-25 131072]

R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-17 11032]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-6-5 106656]

S2 0112141255231712mcinstcleanup;McAfee Application Installer Cleanup (0112141255231712);c:\users\mom'st~1\appdata\local\temp\011214~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service --> c:\users\mom'st~1\appdata\local\temp\011214~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-7-23 116648]

S2 IpsosLSPService;IpsosLSPService;c:\program files\ipsoslspservice\ipsoslspservice.exe --> c:\program files\ipsoslspservice\IpsosLSPService.exe [?]

S2 KSS;Kaspersky Security Scan Service;c:\program files\kaspersky lab\kaspersky security scan 2.0\kss.exe [2012-4-25 202296]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-7-12 250056]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-7-23 116648]

S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

.

=============== Created Last 30 ================

.

.

==================== Find3M ====================

.

2012-08-06 23:11:33 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-08-06 23:11:33 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-07-24 05:58:49 739824 ----a-w- c:\users\mom's toy\GoogleEarthSetup.exe

2012-07-21 17:49:09 439704 ----a-w- c:\users\mom's toy\msgr11us.exe

2012-07-21 03:40:15 739808 ----a-w- c:\users\mom's toy\ChromeSetup.exe

2012-07-03 19:46:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-06-13 13:40:21 2047488 ----a-w- c:\windows\system32\win32k.sys

2012-06-05 16:47:28 1401856 ----a-w- c:\windows\system32\msxml6.dll

2012-06-05 16:47:27 1248768 ----a-w- c:\windows\system32\msxml3.dll

2012-06-04 15:26:04 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2012-06-02 22:12:32 2422272 ----a-w- c:\windows\system32\wucltux.dll

2012-06-02 22:12:13 88576 ----a-w- c:\windows\system32\wudriver.dll

2012-06-02 21:19:42 171904 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-02 21:12:20 33792 ----a-w- c:\windows\system32\wuapp.exe

2012-06-02 08:33:25 1800192 ----a-w- c:\windows\system32\jscript9.dll

2012-06-02 08:25:08 1129472 ----a-w- c:\windows\system32\wininet.dll

2012-06-02 08:25:03 1427968 ----a-w- c:\windows\system32\inetcpl.cpl

2012-06-02 08:20:33 142848 ----a-w- c:\windows\system32\ieUnatt.exe

2012-06-02 08:16:52 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-06-02 00:04:25 278528 ----a-w- c:\windows\system32\schannel.dll

2012-06-02 00:03:42 204288 ----a-w- c:\windows\system32\ncrypt.dll

.

============= FINISH: 22:29:50.57 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft® Windows Vista™ Home Basic

Boot Device: \Device\HarddiskVolume2

Install Date: 12/13/2008 1:01:52 PM

System Uptime: 8/6/2012 10:23:45 PM (0 hours ago)

.

Motherboard: Acer | | Nile

Processor: AMD Athlon Processor 2650e | Socket M2/S1G1 | 1600/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 70 GiB total, 9.057 GiB free.

D: is FIXED (NTFS) - 70 GiB total, 69.155 GiB free.

E: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

.

==== Installed Programs ======================

.

32 Bit HP CIO Components Installer

3600_Help

Acer Assist

Acer Empowering Technology

Acer eRecovery Management

Acer Registration

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader X (10.1.3)

Adobe Shockwave Player 11.6

Amazon MP3 Downloader 1.0.15

Apple Application Support

Apple Mobile Device Support

Apple Software Update

ATI Catalyst Install Manager

Auslogics Disk Defrag

Bonjour

BPD_Scan

BPDSoftware

BPDSoftware_Ini

BufferChm

Byki

Byki Express

Catalyst Control Center Core Implementation

Catalyst Control Center Graphics Full Existing

Catalyst Control Center Graphics Full New

Catalyst Control Center Graphics Light

Catalyst Control Center Graphics Previews Vista

Catalyst Control Center InstallProxy

Catalyst Control Center Localization Chinese Standard

Catalyst Control Center Localization Chinese Traditional

Catalyst Control Center Localization Czech

Catalyst Control Center Localization Danish

Catalyst Control Center Localization Dutch

Catalyst Control Center Localization Finnish

Catalyst Control Center Localization French

Catalyst Control Center Localization German

Catalyst Control Center Localization Greek

Catalyst Control Center Localization Hungarian

Catalyst Control Center Localization Italian

Catalyst Control Center Localization Japanese

Catalyst Control Center Localization Korean

Catalyst Control Center Localization Norwegian

Catalyst Control Center Localization Polish

Catalyst Control Center Localization Portuguese

Catalyst Control Center Localization Russian

Catalyst Control Center Localization Spanish

Catalyst Control Center Localization Swedish

Catalyst Control Center Localization Thai

Catalyst Control Center Localization Turkish

ccc-core-static

ccc-utility

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

Championship Mah Jongg

Collins

Compatibility Pack for the 2007 Office system

CustomerResearchQFolder

Destinations

DeviceManagementQFolder

DocProc

DocProcQFolder

eMusic Download Manager 4.1.4

eSupportQFolder

Fax

Google Update Helper

GRE POWERPREP

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

HP Customer Participation Program 8.0

HP Imaging Device Functions 8.0

HP OCR Software 8.0

HP Officejet J3600 Series

HP Photosmart Essential

HP Product Assistant

HP Smart Web Printing 4.60

HP Solution Center 8.0

HP Update

HPProductAssistant

HPSSupply

InterVideo WinDVD 8

iTunes

J3600

Java Auto Updater

Java 7 Update 5

Kaspersky Security Scan

Launch Manager

LightScribe 1.4.142.1

Malwarebytes Anti-Malware version 1.62.0.1300

MarketResearch

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft Application Error Reporting

Microsoft IntelliPoint 6.2

Microsoft Office File Validation Add-In

Microsoft Office Professional Edition 2003

Microsoft Office Suite Activation Assistant

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 4.0 SP2 and SOAP Toolkit 3.0

Mythic Mahjong

Norton 360

NTI Backup Now 5

NTI Backup Now Standard

NTI Media Maker 8

OGA Notifier 2.0.0048.0

ProductContext

QuickTime

Realtek 8169 8168 8101E 8102E Ethernet Driver

Realtek High Definition Audio Driver

Rhapsody

Scan

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Simple Adblock

Skins

SmartWebPrinting

SolutionCenter

Status

swMSM

Synaptics Pointing Device Driver

TeLL me More

Toolbox

TrayApp

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

Virtual Account Numbers

WebReg

WhiteSmoke

World's Best Word Games

Yahoo! Messenger

Yahoo! Software Update

.

==== Event Viewer Messages From Past Week ========

.

8/6/2012 9:18:34 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.

8/6/2012 9:18:28 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD BHDrvx86 ccSet_N360 DfsC eeCtrl IDSVix86 NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb spldr SRTSPX SymIM SymIRON SYMTDIv tdx Wanarpv6

8/6/2012 9:18:28 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

8/6/2012 9:18:28 AM, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.

8/6/2012 9:18:28 AM, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.

8/6/2012 9:18:28 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

8/6/2012 9:18:28 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.

8/6/2012 9:18:28 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

8/6/2012 9:18:28 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

8/6/2012 9:18:28 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.

8/6/2012 9:18:28 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

8/6/2012 9:18:28 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

8/6/2012 9:18:28 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.

8/6/2012 9:18:28 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

8/6/2012 9:18:17 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

8/6/2012 9:17:50 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}

8/6/2012 9:17:50 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

8/6/2012 12:00:58 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service hpqcxs08 with arguments "" in order to run the server: {1DAEDD8A-30ED-4585-9CF1-13BDF7791DDE}

8/6/2012 10:25:20 PM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

8/6/2012 10:25:20 PM, Error: Service Control Manager [7000] - The Kaspersky Security Scan Service service failed to start due to the following error: Access is denied.

8/6/2012 10:25:20 PM, Error: Service Control Manager [7000] - The IpsosLSPService service failed to start due to the following error: The system cannot find the file specified.

8/6/2012 10:24:51 PM, Error: Microsoft-Windows-PrintSpooler [19] - The print spooler failed to share printer HP Officejet J3600 series with shared resource name HP Officejet J3600 series. Error 2114. The printer cannot be used by others on the network.

8/6/2012 10:24:51 PM, Error: Microsoft-Windows-PrintSpooler [19] - The print spooler failed to share printer HP Officejet J3600 series fax with shared resource name HP Officejet J3600 series fax. Error 2114. The printer cannot be used by others on the network.

8/6/2012 10:24:10 PM, Error: volmgr [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.

8/6/2012 10:21:44 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx86 ccSet_N360 eeCtrl IDSVix86 spldr SRTSPX SymIRON SYMTDIv Wanarpv6

8/6/2012 10:21:44 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

8/6/2012 10:21:41 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

8/6/2012 10:21:26 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

8/6/2012 10:21:18 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

8/6/2012 10:20:49 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\bcmihvsrv.dll Error Code: 21

8/5/2012 3:28:59 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Diagnostic Service Host service to connect.

8/5/2012 3:28:59 PM, Error: Service Control Manager [7000] - The Diagnostic Service Host service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

8/5/2012 3:15:32 PM, Error: PCTCore [280] -

8/5/2012 12:17:06 PM, Error: Schannel [36874] - An SSL connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.

8/5/2012 11:56:41 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service stisvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

8/5/2012 11:23:36 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

8/5/2012 11:22:45 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AswRdr aswSnx aswSP aswTdi BHDrvx86 ccSet_N360 DfsC eeCtrl IDSVix86 NetBIOS netbt nsiproxy PCTSD PSched RasAcd rdbss Smb spldr SRTSPX SymIM SymIRON SYMTDIv tdx Wanarpv6 ws2ifsl

8/5/2012 11:21:30 PM, Error: EventLog [6008] - The previous system shutdown at 11:09:28 PM on 8/5/2012 was unexpected.

8/5/2012 11:07:37 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Font Cache Service service to connect.

8/5/2012 11:07:37 PM, Error: Service Control Manager [7000] - The Windows Font Cache Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

8/5/2012 11:05:13 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Image Acquisition (WIA) service to connect.

8/5/2012 11:05:13 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Pml Driver HPZ12 service to connect.

8/5/2012 11:05:13 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Net Driver HPZ12 service to connect.

8/5/2012 11:05:13 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the IPsec Policy Agent service to connect.

8/5/2012 11:05:13 PM, Error: Service Control Manager [7000] - The Windows Image Acquisition (WIA) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

8/5/2012 11:05:13 PM, Error: Service Control Manager [7000] - The Pml Driver HPZ12 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

8/5/2012 11:05:13 PM, Error: Service Control Manager [7000] - The Net Driver HPZ12 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

8/5/2012 11:05:13 PM, Error: Service Control Manager [7000] - The IPsec Policy Agent service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

8/5/2012 11:02:15 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}

8/3/2012 10:12:29 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the PlugPlay service.

8/2/2012 9:14:18 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ETService service.

.

==== End Of File ===========================

Link to post
Share on other sites

I didn't see where I was supposed to post this too, but just in case. I'm going to go to bed soon, so hopefully someone will look at it by the time I get a chance to come back tomorrow. Thank you.

Malwarebytes Anti-Malware 1.62.0.1300

www.malwarebytes.org

Database version: v2012.08.06.12

Windows Vista Service Pack 2 x86 NTFS

Internet Explorer 9.0.8112.16421

mom's toy :: NIPPERS [administrator]

8/6/2012 11:42:46 PM

mbam-log-2012-08-06 (23-42-46).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P

Scan options disabled:

Objects scanned: 210003

Time elapsed: 4 minute(s), 37 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the contents of C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

Link to post
Share on other sites

Here is the Malwarebytes scan. I was not able to save the text file to my desktop (couldn't save, period).

Malwarebytes Anti-Malware 1.62.0.1300

www.malwarebytes.org

Database version: v2012.08.07.09

Windows Vista Service Pack 2 x86 NTFS

Internet Explorer 9.0.8112.16421

mom's toy :: NIPPERS [administrator]

8/7/2012 3:44:31 PM

mbam-log-2012-08-07 (15-44-31).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup |

Registry | File System |

Heuristics/Extra | Heuristics/Shuriken |

PUP | PUM | P2P

Scan options disabled:

Objects scanned: 210472

Time elapsed: 5 minute(s), 9 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Link to post
Share on other sites

Here is the log from ComboFix.

ComboFix 12-08-07.03 - mom's toy 08/07/2012 16:03:16.1.1 - x86

Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.2813.1792 [GMT -6:00]

Running from: c:\users\mom's toy\Desktop\ComboFix.exe

AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\mom's toy\AmazonMP3DownloaderInstall.exe

c:\users\mom's toy\ChromeSetup.exe

c:\users\mom's toy\GoogleEarthSetup.exe

c:\users\mom's toy\Install Font.exe

c:\users\mom's toy\msgr11us.exe

c:\users\mom's toy\N360Downloader..exe

c:\users\mom's toy\N360Downloader.exe

c:\users\mom's toy\N360Downloaderv5.exe

c:\users\mom's toy\TextTwist2.exe

.

.

((((((((((((((((((((((((( Files Created from 2012-07-07 to 2012-08-07 )))))))))))))))))))))))))))))))

.

.

2012-08-07 22:14 . 2012-08-07 22:15 -------- d-----w- c:\users\mom's toy\AppData\Local\temp

2012-08-07 22:14 . 2012-08-07 22:14 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-08-07 22:14 . 2012-08-07 22:14 -------- d-----w- c:\users\Administrator\AppData\Local\temp

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-07-03 19:46 . 2011-06-02 23:58 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-06-02 22:19 . 2012-06-22 17:16 53784 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-02 22:19 . 2012-06-22 17:16 45080 ----a-w- c:\windows\system32\wups2.dll

2012-06-02 22:19 . 2012-06-22 17:15 35864 ----a-w- c:\windows\system32\wups.dll

2012-06-02 22:19 . 2012-06-22 17:15 577048 ----a-w- c:\windows\system32\wuapi.dll

2012-06-02 22:19 . 2012-06-22 17:16 1933848 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-02 22:12 . 2012-06-22 17:16 2422272 ----a-w- c:\windows\system32\wucltux.dll

2012-06-02 22:12 . 2012-06-22 17:15 88576 ----a-w- c:\windows\system32\wudriver.dll

2012-06-02 21:19 . 2012-06-22 17:14 171904 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-02 21:12 . 2012-06-22 17:14 33792 ----a-w- c:\windows\system32\wuapp.exe

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"KSS"="c:\program files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe" [2012-04-26 202296]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-19 421888]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Assist Launcher]

2007-11-19 22:17 1261568 ----a-w- c:\program files\Acer\Acer Assist\launcher.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]

2012-05-31 02:06 59280 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BkupTray]

2008-04-26 05:36 28672 ----a-w- c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

2006-12-11 03:52 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]

2007-08-31 19:01 1037736 ----a-w- c:\program files\Microsoft IntelliPoint\ipoint.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2012-06-08 01:33 421776 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]

2008-07-23 03:05 846344 ----a-w- c:\progra~1\LAUNCH~1\LManager.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]

2008-07-03 03:27 6266880 ----a-w- c:\windows\RtHDVCpl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]

2008-01-21 20:17 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]

2008-02-22 03:50 1037608 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]

"DisableMonitoring"=dword:00000001

.

R2 0112141255231712mcinstcleanup;McAfee Application Installer Cleanup (0112141255231712);c:\users\MOM'ST~1\AppData\Local\Temp\011214~1.EXE [x]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]

2011-03-25 17:18 114176 ----a-w- c:\windows\System32\advpack.dll

.

Contents of the 'Scheduled Tasks' folder

.

2012-08-07 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-13 23:11]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.myspanishlab.com/

mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vb32&d=1208&m=aspire_5515

uInternet Settings,ProxyOverride = *.local

Trusted Zone: real.com\rhap-app-4-0

Trusted Zone: real.com\rhapreg

Trusted Zone: rhapsody.com\rhap-app-4-0

Trusted Zone: rhapsody.com\rhapreg

Trusted Zone: usafed.org\mfa

TCP: DhcpNameServer = 209.18.47.61 209.18.47.62

.

- - - - ORPHANS REMOVED - - - -

.

WebBrowser-{8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94} - (no file)

HKCU-Run-DW6 - c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe

HKCU-Run-RegistryBooster - c:\program files\Uniblue\RegistryBooster\launcher.exe

HKCU-Run-DW7 - c:\program files\The Weather Channel\The Weather Channel App\TWCApp.exe

HKLM-Run-eRecoveryService - (no file)

MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

AddRemove-WhiteSmoke - c:\program files\WhiteSmoke\Uninst.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-08-07 16:15

Windows 6.0.6002 Service Pack 2 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\N360]

"ImagePath"="\"c:\program files\Norton 360\Engine\6.2.1.5\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\6.2.1.5\diMaster.dll\" /prefetch:1"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]

@Denied: (2) (LocalSystem)

"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"=hex:51,66,7a,6c,4c,1d,38,12,8d,ec,f8,

7b,2b,25,27,06,e7,c4,bc,f0,98,15,0d,de

"{7A21A046-B886-4A62-9D69-EF2059B0A27B}"=hex:51,66,7a,6c,4c,1d,38,12,28,a3,32,

7e,b4,f6,0c,0f,e2,7f,ac,60,5c,ee,e6,6f

"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,

27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b

"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"=hex:51,66,7a,6c,4c,1d,38,12,5c,be,8a,

eb,c9,8f,bc,54,f6,39,43,d0,22,43,0b,9c

"{D84A64A0-F2B2-4975-B264-3A3BCE8D57D6}"=hex:51,66,7a,6c,4c,1d,38,12,ce,67,59,

dc,80,bc,1b,0c,cd,72,79,7b,cb,d3,13,c2

"{02478D38-C3F9-4EFB-9B51-7695ECA05670}"=hex:51,66,7a,6c,4c,1d,38,12,56,8e,54,

06,cb,8d,95,0b,e4,47,35,d5,e9,fe,12,64

"{0347C33E-8762-4905-BF09-768834316C61}"=hex:51,66,7a,6c,4c,1d,38,12,50,c0,54,

07,50,c9,6b,0c,c0,1f,35,c8,31,6f,28,75

"{17424104-1444-4810-85D7-B4DA413C5A9A}"=hex:51,66,7a,6c,4c,1d,38,12,6a,42,51,

13,76,5a,7e,0d,fa,c1,f7,9a,44,62,1e,8e

"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,

1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7

"{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}"=hex:51,66,7a,6c,4c,1d,38,12,60,d8,39,

64,cd,04,79,07,f5,b7,d6,9a,c1,81,e0,1c

"{6D53EC84-6AAE-4787-AEEE-F4628F01010C}"=hex:51,66,7a,6c,4c,1d,38,12,ea,ef,40,

69,9c,24,e9,02,d1,f8,b7,22,8a,5f,45,18

"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,

ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3

"{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}"=hex:51,66,7a,6c,4c,1d,38,12,2d,dd,7a,

ab,6a,33,56,03,c9,ec,8d,26,b0,f3,64,49

"{D93EC24D-8741-4D41-B83D-A5793B998416}"=hex:51,66,7a,6c,4c,1d,38,12,23,c1,2d,

dd,73,c9,2f,08,c7,2b,e6,39,3e,c7,c0,02

"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,

df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd

"{E08861FE-8847-4B2A-8EC2-08EDB20E4020}"=hex:51,66,7a,6c,4c,1d,38,12,90,62,9b,

e4,75,c6,44,0e,f1,d4,4b,ad,b7,50,04,34

"{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}"=hex:51,66,7a,6c,4c,1d,38,12,cf,4e,be,

f9,90,2f,b6,0a,e3,01,c5,b7,a9,7a,14,95

"{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}"=hex:51,66,7a,6c,4c,1d,38,12,91,fc,ec,

fb,7c,81,45,0a,c2,d4,4d,32,e4,48,ec,42

"{2E5E800E-6AC0-411E-940A-369530A35E43}"=hex:51,66,7a,6c,4c,1d,38,12,60,83,4d,

2a,f2,24,70,04,eb,1c,75,d5,35,fd,1a,57

"{32004B8A-44A9-43E7-84E9-808838809519}"=hex:51,66,7a,6c,4c,1d,38,12,e4,48,13,

36,9b,0a,89,06,fb,ff,c3,c8,3d,de,d1,0d

"{555D4D79-4BD2-4094-A395-CFC534424A05}"=hex:51,66,7a,6c,4c,1d,38,12,17,4e,4e,

51,e0,05,fa,05,dc,83,8c,85,31,1c,0e,11

"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,

fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17

"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,

b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]

@Denied: (2) (LocalSystem)

"Timestamp"=hex:9d,a3,08,fe,4c,ee,cb,01

.

Completion time: 2012-08-07 16:20:21

ComboFix-quarantined-files.txt 2012-08-07 22:20

.

Pre-Run: 9,450,168,320 bytes free

Post-Run: 9,434,308,608 bytes free

.

- - End Of File - - 8C1FC1D433323FF6BDE66DD078A59DF3

Link to post
Share on other sites

DDS text

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.0

Run by mom's toy at 17:05:18 on 2012-08-07

Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.2813.1962 [GMT -6:00]

.

AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\system32\Ati2evxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\Ati2evxx.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\WLANExt.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe

C:\Program Files\Acer\Empowering Technology\Service\ETService.exe

C:\Windows\system32\svchost.exe -k hpdevmgmt

C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

C:\Program Files\Norton 360\Engine\6.2.1.5\ccSvcHst.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe

C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\DllHost.exe

C:\Program Files\Norton 360\Engine\6.2.1.5\ccSvcHst.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Google\Update\GoogleUpdate.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.myspanishlab.com/

mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vb32&d=1208&m=aspire_5515

uInternet Settings,ProxyOverride = *.local

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll

BHO: Virtual Account Numbers Helper: {17424104-1444-4810-85d7-b4da413c5a9a} - c:\program files\virtual account numbers\CitiVANHelper.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\engine\6.2.1.5\coIEPlg.dll

BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\engine\6.2.1.5\ips\IPSBHO.DLL

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre7\bin\ssv.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll

BHO: SimpleAdblock Class: {ffcb3198-32f3-4e8b-9539-4324694ed664} - c:\program files\common files\simple adblock\SimpleAdblock.dll

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File

TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\engine\6.2.1.5\coIEPlg.dll

TB: Virtual Account Numbers: {7a21a046-b886-4a62-9d69-ef2059b0a27b} - c:\program files\virtual account numbers\CitiVANToolbar.dll

EB: {4A62FAC4-1670-430B-8C6B-9C7B53F51798} - No File

EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll

uRun: [KSS] "c:\program files\kaspersky lab\kaspersky security scan 2.0\kss.exe" /autorun

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

Trusted Zone: real.com\rhap-app-4-0

Trusted Zone: real.com\rhapreg

Trusted Zone: rhapsody.com\rhap-app-4-0

Trusted Zone: rhapsody.com\rhapreg

Trusted Zone: usafed.org\mfa

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

TCP: DhcpNameServer = 209.18.47.61 209.18.47.62

TCP: Interfaces\{1D69327A-41BE-45F5-9F83-B01C419E94E5} : DhcpNameServer = 209.18.47.61 209.18.47.62

TCP: Interfaces\{D00B9979-42B9-4910-94EB-250C116767D1} : DhcpNameServer = 216.136.95.2 64.163.94.250

mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12

.

============= SERVICES / DRIVERS ===============

.

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0602010.005\symds.sys [2012-5-18 340088]

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0602010.005\symefa.sys [2012-5-18 905336]

R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_6.1.2.10\definitions\bashdefs\20120803.001\BHDrvx86.sys [2012-8-6 821920]

R1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\n360\0602010.005\ccsetx86.sys [2012-5-18 132744]

R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_6.1.2.10\definitions\ipsdefs\20120807.001\IDSvix86.sys [2012-8-6 382624]

R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0602010.005\ironx86.sys [2012-5-18 149624]

R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\n360\0602010.005\symtdiv.sys [2012-5-18 345208]

R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-4-3 63928]

R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\newtech infosystems\nti backup now 5\client\Agentsvc.exe [2008-3-3 16384]

R2 ETService;Empowering Technology Service;c:\program files\acer\empowering technology\service\ETService.exe [2008-12-13 24576]

R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]

R2 N360;Norton 360;c:\program files\norton 360\engine\6.2.1.5\ccsvchst.exe [2012-5-18 138232]

R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\newtech infosystems\nti backup now 5\BackupSvc.exe [2008-4-25 45056]

R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\newtech infosystems\nti backup now 5\SchedulerSvc.exe [2008-4-25 131072]

R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-17 11032]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-6-5 106656]

S2 0112141255231712mcinstcleanup;McAfee Application Installer Cleanup (0112141255231712);c:\users\mom'st~1\appdata\local\temp\011214~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service --> c:\users\mom'st~1\appdata\local\temp\011214~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-7-23 116648]

S2 IpsosLSPService;IpsosLSPService;c:\program files\ipsoslspservice\ipsoslspservice.exe --> c:\program files\ipsoslspservice\IpsosLSPService.exe [?]

S2 KSS;Kaspersky Security Scan Service;c:\program files\kaspersky lab\kaspersky security scan 2.0\kss.exe [2012-4-25 202296]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-7-12 250056]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-7-23 116648]

S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

.

=============== Created Last 30 ================

.

2012-08-07 22:20:33 -------- d-sh--w- C:\$RECYCLE.BIN

2012-08-07 22:20:24 -------- d-----w- c:\users\mom's toy\appdata\local\temp

2012-08-07 21:59:42 98816 ----a-w- c:\windows\sed.exe

2012-08-07 21:59:42 518144 ----a-w- c:\windows\SWREG.exe

2012-08-07 21:59:42 256000 ----a-w- c:\windows\PEV.exe

2012-08-07 21:59:42 208896 ----a-w- c:\windows\MBR.exe

.

==================== Find3M ====================

.

2012-08-06 23:11:33 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-08-06 23:11:33 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-07-03 19:46:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-06-13 13:40:21 2047488 ----a-w- c:\windows\system32\win32k.sys

2012-06-05 16:47:28 1401856 ----a-w- c:\windows\system32\msxml6.dll

2012-06-05 16:47:27 1248768 ----a-w- c:\windows\system32\msxml3.dll

2012-06-04 15:26:04 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2012-06-02 22:12:32 2422272 ----a-w- c:\windows\system32\wucltux.dll

2012-06-02 22:12:13 88576 ----a-w- c:\windows\system32\wudriver.dll

2012-06-02 21:19:42 171904 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-02 21:12:20 33792 ----a-w- c:\windows\system32\wuapp.exe

2012-06-02 08:33:25 1800192 ----a-w- c:\windows\system32\jscript9.dll

2012-06-02 08:25:08 1129472 ----a-w- c:\windows\system32\wininet.dll

2012-06-02 08:25:03 1427968 ----a-w- c:\windows\system32\inetcpl.cpl

2012-06-02 08:20:33 142848 ----a-w- c:\windows\system32\ieUnatt.exe

2012-06-02 08:16:52 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-06-02 00:04:25 278528 ----a-w- c:\windows\system32\schannel.dll

2012-06-02 00:03:42 204288 ----a-w- c:\windows\system32\ncrypt.dll

.

============= FINISH: 17:07:10.43 ===============

Attach Text

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft® Windows Vista™ Home Basic

Boot Device: \Device\HarddiskVolume2

Install Date: 12/13/2008 1:01:52 PM

System Uptime: 8/7/2012 5:01:31 PM (0 hours ago)

.

Motherboard: Acer | | Nile

Processor: AMD Athlon Processor 2650e | Socket M2/S1G1 | 1600/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 70 GiB total, 8.854 GiB free.

D: is FIXED (NTFS) - 70 GiB total, 69.155 GiB free.

E: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

.

==== Installed Programs ======================

.

32 Bit HP CIO Components Installer

3600_Help

Acer Assist

Acer Empowering Technology

Acer eRecovery Management

Acer Registration

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader X (10.1.3)

Adobe Shockwave Player 11.6

Amazon MP3 Downloader 1.0.15

Apple Application Support

Apple Mobile Device Support

Apple Software Update

ATI Catalyst Install Manager

Auslogics Disk Defrag

Bonjour

BPD_Scan

BPDSoftware

BPDSoftware_Ini

BufferChm

Byki

Byki Express

Catalyst Control Center Core Implementation

Catalyst Control Center Graphics Full Existing

Catalyst Control Center Graphics Full New

Catalyst Control Center Graphics Light

Catalyst Control Center Graphics Previews Vista

Catalyst Control Center InstallProxy

Catalyst Control Center Localization Chinese Standard

Catalyst Control Center Localization Chinese Traditional

Catalyst Control Center Localization Czech

Catalyst Control Center Localization Danish

Catalyst Control Center Localization Dutch

Catalyst Control Center Localization Finnish

Catalyst Control Center Localization French

Catalyst Control Center Localization German

Catalyst Control Center Localization Greek

Catalyst Control Center Localization Hungarian

Catalyst Control Center Localization Italian

Catalyst Control Center Localization Japanese

Catalyst Control Center Localization Korean

Catalyst Control Center Localization Norwegian

Catalyst Control Center Localization Polish

Catalyst Control Center Localization Portuguese

Catalyst Control Center Localization Russian

Catalyst Control Center Localization Spanish

Catalyst Control Center Localization Swedish

Catalyst Control Center Localization Thai

Catalyst Control Center Localization Turkish

ccc-core-static

ccc-utility

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

Championship Mah Jongg

Collins

Compatibility Pack for the 2007 Office system

CustomerResearchQFolder

Destinations

DeviceManagementQFolder

DocProc

DocProcQFolder

eMusic Download Manager 4.1.4

eSupportQFolder

Fax

Google Update Helper

GRE POWERPREP

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

HP Customer Participation Program 8.0

HP Imaging Device Functions 8.0

HP OCR Software 8.0

HP Officejet J3600 Series

HP Photosmart Essential

HP Product Assistant

HP Smart Web Printing 4.60

HP Solution Center 8.0

HP Update

HPProductAssistant

HPSSupply

InterVideo WinDVD 8

iTunes

J3600

Java Auto Updater

Java 7 Update 5

Kaspersky Security Scan

Launch Manager

LightScribe 1.4.142.1

Malwarebytes Anti-Malware version 1.62.0.1300

MarketResearch

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft Application Error Reporting

Microsoft IntelliPoint 6.2

Microsoft Office File Validation Add-In

Microsoft Office Professional Edition 2003

Microsoft Office Suite Activation Assistant

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 4.0 SP2 and SOAP Toolkit 3.0

Mythic Mahjong

Norton 360

NTI Backup Now 5

NTI Backup Now Standard

NTI Media Maker 8

OGA Notifier 2.0.0048.0

ProductContext

QuickTime

Realtek 8169 8168 8101E 8102E Ethernet Driver

Realtek High Definition Audio Driver

Rhapsody

Scan

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Simple Adblock

Skins

SmartWebPrinting

SolutionCenter

Status

swMSM

Synaptics Pointing Device Driver

TeLL me More

Toolbox

TrayApp

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

Virtual Account Numbers

WebReg

World's Best Word Games

Yahoo! Messenger

Yahoo! Software Update

.

==== Event Viewer Messages From Past Week ========

.

8/7/2012 8:55:01 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.

8/7/2012 8:54:51 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

8/7/2012 8:54:51 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

8/7/2012 8:54:14 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}

8/7/2012 8:54:14 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

8/7/2012 8:54:10 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

8/7/2012 8:54:02 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

8/7/2012 8:46:46 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD BHDrvx86 ccSet_N360 DfsC eeCtrl IDSVix86 NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb spldr SRTSPX SymIM SymIRON SYMTDIv tdx Wanarpv6

8/7/2012 8:46:46 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

8/7/2012 8:46:46 AM, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.

8/7/2012 8:46:46 AM, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.

8/7/2012 8:46:46 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

8/7/2012 8:46:46 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.

8/7/2012 8:46:46 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

8/7/2012 8:46:46 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

8/7/2012 8:46:46 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.

8/7/2012 8:46:46 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

8/7/2012 8:46:46 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

8/7/2012 8:46:46 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.

8/7/2012 8:46:46 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

8/7/2012 8:46:46 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

8/7/2012 5:03:33 PM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

8/7/2012 5:03:33 PM, Error: Service Control Manager [7000] - The Kaspersky Security Scan Service service failed to start due to the following error: Access is denied.

8/7/2012 5:03:33 PM, Error: Service Control Manager [7000] - The IpsosLSPService service failed to start due to the following error: The system cannot find the file specified.

8/7/2012 5:02:17 PM, Error: Microsoft-Windows-PrintSpooler [19] - The print spooler failed to share printer HP Officejet J3600 series with shared resource name HP Officejet J3600 series. Error 2114. The printer cannot be used by others on the network.

8/7/2012 5:02:17 PM, Error: Microsoft-Windows-PrintSpooler [19] - The print spooler failed to share printer HP Officejet J3600 series fax with shared resource name HP Officejet J3600 series fax. Error 2114. The printer cannot be used by others on the network.

8/7/2012 5:01:59 PM, Error: volmgr [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.

8/7/2012 4:15:05 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

8/7/2012 4:02:12 PM, Error: Service Control Manager [7034] - The NTI Backup Now 5 Scheduler Service service terminated unexpectedly. It has done this 1 time(s).

8/6/2012 12:00:58 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service hpqcxs08 with arguments "" in order to run the server: {1DAEDD8A-30ED-4585-9CF1-13BDF7791DDE}

8/6/2012 10:21:44 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx86 ccSet_N360 eeCtrl IDSVix86 spldr SRTSPX SymIRON SYMTDIv Wanarpv6

8/6/2012 10:20:49 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\bcmihvsrv.dll Error Code: 21

8/5/2012 3:28:59 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Diagnostic Service Host service to connect.

8/5/2012 3:28:59 PM, Error: Service Control Manager [7000] - The Diagnostic Service Host service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

8/5/2012 3:15:32 PM, Error: PCTCore [280] -

8/5/2012 12:17:06 PM, Error: Schannel [36874] - An SSL connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.

8/5/2012 11:56:41 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service stisvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

8/5/2012 11:23:36 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

8/5/2012 11:22:45 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AswRdr aswSnx aswSP aswTdi BHDrvx86 ccSet_N360 DfsC eeCtrl IDSVix86 NetBIOS netbt nsiproxy PCTSD PSched RasAcd rdbss Smb spldr SRTSPX SymIM SymIRON SYMTDIv tdx Wanarpv6 ws2ifsl

8/5/2012 11:21:30 PM, Error: EventLog [6008] - The previous system shutdown at 11:09:28 PM on 8/5/2012 was unexpected.

8/5/2012 11:07:37 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Font Cache Service service to connect.

8/5/2012 11:07:37 PM, Error: Service Control Manager [7000] - The Windows Font Cache Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

8/5/2012 11:05:13 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Image Acquisition (WIA) service to connect.

8/5/2012 11:05:13 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Pml Driver HPZ12 service to connect.

8/5/2012 11:05:13 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Net Driver HPZ12 service to connect.

8/5/2012 11:05:13 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the IPsec Policy Agent service to connect.

8/5/2012 11:05:13 PM, Error: Service Control Manager [7000] - The Windows Image Acquisition (WIA) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

8/5/2012 11:05:13 PM, Error: Service Control Manager [7000] - The Pml Driver HPZ12 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

8/5/2012 11:05:13 PM, Error: Service Control Manager [7000] - The Net Driver HPZ12 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

8/5/2012 11:05:13 PM, Error: Service Control Manager [7000] - The IPsec Policy Agent service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

8/5/2012 11:02:15 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}

8/3/2012 10:12:29 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the PlugPlay service.

8/2/2012 9:14:18 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ETService service.

.

==== End Of File ===========================

Link to post
Share on other sites

  • Staff

Hi,

Run TFC by OldTimer to clear temporary files:

  • Please download TFC from here and save it to your desktop.
  • Close any open programs and Internet browsers.
  • Double click TFC.exe to run it and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
  • Please be patient as clearing out temp files may take a while.
  • Once it completes you may be prompted to restart your computer, please do so.
  • Once it's finished you may delete TFC.exe from your Desktop or save it for later use for the cleaning of temporary files.

  • Download the file TDSSKiller.zip and extract it into a folder on the infected PC.
  • Execute the file TDSSKiller.exe by double-clicking on it.
  • Wait for the scan and disinfection process to be over.
  • When its work is over, the utility prompts for a reboot to complete the disinfection.

By default, the utility outputs runtime log into the system disk root directory (the disk where the operating system is installed, C:\ as a rule).

The log is like UtilityName.Version_Date_Time_log.txt.

for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt.

Please post that log here.

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Export the threats found (if any), and post them here.

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

-screen317

Link to post
Share on other sites

TDSS Log: It DID NOT prompt me for a restart. Does it matter?

09:33:35.0525 1924 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32

09:33:35.0557 1924 ============================================================

09:33:35.0557 1924 Current date / time: 2012/08/08 09:33:35.0557

09:33:35.0557 1924 SystemInfo:

09:33:35.0557 1924

09:33:35.0557 1924 OS Version: 6.0.6002 ServicePack: 2.0

09:33:35.0557 1924 Product type: Workstation

09:33:35.0557 1924 ComputerName: NIPPERS

09:33:35.0557 1924 UserName: mom's toy

09:33:35.0557 1924 Windows directory: C:\Windows

09:33:35.0557 1924 System windows directory: C:\Windows

09:33:35.0557 1924 Processor architecture: Intel x86

09:33:35.0557 1924 Number of processors: 1

09:33:35.0557 1924 Page size: 0x1000

09:33:35.0557 1924 Boot type: Normal boot

09:33:35.0557 1924 ============================================================

09:33:37.0429 1924 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

09:33:37.0444 1924 ============================================================

09:33:37.0444 1924 \Device\Harddisk0\DR0:

09:33:37.0444 1924 MBR partitions:

09:33:37.0444 1924 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1402800, BlocksNum 0x8B0C000

09:33:37.0444 1924 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x9F0E800, BlocksNum 0x8B0A800

09:33:37.0444 1924 ============================================================

09:33:37.0475 1924 C: <-> \Device\Harddisk0\DR0\Partition0

09:33:37.0522 1924 D: <-> \Device\Harddisk0\DR0\Partition1

09:33:37.0522 1924 ============================================================

09:33:37.0522 1924 Initialize success

09:33:37.0522 1924 ============================================================

09:33:43.0294 3720 ============================================================

09:33:43.0294 3720 Scan started

09:33:43.0294 3720 Mode: Manual;

09:33:43.0294 3720 ============================================================

09:33:44.0417 3720 0112141255231712mcinstcleanup - ok

09:33:45.0088 3720 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys

09:33:45.0104 3720 ACPI - ok

09:33:45.0291 3720 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

09:33:45.0291 3720 AdobeARMservice - ok

09:33:45.0385 3720 AdobeFlashPlayerUpdateSvc (f19c98ad81d2c0e1bbfd8153d2c80ee8) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

09:33:45.0400 3720 AdobeFlashPlayerUpdateSvc - ok

09:33:45.0525 3720 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys

09:33:45.0556 3720 adp94xx - ok

09:33:45.0868 3720 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys

09:33:45.0884 3720 adpahci - ok

09:33:45.0931 3720 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys

09:33:45.0931 3720 adpu160m - ok

09:33:45.0977 3720 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys

09:33:45.0993 3720 adpu320 - ok

09:33:46.0040 3720 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll

09:33:46.0040 3720 AeLookupSvc - ok

09:33:46.0087 3720 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys

09:33:46.0102 3720 AFD - ok

09:33:46.0133 3720 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys

09:33:46.0133 3720 agp440 - ok

09:33:46.0165 3720 ahcix86s (4fa58a158c9d3769ff9248675b53d6a7) C:\Windows\system32\DRIVERS\ahcix86s.sys

09:33:46.0165 3720 ahcix86s - ok

09:33:46.0227 3720 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys

09:33:46.0258 3720 aic78xx - ok

09:33:46.0305 3720 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe

09:33:46.0305 3720 ALG - ok

09:33:46.0336 3720 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys

09:33:46.0336 3720 aliide - ok

09:33:46.0352 3720 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys

09:33:46.0367 3720 amdagp - ok

09:33:46.0383 3720 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys

09:33:46.0383 3720 amdide - ok

09:33:46.0399 3720 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys

09:33:46.0414 3720 AmdK7 - ok

09:33:46.0430 3720 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys

09:33:46.0430 3720 AmdK8 - ok

09:33:46.0461 3720 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll

09:33:46.0461 3720 Appinfo - ok

09:33:46.0742 3720 Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

09:33:46.0742 3720 Apple Mobile Device - ok

09:33:46.0804 3720 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys

09:33:46.0804 3720 arc - ok

09:33:46.0867 3720 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys

09:33:46.0867 3720 arcsas - ok

09:33:47.0163 3720 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe

09:33:47.0194 3720 aspnet_state - ok

09:33:47.0225 3720 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys

09:33:47.0225 3720 AsyncMac - ok

09:33:47.0257 3720 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys

09:33:47.0257 3720 atapi - ok

09:33:47.0491 3720 Ati External Event Utility (4604db6d5eca6362873cc3a76d2204ba) C:\Windows\system32\Ati2evxx.exe

09:33:47.0506 3720 Ati External Event Utility - ok

09:33:48.0629 3720 atikmdag (47dcf5d78c395159d72c65c25129fc44) C:\Windows\system32\DRIVERS\atikmdag.sys

09:33:48.0739 3720 atikmdag - ok

09:33:49.0082 3720 AtiPcie (5a1465ad2e7c1bc39cda12a355329096) C:\Windows\system32\DRIVERS\AtiPcie.sys

09:33:49.0082 3720 AtiPcie - ok

09:33:49.0175 3720 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll

09:33:49.0191 3720 AudioEndpointBuilder - ok

09:33:49.0191 3720 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll

09:33:49.0207 3720 Audiosrv - ok

09:33:49.0456 3720 BCM43XX (c38077d14adf896ee1e1dbbcbcf77e14) C:\Windows\system32\DRIVERS\bcmwl6.sys

09:33:49.0472 3720 BCM43XX - ok

09:33:49.0519 3720 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys

09:33:49.0519 3720 Beep - ok

09:33:49.0565 3720 BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll

09:33:49.0581 3720 BFE - ok

09:33:50.0127 3720 BHDrvx86 (a9e111a358ac5f7eba7ac61e43fc6725) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Definitions\BASHDefs\20120803.001\BHDrvx86.sys

09:33:50.0127 3720 BHDrvx86 - ok

09:33:50.0267 3720 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\system32\qmgr.dll

09:33:50.0299 3720 BITS - ok

09:33:50.0345 3720 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys

09:33:50.0345 3720 blbdrive - ok

09:33:50.0642 3720 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe

09:33:50.0642 3720 Bonjour Service - ok

09:33:50.0689 3720 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys

09:33:50.0689 3720 bowser - ok

09:33:50.0720 3720 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys

09:33:50.0720 3720 BrFiltLo - ok

09:33:50.0735 3720 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys

09:33:50.0735 3720 BrFiltUp - ok

09:33:50.0782 3720 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll

09:33:50.0782 3720 Browser - ok

09:33:50.0829 3720 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys

09:33:50.0829 3720 Brserid - ok

09:33:50.0860 3720 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys

09:33:50.0860 3720 BrSerWdm - ok

09:33:50.0876 3720 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys

09:33:50.0876 3720 BrUsbMdm - ok

09:33:50.0907 3720 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys

09:33:50.0907 3720 BrUsbSer - ok

09:33:50.0938 3720 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys

09:33:50.0938 3720 BTHMODEM - ok

09:33:51.0016 3720 BUNAgentSvc (09e6affae6c0e9158bf05c7d08d0107a) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe

09:33:51.0016 3720 BUNAgentSvc - ok

09:33:51.0110 3720 catchme - ok

09:33:51.0266 3720 ccSet_N360 (599e7f6259a127c174c49938d2aa6a60) C:\Windows\system32\drivers\N360\0602010.005\ccSetx86.sys

09:33:51.0266 3720 ccSet_N360 - ok

09:33:51.0297 3720 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys

09:33:51.0297 3720 cdfs - ok

09:33:51.0422 3720 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys

09:33:51.0422 3720 cdrom - ok

09:33:51.0469 3720 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll

09:33:51.0469 3720 CertPropSvc - ok

09:33:51.0500 3720 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys

09:33:51.0500 3720 circlass - ok

09:33:51.0656 3720 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys

09:33:51.0656 3720 CLFS - ok

09:33:51.0781 3720 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

09:33:51.0781 3720 clr_optimization_v2.0.50727_32 - ok

09:33:51.0952 3720 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

09:33:51.0999 3720 clr_optimization_v4.0.30319_32 - ok

09:33:52.0108 3720 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys

09:33:52.0108 3720 CmBatt - ok

09:33:52.0155 3720 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys

09:33:52.0155 3720 cmdide - ok

09:33:52.0186 3720 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys

09:33:52.0186 3720 Compbatt - ok

09:33:52.0186 3720 COMSysApp - ok

09:33:52.0233 3720 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys

09:33:52.0233 3720 crcdisk - ok

09:33:52.0311 3720 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys

09:33:52.0311 3720 Crusoe - ok

09:33:52.0358 3720 CryptSvc (75c6a297e364014840b48eccd7525e30) C:\Windows\system32\cryptsvc.dll

09:33:52.0373 3720 CryptSvc - ok

09:33:52.0483 3720 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll

09:33:52.0498 3720 DcomLaunch - ok

09:33:52.0592 3720 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys

09:33:52.0592 3720 DfsC - ok

09:33:53.0138 3720 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe

09:33:53.0216 3720 DFSR - ok

09:33:53.0341 3720 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll

09:33:53.0356 3720 Dhcp - ok

09:33:53.0465 3720 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys

09:33:53.0465 3720 disk - ok

09:33:53.0497 3720 DKbFltr (73baf270d24fe726b9cd7f80bb17a23d) C:\Windows\system32\DRIVERS\DKbFltr.sys

09:33:53.0497 3720 DKbFltr - ok

09:33:53.0668 3720 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll

09:33:53.0668 3720 Dnscache - ok

09:33:53.0980 3720 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll

09:33:53.0980 3720 dot3svc - ok

09:33:54.0043 3720 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys

09:33:54.0043 3720 Dot4 - ok

09:33:54.0089 3720 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys

09:33:54.0089 3720 Dot4Print - ok

09:33:54.0136 3720 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys

09:33:54.0136 3720 dot4usb - ok

09:33:54.0167 3720 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll

09:33:54.0167 3720 DPS - ok

09:33:54.0355 3720 DritekPortIO (5c918d413f5837e67a85775c9873775e) C:\PROGRA~1\LAUNCH~1\DPortIO.sys

09:33:54.0355 3720 DritekPortIO - ok

09:33:54.0386 3720 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys

09:33:54.0386 3720 drmkaud - ok

09:33:54.0557 3720 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys

09:33:54.0573 3720 DXGKrnl - ok

09:33:54.0791 3720 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys

09:33:54.0807 3720 E1G60 - ok

09:33:54.0854 3720 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll

09:33:54.0854 3720 EapHost - ok

09:33:55.0337 3720 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys

09:33:55.0337 3720 Ecache - ok

09:33:55.0525 3720 eeCtrl (fce87ba643d5e9a8b6e0378508d1b22d) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys

09:33:55.0525 3720 eeCtrl - ok

09:33:55.0618 3720 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys

09:33:55.0634 3720 elxstor - ok

09:33:56.0227 3720 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll

09:33:56.0258 3720 EMDMgmt - ok

09:33:56.0414 3720 EraserUtilRebootDrv (115dc729465a8c386615207f28875255) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

09:33:56.0414 3720 EraserUtilRebootDrv - ok

09:33:56.0523 3720 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys

09:33:56.0523 3720 ErrDev - ok

09:33:56.0601 3720 ETService (f25247d0e011a643ee60052ce23be05e) C:\Program Files\Acer\Empowering Technology\Service\ETService.exe

09:33:56.0601 3720 ETService - ok

09:33:56.0757 3720 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll

09:33:56.0773 3720 EventSystem - ok

09:33:56.0804 3720 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys

09:33:56.0819 3720 exfat - ok

09:33:56.0866 3720 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys

09:33:56.0882 3720 fastfat - ok

09:33:56.0913 3720 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys

09:33:56.0913 3720 fdc - ok

09:33:56.0944 3720 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll

09:33:56.0960 3720 fdPHost - ok

09:33:56.0975 3720 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll

09:33:56.0975 3720 FDResPub - ok

09:33:56.0991 3720 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys

09:33:56.0991 3720 FileInfo - ok

09:33:57.0007 3720 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys

09:33:57.0007 3720 Filetrace - ok

09:33:57.0038 3720 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys

09:33:57.0038 3720 flpydisk - ok

09:33:57.0085 3720 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys

09:33:57.0085 3720 FltMgr - ok

09:33:57.0428 3720 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll

09:33:57.0459 3720 FontCache - ok

09:33:57.0553 3720 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

09:33:57.0568 3720 FontCache3.0.0.0 - ok

09:33:57.0599 3720 Fs_Rec (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys

09:33:57.0599 3720 Fs_Rec - ok

09:33:57.0631 3720 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys

09:33:57.0631 3720 gagp30kx - ok

09:33:57.0677 3720 GEARAspiWDM (5ae3a887ece5bbb72cfab273c2fd1cfa) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

09:33:57.0677 3720 GEARAspiWDM - ok

09:33:57.0755 3720 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll

09:33:57.0771 3720 gpsvc - ok

09:33:57.0927 3720 gupdate (506708142bc63daba64f2d3ad1dcd5bf) C:\Program Files\Google\Update\GoogleUpdate.exe

09:33:57.0927 3720 gupdate - ok

09:33:57.0943 3720 gupdatem (506708142bc63daba64f2d3ad1dcd5bf) C:\Program Files\Google\Update\GoogleUpdate.exe

09:33:57.0943 3720 gupdatem - ok

09:33:57.0974 3720 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys

09:33:57.0989 3720 HdAudAddService - ok

09:33:58.0301 3720 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys

09:33:58.0301 3720 HDAudBus - ok

09:33:58.0348 3720 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys

09:33:58.0348 3720 HidBth - ok

09:33:58.0364 3720 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys

09:33:58.0364 3720 HidIr - ok

09:33:58.0395 3720 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\System32\hidserv.dll

09:33:58.0395 3720 hidserv - ok

09:33:58.0457 3720 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys

09:33:58.0457 3720 HidUsb - ok

09:33:58.0504 3720 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll

09:33:58.0504 3720 hkmsvc - ok

09:33:58.0535 3720 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys

09:33:58.0535 3720 HpCISSs - ok

09:33:58.0910 3720 hpqcxs08 (af81f7ba6a09119006fe041a2f2f3ece) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll

09:33:58.0910 3720 hpqcxs08 - ok

09:33:58.0941 3720 hpqddsvc (7244f63db8ea883b3dc8e730c645d073) C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll

09:33:58.0941 3720 hpqddsvc - ok

09:33:59.0175 3720 HTTP (0eeeca26c8d4bde2a4664db058a81937) C:\Windows\system32\drivers\HTTP.sys

09:33:59.0191 3720 HTTP - ok

09:33:59.0222 3720 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys

09:33:59.0222 3720 i2omp - ok

09:33:59.0378 3720 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys

09:33:59.0378 3720 i8042prt - ok

09:33:59.0425 3720 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys

09:33:59.0456 3720 iaStorV - ok

09:33:59.0596 3720 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

09:33:59.0627 3720 idsvc - ok

09:34:00.0236 3720 IDSVix86 (6262c22a913bd255a0795d070b82aa47) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Definitions\IPSDefs\20120807.001\IDSvix86.sys

09:34:00.0251 3720 IDSVix86 - ok

09:34:00.0641 3720 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys

09:34:00.0641 3720 iirsp - ok

09:34:00.0875 3720 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll

09:34:00.0875 3720 IKEEXT - ok

09:34:00.0938 3720 int15 (58ff11c95c3681c9250914521cb9f036) C:\Windows\system32\drivers\int15.sys

09:34:00.0938 3720 int15 - ok

09:34:01.0624 3720 IntcAzAudAddService (5d26ccb06e1f3b5c26e863df3f4f2611) C:\Windows\system32\drivers\RTKVHDA.sys

09:34:01.0640 3720 IntcAzAudAddService - ok

09:34:02.0420 3720 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys

09:34:02.0435 3720 intelide - ok

09:34:02.0467 3720 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys

09:34:02.0467 3720 intelppm - ok

09:34:02.0498 3720 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll

09:34:02.0513 3720 IPBusEnum - ok

09:34:02.0545 3720 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys

09:34:02.0545 3720 IpFilterDriver - ok

09:34:02.0591 3720 iphlpsvc (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll

09:34:02.0591 3720 iphlpsvc - ok

09:34:02.0607 3720 IpInIp - ok

09:34:02.0669 3720 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys

09:34:02.0669 3720 IPMIDRV - ok

09:34:02.0716 3720 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys

09:34:02.0716 3720 IPNAT - ok

09:34:03.0137 3720 iPod Service (e6be7a41a28d8f2db174957454d32448) C:\Program Files\iPod\bin\iPodService.exe

09:34:03.0153 3720 iPod Service - ok

09:34:03.0153 3720 IpsosLSPService - ok

09:34:03.0184 3720 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys

09:34:03.0184 3720 IRENUM - ok

09:34:03.0278 3720 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys

09:34:03.0278 3720 isapnp - ok

09:34:03.0434 3720 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys

09:34:03.0434 3720 iScsiPrt - ok

09:34:03.0449 3720 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys

09:34:03.0449 3720 iteatapi - ok

09:34:03.0481 3720 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys

09:34:03.0481 3720 iteraid - ok

09:34:03.0621 3720 IviRegMgr (213822072085b5bbad9af30ab577d817) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

09:34:03.0621 3720 IviRegMgr - ok

09:34:03.0668 3720 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys

09:34:03.0668 3720 kbdclass - ok

09:34:03.0683 3720 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys

09:34:03.0683 3720 kbdhid - ok

09:34:03.0730 3720 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe

09:34:03.0730 3720 KeyIso - ok

09:34:03.0824 3720 KSecDD (4a1445efa932a3baf5bdb02d7131ee20) C:\Windows\system32\Drivers\ksecdd.sys

09:34:03.0839 3720 KSecDD - ok

09:34:04.0229 3720 KSS (e47ffca0909871ac1bff0d446ff63ca9) C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe

09:34:04.0229 3720 KSS - ok

09:34:04.0292 3720 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll

09:34:04.0307 3720 KtmRm - ok

09:34:04.0401 3720 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\System32\srvsvc.dll

09:34:04.0401 3720 LanmanServer - ok

09:34:04.0526 3720 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll

09:34:04.0526 3720 LanmanWorkstation - ok

09:34:04.0635 3720 LightScribeService (793ff718477345cd5d232c50bed1e452) C:\Program Files\Common Files\LightScribe\LSSrvc.exe

09:34:04.0635 3720 LightScribeService - ok

09:34:04.0744 3720 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys

09:34:04.0744 3720 lltdio - ok

09:34:04.0791 3720 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll

09:34:04.0807 3720 lltdsvc - ok

09:34:04.0853 3720 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll

09:34:04.0869 3720 lmhosts - ok

09:34:04.0900 3720 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys

09:34:04.0900 3720 LSI_FC - ok

09:34:04.0931 3720 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys

09:34:04.0931 3720 LSI_SAS - ok

09:34:04.0963 3720 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys

09:34:04.0963 3720 LSI_SCSI - ok

09:34:04.0994 3720 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys

09:34:04.0994 3720 luafv - ok

09:34:05.0025 3720 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys

09:34:05.0025 3720 megasas - ok

09:34:05.0072 3720 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys

09:34:05.0087 3720 MegaSR - ok

09:34:05.0119 3720 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll

09:34:05.0134 3720 MMCSS - ok

09:34:05.0165 3720 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys

09:34:05.0165 3720 Modem - ok

09:34:05.0181 3720 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys

09:34:05.0197 3720 monitor - ok

09:34:05.0212 3720 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys

09:34:05.0212 3720 mouclass - ok

09:34:05.0243 3720 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys

09:34:05.0243 3720 mouhid - ok

09:34:05.0259 3720 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys

09:34:05.0259 3720 MountMgr - ok

09:34:05.0290 3720 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys

09:34:05.0290 3720 mpio - ok

09:34:05.0321 3720 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys

09:34:05.0321 3720 mpsdrv - ok

09:34:05.0477 3720 MpsSvc (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll

09:34:05.0493 3720 MpsSvc - ok

09:34:05.0509 3720 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys

09:34:05.0509 3720 Mraid35x - ok

09:34:05.0555 3720 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys

09:34:05.0555 3720 MRxDAV - ok

09:34:05.0633 3720 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys

09:34:05.0633 3720 mrxsmb - ok

09:34:05.0711 3720 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys

09:34:05.0711 3720 mrxsmb10 - ok

09:34:05.0743 3720 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

09:34:05.0758 3720 mrxsmb20 - ok

09:34:05.0774 3720 msahci (f70590424eefbf5c27a40c67afdb8383) C:\Windows\system32\drivers\msahci.sys

09:34:05.0789 3720 msahci - ok

09:34:05.0805 3720 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys

09:34:05.0805 3720 msdsm - ok

09:34:05.0852 3720 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe

09:34:05.0883 3720 MSDTC - ok

09:34:05.0914 3720 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys

09:34:05.0914 3720 Msfs - ok

09:34:05.0945 3720 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys

09:34:05.0945 3720 msisadrv - ok

09:34:06.0008 3720 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll

09:34:06.0008 3720 MSiSCSI - ok

09:34:06.0023 3720 msiserver - ok

09:34:06.0055 3720 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys

09:34:06.0055 3720 MSKSSRV - ok

09:34:06.0086 3720 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys

09:34:06.0086 3720 MSPCLOCK - ok

09:34:06.0101 3720 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys

09:34:06.0101 3720 MSPQM - ok

09:34:06.0179 3720 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys

09:34:06.0179 3720 MsRPC - ok

09:34:06.0211 3720 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys

09:34:06.0211 3720 mssmbios - ok

09:34:06.0226 3720 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys

09:34:06.0226 3720 MSTEE - ok

09:34:06.0242 3720 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys

09:34:06.0242 3720 Mup - ok

09:34:06.0460 3720 N360 (c6948f034d7edabcfa2234d399fc78bc) C:\Program Files\Norton 360\Engine\6.2.1.5\ccSvcHst.exe

09:34:06.0476 3720 N360 - ok

09:34:06.0663 3720 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll

09:34:06.0679 3720 napagent - ok

09:34:06.0757 3720 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys

09:34:06.0772 3720 NativeWifiP - ok

09:34:07.0240 3720 NAVENG (f11033730b38260b6892e837c457fb4b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Definitions\VirusDefs\20120807.018\NAVENG.SYS

09:34:07.0240 3720 NAVENG - ok

09:34:07.0412 3720 NAVEX15 (4e4e7c0259d3bb97de24a636c0e06aba) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Definitions\VirusDefs\20120807.018\NAVEX15.SYS

09:34:07.0474 3720 NAVEX15 - ok

09:34:07.0755 3720 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys

09:34:07.0771 3720 NDIS - ok

09:34:07.0802 3720 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys

09:34:07.0802 3720 NdisTapi - ok

09:34:07.0817 3720 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys

09:34:07.0817 3720 Ndisuio - ok

09:34:07.0864 3720 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys

09:34:07.0880 3720 NdisWan - ok

09:34:07.0911 3720 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys

09:34:07.0911 3720 NDProxy - ok

09:34:07.0989 3720 Net Driver HPZ12 (2969d26eee289be7422aa46fc55f4e38) C:\Windows\system32\HPZinw12.dll

09:34:07.0989 3720 Net Driver HPZ12 - ok

09:34:08.0067 3720 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys

09:34:08.0067 3720 NetBIOS - ok

09:34:08.0114 3720 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys

09:34:08.0129 3720 netbt - ok

09:34:08.0176 3720 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe

09:34:08.0176 3720 Netlogon - ok

09:34:08.0363 3720 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll

09:34:08.0379 3720 Netman - ok

09:34:08.0691 3720 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe

09:34:08.0691 3720 NetMsmqActivator - ok

09:34:08.0707 3720 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe

09:34:08.0707 3720 NetPipeActivator - ok

09:34:08.0894 3720 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll

09:34:08.0894 3720 netprofm - ok

09:34:08.0909 3720 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe

09:34:08.0909 3720 NetTcpActivator - ok

09:34:08.0925 3720 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe

09:34:08.0925 3720 NetTcpPortSharing - ok

09:34:08.0987 3720 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys

09:34:08.0987 3720 nfrd960 - ok

09:34:09.0034 3720 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll

09:34:09.0050 3720 NlaSvc - ok

09:34:09.0081 3720 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys

09:34:09.0081 3720 Npfs - ok

09:34:09.0112 3720 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll

09:34:09.0128 3720 nsi - ok

09:34:09.0143 3720 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys

09:34:09.0143 3720 nsiproxy - ok

09:34:09.0393 3720 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys

09:34:09.0502 3720 Ntfs - ok

09:34:09.0721 3720 NTIBackupSvc (a2b6583a5652a385dff5e4f49ad48761) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe

09:34:09.0721 3720 NTIBackupSvc - ok

09:34:09.0752 3720 NTIDrvr (2757d2ba59aee155209e24942ab127c9) C:\Windows\system32\DRIVERS\NTIDrvr.sys

09:34:09.0752 3720 NTIDrvr - ok

09:34:09.0861 3720 NTISchedulerSvc (40b87fe8a1a9a5ac9e5a91d96f212bcd) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe

09:34:09.0877 3720 NTISchedulerSvc - ok

09:34:09.0923 3720 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys

09:34:09.0923 3720 ntrigdigi - ok

09:34:09.0955 3720 NuidFltr (e8717d9b0d1919cadafd8896a8e23e17) C:\Windows\system32\DRIVERS\NuidFltr.sys

09:34:09.0970 3720 NuidFltr - ok

09:34:09.0986 3720 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys

09:34:09.0986 3720 Null - ok

09:34:10.0017 3720 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys

09:34:10.0017 3720 nvraid - ok

09:34:10.0048 3720 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys

09:34:10.0064 3720 nvstor - ok

09:34:10.0095 3720 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys

09:34:10.0111 3720 nv_agp - ok

09:34:10.0111 3720 NwlnkFlt - ok

09:34:10.0126 3720 NwlnkFwd - ok

09:34:10.0157 3720 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys

09:34:10.0157 3720 ohci1394 - ok

09:34:10.0360 3720 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

09:34:10.0360 3720 ose - ok

09:34:10.0532 3720 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll

09:34:10.0547 3720 p2pimsvc - ok

09:34:10.0563 3720 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll

09:34:10.0579 3720 p2psvc - ok

09:34:10.0813 3720 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys

09:34:10.0813 3720 Parport - ok

09:34:10.0984 3720 partmgr (b9c2b89f08670e159f7181891e449cd9) C:\Windows\system32\drivers\partmgr.sys

09:34:11.0000 3720 partmgr - ok

09:34:11.0047 3720 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys

09:34:11.0062 3720 Parvdm - ok

09:34:11.0093 3720 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll

09:34:11.0093 3720 PcaSvc - ok

09:34:11.0156 3720 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys

09:34:11.0156 3720 pci - ok

09:34:11.0187 3720 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys

09:34:11.0187 3720 pciide - ok

09:34:11.0234 3720 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys

09:34:11.0249 3720 pcmcia - ok

09:34:11.0312 3720 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys

09:34:11.0343 3720 PEAUTH - ok

09:34:11.0468 3720 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll

09:34:11.0499 3720 pla - ok

09:34:11.0639 3720 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll

09:34:11.0639 3720 PlugPlay - ok

09:34:11.0733 3720 Pml Driver HPZ12 (bafc9706bdf425a02b66468ab2605c59) C:\Windows\system32\HPZipm12.dll

09:34:11.0733 3720 Pml Driver HPZ12 - ok

09:34:11.0873 3720 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll

09:34:11.0873 3720 PNRPAutoReg - ok

09:34:11.0889 3720 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll

09:34:11.0905 3720 PNRPsvc - ok

09:34:11.0967 3720 Point32 (437827d69040c0c2565d47b024ed5372) C:\Windows\system32\DRIVERS\point32k.sys

09:34:11.0967 3720 Point32 - ok

09:34:12.0107 3720 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll

09:34:12.0107 3720 PolicyAgent - ok

09:34:12.0170 3720 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys

09:34:12.0170 3720 PptpMiniport - ok

09:34:12.0201 3720 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys

09:34:12.0201 3720 Processor - ok

09:34:12.0310 3720 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll

09:34:12.0310 3720 ProfSvc - ok

09:34:12.0357 3720 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe

09:34:12.0357 3720 ProtectedStorage - ok

09:34:12.0419 3720 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys

09:34:12.0419 3720 PSched - ok

09:34:12.0685 3720 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys

09:34:12.0700 3720 ql2300 - ok

09:34:12.0809 3720 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys

09:34:12.0809 3720 ql40xx - ok

09:34:12.0856 3720 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll

09:34:12.0903 3720 QWAVE - ok

09:34:12.0981 3720 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys

09:34:12.0981 3720 QWAVEdrv - ok

09:34:13.0012 3720 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys

09:34:13.0012 3720 RasAcd - ok

09:34:13.0043 3720 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll

09:34:13.0043 3720 RasAuto - ok

09:34:13.0075 3720 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys

09:34:13.0075 3720 Rasl2tp - ok

09:34:13.0168 3720 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll

09:34:13.0168 3720 RasMan - ok

09:34:13.0246 3720 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys

09:34:13.0246 3720 RasPppoe - ok

09:34:13.0262 3720 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys

09:34:13.0277 3720 RasSstp - ok

09:34:13.0309 3720 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys

09:34:13.0324 3720 rdbss - ok

09:34:13.0355 3720 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys

09:34:13.0355 3720 RDPCDD - ok

09:34:13.0402 3720 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys

09:34:13.0418 3720 rdpdr - ok

09:34:13.0433 3720 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys

09:34:13.0433 3720 RDPENCDD - ok

09:34:13.0496 3720 RDPWD (c127ebd5afab31524662c48dfceb773a) C:\Windows\system32\drivers\RDPWD.sys

09:34:13.0527 3720 RDPWD - ok

09:34:13.0589 3720 regi (001b4278407f4303efc902a2b16f2453) C:\Windows\system32\drivers\regi.sys

09:34:13.0589 3720 regi - ok

09:34:13.0699 3720 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll

09:34:13.0699 3720 RemoteAccess - ok

09:34:13.0792 3720 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll

09:34:13.0792 3720 RemoteRegistry - ok

09:34:13.0839 3720 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe

09:34:13.0839 3720 RpcLocator - ok

09:34:13.0917 3720 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll

09:34:13.0917 3720 RpcSs - ok

09:34:13.0979 3720 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys

09:34:13.0979 3720 rspndr - ok

09:34:14.0073 3720 RTL8169 (2d19a7469ea19993d0c12e627f4530bc) C:\Windows\system32\DRIVERS\Rtlh86.sys

09:34:14.0089 3720 RTL8169 - ok

09:34:14.0120 3720 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe

09:34:14.0120 3720 SamSs - ok

09:34:14.0151 3720 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys

09:34:14.0151 3720 sbp2port - ok

09:34:14.0245 3720 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll

09:34:14.0245 3720 SCardSvr - ok

09:34:14.0354 3720 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll

09:34:14.0369 3720 Schedule - ok

09:34:14.0416 3720 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll

09:34:14.0416 3720 SCPolicySvc - ok

09:34:14.0791 3720 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll

09:34:14.0791 3720 SDRSVC - ok

09:34:14.0869 3720 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

09:34:14.0869 3720 secdrv - ok

09:34:15.0025 3720 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll

09:34:15.0025 3720 seclogon - ok

09:34:15.0103 3720 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\system32\sens.dll

09:34:15.0118 3720 SENS - ok

09:34:15.0149 3720 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys

09:34:15.0149 3720 Serenum - ok

09:34:15.0259 3720 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys

09:34:15.0259 3720 Serial - ok

09:34:15.0305 3720 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys

09:34:15.0305 3720 sermouse - ok

09:34:15.0493 3720 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll

09:34:15.0493 3720 SessionEnv - ok

09:34:15.0571 3720 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys

09:34:15.0571 3720 sffdisk - ok

09:34:15.0602 3720 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys

09:34:15.0602 3720 sffp_mmc - ok

09:34:15.0633 3720 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys

09:34:15.0633 3720 sffp_sd - ok

09:34:15.0664 3720 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys

09:34:15.0664 3720 sfloppy - ok

09:34:16.0959 3720 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll

09:34:16.0959 3720 SharedAccess - ok

09:34:17.0209 3720 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll

09:34:17.0209 3720 ShellHWDetection - ok

09:34:17.0255 3720 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys

09:34:17.0255 3720 sisagp - ok

09:34:17.0365 3720 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys

09:34:17.0380 3720 SiSRaid2 - ok

09:34:17.0630 3720 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys

09:34:17.0661 3720 SiSRaid4 - ok

09:34:36.0834 3720 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe

09:34:38.0068 3720 slsvc - ok

09:34:43.0403 3720 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll

09:34:43.0450 3720 SLUINotify - ok

09:34:44.0230 3720 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys

09:34:44.0261 3720 Smb - ok

09:34:44.0355 3720 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe

09:34:44.0355 3720 SNMPTRAP - ok

09:34:44.0433 3720 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys

09:34:44.0433 3720 spldr - ok

09:34:44.0635 3720 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe

09:34:44.0635 3720 Spooler - ok

09:34:45.0852 3720 SRTSP (9dd258ee034afd36259cb7357e19d0b1) C:\Windows\System32\Drivers\N360\0602010.005\SRTSP.SYS

09:34:48.0739 3720 SRTSP - ok

09:34:49.0098 3720 SRTSPX (0cc3a10f363436c7b478419eb73f8d91) C:\Windows\system32\drivers\N360\0602010.005\SRTSPX.SYS

09:34:49.0457 3720 SRTSPX - ok

09:34:50.0143 3720 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys

09:34:50.0159 3720 srv - ok

09:34:50.0642 3720 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys

09:34:51.0298 3720 srv2 - ok

09:34:51.0422 3720 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys

09:34:51.0781 3720 srvnet - ok

09:34:51.0922 3720 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll

09:34:51.0922 3720 SSDPSRV - ok

09:34:52.0109 3720 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll

09:34:52.0109 3720 SstpSvc - ok

09:34:52.0358 3720 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll

09:34:52.0421 3720 stisvc - ok

09:34:52.0530 3720 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys

09:34:52.0592 3720 swenum - ok

09:34:52.0873 3720 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll

09:34:53.0060 3720 swprv - ok

09:34:53.0138 3720 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys

09:34:53.0170 3720 Symc8xx - ok

09:34:53.0466 3720 SymDS (690fa0e61b90084c4d9a721bd4f3d779) C:\Windows\system32\drivers\N360\0602010.005\SYMDS.SYS

09:34:53.0638 3720 SymDS - ok

09:34:54.0308 3720 SymEFA (4e55148a2e044d02245cbcdbb266b98c) C:\Windows\system32\drivers\N360\0602010.005\SYMEFA.SYS

09:34:54.0683 3720 SymEFA - ok

09:34:54.0808 3720 SymEvent (74e2521e96176a4449570e50be91954d) C:\Windows\system32\Drivers\SYMEVENT.SYS

09:34:55.0088 3720 SymEvent - ok

09:34:55.0104 3720 SYMFW - ok

09:34:55.0166 3720 SymIM (6e3ad51710cb4a27ea70adf685fca4ca) C:\Windows\system32\DRIVERS\SymIMv.sys

09:34:55.0322 3720 SymIM - ok

09:34:55.0432 3720 SymIRON (2c356cca706505cf63cbe39d532b9236) C:\Windows\system32\drivers\N360\0602010.005\Ironx86.SYS

09:34:55.0603 3720 SymIRON - ok

09:34:55.0619 3720 SYMNDISV - ok

09:34:55.0790 3720 SYMTDIv (40c6e6417c8b7d7fcf82cfbe71525795) C:\Windows\System32\Drivers\N360\0602010.005\SYMTDIV.SYS

09:34:55.0946 3720 SYMTDIv - ok

09:34:56.0040 3720 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys

09:34:56.0040 3720 Sym_hi - ok

09:34:56.0102 3720 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys

09:34:56.0102 3720 Sym_u3 - ok

09:34:56.0165 3720 SynTP (32e8b307f0e9f72b66b518fd62eab91e) C:\Windows\system32\DRIVERS\SynTP.sys

09:34:56.0336 3720 SynTP - ok

09:34:56.0539 3720 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll

09:34:56.0555 3720 SysMain - ok

09:34:56.0726 3720 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll

09:34:56.0726 3720 TabletInputService - ok

09:34:56.0882 3720 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll

09:34:56.0882 3720 TapiSrv - ok

09:34:56.0945 3720 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll

09:34:56.0945 3720 TBS - ok

09:34:57.0257 3720 Tcpip (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\drivers\tcpip.sys

09:34:57.0600 3720 Tcpip - ok

09:34:57.0631 3720 Tcpip6 (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\DRIVERS\tcpip.sys

09:34:57.0631 3720 Tcpip6 - ok

09:34:57.0725 3720 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys

09:34:57.0740 3720 tcpipreg - ok

09:34:57.0787 3720 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys

09:34:57.0803 3720 TDPIPE - ok

09:34:57.0896 3720 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys

09:34:57.0896 3720 TDTCP - ok

09:34:57.0974 3720 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys

09:34:57.0990 3720 tdx - ok

09:34:58.0052 3720 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys

09:34:58.0068 3720 TermDD - ok

09:34:58.0177 3720 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll

09:34:58.0208 3720 TermService - ok

09:34:58.0302 3720 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll

09:34:58.0302 3720 Themes - ok

09:34:58.0396 3720 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll

09:34:58.0396 3720 THREADORDER - ok

09:34:58.0536 3720 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll

09:34:58.0536 3720 TrkWks - ok

09:34:58.0708 3720 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe

09:34:58.0708 3720 TrustedInstaller - ok

09:34:58.0801 3720 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys

09:34:58.0817 3720 tssecsrv - ok

09:34:58.0848 3720 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys

09:34:58.0848 3720 tunmp - ok

09:34:58.0895 3720 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys

09:34:58.0910 3720 tunnel - ok

09:34:58.0973 3720 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys

09:34:58.0973 3720 uagp35 - ok

09:34:59.0020 3720 UBHelper (f763e070843ee2803de1395002b42938) C:\Windows\system32\drivers\UBHelper.sys

09:34:59.0020 3720 UBHelper - ok

09:34:59.0176 3720 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys

09:34:59.0191 3720 udfs - ok

09:34:59.0254 3720 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe

09:34:59.0269 3720 UI0Detect - ok

09:34:59.0300 3720 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys

09:34:59.0300 3720 uliagpkx - ok

09:34:59.0410 3720 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys

09:34:59.0472 3720 uliahci - ok

09:34:59.0566 3720 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys

09:34:59.0566 3720 UlSata - ok

09:34:59.0737 3720 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys

09:34:59.0737 3720 ulsata2 - ok

09:34:59.0800 3720 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys

09:34:59.0800 3720 umbus - ok

09:34:59.0893 3720 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll

09:34:59.0893 3720 upnphost - ok

09:34:59.0971 3720 USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\Windows\system32\Drivers\usbaapl.sys

09:34:59.0971 3720 USBAAPL - ok

09:35:00.0049 3720 usbccgp (cc412cf1a6697c82a481af4e9601a412) C:\Windows\system32\DRIVERS\usbccgp.sys

09:35:00.0049 3720 usbccgp - ok

09:35:00.0174 3720 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys

09:35:00.0174 3720 usbcir - ok

09:35:00.0205 3720 usbehci (153e8515cb86f8bb5d1a8b478ebf4bb2) C:\Windows\system32\DRIVERS\usbehci.sys

09:35:00.0205 3720 usbehci - ok

09:35:00.0346 3720 usbhub (e0e4fb937c8501791fbde57e12c7b20e) C:\Windows\system32\DRIVERS\usbhub.sys

09:35:00.0377 3720 usbhub - ok

09:35:00.0439 3720 usbohci (d457ebd0c3a8b3a3a144355b5ee91cbc) C:\Windows\system32\DRIVERS\usbohci.sys

09:35:00.0439 3720 usbohci - ok

09:35:00.0486 3720 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys

09:35:00.0486 3720 usbprint - ok

09:35:00.0580 3720 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys

09:35:00.0580 3720 usbscan - ok

09:35:00.0689 3720 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS

09:35:00.0689 3720 USBSTOR - ok

09:35:00.0798 3720 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys

09:35:00.0798 3720 usbuhci - ok

09:35:00.0938 3720 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys

09:35:00.0954 3720 usbvideo - ok

09:35:01.0001 3720 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll

09:35:01.0001 3720 UxSms - ok

09:35:01.0157 3720 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe

09:35:01.0204 3720 vds - ok

09:35:01.0250 3720 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys

09:35:01.0250 3720 vga - ok

09:35:01.0282 3720 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys

09:35:01.0297 3720 VgaSave - ok

09:35:01.0328 3720 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys

09:35:01.0328 3720 viaagp - ok

09:35:01.0375 3720 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys

09:35:01.0375 3720 ViaC7 - ok

09:35:01.0422 3720 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys

09:35:01.0422 3720 viaide - ok

09:35:01.0453 3720 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys

09:35:01.0453 3720 volmgr - ok

09:35:01.0625 3720 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys

09:35:01.0640 3720 volmgrx - ok

09:35:01.0859 3720 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys

09:35:01.0890 3720 volsnap - ok

09:35:02.0030 3720 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys

09:35:02.0062 3720 vsmraid - ok

09:35:03.0060 3720 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe

09:35:03.0138 3720 VSS - ok

09:35:03.0278 3720 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll

09:35:03.0278 3720 W32Time - ok

09:35:03.0372 3720 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys

09:35:03.0372 3720 WacomPen - ok

09:35:03.0481 3720 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

09:35:03.0481 3720 Wanarp - ok

09:35:03.0497 3720 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

09:35:03.0497 3720 Wanarpv6 - ok

09:35:03.0700 3720 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll

09:35:03.0715 3720 wcncsvc - ok

09:35:03.0778 3720 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll

09:35:03.0793 3720 WcsPlugInService - ok

09:35:03.0887 3720 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys

09:35:03.0887 3720 Wd - ok

09:35:03.0965 3720 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\Windows\system32\DRIVERS\wdcsam.sys

09:35:03.0965 3720 WDC_SAM - ok

09:35:04.0526 3720 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys

09:35:04.0558 3720 Wdf01000 - ok

09:35:04.0667 3720 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll

09:35:04.0667 3720 WdiServiceHost - ok

09:35:04.0682 3720 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll

09:35:04.0682 3720 WdiSystemHost - ok

09:35:04.0901 3720 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll

09:35:04.0916 3720 WebClient - ok

09:35:05.0026 3720 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll

09:35:05.0041 3720 Wecsvc - ok

09:35:05.0119 3720 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll

09:35:05.0119 3720 wercplsupport - ok

09:35:05.0213 3720 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll

09:35:05.0213 3720 WerSvc - ok

09:35:05.0462 3720 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll

09:35:05.0509 3720 WinDefend - ok

09:35:05.0525 3720 WinHttpAutoProxySvc - ok

09:35:05.0712 3720 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll

09:35:05.0712 3720 Winmgmt - ok

09:35:06.0071 3720 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll

09:35:06.0180 3720 WinRM - ok

09:35:06.0929 3720 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll

09:35:07.0022 3720 Wlansvc - ok

09:35:07.0132 3720 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys

09:35:07.0132 3720 WmiAcpi - ok

09:35:07.0288 3720 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe

09:35:07.0288 3720 wmiApSrv - ok

09:35:07.0834 3720 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe

09:35:07.0896 3720 WMPNetworkSvc - ok

09:35:08.0036 3720 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll

09:35:08.0052 3720 WPCSvc - ok

09:35:08.0239 3720 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll

09:35:08.0239 3720 WPDBusEnum - ok

09:35:08.0972 3720 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

09:35:09.0019 3720 WPFFontCache_v0400 - ok

09:35:09.0222 3720 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys

09:35:09.0222 3720 ws2ifsl - ok

09:35:09.0331 3720 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\system32\wscsvc.dll

09:35:09.0331 3720 wscsvc - ok

09:35:09.0347 3720 WSearch - ok

09:35:10.0564 3720 wuauserv (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll

09:35:10.0860 3720 wuauserv - ok

09:35:11.0500 3720 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys

09:35:11.0531 3720 WUDFRd - ok

09:35:11.0671 3720 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll

09:35:11.0671 3720 wudfsvc - ok

09:35:12.0342 3720 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

09:35:12.0451 3720 YahooAUService - ok

09:35:12.0482 3720 MBR (0x1B8) (ef9cdc51b437d322d54016b68f003416) \Device\Harddisk0\DR0

09:35:16.0882 3720 \Device\Harddisk0\DR0 - ok

09:35:16.0913 3720 Boot (0x1200) (63f327a36223d433b39752a6beed9c0c) \Device\Harddisk0\DR0\Partition0

09:35:16.0975 3720 \Device\Harddisk0\DR0\Partition0 - ok

09:35:17.0038 3720 Boot (0x1200) (4bb58cd61f4bcb8602da72adbd346982) \Device\Harddisk0\DR0\Partition1

09:35:17.0069 3720 \Device\Harddisk0\DR0\Partition1 - ok

09:35:17.0084 3720 ============================================================

09:35:17.0084 3720 Scan finished

09:35:17.0084 3720 ============================================================

09:35:17.0116 2472 Detected object count: 0

09:35:17.0116 2472 Actual detected object count: 0

09:35:27.0179 1260 Deinitialize success

Link to post
Share on other sites

ESET scan. I selected "Delete quarantined files", I hope that's fine.

C:\Users\mom's toy\registryboosterplb.exe Win32/RegistryBooster application cleaned by deleting - quarantined

C:\Users\mom's toy\Documents\Java Runtime Environment.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined

C:\Users\mom's toy\Documents\misc\registryeasy_lite.exe a variant of Win32/Adware.RegistryEasy application cleaned by deleting - quarantined

C:\Users\mom's toy\Downloads\BitZipper50TrialSetupEn.exe probably a variant of Win32/InstallIQ application cleaned by deleting - quarantined

Link to post
Share on other sites

Security Check

Results of screen317's Security Check version 0.99.43

Windows Vista Service Pack 2 x86 (UAC is enabled)

Internet Explorer 9

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Disabled!

Norton 360

WMI entry may not exist for antivirus; attempting automatic update.

`````````Anti-malware/Other Utilities Check:`````````

Malwarebytes Anti-Malware version 1.62.0.1300

Java 7 Update 5

Adobe Flash Player 11.3.300.270

Adobe Reader X (10.1.3)

````````Process Check: objlist.exe by Laurent````````

Norton ccSvcHst.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 1 %

````````````````````End of Log``````````````````````

Link to post
Share on other sites

  • Staff

Hi,

Things look good from here!

Run TFC by OldTimer to clear temporary files:

  • Open TFC.exe if you already have it. If not, please download TFC from here and save it to your desktop.
  • Close any open programs and Internet browsers.
  • Double click TFC.exe to run it and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
  • Please be patient as clearing out temp files may take a while.
  • Once it completes you may be prompted to restart your computer, please do so.
  • Once it's finished you may delete TFC.exe from your Desktop or save it for later use for the cleaning of temporary files.

Navigate to Start --> Run, and type Combofix /uninstall in the box that appears. Click OK afterward. Notice the space between the X and the /uninstall

This uninstalls all of ComboFix's components.

Delete SecurityCheck.

Restart your computer.

Let me know what issues remain.

Link to post
Share on other sites

Hi! Seems to be working better now. I reinstalled Firefox so I could open a bunch of bookmarks at once. Seems like it's back to normal.

Can you please tell me what was wrong with my computer? That way I can know if this ever happens again. Do I need to change all my passwords again? Thank you so much for all of your help!!!

Link to post
Share on other sites

  • Staff

It's really hard to say specifically what was wrong. Looks like a mixture of infections and the damage they cause.

I highly recommend the PRO version of MBAM; with it, it's likely that this issue would have been prevented in the first place.

Now that your computer seems to be in proper working order, please take the following steps to help prevent reinfection:

1) Download and install Javacool's SpywareBlaster, which will prevent malware from being installed on your computer. A tutorial on it can be found here.

2) Go to Windows Update frequently to get all of the latest updates (security or otherwise) for Windows.

3) Make sure your programs are up to date! Older versions may contain security risks. To find out what programs need to be updated, please run Secunia's Software Inspector.

4) WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:

  • Green to go
  • Yellow for caution
  • Red to stop

WOT has an addon available for both Firefox and IE.

5) Be sure to update your Antivirus and Antispyware programs often!

Finally, please also take the time to read Tony Klein's excellent article on: So How Did I Get Infected in the First Place?

Safe surfing,

-screen317

Link to post
Share on other sites

Okay, I will definitely get all that stuff installed, & I started reading that article. One thing I noticed, & I noticed this when my computer was infected, too: Firefox will have one of those "allow" bars across the top on certain pages, but the bar is blank, no text. It just has a tiny box on the left side with the prohibited symbol on it. Do you know what that is?

Link to post
Share on other sites

My computer is not running well anymore. Firefox (14) is opening & is almost instantly at 100,000K with just the one tab open. It's very slow & freezes often. My computer itself is very slow, Task Manager is slow to open & also freezes. Yesterday I closed Firefox but it wouldn't terminate in Task Manager. Please tell me how to get this back to normal.

Link to post
Share on other sites

  • Staff

Hi,

Next, please run the PCPitstop Full Tests here (NOT the PCMatic scan or any other scan-- do not download any programs; simply register with the box on the left and you will be taken to the Full Tests/Overdrive Test). When the tests are complete, a results page will pop up. Copy and paste the URL of the Results screen and post it here for me.

Link to post
Share on other sites

Oh, I installed the SpywareBlaster today. I had to save it to my desktop. When I downloaded it the first time, I saved it in Program Files. Then it told me "Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item." I tried to run it as Administrator & got the same message. Can I not save things to that file anymore? :(

Link to post
Share on other sites

  • Staff

Hi,

You shouldn't be saving things to Program Files..

PCPitStop noted several things that you can do to improve the shape your computer is in.

Pay particular attention to these items:

• Delete Temporary Files:

Please download CCleaner and save it to your desktop.

  • Run the CCleaner installer.
  • During installation process, please UNCHECK "Add CCleaner Yahoo! Toolbar".
  • Please do NOT run a scan yet!

Now, open CCleaner:

  • Click the "Windows" tab.
  • Select the following:
    • Check everything under the "Internet Explorer" section.
    • Check everything under the "Windows Explorer" section.
    • Check everything under the "System" section.
    • Check ONLY "Old Prefetch data" under the "Advanced" section.

    [*]Then, click the "Applications" tab:

    • CHECK everything there.

    [*]Next, click the "Options" button in the left pane, then click the "Advanced" button:

    • CHECK : "Only delete files in Windows Temp folders older than 48 hours".

    [*]Next, click the "Cleaner" button in the left pane, then click the "Run Cleaner" button (bottom right), click "OK" at the prompt.

    [*]When done, please exit CCleaner.

CAUTION: Please do NOT use the "Issues" button in the left pane. This is a built-in registry cleaner. If you don’t know how to use it, you may cause irreparable damage to your system.

• Reduce System Restore space (Drive C):

Right click My Computer and click Properties. Select the System Restore tab, and move the slider to 3%. You're pretty much wasting disk space otherwise.

• Defragment Drive C:

Defragmenting is a must. It's one of the large reasons for system slowdowns. I use Defraggler to defragment. It is free to download and you can use it forever. I recommend installing it and defragmenting as soon as possible.

Increase Free Space on Drive C:

There is only 13% free space on your (small) hard drive. I'm not surprised that it's performing poorly. Considering uninstalling programs you no longer use.. You can use Treesize Free to see what's taking up all the space.

Also consider using a more lightweight antivirus. I use Microsoft Security Essentials, and it's great, free, and lightweight.

Also take the time to take a look at the other tips PCPitStop reported. I've just highlighted some of the more important ones.

Link to post
Share on other sites

Hello again,

Every computer I've had has always saved things to Program Files by default. Is this wrong? Where am I supposed to save them to? Why does Windows save files there if it's not really that good for your computer? Even the driver scan from PC Overdrive saved to Program Files just now.

I ran CCleaner & followed your steps. I don't know yet if it's helping or not, but it probably can't hurt!

I don't have the My Computer icon, & I couldn't get to a slider from anywhere, so I don't know how else to change the amount of space that is being used for System Restore.

I'm running the regular Windows defragmenter right now. I do it from time to time so I don't think it will be that bad, but maybe with all the stuff I've been doing to it...I have tried the Auslogics defragmenter. Does it make a difference which one I use?

I tried using Treesize, but to be honest, I really don't know what I'm doing. All I learned is that I need to move my Amazon music downloads onto my external hard drive with the rest of my music.

Even though you seem to feel that the lack of free space on my computer is the only cause of its slow performance, it really was running better just a month ago. I haven't installed anything drastic in that time, or changed any maintenance-type habits. Is there is nothing else that could be wrong with my computer? I apologize in advance if I sound ungrateful for your help; that's not the case at all. I realize this is a very low-end computer, & I don't expect it to perform miracles. I just don't understand how I could have improved the health of my computer so much over the last few days, & yet it still runs so poorly, even if all I have open is Firefox. :( :( :( If you think it's about to die or something, I'd rather know so I can start moving my information off of it.

Link to post
Share on other sites

I apologize, just one more thing that is really bothering me. I have programs like Kaspersky in my list of programs that I can't run, but don't show up in the Add/Remove Programs panel so that I can remove them, & vice versa: I have files in the A/R panel that are not in my list of programs!!! Should I just delete the files? Is there a better place for me to ask about problems like this? I didn't notice I had this problem UNTIL I tried to install Kaspersky. Spybot Search & Destroy is another problem program, as well as Whitesmoke Translator.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.